From jon at bugjr.com Sat Jan 1 18:26:43 2000 From: jon at bugjr.com (Jon Westfall) Date: Tue Dec 2 02:27:46 2003 Subject: Network Accounting Message-ID: <000001bf5485$c0f309c0$0200a8c0@server1> This is slightly off subject, but I figured if any group of people knew the answer, this group would. My company is looking to institute a way to track how much resources each department/employee uses, such as the number of things they print, etc... and then bill that department for their usage costs. I have a variety of windows printers and samba printers to track, as well as file shares etc... Can anyone recommend a good accounting package or perl scripts that I could use to track these processes? I'm pretty sure that tracking the UNIX printers would be easy, but unsure about the win boxes. Thanks, Jon Westfall. ================ If your TARBALL gets stuck in your PICO-chu, don't Poke-Me-Man, or i'll KILL your running processes! (Unix, or Pok?mon?) Jonathan E. Westfall CEO - Webmaster Bug Jr. Software www.bugjr.com ---------------------------------------------------- Reach Me by E-Mail: jon@bugjr.com Reach me by ICQ: 19804776 Reach me by Phone: 440-888-0260 Reach me by Fax: 208-293-2392 ----------------------------------------------------------------- -------------- next part -------------- HTML attachment scrubbed and removed From maillist at nudaymedia.com Sun Jan 2 01:16:03 2000 From: maillist at nudaymedia.com (Chavous P. Camp) Date: Tue Dec 2 02:27:46 2003 Subject: CVS Question Message-ID: How/where do I get the head code? I realize this is a little off topic, but I have the cvs source but I don't think I'm getting the right one... any help would be appreciated. ---- Chavous P. Camp hunter@sourcehunter.com Sourcehunter Group Columbia, SC From lynn at cis.usouthal.edu Sun Jan 2 02:21:19 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba Message-ID: Hello, I am new to Samba and have a question. I have 3 laboratories that I am responsible for and intend to use Samba. My question is if it's possible to have one UNIX server respond to different workgroups. I only want certain users to be able to have access to these labs and want to use a different workgroup for each one. I just wanted to know if it was possible to use Samba for this on one UNIX server. Thanks. Keith Lynn From skvidal at phy.duke.edu Sun Jan 2 02:35:28 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba In-Reply-To: Message-ID: > I am new to Samba and have a question. I have 3 laboratories that I > am responsible for and intend to use Samba. My question is if it's > possible to have one UNIX server respond to different workgroups. why not just setup different shares with different groups allowed access to them. Then you can control what goes where - just name the machines well and/or control what rights the users have. alternatively - setup 3 interfaces (aliased) and you can bind a differnt samba smb and nmb to each -sv From lynn at cis.usouthal.edu Sun Jan 2 06:01:45 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba In-Reply-To: Message-ID: Thanks for your suggestion. I want to make sure I understand it correctly. Are you suggesting running three seperate instances of smbd and nmbd each with its own configuration file using different ports on the machine? Thanks. Keith Lynn On Sun, 2 Jan 2000, Seth Vidal wrote: > > I am new to Samba and have a question. I have 3 laboratories that I > > am responsible for and intend to use Samba. My question is if it's > > possible to have one UNIX server respond to different workgroups. > why not just setup different shares with different groups allowed access > to them. Then you can control what goes where - just name the machines > well and/or control what rights the users have. > > alternatively - setup 3 interfaces (aliased) and you can bind a differnt > samba smb and nmb to each > > -sv > > > From skvidal at phy.duke.edu Sun Jan 2 06:02:40 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba In-Reply-To: Message-ID: > Thanks for your suggestion. I want to make sure I understand it correctly. > Are you suggesting running three seperate instances of smbd and nmbd each > with its own configuration file using different ports on the machine? > Thanks. not different ports (as windows can't change the ports it requests its info on) - just 3 different ips So if you have a network: 192.168.0.0/24 you server has: 192.168.0.1, 192.168.0.2, 192.168.0.3 Each one has a different samba server bound to it using the following directives in the smb.conf(s) you will write. for 192.168.0.1: interfaces = 192.168.0.1/255.255.255.0 bind interfaces only = yes etc etc for the other 2. I think you see. I would suggest buying gerald carters book and/or buying the using samba book - both explain this idea. If you have any more questions about this just ask I'll be glad to answer what I can. -sv From lynn at cis.usouthal.edu Sun Jan 2 06:20:12 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba In-Reply-To: Message-ID: Thanks for your help. On Sun, 2 Jan 2000, Seth Vidal wrote: > > Thanks for your suggestion. I want to make sure I understand it correctly. > > Are you suggesting running three seperate instances of smbd and nmbd each > > with its own configuration file using different ports on the machine? > > Thanks. > > not different ports (as windows can't change the ports it requests its > info on) - just 3 different ips > > So if you have a network: 192.168.0.0/24 > > you server has: 192.168.0.1, 192.168.0.2, 192.168.0.3 > > Each one has a different samba server bound to it using the following > directives in the smb.conf(s) you will write. > for 192.168.0.1: > interfaces = 192.168.0.1/255.255.255.0 > bind interfaces only = yes > > > etc etc for the other 2. > I think you see. > I would suggest buying gerald carters book and/or buying the using samba > book - both explain this idea. > If you have any more questions about this just ask I'll be glad to answer > what I can. > > > -sv > > > From giulioo at pobox.com Sun Jan 2 14:49:33 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:46 2003 Subject: Network Accounting In-Reply-To: <000001bf5485$c0f309c0$0200a8c0@server1> References: <000001bf5485$c0f309c0$0200a8c0@server1> Message-ID: <20000102145009.8A0878790@i3.golden.dom> On Sun, 2 Jan 2000 05:29:01 +1100, hai scritto: >use to track these processes? I'm pretty sure that tracking the UNIX >printers would be easy, but unsure about the win boxes. If you can track the unix printers, then try sharing the win printers through samba. Instead of: PC1 -> PC2printer Use: PC1 -> samba -> unix printing -> accounting -> smbprint --> PC2printer -- giulioo@pobox.com From lkcl at samba.org Sun Jan 2 17:11:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:46 2003 Subject: samba-tng: cvs update. important configuration info Message-ID: just as NT needs a workstation trust account for itself, now so does samba-tng cvs latest. i am seeing how far i can get, just for fun, by removing anything that isn't actually file serving from smbd. that _includes_ user authentication, which now uses nt-style NetrSamLogon in exactly the same way as "security = domain", but this is now _also_ used for "security = user", "encrypted passwords = yes". in order for this to work, you must add a trust account for the samba server itself, in order that it may securely verify users against itself :-) even on loop-back, i am treating user authentication attempts as hostile!!! btw, when i said that i wanted to remote anything that isn't file servicg from smbd, i didn't say it was going to be practical... for a while. i'll see about doing an install script that sets up the initial own-trust-account automatically... later :-) :-) f.y.i, those people who need reminders on how to set up wksta trust account pwds. >From lkcl@samba.anu.edu.au Mon Jan 3 04:10:39 2000 Date: Mon, 3 Jan 2000 04:08:40 +1100 From: Luke Leighton To: Multiple recipients of list SAMBA-CVS Subject: CVS update: samba/source/rpcclient Date: Monday January 3, 19100 @ 4:03 Author: lkcl Update of /data/cvs/samba/source/rpcclient In directory samba:/data/people/lkcl/samba-tng/source/rpcclient Modified Files: Tag: SAMBA_TNG cmd_netlogon.c Log Message: fixing up NETLOGON usage. password validation must now go through password_ok() which checks server security, domain security followed by unix pwdb. if using "encrypted sswords = yeses", you _must_ now run netlogond. if using "security = user", you _must_ add a workstation trust account your_own_server_name$ to unix pwdb _and_ follow it up with smbpasswd -a -j your_own_server_name$ _or rpcclient -S your_server -Uadmin%pass -l log lsaquery createuser your_owk_server_name$ -j both smbpasswd _or_ rpcclient _must_ be run as root. (this may change for rpcclient in the near future, if i implement LsaSetPrivateData to set the trust account, remotely). From tavis at mahler.econ.columbia.edu Mon Jan 3 03:51:23 2000 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:46 2003 Subject: preexec Message-ID: I'm not sure if this is off-topic or not.... I've set up a pre-exec script in smb.conf to put my motd out to my client boxes when they log on: preexec = csh -c 'cat /etc/motd | /usr/local/samba/bin/smbclient \ -M %m -I %I' & It works fine (as long as the motd is under 1k), except that it executes at least twice and sometimes more at each login. Does anyone know what might be going on? (I'm running the HEAD from about 6 months ago on Dec Unix 4.0F against NT4sp5. I'd be happy to send along my smb.conf if anyone wants it.) Thanks, Tavis -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From sharpe at ns.aus.com Sun Jan 2 17:23:18 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:46 2003 Subject: preexec In-Reply-To: Message-ID: <3.0.6.32.20000103032318.01b10210@mail.adelaide.on.net> At 02:54 PM 1/3/00 +1100, Tavis Barr wrote: > >I'm not sure if this is off-topic or not.... > >I've set up a pre-exec script in smb.conf to put my motd out to my client >boxes when they log on: > > preexec = csh -c 'cat /etc/motd | /usr/local/samba/bin/smbclient \ > -M %m -I %I' & > >It works fine (as long as the motd is under 1k), except that it executes >at least twice and sometimes more at each login. Does anyone know what >might be going on? A Windows 9x client actually connects to the netlogon share twice during logon. Once for the netlogon script, and once for profile access. This means that you must either write something that is idempotent or check how many times you have been run. >(I'm running the HEAD from about 6 months ago on Dec Unix 4.0F against >NT4sp5. I'd be happy to send along my smb.conf if anyone wants it.) > >Thanks, >Tavis > > > >-------------------------------------------------------- > >Tavis Barr ,-~~-.___. >Senior Systems Coordinator / | ' \ >Institute for Social and Economic ( ) 0 > Theory and Research \_/-, ,----' >509E Int'l Affairs Bldg ==== // >Columbia University / \-'~; /~~~(O) >212-854-4237 / __/~| / | >tavis@mahler.econ.columbia.edu =( _____| (_________| > >--------------------------------------------------------- > > > > > > > > > > > > > > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From rad2921 at cup.edu Mon Jan 3 07:03:23 2000 From: rad2921 at cup.edu (Tim Radigan) Date: Tue Dec 2 02:27:46 2003 Subject: question.. Message-ID: <001a01bf55b8$abf88e80$0e7d0904@default> is there a way to create a script or an executable to run a program with certain parameters on my freebsd box through winnt? what i would like to accomplish is this: at the house i live in at college, all five of us are connected to my freebsd box, which in turn is our server for a network game we play.. the server for the game is in linux format.. and it tends to get a little annoying starting the server from my unix box all the time.. is there a way to start the game server through samba from my nt machine? i know this isn't on topic, but any help would be appreciated.. Tim Radigan From alpha at ductape.net Mon Jan 3 07:18:36 2000 From: alpha at ductape.net (Jeremy R. Sliwinski) Date: Tue Dec 2 02:27:46 2003 Subject: Problem with Samba as PDC Message-ID: <38704D4C.8D56FAEE@ductape.net> Hi all, I'm new here and just wanted to say to start off.... Secondly... I have sucessfully started up and logged into my Samba server, set up as the PDC with encryption. The problem comes later when the NT box tries to load the profiles... It says the PDC can not be found and that it is going to use a locally cached copy instead... Now, if I logged into the PDC, why can't NT find it when it needs to load the profile.... Thanks. Jeremy -- ------------------------------ Jeremy R. Sliwinski http://www.ductape.net/~alpha/ Eternity Technologies 214 Arlington Drive alpha@ductape.net Luling, LA 70070-3048 FuzzyLogicChip@cs.com There are 366 days remaining... -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOGwv+E7scSyaHrnzEQL0igCfXrs8A34rtwn37MEt66eJTvb3SmIAnjFb K0gavkVZYXhynKAXQTUAdALO =jnUf -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: alpha.vcf Type: text/x-vcard Size: 235 bytes Desc: Card for Jeremy R. Sliwinski Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000103/77d791d7/alpha.vcf From giulioo at pobox.com Mon Jan 3 08:44:44 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:46 2003 Subject: question.. In-Reply-To: <001a01bf55b8$abf88e80$0e7d0904@default> References: <001a01bf55b8$abf88e80$0e7d0904@default> Message-ID: <20000103084423.2EDEF87F1@i3.golden.dom> On Mon, 3 Jan 2000 18:09:12 +1100, hai scritto: >is there a way to create a script or an executable to run a program with >certain parameters on my freebsd box through winnt? see if "magic script" in "man smb.conf" does what you want. -- giulioo@pobox.com From s_colombo at iol.it Mon Jan 3 09:01:09 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:46 2003 Subject: R: Guest user - different password In-Reply-To: <19991231183703.8288426E6A@i3.golden.dom> Message-ID: Hi Giulio , with guest user I meant a generic user which must have no password because it should be used for all the users I didn't allow particular rights. I didn't find the "map to guest " parameter in any docs , even using samba, so what's "bad user " stands for ? A real user or is a keyword ? The problem with my configuration is that the map is done correctly , any user is mapped to the guest apsf , but since the passwords don't match the connection is refused . However I 'll try your advice and keep you ( all ) informed . Stefano Colombo ( scolombo@cdmtc.it ) System / Network Engineer CDM Tecnoconsulting SPA v. M.L.King 38/2 40132, Bologna Italy tel : +39 051 4132611 fax : +39 051 4132627 WEB : http://www.cdmtc.it -----Messaggio originale----- Da: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]Per conto di Giulio Orsero Inviato: venerdi 31 dicembre 1999 21.07 A: Multiple recipients of list SAMBA-NTDOM Oggetto: Re: Guest user - different password On Thu, 30 Dec 1999 03:25:11 +1100, hai scritto: > I did setup a guest user which must have no password , so I manually >edited the apfs's password field in the private/smbpasswd file and set it to >NO PASSWORDXXXXXXXXXXXXXX > > Now I mapped several windows users to the apsf guest user in the >username.map file If by "guest user" you mean the samba "guest user", then do it in another way: - don't do any manual mappings - take out apsf from smbpasswd - in smb.conf: ==== security = user map to guest = bad user guest account = apsf (or another user) [myshare] path = /path/dir guest ok = yes writable = yes ==== make /path/dir readable by the apsf (or another user) user. User which don't provide a good userid will be mapped to the guest user and will be able to access the share. If by "guest user" you mean something else then ignore what I've written :) -- giulioo@pobox.com From alpha at ductape.net Mon Jan 3 09:49:03 2000 From: alpha at ductape.net (Jeremy R. Sliwinski) Date: Tue Dec 2 02:27:46 2003 Subject: Problem with Samba as PDC References: <38704D4C.8D56FAEE@ductape.net> Message-ID: <3870708F.E6DB9C34@ductape.net> Sorry bout this... Okay, it appears that this problem has been fixed, but a new one has come up... Now when I log in, the computer makes an entirely new profile ( just like I've never logged in.) I copied my profile from the local machine using the option in the System | User profiles, but that did not work. I even tried rename the NTuser.dat file to NTuser.man, and that still did not work... I used TCPdump to analyze the traffic between my computer and the server ( switched Ethernet ) and it looks like the NT box is saving the profile, but it never reads the profiles when it starts up... I using on my Windows box: Win NT 4 workstation with Service Pack 4 My server is: Red Hat Linux 5.2 w/ Samba 2.0.4b (??? I remember upgrading this sucker ???) Kernel version : 2.2.12 Any help would be appreciated... Thanks, Jeremy "Jeremy R. Sliwinski" wrote: > Hi all, > I'm new here and just wanted to say to start off.... > > Secondly... I have sucessfully started up and logged into my Samba > server, set up as the PDC with encryption. The problem comes later > when the NT box tries to load the profiles... It says the PDC can not be > found and that it is going to use a locally cached copy instead... Now, > if I logged into the PDC, why can't NT find it when it needs to load the > profile.... Thanks. > > Jeremy > > -- > ------------------------------ > Jeremy R. Sliwinski http://www.ductape.net/~alpha/ > > Eternity Technologies > 214 Arlington Drive alpha@ductape.net > Luling, LA 70070-3048 FuzzyLogicChip@cs.com > > There are 366 days remaining... > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > > iQA/AwUBOGwv+E7scSyaHrnzEQL0igCfXrs8A34rtwn37MEt66eJTvb3SmIAnjFb > K0gavkVZYXhynKAXQTUAdALO > =jnUf > -----END PGP SIGNATURE----- -- ------------------------------ Jeremy R. Sliwinski http://www.ductape.net/~alpha/ Eternity Technologies 214 Arlington Drive alpha@ductape.net Luling, LA 70070-3048 FuzzyLogicChip@cs.com There are 366 days remaining... -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOGwv+E7scSyaHrnzEQL0igCfXrs8A34rtwn37MEt66eJTvb3SmIAnjFb K0gavkVZYXhynKAXQTUAdALO =jnUf -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: alpha.vcf Type: text/x-vcard Size: 235 bytes Desc: Card for Jeremy R. Sliwinski Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000103/ca03c021/alpha.vcf From lk at netuse.de Mon Jan 3 15:17:49 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:46 2003 Subject: compileproblems with cvs from 03.january.2000(SAMBA_TNG) Message-ID: <3870BD9D.A986CCB5@netuse.de> Hello! I tried to compile the current cvs. But at linking time the symbol "inet_aton" was not found. I had manualy added "lresolv" to the linker options. After that i was able to link smbd and the other programms. That's the output from uname -a: SunOS weigon 5.7 Generic_106541-07 sun4u sparc SUNW,Ultra-5_10 Maybe someone can fix this. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From kevinc at grainsystems.com Mon Jan 3 15:31:31 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:46 2003 Subject: question.. References: <001a01bf55b8$abf88e80$0e7d0904@default> Message-ID: <3870C0D3.6636AE2F@grainsystems.com> Tim Radigan wrote: > > is there a way to create a script or an executable to run a > program with certain parameters on my freebsd box through winnt? The consensus on remotely administering unix services through Samba seemed pretty negative. Unfortunately, that sounds like exactly what you want. - Kevin Colby kevinc@grainsystems.com From alpha at ductape.net Mon Jan 3 17:04:47 2000 From: alpha at ductape.net (Jeremy R. Sliwinski) Date: Tue Dec 2 02:27:46 2003 Subject: question.. References: <001a01bf55b8$abf88e80$0e7d0904@default> Message-ID: <3870D6AF.5C624D48@ductape.net> Tim Radigan wrote: > is there a way to create a script or an executable to run a program with > certain parameters on my freebsd box through winnt? You may be able to use something like rsh to start up your server program. As well, Telnetting in might also be a solution ( I used to do this with my Quakeworld server ). Check out the man page for rsh and see if that will do what you need. Jeremy -- ------------------------------ Jeremy R. Sliwinski http://www.ductape.net/~alpha/ Eternity Technologies 214 Arlington Drive alpha@ductape.net Luling, LA 70070-3048 FuzzyLogicChip@cs.com There are 366 days remaining... -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOGwv+E7scSyaHrnzEQL0igCfXrs8A34rtwn37MEt66eJTvb3SmIAnjFb K0gavkVZYXhynKAXQTUAdALO =jnUf -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: alpha.vcf Type: text/x-vcard Size: 235 bytes Desc: Card for Jeremy R. Sliwinski Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000103/480e3e9e/alpha.vcf From lkcl at samba.org Mon Jan 3 19:38:00 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:46 2003 Subject: Combined use of samba cvs main and SAMBA_TNG Message-ID: finally! a way to get the best of samba cvs main (development version 3.0, derived from the 2.0.x tree) and samba, the next generation (nt domains for unix project). it's really, really simple. download, compile and run samba cvs main's smbd, nmbd etc. download, compile and follow instructions in SAMBA_TNG branch's source/README file, *except*, do not run smbd and nmbd from SAMBA_TNG. the cvs main smbd will automatically check for the msrpc services running [from the SAMBA_TNG branch]. if it doesn't find them, cvs main smbd will fall back to using its own, internal msrpc code. the only slight issue that's going to bother you if you do this is cvs main smbd will not recognise any of the SAMBA_TNG smb.conf parameters... if you use any of them. for example "client ntlmv2" and "server ntlmv2" are supported by SAMBA_TNG but not by cvs main. luke (samba team) From lk at netuse.de Mon Jan 3 20:10:17 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:46 2003 Subject: Howto start samba tng? Message-ID: <38710229.EA06FF31@netuse.de> Which programms must run, when i use the cvs code from 03-01-2000. I want to make a presentation about samba. With samba-2.0.6 i have no problems and i know how to configure it. I have checked out the samba-tng branch, and compiled it on linux and solaris. After watching in /bin/ i saw many new programms. Due the lack of knowledge i started any programm that ends with *d. Now any needed daemon should run. As the next step i executed convert_smbpasswd to fill up smbpasswd with the users from /etc/passwd. Now i want to change the passwort for root. But after executing ./smbpasswd i get following message: knecke:/opt/samba-tng/bin # ./smbpasswd LSA_QUERYINFOPOLICY: NT_STATUS_UNSUCCESSFUL lsa query info failed Can't setup password database vectors. Can someone help me? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lynn at cis.usouthal.edu Mon Jan 3 21:34:44 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:46 2003 Subject: password for cvs.samba.org Message-ID: <200001032134.PAA12857@cis.usouthal.edu> Hello everyone, I am trying to connect to cvs@cvs.samba.org through pserver as instructed in the Using Samba book. However I get the request for a password. Can someone tell me how I set it up so I can access the repository? Thanks. Keith Lynn From rajeeva at research.bell-labs.com Mon Jan 3 21:43:11 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:46 2003 Subject: Howto SAMBA_TNG ? References: <38710229.EA06FF31@netuse.de> Message-ID: <387117EF.253CDCE@research.bell-labs.com> Hi, I have compiled latest samba_tng code and running all the daemons provided with new code, on A RH6.1 (2.2.12 kernel). When I try to connect from NT, the connectin fails and in the log message, I get messages about internal error: panic. Also, I cannot add users/change paswords using smbpasswd command. I get prompted for password but the passowrd change fails. Here is my smb.conf [global] comment = Samba %v workgroup = workgroup netbios name = print interfaces = 135.104.27.6/255.255.254.0 135.104.54.47/255.255.255.0 printing = lprng printer driver file = /LPRng/samba/lib/printers.def debug level = 10 case sensitive = no map to guest = bad password smb passwd file = /LPRng/samba/private/smbpasswd username map = /LPRng/samba/lib/user.map printcap name = /LPRng/lpd_printcap print command = /LPRng/current/bin/lpr -P%p -Zhost=%m -r %s lpq command = /LPRng/current/bin/lpq -P%p lprm command = /LPRng/current/bin/lprm -P%p %j load printers = yes guest account = nobody include = /LPRng/samba/lib/%U.conf browseable = yes log file = /LPRng/samba/var/log.%m max log size = 50 locing = yes lock directory = /LPRng/samba/var/locks share modes = yes security = user name resolve order = host wins nt forms file = /LPRng/samba/lib/nt/ntforms.def nt printer driver = /LPRng/samba/lib/nt nt pipe support = yes nt smb support = yes socket options = TCP_NODELAY os level = 64 preferred master = no domain master = no local master = no wins support = no wins server = 135.104.26.122 preserve case = yes short preserve case = yes encrypt passwords = yes .. .. .. TIA, rajeev From cartegw at Eng.Auburn.EDU Mon Jan 3 21:44:21 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:46 2003 Subject: password for cvs.samba.org References: <200001032134.PAA12857@cis.usouthal.edu> Message-ID: <38711835.67FF0BA1@eng.auburn.edu> Keith Lynn wrote: > > Hello everyone, > I am trying to connect to cvs@cvs.samba.org through pserver as instructed in the Using Samba book. However I get the request for a password. Can someone tell me how I set it up so I can access the repository? Thanks. > Keith Lynn see http://samba.org/cvs.html jerry -- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From s.striker at striker.nl Mon Jan 3 22:01:12 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:46 2003 Subject: password for cvs.samba.org In-Reply-To: <200001032134.PAA12857@cis.usouthal.edu> Message-ID: <000601bf5636$0c3f9720$0a00a8c0@office.striker.nl> Hi there, Let's see. I though the password was cvs... Look at the docs though on getting samba. It's on the site: http://www.samba.org. The book is fairly instructive though, I have it too. Don't forget that since the book went in print there were some modifications. The PDC code is now in the SAMBA_TNG branch (version 2.1 pre alpha). The client code is in the head branch. You can read about development at http://kt.linuxcare.com/KC/samba/ which is the Kernel Cousin for Samba. It's sort of a web magazine that moderates the five samba mailinglists into something nice and readable. Ofcourse you could also look through the mailing list archive. Greetings and good luck, Sander Striker > Hello everyone, > I am trying to connect to cvs@cvs.samba.org through pserver > as instructed in the Using Samba book. However I get the request > for a password. Can someone tell me how I set it up so I can > access the repository? Thanks. > Keith Lynn From mgeddes at xavier.sa.edu.au Mon Jan 3 22:20:40 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:47 2003 Subject: Regarding domain administrators References: Message-ID: <387120B7.A2B6C96B@xavier.sa.edu.au> Just got back from holidays and couldn't see a reply in the 300 odd mesages in my inbox, so sorry if I repeat someone.... > HOW do I give domain admin status to a user or group? > > I tried the newest CVS build and neither > domain admin group > or > domain group map > parameters in the smb.conf file worked. > > Samba 2.0.5a and 2.0.6 worked fine for me. Do your logs say anything about logins/authentication at all? You can try 'Admin Users = ????'. This makes the said users connect as uid 0 / gid 0. > every time I tried to run server manager, I got "access denied" and every > time I tried user manager for domains I got > "A Remote Procedure Call (RPC) protocol error occurred. Do you want to > select another domain...." > Any ideas? You'll get that with Samba. Although, I was under the impression that some CVS builds had limited support. Thanks, Matt From mgeddes at xavier.sa.edu.au Mon Jan 3 22:32:05 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:47 2003 Subject: Windows 2000 Beta 3 and Samba References: <38678225.B8566FB6@c2i.net> Message-ID: <38712365.2E23CD89@xavier.sa.edu.au> Ingar Rune Steinsland wrote: > Hi, > > I cannot connect to my Samba 2.0 fileserver from Windows 2000. Samba > refuses to accept my username/password. > > I had the same problem on Windows98. On W98 I had to set set following > key in > the registry: > > My > Computer\HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\VxD\VNETSUP > > EnablePlainTextPassword=1 > > But this does not work (as expected) under Windows 2000. > > What should I do? > > Thanks in advance, > Ingar > > -- > ________________________________________________________________ > Ingar Rune Steinsland, Orkim Data AS, Kordahlvn 13, 1591 > Sperrebotn,Norway > Tlf: 47+64856178/69288577/90055401/88001287 Fax: > 47-69288353 > email: ingar@c2i.net web: > http://www.home.sol.no/~ingar/ > ________________________________________________________________ Hi, I usually prefer to have 'encrypt passwords = yes' in smb.conf. In my experience, it's easier to get Linux to be nice to Windows than it is to get Windows to be nice to Linux. Have a look at encryption.txt and password.txt in the samba docs. I also believe that Samba (2.05a and 2.0.6 anyway) came with a .reg file for Windows 2000. Matt From mgeddes at xavier.sa.edu.au Mon Jan 3 22:51:29 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:47 2003 Subject: Samba as a PDC for Win NT 4.0 Message-ID: <387127F1.87B6C89A@xavier.sa.edu.au> Hi guys, Myself and a friend have tried getting Samba to act as a PDC for NT. Neither of us can make it work. We've tried SP3 and SP5 machines, we've created the machines accounts in /etc/* and with smbpasswd. We have also tried encrypted and non-encrypted passwords (with and withou the various registry entries). I know NT PDC support isn't official, but I was sure I had it working before. Does anyone got any ideas? Thanks heaps, Matt and co. From lynn at cis.usouthal.edu Mon Jan 3 22:49:01 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:47 2003 Subject: Samba on Solaris 2.7 Message-ID: <200001032249.QAA23612@cis.usouthal.edu> Has anyone installed the latest version of Samba on Solaris 2.7. I downloaded it through CVS, configure goes through correctly, but when I run make, inside the lib subdirectory I get the following. Compiling lib/util_sock.c lib/util_sock.c: In function `open_pipe_sock': lib/util_sock.c:1051: storage size of `sa' isn't known lib/util_sock.c: In function `create_pipe_socket': lib/util_sock.c:1081: storage size of `sa' isn't known *** Error code 1 make: Fatal error: Command failed for target `lib/util_sock.o' Does anyone know how to get around this problem? Thanks. Keith Lynn From johan at kvalito.no Mon Jan 3 23:09:24 2000 From: johan at kvalito.no (=?ISO-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:27:47 2003 Subject: latest cvs Message-ID: Hi, I have this problem; I have (almost) the latest (samba-2.1-20000102.tar.gz) pdc-code from http://sernet.pair.com/ , but I can't enable smbmount compiling (yes i'm running linux), and SWAT seems broken... Is this correct or am I doing something wrong? /Johan --------------------------------- * Johan ?stensson * johan@kvalito.no * +46(0)736548283 --------------------------------- From atristan at acacia.ucr.edu Mon Jan 3 23:40:34 2000 From: atristan at acacia.ucr.edu (Andrew Tristan) Date: Tue Dec 2 02:27:47 2003 Subject: latest cvs compile probs Message-ID: <20000103234034.D593627E99@acacia.ucr.edu> Got the following while compiling the latest cvs (obtained today) under SunOS 5.7 with WorkShop Compilers 5.0 98/12/15 C 5.0 (I had the same problem with SunOS 5.6 and the 4.2 compiler); I guess the complaint is about the occurrence of "__FUNCTION__" in the definition of CHECK_STRUCT in include/ntdomain.h? Am I doing something stupid or what? Thanks, Andrew Compiling rpc_parse/parse_prs.c "rpc_parse/parse_prs.c", line 37: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 46: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 76: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 85: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 101: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 110: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 127: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 143: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 157: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 175: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 199: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 222: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 251: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 277: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 305: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 333: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 362: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 391: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 420: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 449: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 476: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 503: cannot recover from previous errors cc: acomp failed for rpc_parse/parse_prs.c *** Error code 2 make: Fatal error: Command failed for target `rpc_parse/parse_prs.o' -- andrew.tristan@ucr.edu Unix Systems Group, UC Riverside From David.Bear at asu.edu Tue Jan 4 00:00:24 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:47 2003 Subject: file dates changing Message-ID: Issue: When a user copies a file from an smbclient to the samba server, the date of the file on the server is set to the day the file was copied. This seems to apply to either copy or move operations. The user is using the windows explorer to do the file copy operations. Is there a way to have samba keep the original date of the file rather than stamping it the date of copy? David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From sharpe at ns.aus.com Mon Jan 3 03:55:05 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:47 2003 Subject: Windows 2000 Beta 3 and Samba In-Reply-To: <38712365.2E23CD89@xavier.sa.edu.au> References: <38678225.B8566FB6@c2i.net> Message-ID: <3.0.6.32.20000103135505.00b79540@mail.adelaide.on.net> At 09:25 AM 1/4/00 +1100, Matthew Geddes wrote: >Ingar Rune Steinsland wrote: > >> Hi, >> >> I cannot connect to my Samba 2.0 fileserver from Windows 2000. Samba >> refuses to accept my username/password. >> >> I had the same problem on Windows98. On W98 I had to set set following >> key in >> the registry: >> >> My >> Computer\HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\VxD\VNETSUP >> >> EnablePlainTextPassword=1 >> >> But this does not work (as expected) under Windows 2000. While what Matt says below is correct, it can be a hassle to move to encrypted passwords. What I found when I was testing all this a while ago now is that you need to reboot Win 2000 before it takes notice of the plaintext password hack. >> What should I do? >> >> Thanks in advance, >> Ingar >> >> -- > >Hi, > >I usually prefer to have 'encrypt passwords = yes' in smb.conf. In my >experience, it's easier to get Linux to be nice to Windows than it is to get >Windows to be nice to Linux. Have a look at encryption.txt and password.txt >in the samba docs. I also believe that Samba (2.05a and 2.0.6 anyway) came >with a .reg file for Windows 2000. > >Matt Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From trupham at network.viettre.com Tue Jan 4 06:38:39 2000 From: trupham at network.viettre.com (Tru Pham) Date: Tue Dec 2 02:27:47 2003 Subject: latest cvs In-Reply-To: Message-ID: I'm having the same problems too whenever I tried to compile the latest CVS code from sernet.pair.com. Anyone knows the solutions? Another problem that I encountered was the the lsarpcd daemon always get segfault whenever I tried to use Windows 2000 to join the domain. I got a core file about almost 2 MB, I debug the core file by "gdb lsarpcd core" then what I got was a __kill() signal from /lib/libc.so.6. Why is that? I'm badly needing your expert helps? Thanks a bunch!!!!!! P.S: I'm running Mandrake Linux 7.0 Beta with kernel 2.2.14 From jeremy at valinux.com Tue Jan 4 03:35:00 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:47 2003 Subject: file dates changing References: Message-ID: <38716A64.3AE86050@valinux.com> Here is a patch to the 2.0.6 codebase to fix this problem. Unfortunately we did not receive this patch in time for the 2.0.6 release. This fix will be in Samba 2.0.7. Regards, Jeremy Allison, Samba Team. -------------------cut here--------------------------------- --- /home/jeremy/tmp/samba-2.0.6/source/smbd/trans2.c Wed Nov 10 18:36:11 1999 +++ smbd/trans2.c Tue Dec 21 11:10:31 1999 @@ -1694,14 +1694,25 @@ case SMB_SET_FILE_BASIC_INFO: { + /* Patch to do this correctly from Paul Eggert . */ + time_t write_time; + time_t changed_time; + /* Ignore create time at offset pdata. */ /* access time */ tvs.actime = interpret_long_date(pdata+8); - /* write time + changed time, combined. */ - tvs.modtime=MIN(interpret_long_date(pdata+16), - interpret_long_date(pdata+24)); + write_time = interpret_long_date(pdata+16); + changed_time = interpret_long_date(pdata+24); + + tvs.modtime = MIN(write_time, changed_time); + + /* Prefer a defined time to an undefined one. */ + if (tvs.modtime == (time_t)0 || tvs.modtime == (time_t)-1) + tvs.modtime = (write_time == (time_t)0 || write_time == (time_t)-1 + ? changed_time + : write_time); #if 0 /* Needs more testing... */ /* Test from Luke to prevent Win95 from -------------------cut here--------------------------------- -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From trupham at network.viettre.com Tue Jan 4 07:49:16 2000 From: trupham at network.viettre.com (Tru Pham) Date: Tue Dec 2 02:27:47 2003 Subject: LSARPCD FAILED In-Reply-To: <000601bf5636$0c3f9720$0a00a8c0@office.striker.nl> Message-ID: Ok...I started ALL the daemons in the new 2.1-prealpha code. Everything seems to be fine, but when I do: rpcclient -S MYSERVER -UAdministrator%password -l log Then, [Administrator@MYSERVER] lsaquery What I got back was this error message: lsaquery socket connect to /tmp/.smb.0/agent failed error connecting to my.server.ip.here:445 (Connection refused) ....then some information from the MYSERVER.SID file Any ideas on how I can open the 445 port???????? Thanks again! From lk at netuse.de Tue Jan 4 12:52:30 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Samba on Solaris 2.7 References: <200001032249.QAA23612@cis.usouthal.edu> Message-ID: <3871ED0E.323B2A2@netuse.de> Keith Lynn wrote: > > Has anyone installed the latest version of Samba on Solaris 2.7. I downloaded it through CVS, configure goes through correctly, but when I run make, inside the lib subdirectory I get the following. > > Compiling lib/util_sock.c > lib/util_sock.c: In function `open_pipe_sock': > lib/util_sock.c:1051: storage size of `sa' isn't known > lib/util_sock.c: In function `create_pipe_socket': > lib/util_sock.c:1081: storage size of `sa' isn't known > *** Error code 1 > make: Fatal error: Command failed for target `lib/util_sock.o' > > Does anyone know how to get around this problem? Thanks. > Keith Lynn I got this error also! Output from uname -a: SunOS weigon 5.7 Generic_106541-07 sun4u sparc SUNW,Ultra-5_10 Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From maillist at nudaymedia.com Tue Jan 4 14:15:47 2000 From: maillist at nudaymedia.com (Chavous P. Camp) Date: Tue Dec 2 02:27:47 2003 Subject: CVS compile from http://sernet.pair.com/ Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey folks... I got the following error when I compiled the samba-2.1 source from sernet.pair.com. The timestamp on the tarball was 03 January 2000 23:47 Here is the error: client/smbmount.c: In function `close_our_files': client/smbmount.c:242: `NR_OPEN' undeclared (first use in this function) client/smbmount.c:242: (Each undeclared identifier is reported only once client/smbmount.c:242: for each function it appears in.) make: *** [client/smbmount.o] Error 1 any ideas? - ---- Chavous P. Camp chavousc@nudaymedia.com NuDay Media, Inc. Columbia, SC -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOHIAaGJw39BzDJ9pEQLY6ACgk2U47IWbBo5gZELMewml5r5VZ9wAn2d4 zY5r7FqiAIHS1XHn4eYDQ/b8 =IVhU -----END PGP SIGNATURE----- From jlists at siphoto.com Tue Jan 4 14:55:55 2000 From: jlists at siphoto.com (Jason Levine's List Subscription) Date: Tue Dec 2 02:27:47 2003 Subject: Bug with NetBIOS scope & syncing browser lists Message-ID: <3870D0FF@webmail.siphoto.com> (Sorry about the crosspost -- I realized that this bug report may be more appropriate on the NT Domain list, since it's a domain vs. local browse master issue.) I think that I have discovered a bug in samba (I'm now running v2.0.6) when a NetBIOS scope ID is being used. Essentially, samba will use the configured scope ID for everything *except* for when nmbd tries to do a node status on the PDC as part of syncing the browser lists; when it does that node status, it does it *without* the scope ID, and it (predictably) fails. Our network consists of a main IP subnet which contains the primary domain controller, the WINS server, etc. on it, and then a few different IP subnets that also participate in the Windows networking domain. The whole network has a single NetBIOS scope ID set, for internal security requirement reasons. Each of the different subnets, obviously, has to have a master browser on it; on one of them, that master browser is my samba box. In terms of configuration, both of the daemons (smbd and nmbd) are started up with the "-i [scopeID]" option. I have the samba box configured as the preferred master and to try to become a local master ("preferred master = yes" and "local master = yes"). When I start samba, nmbd (through its log file) tells me that it becomes the local master; 20 seconds later, it tells me that it was unable to sync browser lists. The exact error in the log file: [2000/01/03 15:35:20, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(265) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup [our domain] at IP [our PDC IP] failed. Cannot sync browser lists. When I do a network packet capture, the node status attempt doesn't use the scope ID at all, so it fails. (Of note, if I do a node status with nmblookup without a scope ID, the packet looks identical to the one that nmbd is sending out when it does the node status, and it fails; if I do the node status *with* the scope ID, then the packet shows that the scope ID is being used, and the node status succeeds.) This is a pretty big problem, for us at least -- it means that I can't use a NetBIOS scope ID and have a samba box take over as master browser for a subnet. Ugh! I just trawled through the souce, and I think I may know where the problem is; that being said, I can't write C to save my life, and can barely READ C, so I could be totally off on this one. It looks to me that, in nmbd/nmbd_browsesync.c, the function find_domain_master_name_query_success is where the problem's at. The lines: /* Now initiate the node status request. */ memset((char *)&nmbname, '\0',sizeof(nmbname)); nmbname.name[0] = '*'; look to me to be where the NMB packet is built that is used to do the node status query; it looks like the nmbname.scope should ALSO be set here. Again, I can read C (and follow includes and structure definitions in C) about as well as I can vocalize ancient Sanskrit, so I may be completely off on this. (I just wanted to contribute what I could, since I sure can't FIX the problem.) Thanks in advance for any help that y'all can provide! Jason Levine From lk at netuse.de Tue Jan 4 15:47:09 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Should samba-tng work? Message-ID: <387215FD.BD153470@netuse.de> Hello! Today(04.01.2000) morning i compiled samba-tng. I started all daemons from the bin directory. This is my smb.conf: [global] #debug level=10 domain group map = /opt/samba-tng/lib/domaingroup.map domain user map = /opt/samba-tng/lib/domainuser.map security = user workgroup=lars encrypt passwords = yes logon script = login.bat logon drive = u: domain logons = yes os level = 33 preferred master = yes domain master = yes wins support = yes socket options = TPC_NODELAY [test] path = /opt/samba-tng browseable=yes [homes] browseable=no I created a root account with "smbpasswd -a root.". After that i want to create the workstation trust account. ./rpcclient -S knecke -Uroot% -l log lsaquery LSA Query Info Policy Domain Member - Domain: LARS SID: S-1-5-21-1128320178-1863805954-1881749347 Domain Controller - Domain: LARS SID: S-1-5-21-1128320178-1863805954-1881749347 [root@KNECKE]$ createuser knecke$ -j createuser knecke$ -j SAM Create Domain User Domain: LARS Name: knecke$ ACB: [W ] Create Domain User: FAILED In the smbpasswd there after is a "knecke$"-entry. I the logfile log.smb file i found following errormessage: After "lsaquery" [2000/01/04 16:45:16, 0] lib/util_sock.c:set_socket_options(133) Unknown socket option TPC_NODELAY [2000/01/04 16:45:16, 1] smbd/reply.c:map_nt_and_unix_username(97) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/04 16:45:16, 0] passdb/smbpassfile.c:trust_password_lock(78) trust_password_lock: cannot open file /opt/samba-tng/private/LARS.KNECKE.mac - Error was Datei oder Verzeichnis nicht gefunden. [2000/01/04 16:45:16, 0] passdb/smbpassfile.c:trust_get_passwd(239) trust_get_passwd: unable to open the trust account password file for trust KNECKE in domain LARS. [2000/01/04 16:45:16, 1] smbd/reply.c:map_nt_and_unix_username(97) map_nt_and_unix_username: NT->Unix map DISABLED How can i create /opt/samba-tng/private/LARS.KNECKE.mac? -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From maillist at nudaymedia.com Tue Jan 4 16:06:13 2000 From: maillist at nudaymedia.com (Chavous P. Camp) Date: Tue Dec 2 02:27:47 2003 Subject: Full names and user managers Message-ID: Folks, I finally managed to get the SAMBA_TNG code. I had to get it from sernet.pair.com. Anyway, Full names show up as I don't mean that the correct name shows up there. I mean the words "Full Name" show up in brackets everywhere the full name of the current user is referenced. For example, I lock my workstation, it says this workstation has been locked by . Ok, so it's no big deal. Its only aesthetic. :) but if anyone knows a fix for it I'd love to hear it. The smbpasswd file does indeed have full names listed after each user name. Next on the list - the user manager. It is still telling me that an RPC error occurred. I thought someone said that the user manager for domains SHOULD work under samba.... This isn't as big of a deal either, as I have no problem going to my SSH client to add a user. I like the new multiple daemon architecture, by the way :). ---- Chavous P. Camp hunter@sourcehunter.com Sourcehunter Group Columbia, SC From richard.ferris at ncn.ac.uk Tue Jan 4 16:08:35 2000 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:27:47 2003 Subject: Problems with 2.0.6 binaries on IRIX Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B198AF45@VOYAGER> Hi, I've recently tried to upgrade from samba 2.0.4 to 2.0.6 on the latest patched version of IRIX 6.5. I've used the binaries from one of the samba mirrors but very strange things are happening after the install. Word complains that files on the server are corrupt but when I copy them down locally I can open them fine. Also I have various bits of software stored on the server used for installing onto client PC's - NT starts to run them but gives up halfway through with a protection fault - same again - I copy the software from the server and run the installation from the local hard disk and it runs OK???? I've managed to downgrade back to 2.0.4a so I've solved the problem but I would really like to get the latest production release running! Has anyone any ideas or had similar problems with any of the binaries on IRIX? Many Thanks Richard Richard Ferris - Visions Systems Analyst Visions Project Clarendon City College Stoney Street Nottingham NG1 1NG Tel: 0115 9104 566 Pager: 0766 6843 706 From greg at discreet.com Tue Jan 4 16:32:57 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:47 2003 Subject: latest HEAD CVS does not compile? Message-ID: HI, This is the CVS HEAD branch from today more include/version.h #define VERSION "pre-3.0.0" Any ideas? cc-1070 cc: ERROR File = lib/util_sock.c, Line = 1051 The indicated type is incomplete. struct sockaddr_un sa; ^ cc-1070 cc: ERROR File = lib/util_sock.c, Line = 1081 The indicated type is incomplete. struct sockaddr_un sa; ^ 2 errors detected in the compilation of "lib/util_sock.c". *** Error code 2 (bu21) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From trupham at network.viettre.com Tue Jan 4 20:46:14 2000 From: trupham at network.viettre.com (Tru Pham) Date: Tue Dec 2 02:27:47 2003 Subject: CVS compile from http://sernet.pair.com/ In-Reply-To: Message-ID: You have two options here: 1. Declare NR_OPEN as an integer type with value 256. 2. Find out where NR_OPEN is and change it to 256. This worked for me! That's all! Good Luck! On Wed, 5 Jan 2000, Chavous P. Camp wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey folks... > I got the following error when I compiled the samba-2.1 source from > sernet.pair.com. The timestamp on the tarball was 03 January 2000 > 23:47 > Here is the error: > client/smbmount.c: In function `close_our_files': > client/smbmount.c:242: `NR_OPEN' undeclared (first use in this > function) > client/smbmount.c:242: (Each undeclared identifier is reported only > once > client/smbmount.c:242: for each function it appears in.) > make: *** [client/smbmount.o] Error 1 > > > any ideas? > > - ---- > Chavous P. Camp > chavousc@nudaymedia.com > NuDay Media, Inc. > Columbia, SC > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > > iQA/AwUBOHIAaGJw39BzDJ9pEQLY6ACgk2U47IWbBo5gZELMewml5r5VZ9wAn2d4 > zY5r7FqiAIHS1XHn4eYDQ/b8 > =IVhU > -----END PGP SIGNATURE----- > From s.striker at striker.nl Tue Jan 4 14:48:36 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:47 2003 Subject: CVS compile from http://sernet.pair.com/ In-Reply-To: Message-ID: <000901bf56c2$c7b7f830$0a00a8c0@office.striker.nl> Try checking out through CVS. I recently checked out (today ;) and it compiles fine. For instructions on cvs see http://samba.org/cvs.html. Greetings, Sander Striker > Hey folks... > I got the following error when I compiled the samba-2.1 source from > sernet.pair.com. The timestamp on the tarball was 03 January 2000 > 23:47 > Here is the error: > client/smbmount.c: In function `close_our_files': > client/smbmount.c:242: `NR_OPEN' undeclared (first use in this > function) > client/smbmount.c:242: (Each undeclared identifier is reported only > once > client/smbmount.c:242: for each function it appears in.) > make: *** [client/smbmount.o] Error 1 > > > any ideas? > > - ---- > Chavous P. Camp > chavousc@nudaymedia.com > NuDay Media, Inc. > Columbia, SC > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > > iQA/AwUBOHIAaGJw39BzDJ9pEQLY6ACgk2U47IWbBo5gZELMewml5r5VZ9wAn2d4 > zY5r7FqiAIHS1XHn4eYDQ/b8 > =IVhU > -----END PGP SIGNATURE----- > > From trupham at network.viettre.com Tue Jan 4 21:07:46 2000 From: trupham at network.viettre.com (Tru Pham) Date: Tue Dec 2 02:27:47 2003 Subject: CVS compile from http://sernet.pair.com/ In-Reply-To: Message-ID: There's a new problem came up! The NR_OPEN had been resolved, but the and the linkage of the executable smbmount, I got the clientgen.o underfined reference to serveral functions. I looked at the code and see that those functions are not defined in the clientgen.c. The function prototype is defined in the proto.h, but never get "developed" in the clientgen.c file. I looked at the other file that has this function, then these functions are defined in them. I don't know why, but I'm trying to debug it. Any help please......and it would be greatly appreciated!!!!! Thanks much and have a great day! From charnet at xandmail.fr Tue Jan 4 17:28:43 2000 From: charnet at xandmail.fr (sam) Date: Tue Dec 2 02:27:47 2003 Subject: control login from win95-98 Message-ID: <000801bf56d9$265a3040$3b000001@xandmail.com> I begin to try to configure samba (2.0.5a for linux) for control the login of a win95/win98 workgroup and i have this message in my log.snm file : [2000/01/04 15:57:41, 0] nmbd/nmbd_nameregister.c:register_name_response(112) register_name_response: server at IP 1.0.0.100 rejected our name registration of XAM<00> with error code 6 what does it mean? -------------- next part -------------- HTML attachment scrubbed and removed From s_colombo at iol.it Tue Jan 4 18:03:45 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:47 2003 Subject: R: Guest user - different password In-Reply-To: <20000103120258.53373.qmail@hotmail.com> Message-ID: It works Thanks -----Messaggio originale----- Da: Astral Projection [mailto:astral604@hotmail.com] Inviato: luned? 3 gennaio 2000 13.03 A: s_colombo@iol.it Oggetto: Re: Guest user - different password >From: "Stefano Colombo" >Reply-To: s_colombo@iol.it >To: Multiple recipients of list SAMBA-NTDOM >Subject: Guest user - different password >Date: Thu, 30 Dec 1999 03:24:44 +1100 > > >Hi, > I don't know if this is possible or already done before , but asking >does cost nothing :-) > > I did setup a guest user which must have no password , so I manually >edited the apfs's password field in the private/smbpasswd file and set it >to >NO PASSWORDXXXXXXXXXXXXXX > > Now I mapped several windows users to the apsf guest user in the >username.map file > These windows users , which are both 9x and NT , however have each a >different "windows" password so it seems they are not able to be >authenticated by the samba server . > Infact in the log files I can see the user apsf is rejected, because >the password didn't match. > > I thought that setting the user apsf without password would have >been enough , I remembered to add the null passwords = yes in the smb.conf >. > > It seems that something is wrong with the null password >configuration > Can anyone help > TIA > happy new year to all > >Stefano Colombo ( scolombo@cdmtc.it ) >System / Network Engineer >CDM Tecnoconsulting SPA >v. M.L.King 38/2 >40132, Bologna >Italy >tel : +39 051 4132611 >fax : +39 051 4132627 >WEB : http://www.cdmtc.it > > > ><< winmail.dat >> I had that problem since i added the "map to guest" set to "bad password" wich means "if th user does not exists and/or the password is bad then log him as guest". try it... ;) and happy new year. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From oswell at xcert.com Tue Jan 4 18:27:23 2000 From: oswell at xcert.com (Michael Oswell) Date: Tue Dec 2 02:27:47 2003 Subject: PDC refuses some passwords Message-ID: I have run into a problem recently which is driving me crazy. :) Our current setup is as follows: FreeBSD 2.2.8 server running Samba 2.0.5a The Samba server auths against an NT 4.0 Server (SP5). Certain NT machines in our network (NT 4.0 Server SP4), have problems accessing shares on the samba server. After a clean boot, they will be able to successfully access the shares for about 1/2 hour, at which time the server begins logging the following: password server PDC-VAN rejected the password If I try any other valid username/password for our network on one of these 'bad' clients, they fail as well. Rebooting the client appears to fix the problem for about a 1/2 hour, at which time they must reboot again. Any suggestions would be greatly appreciated :) Thanks.. Our Conf: ----------------- [global] workgroup = XCERT netbios name = mac-40 server string = Xcert Internal Fileserver local master = no security = server password server = pdc-van bdc-van yared-nt name resolve order = hosts bcast lmhosts wins load printers = no printing = bsd dns proxy = yes encrypt passwords = yes debug level = 3 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 max log size = 1024 lock directory = /data/samba/var/locks log file = /data/samba/var/log.%m max log size = 4000 username map = /data/samba/lib/username.map printcap name = /etc/printcap lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j queuepause command = /usr/sbin/lpc stop %p queueresume command = /usr/sbin/lpc start %p browsable = yes guest ok = no guest account = nobody ----- Michael Oswell Xcert International Inc. From fredrikf at jmeab.se Wed Jan 5 09:15:08 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:27:47 2003 Subject: No subject Message-ID: <000801bf575d$601001a0$6e00a8c0@ml.org> Hello.. I have a problem.. I can't logon my samba server whit windows 2000.. Im running samba 2.0.6...it work's fine in win9x but not win NT / 2000... Should i add something to smb.conf ? Please help me! -------------- next part -------------- HTML attachment scrubbed and removed From sharpe at ns.aus.com Mon Jan 3 21:31:58 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:47 2003 Subject: Win 2000 and Samba (was no subject) In-Reply-To: <000801bf575d$601001a0$6e00a8c0@ml.org> Message-ID: <3.0.6.32.20000104073158.01b2e5c0@mail.adelaide.on.net> Hi Frederik, You really should lose the HTML, it is rude around here :-( At 08:20 PM 1/5/00 +1100, Fredrik Falk wrote: > Im running samba 2.0.6...it work's fine in win9x but not win NT / >2000... Should i add something to smb.conf ? Please help me! Well, I could say that you have to add heaps of code to 2.0.6, but I will refrain :-) Samba 2.0.6 will never support Win 2000. Win 2000 is like NT, only worse (or better, depending on your POV :-). You need Samba-TNG, but it is in a state of flux at the moment (some would use a different but similar sounding adjective), so you might not get very far :-) Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lk at netuse.de Wed Jan 5 09:50:03 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Problem: Compiling rpc_server/srv_samr.c Message-ID: <387313CB.E19D1697@netuse.de> rpc_server/srv_samr.c is not compileable: Compiling rpc_server/srv_samr.c rpc_server/srv_samr.c: In function `api_samr_set_userinfo2': rpc_server/srv_samr.c:2262: structure has no member named `user_sess_key' rpc_server/srv_samr.c: In function `api_samr_set_userinfo': rpc_server/srv_samr.c:2362: structure has no member named `user_sess_key' Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From s.striker at striker.nl Wed Jan 5 10:00:52 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:47 2003 Subject: In-Reply-To: <000801bf575d$601001a0$6e00a8c0@ml.org> Message-ID: <001201bf5763$c00d9e40$0a00a8c0@office.striker.nl> Hi there, > Hello.. I have a problem.. I can't logon my samba server whit windows 2000.. Im running > samba 2.0.6...it work's fine in win9x but not win NT / 2000... What exactly doesn't work? Are you only unable to logon with Win2000 or are you unable to do this with NT too? Are you trying to run as a Domain Controller? > Should i add something to smb.conf ? Send your smb.conf, else we don't know what to add or remove. Greetings, Sander Striker From Skripi at hrzpub.tu-darmstadt.de Wed Jan 5 10:59:43 2000 From: Skripi at hrzpub.tu-darmstadt.de (Jens Skripczynski) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: ; from lkcl@samba.org on Tue, Jan 04, 2000 at 07:23:00AM +1100 References: Message-ID: <20000105115943.A1795@shadowland.sc> Luke Kenneth Casson Leighton: > finally! a way to get the best of samba cvs main (development version > 3.0, derived from the 2.0.x tree) and samba, the next generation (nt > domains for unix project). > > it's really, really simple. > > download, compile and run samba cvs main's smbd, nmbd etc. > > download, compile and follow instructions in SAMBA_TNG branch's > source/README file, *except*, do not run smbd and nmbd from SAMBA_TNG. > > the cvs main smbd will automatically check for the msrpc services running > [from the SAMBA_TNG branch]. if it doesn't find them, cvs main smbd will > fall back to using its own, internal msrpc code. Hi, I've got a small Problem with the Main Branch and TNG. I cannot add my NT WK to the Domain running Main and TNG. Yesterday on 04.01.2000 I downloaded the most recent version of both tree via cvs. Compiled both. I ran nmbd and smbd from the MAIN B.. And: srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd Adding the Workstation sucessfully via: smbpasswd -a -m tirnaorg But trying to add the Workstation in the Network Preferences failed: "No PDC for Privat found".... Is it just impossible to add a WKS via the Main Branch or did i do sth. wrong ? Where can i examine in the Logfiles wether smbd is using the old MSRPC or the new Deamon one ? Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From lkcl at samba.org Wed Jan 5 11:19:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <20000105115943.A1795@shadowland.sc> Message-ID: you will need to add your own samba server as a trust account: smbpasswd -a -m ny_sama_server On Wed, 5 Jan 2000, Jens Skripczynski wrote: > Luke Kenneth Casson Leighton: > > finally! a way to get the best of samba cvs main (development version > > 3.0, derived from the 2.0.x tree) and samba, the next generation (nt > > domains for unix project). > > > > it's really, really simple. > > > > download, compile and run samba cvs main's smbd, nmbd etc. > > > > download, compile and follow instructions in SAMBA_TNG branch's > > source/README file, *except*, do not run smbd and nmbd from SAMBA_TNG. > > > > the cvs main smbd will automatically check for the msrpc services running > > [from the SAMBA_TNG branch]. if it doesn't find them, cvs main smbd will > > fall back to using its own, internal msrpc code. > Hi, > > I've got a small Problem with the Main Branch and TNG. > I cannot add my NT WK to the Domain running Main and TNG. > > Yesterday on 04.01.2000 I downloaded the most recent version of both tree via > cvs. Compiled both. > > I ran nmbd and smbd from the MAIN B.. > And: srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd > > Adding the Workstation sucessfully via: > smbpasswd -a -m tirnaorg > > But trying to add the Workstation in the Network Preferences failed: > "No PDC for Privat found".... > > Is it just impossible to add a WKS via the Main Branch or did i do sth. > wrong ? > > Where can i examine in the Logfiles wether smbd is using the old MSRPC > or the new Deamon one ? > > Ciao > > Jens Skripczynski > -- > > E-Mail: skripi@hrzpub.tu-darmstadt.de > > Computers are like airconditioners: They stop working > properly if you open windows. > From s.striker at striker.nl Wed Jan 5 11:50:14 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <20000105115943.A1795@shadowland.sc> Message-ID: <001a01bf5773$0751a530$0a00a8c0@office.striker.nl> Hi, > Jens Skripczynski wrote: > I've got a small Problem with the Main Branch and TNG. > I cannot add my NT WK to the Domain running Main and TNG. > > Yesterday on 04.01.2000 I downloaded the most recent version of > both tree via > cvs. Compiled both. > > I ran nmbd and smbd from the MAIN B.. > And: srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd Are you running srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd before or after you run nmbd and smbd from the MAIN branch? I think this does make a difference. > Adding the Workstation sucessfully via: > smbpasswd -a -m tirnaorg > > But trying to add the Workstation in the Network Preferences failed: > "No PDC for Privat found".... > > Is it just impossible to add a WKS via the Main Branch or did i do sth. > wrong ? > > Where can i examine in the Logfiles wether smbd is using the old MSRPC > or the new Deamon one ? I think Luke can make things clear on this subject. Greetings, Sander Striker From steffen at easybrowse.com Wed Jan 5 11:45:14 2000 From: steffen at easybrowse.com (Steffen Ullrich) Date: Tue Dec 2 02:27:47 2003 Subject: Howto switch off roaming profiles Message-ID: <20000105124514.A21563@MAX.local> while everyone seems to have problems using roaming profiles I have them running, but like them switched off. Background: We have a linux server here using samba2.0.6 in share mode. Then we have an old NT server (4.0SP3) which only does logon and wins. I want to replace this server, because the company is growing and we don't like to buy more user licenses for the NT server. It looks like they never used roaming profiles, but whenever I try to setup the samba server as PDC (in user mode on a different IP then the share mode server) it tries to use them. I've tried disabling the profiles share, the logon path etc. parameter, but then it still tries to use roaming profiles (but complains that it can't access them). Any ideas? Related to this: I like to take the users settings on the machines into the new domain (Right now it creates a new profile). What's the best way to do this? From drabisan at hotmail.com Wed Jan 5 11:55:39 2000 From: drabisan at hotmail.com (Dragos Staicu) Date: Tue Dec 2 02:27:47 2003 Subject: Samba as an NT PDC Message-ID: <20000105115908.35595.qmail@hotmail.com> I wan tmore information about subject -------------- next part -------------- HTML attachment scrubbed and removed From fricke at team.owl-online.de Wed Jan 5 11:58:42 2000 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:27:47 2003 Subject: Antwort: Samba as an NT PDC Message-ID: Read the manuals. Good documentation how to set up Samba as NT PDC. -------------------------------------------------------------------------------------------------- Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.team.owl-online.de/ A bus station is where a bus stops A train station is where a train stops On my desk I have work station... From s.striker at striker.nl Wed Jan 5 12:30:58 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:47 2003 Subject: Samba as an NT PDC In-Reply-To: <20000105115908.35595.qmail@hotmail.com> Message-ID: <001e01bf5778$b8355c20$0a00a8c0@office.striker.nl> Hi, > I wan tmore information about subject So read the documentation. Greetings, Sander Striker PS. Blunt request, blunt reply From Mait at emt.ee Wed Jan 5 12:21:42 2000 From: Mait at emt.ee (Mait Mandel) Date: Tue Dec 2 02:27:47 2003 Subject: Howto switch off roaming profiles Message-ID: i have exactly the same problem, only thing is i use samba 3.x.x ... am i doing something wrong? rgrds Mait -----Original Message----- From: Steffen Ullrich [mailto:steffen@easybrowse.com] Sent: Wednesday, January 05, 2000 13:48 To: Multiple recipients of list SAMBA-NTDOM Subject: Howto switch off roaming profiles while everyone seems to have problems using roaming profiles I have them running, but like them switched off. Background: We have a linux server here using samba2.0.6 in share mode. Then we have an old NT server (4.0SP3) which only does logon and wins. I want to replace this server, because the company is growing and we don't like to buy more user licenses for the NT server. It looks like they never used roaming profiles, but whenever I try to setup the samba server as PDC (in user mode on a different IP then the share mode server) it tries to use them. I've tried disabling the profiles share, the logon path etc. parameter, but then it still tries to use roaming profiles (but complains that it can't access them). Any ideas? Related to this: I like to take the users settings on the machines into the new domain (Right now it creates a new profile). What's the best way to do this? From jens.skripczynski at igd.fhg.de Wed Jan 5 12:45:33 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <001a01bf5773$0751a530$0a00a8c0@office.striker.nl>; from s.striker@striker.nl on Wed, Jan 05, 2000 at 10:38:28PM +1100 References: <20000105115943.A1795@shadowland.sc> <001a01bf5773$0751a530$0a00a8c0@office.striker.nl> Message-ID: <20000105134533.A21134@pclinux.igd.fhg.de> Hi, again... S. Striker: > > Jens Skripczynski wrote: > > I've got a small Problem with the Main Branch and TNG. > > I cannot add my NT WK to the Domain running Main and TNG. > > > > Yesterday on 04.01.2000 I downloaded the most recent version of > > both tree via > > cvs. Compiled both. > > > > I ran nmbd and smbd from the MAIN B.. > > And: srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd > > Are you running srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd > before or after you run nmbd and smbd from the MAIN branch? > I think this does make a difference. I tried both ways and I'm not shure which one is right... As far as I have understood it: 1) start the main Branch stuff smbd nmbd 2) The Rest from TNG ... Am I right ? > > Adding the Workstation sucessfully via: > > smbpasswd -a -m tirnaorg And the Server smbpasswd -a -m shadowland. By the way, is it alike to use either the Head Branch or the TNG smbpasswd ? To be shure I used the TNG one. > > But trying to add the Workstation in the Network Preferences failed: > > "No PDC for Privat found".... Still "Domain Controller for this Domain could not be found... > I think Luke can make things clear on this subject. I hope so. Sorry for bothering. In the log files I get the following stuff: log.srvsvc ------------------------------ [2000/01/05 13:14:35, 0] msrpc/msrpcd.c:msrpc_main(514) standard input is not a socket, assuming -D option [2000/01/05 13:14:35, 0] lib/util_sock.c:create_pipe_socket(905) create_pipe_socket: /var/lock/samba/.msrpc 448 /var/lock/samba/.msrpc/srvsvc 448 [2000/01/05 13:14:35, 0] lib/util_sock.c:create_pipe_socket(907) *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT *** [2000/01/05 13:14:35, 0] lib/util_sock.c:create_pipe_socket(919) remove on /var/lock/samba/.msrpc/srvsvc failed [2000/01/05 13:14:35, 2] msrpc/msrpcd.c:open_sockets(131) waiting for a connection ----------------------------- log.samr: ---------------------- [2000/01/05 13:14:37, 2] lib/interface.c:interpret_interfaces(176) Added interface ip=192.168.0.254 bcast=192.168.0.255 nmask=255.255.255.0 [2000/01/05 13:14:37, 2] lib/interface.c:interpret_interfaces(176) Added interface ip=10.0.0.254 bcast=10.0.0.255 nmask=255.255.255.0 [2000/01/05 13:14:37, 0] msrpc/msrpcd.c:msrpc_main(514) standard input is not a socket, assuming -D option [2000/01/05 13:14:37, 0] lib/util_sock.c:create_pipe_socket(905) create_pipe_socket: /var/lock/samba/.msrpc 448 /var/lock/samba/.msrpc/samr 448[2000/01/05 13:14:37, 0] lib/util_sock.c:create_pipe_socket(907) *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT *** [2000/01/05 13:14:37, 0] lib/util_sock.c:create_pipe_socket(919) remove on /var/lock/samba/.msrpc/samr failed [2000/01/05 13:14:37, 2] msrpc/msrpcd.c:open_sockets(131) waiting for a connection --------------------------------------------------- Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From lk at netuse.de Wed Jan 5 13:43:59 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG References: Message-ID: <38734A9F.D6502C92@netuse.de> Luke Kenneth Casson Leighton wrote: What i did: I ran nmbd and smbd from the MAIN Branch. And after that all other *d(SAMBA_TNG) programms from the bin directory. created unix-accounts for land$ and knecke$ Adding the server: smbpasswd -a -m land Adding the workstation: smbpasswd -a -m knecke After that i tried to join the domain, from the workstation. Is that the way it should work? -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Wed Jan 5 14:56:49 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Patch for compileproblems under Solaris Message-ID: <38735BB1.707876B6@netuse.de> Hello! For systems like this: $ uname -a SunOS weigon 5.7 Generic_106541-07 sun4u sparc SUNW,Ultra-5_10 you must add to include/inlcudes.h #ifdef SUNOS5 #include #include #include #include #endif After that you can compile samba. Can someone fix this in cvs? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lkcl at samba.org Wed Jan 5 15:14:51 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <38734A9F.D6502C92@netuse.de> Message-ID: On Wed, 5 Jan 2000, Lars Kneschke wrote: > Luke Kenneth Casson Leighton wrote: > What i did: > > I ran nmbd and smbd from the MAIN Branch. > And after that all other *d(SAMBA_TNG) programms from the bin directory. > > created unix-accounts for land$ and knecke$ > > Adding the server: > smbpasswd -a -m land > > Adding the workstation: > smbpasswd -a -m knecke > > After that i tried to join the domain, from the workstation. > > Is that the way it should work? yep. ypou have domain mlogons = yes, encrypt passwords = yes, you don't have _both_ a MACHINE.SID and a WORKGROUP.SID? if you do, SAMBA_TNG will fail to come up. i had to add some code in cvs main that moved MACHINE.SID to SAMNAME.SID From lk at netuse.de Wed Jan 5 15:31:35 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG References: Message-ID: <387363D7.12D58905@netuse.de> Luke Kenneth Casson Leighton wrote: > > On Wed, 5 Jan 2000, Lars Kneschke wrote: > > > Luke Kenneth Casson Leighton wrote: > > What i did: > > > > I ran nmbd and smbd from the MAIN Branch. > > And after that all other *d(SAMBA_TNG) programms from the bin directory. > > > > created unix-accounts for land$ and knecke$ > > > > Adding the server: > > smbpasswd -a -m land > > > > Adding the workstation: > > smbpasswd -a -m knecke > > > > After that i tried to join the domain, from the workstation. > > > > Is that the way it should work? > > yep. > > ypou have domain mlogons = yes, encrypt passwords = yes, you don't have > _both_ a MACHINE.SID and a WORKGROUP.SID? if you do, SAMBA_TNG will fail > to come up. This is the important part from my smb.conf: [global] domain group map = /opt/samba-tng/lib/domaingroup.map domain user map = /opt/samba-tng/lib/domainuser.map security = user workgroup=lars encrypt passwords = yes logon script = login.bat logon drive = u: domain logons = yes os level = 33 preferred master = yes domain master = yes wins support = yes I started from scratch. I deleted my samba-directory and installed everything new. Started all daemons. Touched private/smbpasswd. Created the machine-accounts. After that i had LARS.SID(which is the WORKGROUP.SID) in the private directory. Must i already add users at this step? or should i be able to join the domain already? If we could make this running i would be able to create/maintain a webpage, so other users must not ask this questions over and over. Cu PS: i use the code from yesterday, because the code from today not compiles. See other posting from me. -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From pburch at oralis.com Wed Jan 5 16:41:51 2000 From: pburch at oralis.com (Phil Burch) Date: Tue Dec 2 02:27:47 2003 Subject: Howto switch off roaming profiles Message-ID: <118529BE5569D31189910060089A3E72148EF7@MAIL> If your clients are running Windows 9x, roaming profiles can be turned off in the passwords control panel. If they are running NT, you probably need to do a registry hack which I can't remember right now.. Someone must - or it might be in the archive. Phil Burch Network Administrator Oralis.com The online supplier to oral healthcare professionals We are hiring the best and brightest. Please see our job openings at: http://www.oralis.com/ -----Original Message----- From: Steffen Ullrich [mailto:steffen@easybrowse.com] Sent: Wednesday, January 05, 2000 3:48 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Howto switch off roaming profiles while everyone seems to have problems using roaming profiles I have them running, but like them switched off. Background: We have a linux server here using samba2.0.6 in share mode. Then we have an old NT server (4.0SP3) which only does logon and wins. I want to replace this server, because the company is growing and we don't like to buy more user licenses for the NT server. It looks like they never used roaming profiles, but whenever I try to setup the samba server as PDC (in user mode on a different IP then the share mode server) it tries to use them. I've tried disabling the profiles share, the logon path etc. parameter, but then it still tries to use roaming profiles (but complains that it can't access them). Any ideas? Related to this: I like to take the users settings on the machines into the new domain (Right now it creates a new profile). What's the best way to do this? From lkcl at samba.org Wed Jan 5 16:51:03 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <387363D7.12D58905@netuse.de> Message-ID: On Wed, 5 Jan 2000, Lars Kneschke wrote: > Luke Kenneth Casson Leighton wrote: > > > > On Wed, 5 Jan 2000, Lars Kneschke wrote: > > > > > Luke Kenneth Casson Leighton wrote: > > > What i did: > > > > > > I ran nmbd and smbd from the MAIN Branch. > > > And after that all other *d(SAMBA_TNG) programms from the bin directory. > > > > > > created unix-accounts for land$ and knecke$ > > > > > > Adding the server: > > > smbpasswd -a -m land > > > > > > Adding the workstation: > > > smbpasswd -a -m knecke > > > > > > After that i tried to join the domain, from the workstation. > > > > > > Is that the way it should work? > > > > yep. > > > > ypou have domain mlogons = yes, encrypt passwords = yes, you don't have > > _both_ a MACHINE.SID and a WORKGROUP.SID? if you do, SAMBA_TNG will fail > > to come up. > This is the important part from my smb.conf: > [global] > domain group map = /opt/samba-tng/lib/domaingroup.map > domain user map = /opt/samba-tng/lib/domainuser.map > security = user > workgroup=lars > encrypt passwords = yes > logon script = login.bat > logon drive = u: > domain logons = yes > os level = 33 > preferred master = yes > domain master = yes > wins support = yes > > I started from scratch. > I deleted my samba-directory and installed everything new. > Started all daemons. > Touched private/smbpasswd. > Created the machine-accounts. After that i had LARS.SID(which is the > WORKGROUP.SID) in the private directory. > > Must i already add users at this step? or should i be able to join the > domain already? now you must also have a user in private/smbpasswd, just like you would for "encrypt passwords = yes" for 2.0.6 etc. > If we could make this running i would be able to create/maintain a > webpage, so other users must not ask this questions over and over. that would be very good. i created a README, i will point it to a web page if you do one. > Cu > > PS: i use the code from yesterday, because the code from today not > compiles. See other posting from me. > -- i know, i sorted that 1.5 hours ago. From lk at NetUSE.DE Wed Jan 5 17:35:45 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:48 2003 Subject: Combined use of samba cvs main and SAMBA_TNG References: Message-ID: <387380F1.ABA49B8E@NetUSE.DE> IT WORKS!!!! :-) Very nice! It's so cool! :-) What i did: Here is what i did(i'll create a webpage tomorrow): 1.) get samba from cvs (the mainbranch and branch SAMBA_TNG) 2.) "./configure" and "make" both, i did "configure --prefix=/opt/samba-tng" because i liked it more 3.) "make install" in the SAMBA_TNG directory 4.) copy "smbd" and "nmbd" from the bin-directory in the MAIN-sambatree 5.) make install doesn't create the /private directory, create it 6.) create the file smbpasswd in this directory (touch smbpasswd) 7.) start all daemons from the /bin directory (i started first smbd and nmbd, and then the others) 8.) create machine accounts, you need machine accounts for the samba server and all win-nt workstations example for my server(the name of the server is weigon) useradd "weigon\$" smbpasswd -a -m weigon 9.) Now you can also add user accounts useradd user smbpasswd -a user Now you can join the domain. After joining the domain win-nt must reboot! (surprise! :-)) This is the important part from my smb.conf: > > [global] > > security = user > > workgroup=lars > > encrypt passwords = yes > > logon script = login.bat > > logon drive = u: > > domain logons = yes > > os level = 33 > > preferred master = yes > > domain master = yes > > wins support = yes > > > > Must i already add users at this step? or should i be able to join the > > domain already? > > now you must also have a user in private/smbpasswd, just like you would > for "encrypt passwords = yes" for 2.0.6 etc. Yes, know! :-) But must there be users, while i want to join the domain. I don't think so? > > If we could make this running i would be able to create/maintain a > > webpage, so other users must not ask this questions over and over. > > that would be very good. i created a README, i will point it to a web > page if you do one. Tomorrow, i will create one. But now i must go home. SO bad! :-) Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From jeremy at valinux.com Wed Jan 5 18:35:18 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:48 2003 Subject: Win 2000 and Samba (was no subject) References: <3.0.6.32.20000104073158.01b2e5c0@mail.adelaide.on.net> Message-ID: <38738EE6.2FCF7855@valinux.com> Richard Sharpe wrote: > Samba 2.0.6 will never support Win 2000. Win 2000 is like NT, only worse > (or better, depending on your POV :-). The actual position is Samba 2.0.6 will never support Win 2000 *with Samba acting as a domain controller* ! It works *fine* as a file server for a Win2k client. This addition is very important, as otherwise people might think that Samba won't work as a file server for 2.0.6, which is definately not the case. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From cliff at scs.uiuc.edu Wed Jan 5 17:48:08 2000 From: cliff at scs.uiuc.edu (Clifford Meece) Date: Tue Dec 2 02:27:48 2003 Subject: User Manager for Domains Message-ID: <387383D8.E2EB3D66@scs.uiuc.edu> Hi all, I've tried various versions of samba with a fair amount of success. I've managed to get my Irix box to act a s a PDC. My questions is: Is there support for User Manager for Domains or not? I seem to find conflicting info on this topic. If user manager SHOULD work, which cvs branch should I be on? I'm running on the TNG branch now. Thanks -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== From nemeth at business.web.at Wed Jan 5 16:55:30 2000 From: nemeth at business.web.at (Andreas Nemeth) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as a PDC for Win NT 4.0 Message-ID: <01BF57AE.2D86ACB0@Vienna-Remote26.profinet.at> I have set up my Linux box to act as an PDC and everything works fine, though Imust admit it was somebit tricky! (attached my /etc/smb.conf --without IPs of course!) -----Original Message----- From: Matthew Geddes [SMTP:mgeddes@xavier.sa.edu.au] Sent: Monday, January 03, 2000 11:46 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Samba as a PDC for Win NT 4.0 Hi guys, Myself and a friend have tried getting Samba to act as a PDC for NT. Neither of us can make it work. We've tried SP3 and SP5 machines, we've created the machines accounts in /etc/* and with smbpasswd. We have also tried encrypted and non-encrypted passwords (with and withou the various registry entries). I know NT PDC support isn't official, but I was sure I had it working before. Does anyone got any ideas? Thanks heaps, Matt and co. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 2435 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000105/59b5ba68/attachment.obj From nemeth at business.web.at Wed Jan 5 17:24:25 2000 From: nemeth at business.web.at (Andreas Nemeth) Date: Tue Dec 2 02:27:48 2003 Subject: Readding Machine to the Domain Message-ID: <01BF57AE.346D2F40@Vienna-Remote26.profinet.at> Hi, I have a small network of NT WS with a Linux box acting as PDC. I removed one of them to change it against another... Well it doesn't work! I have deleted all lines in /etc/passwd; /etc/smbpasswd containing info 'bout this computer. (rebooted) Added the user in /etc/passwd; made a smbpasswd -a -m CAMP$ but it didn't and doesn't work! help appreciated From kevinc at grainsystems.com Wed Jan 5 18:13:39 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:48 2003 Subject: User Manager for Domains References: <387383D8.E2EB3D66@scs.uiuc.edu> Message-ID: <387389D3.C0E647DA@grainsystems.com> Clifford Meece wrote: > > Hi all, > I've tried various versions of samba with a fair amount of success. > I've managed to get my Irix box to act a s a PDC. My questions is: Is > there support for User Manager for Domains or not? I seem to find > conflicting info on this topic. If user manager SHOULD work, which cvs > branch should I be on? I'm running on the TNG branch now. Only partially. You should be able to view most anything, but change nothing. Of course, given the current state of TNG, even that may not be working right now. - Kevin Colby kevinc@grainsystems.com From james at whispering.org Wed Jan 5 18:25:54 2000 From: james at whispering.org (James Willard) Date: Tue Dec 2 02:27:48 2003 Subject: Readding Machine to the Domain References: <01BF57AE.346D2F40@Vienna-Remote26.profinet.at> Message-ID: <02cf01bf57aa$50fa6ff0$120ca8c0@regencyrealty.com> What version of Samba are you using? I too am having trouble adding a NT workstation to my Samba-controlled domain. The two problems are probably completely different, and I can get Samba 2.0.6 machines to join, just not NTWS. It's most likely just my NT workstation that is having trouble (Anyone else having trouble adding NT to domains in the current CVS?). I am using the latest HEAD branch in CVS, TNG is too broken to touch right now :). I believe you should use smbpasswd -a -m CAMP, not the $. What error messages are you seeing? There is no need to reboot the PDC. At most would might need to stop and restart smbd and nmbd. James ----- Original Message ----- From: Andreas Nemeth To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 05, 2000 12:59 PM Subject: Readding Machine to the Domain > Hi, > I have a small network of NT WS with a Linux box acting as PDC. I removed one of them to change it against another... Well it doesn't work! I have deleted all lines in /etc/passwd; /etc/smbpasswd containing info 'bout this computer. (rebooted) Added the user in /etc/passwd; made a smbpasswd -a -m CAMP$ but it didn't and doesn't work! > > help appreciated > From mbrendel at home.nl Wed Jan 5 18:55:22 2000 From: mbrendel at home.nl (mbrendel@home.nl) Date: Tue Dec 2 02:27:48 2003 Subject: Howto download MAIN and TNG branch? Message-ID: <3.0.3.32.20000105195522.00695cf0@mail.hnglo1.ov.nl.home.com> i, I tried to download the samba TNG en MAIN branch with the following commands: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r BRANCH_SAMBA_MAIN samba-main cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r BRANCH_MAIN samba-main cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r MAIN samba-main which resulted in the following error message: cvs server: cannot fine module BRANCH_MAIN -ignored cvs [checkout aborted] cannot expand modules Thanks for any help. Michiel From lonnie at borntreger.com Wed Jan 5 18:58:55 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:48 2003 Subject: trusting yourself (samba_tng) Message-ID: <000801bf57ae$eaed27c0$0500000a@wh.com> Server: solaris 7 gcc 2.8.1 samba 2.1.0-prealpha (from CVS - 1/5, Noon CST) Couple of questions: I see this in a lot of the logs. Should I be concerned? --------------- [2000/01/05 12:18:10, 1] lib/util_sock.c:client_name(819) Gethostbyaddr failed for 0.0.0.0 --------------- == ON PDC == When I try to follow Luke's steps and create a trust account: [root@GTO]$ lsaquery lsaquery LSA Query Info Policy Domain Member - Domain: WHNET SID: blah Domain Controller - Domain: WHNET SID: same blah [root@GTO]$ createuser gto$ -j createuser gto$ -j SAM Create Domain User Domain: WHNET Name: gto$ ACB: [W ] Create Domain User: FAILED ---- I get an entry in smbpasswd, with "NO PASSWORD...." and "[NDW ]" ---- If I try to "join" after creating the user: gto-> smbpasswd -j gto$ Cannot join domain - we are PDC! Even if I "enable" the entry (and the NDW changes to UW), it still doesn't "join" the domain. No .mac file is created and it keeps complaining about this in the logs. I'm lost. TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ From gtm at oracom.com Wed Jan 5 23:40:38 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:48 2003 Subject: profiles and pre-3.0.0 Message-ID: <3873D676.E916694@oracom.com> Hi all, Still trying to get profiles working. It seems that I can get it going with pre-3.0.0. Although some problems occur (I am running on Redhat 6.0). Logging in and out multiple times and/or copying large data to samba server sometimes produces this error and the samba system hangs: [2000/01/05 17:09:39, 0] lib/util_sock.c:read_socket_data(474) read_socket_data: recv failure for 4. Error = Connection reset by peer [2000/01/05 17:10:07, 0] smbd/oplock.c:request_oplock_break(1203) request_oplock_break: no response received to oplock break request to pid 1379 5 on port 1049 for dev = 801, inode = 457020 for dev = 801, inode = 457020, tv_sec = 3873c001, tv_usec = e9ac9 [2000/01/05 17:10:14, 1] smbd/service.c:close_cnum(578) stovepipe (209.113.254.17) closed connection to service Profiles [2000/01/05 17:10:14, 1] smbd/service.c:close_cnum(578) stovepipe (209.113.254.17) closed connection to service Profiles [2000/01/05 17:10:14, 0] smbd/oplock.c:process_local_message(567) process_local_message: Received unsolicited break reply - dumping info. [2000/01/05 17:10:14, 0] smbd/oplock.c:process_local_message(582) process_local_message: unsolicited oplock break reply from pid 13802, port 104 9, dev = 801, inode = 457020 [2000/01/05 17:10:14, 0] smbd/oplock.c:process_local_message(567) process_local_message: Received unsolicited break reply - dumping info. [2000/01/05 17:10:14, 0] smbd/oplock.c:process_local_message(582) process_local_message: unsolicited oplock break reply from pid 13802, port 104 9, dev = 801, inode = 457020 Also when I logout and login as a different user and browse to the samba server in the nethood I see the current users home and the last users home, I can't do anything with the last users home but I can still see it. In my conf file I have browseable = no. Is there something else I need? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From mgeddes at xavier.sa.edu.au Wed Jan 5 22:57:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:48 2003 Subject: SWAT on 2.0.6 and PRE 3.0.0 Message-ID: <3873CC76.4FA5B07A@xavier.sa.edu.au> Hi guys, Has anyone else been having problems, or more specifically, know how to fix the problem I'm having with swat not allowing ANYONE to log in (running it with -a isn't my idea of a good thing). Thanks, Matt From jeremy at valinux.com Thu Jan 6 00:48:48 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:48 2003 Subject: Samba on Solaris 2.7 References: <200001032249.QAA23612@cis.usouthal.edu> Message-ID: <3873E670.89810937@valinux.com> Keith Lynn wrote: > > Has anyone installed the latest version of Samba on Solaris 2.7. I downloaded it through CVS, configure goes through correctly, but when I run make, inside the lib subdirectory I get the following. > > Compiling lib/util_sock.c > lib/util_sock.c: In function `open_pipe_sock': > lib/util_sock.c:1051: storage size of `sa' isn't known > lib/util_sock.c: In function `create_pipe_socket': > lib/util_sock.c:1081: storage size of `sa' isn't known > *** Error code 1 > make: Fatal error: Command failed for target `lib/util_sock.o' I just fixed this in the CVS tree. Check out and try again. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jbeauchamp at gesinc.com Thu Jan 6 01:19:39 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:48 2003 Subject: Samba Keeps Dying Message-ID: <000b01bf57e4$1be33ba0$0301a8c0@easypea.com> Hello all: I have RedHat 5.2 running 2.0.5a. It is set up to do domain logins from Win9x and NT workstation. My problem is that smb and nmbd keep dying for no apparent reason. This obviously means that no one can then perform an authenticated login. Does anyone have an idea on where I should look to see what is causing this? I don't seem to have anything of value in /var/log/messages. Should I increase debugging level??? TIA James From mgeddes at xavier.sa.edu.au Thu Jan 6 01:44:35 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:48 2003 Subject: Samba Keeps Dying References: <000b01bf57e4$1be33ba0$0301a8c0@easypea.com> Message-ID: <3873F383.392C3664@xavier.sa.edu.au> "James W. Beauchamp" wrote: > Hello all: > I have RedHat 5.2 running 2.0.5a. It is set up to do domain logins from > Win9x and NT workstation. My problem is that smb and nmbd keep dying for no > apparent reason. This obviously means that no one can then perform an > authenticated login. Does anyone have an idea on where I should look to see > what is causing this? I don't seem to have anything of value in > /var/log/messages. Should I increase debugging level??? > > TIA > > James Samba has it's own log files by default. If you are using the RPM, I think they are in /var/log/samba. The defaults for the source is /usr/local/samba/var or /var. There is one for nmbd (log.nmb) and one for smbd (log.smb). you can always do a 'find -name log.nmb' if they aren't in those places. The info in these logs is usually enough to work out what the problem is. Thanks, Matt From benski at pacbell.net Thu Jan 6 01:44:56 2000 From: benski at pacbell.net (Benjamin Hyatt) Date: Tue Dec 2 02:27:48 2003 Subject: Samba Keeps Dying In-Reply-To: <000b01bf57e4$1be33ba0$0301a8c0@easypea.com> Message-ID: Hi, First take a look at your samba logs... /usr/local/samba/var log.smb & log.nmb Secondly, how are smbd and nmbd being started? Try starting smbd manually with the -d (debug)option and use a debug level of 1. Lastly, make sure your smb.conf is nice and happy. /usr/local/samba/bin testparm. ./Ben > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > James W. Beauchamp > Sent: Wednesday, January 05, 2000 5:24 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Samba Keeps Dying > > > Hello all: > I have RedHat 5.2 running 2.0.5a. It is set up to do domain logins from > Win9x and NT workstation. My problem is that smb and nmbd keep > dying for no > apparent reason. This obviously means that no one can then perform an > authenticated login. Does anyone have an idea on where I should > look to see > what is causing this? I don't seem to have anything of value in > /var/log/messages. Should I increase debugging level??? > > TIA > > James > > From jlists at siphoto.com Thu Jan 6 02:23:04 2000 From: jlists at siphoto.com (Jason Levine's List Subscription) Date: Tue Dec 2 02:27:48 2003 Subject: NetBIOS scope and local browse master sync Message-ID: <3870D81B@webmail.siphoto.com> Hello everyone -- a few days ago, I posted a bug report (as instructed by samba-bugs), and was wondering if anyone was able to confirm it -- being a relative samba novice, and a definite source code novice, I have to make sure that what I *think* that I see (the fact that samba has a bug in that it doesn't use the configured NetBIOS scope ID when it tries to sync browser lists on becoming a local master browser) is true. If it's not true, then I need to get our network/firewall guys involved in this... All that being said, I've captured a lot of packets in my day, and the node status packets that samba's sending out when it's starting to try to become local master browser *definitely* don't have the scope ID properly specified. Thanks a ton in advance; I appreciate any help that can be given on this. (I've sent this to the samba and samba-ntdom lists, as I'm not exactly sure which it falls under -- apologies in advance if this isn't kosher.) Jason Levine From mgeddes at xavier.sa.edu.au Thu Jan 6 02:57:08 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:48 2003 Subject: Thanks Message-ID: <38740484.F8221A12@xavier.sa.edu.au> Got My NT workstations and Servers logging onto Samba Domain happily. Thanks heaps peoples. Matt From lk at netuse.de Thu Jan 6 09:04:24 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:48 2003 Subject: Howto download MAIN and TNG branch? References: <3.0.3.32.20000105195522.00695cf0@mail.hnglo1.ov.nl.home.com> Message-ID: <38745A98.A56FA1E6@netuse.de> mbrendel@home.nl wrote: > > i, > > I tried to download the samba TNG en MAIN branch with the following commands: > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login > > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r BRANCH_MAIN samba-main > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r MAIN samba-main This gives you MAIN: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba This gives you SAMBA_TNG: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r SAMBA_TNG samba Do it in different directories, because both commands create a directory samba. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From erez at savan.com Thu Jan 6 09:30:58 2000 From: erez at savan.com (erez@savan.com) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as a PDC for Win NT 4.0 References: <387127F1.87B6C89A@xavier.sa.edu.au> Message-ID: <387460D1.B9978A33@savan.com> thank you everybody for your help, especially matt :-) well, what solved my problem was changing in smb.conf from 'security = share' to 'security = user' thank you all regards erez btw: i'm not on this list so reply to me also if you want ;-) From lonnie at borntreger.com Thu Jan 6 10:11:45 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:48 2003 Subject: trusting yourself (samba_tng) In-Reply-To: <000801bf57ae$eaed27c0$0500000a@wh.com> Message-ID: <000b01bf582e$7063ecc0$0500000a@wh.com> UPDATE: I don't quite know what I did, but the smbpasswd entry changed from "[NDW ]" to "[DW ]", and now has a valid password. Still didn't get a .mac file though. Lonnie > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Lonnie J. Borntreger > Sent: Wednesday, January 05, 2000 1:05 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: trusting yourself (samba_tng) > > > Server: > solaris 7 > gcc 2.8.1 > samba 2.1.0-prealpha (from CVS - 1/5, Noon CST) > > Couple of questions: > > I see this in a lot of the logs. Should I be concerned? > --------------- > [2000/01/05 12:18:10, 1] lib/util_sock.c:client_name(819) > Gethostbyaddr failed for 0.0.0.0 > --------------- > > == ON PDC == > When I try to follow Luke's steps and create a trust account: > [root@GTO]$ lsaquery > lsaquery > LSA Query Info Policy > Domain Member - Domain: WHNET SID: blah > Domain Controller - Domain: WHNET SID: same blah > [root@GTO]$ createuser gto$ -j > createuser gto$ -j > SAM Create Domain User > Domain: WHNET Name: gto$ ACB: [W ] > Create Domain User: FAILED > ---- > I get an entry in smbpasswd, with "NO PASSWORD...." and "[NDW > ]" > ---- > > If I try to "join" after creating the user: > gto-> smbpasswd -j gto$ > Cannot join domain - we are PDC! > > Even if I "enable" the entry (and the NDW changes to UW), it > still doesn't > "join" the domain. No .mac file is created and it keeps > complaining about > this in the logs. I'm lost. > > TTFN, > Lonnie Borntreger > lonnie@borntreger.com > http://www.borntreger.com/ > From g-paiva at el.com.br Thu Jan 6 11:18:26 2000 From: g-paiva at el.com.br (Gilson de Paiva) Date: Tue Dec 2 02:27:48 2003 Subject: How to switch off roaming profiles... Message-ID: <38747A02.35AC71C1@el.com.br> Hello All, Well ... First of all run the M$ user mananger and delete any content that might exist on the field "User Profile Path:" of the user that you want disable the roaming profile; After this, on a NT Server machine WITH SP4 or bigger, run the application "Poledit" and create a machine with the name of the one that you want not to save or generate any roaming profile ( or use the "Default Computer" if you want this rule to be applied on all stations ); Change the parameter "Choose Profile Default Operation" to "Use Local Profile" ( This only exist on SP4 or bigger ); Save everything whith the name "ntconfig.pol" on the "netlogon" share of the machine that authenticates the user; If you want, using NT as your workstation, the user himself can run Control Panel / System applet and on the User Profiles tab change his/her type of profile, from roaming to local. PS: The user must be at least a member of "Advanced Users" group at the moment of this operation. Hope I helped ... Phil Burch wrote: > If your clients are running Windows 9x, roaming profiles can be turned off > in the passwords control panel. > > If they are running NT, you probably need to do a registry hack which I > can't remember right now.. Someone must - or it might be in the archive. > > Phil Burch > Network Administrator > Oralis.com > The online supplier to oral healthcare professionals > > We are hiring the best and brightest. Please see our job openings at: > http://www.oralis.com/ > > -----Original Message----- > From: Steffen Ullrich [mailto:steffen@easybrowse.com] > Sent: Wednesday, January 05, 2000 3:48 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Howto switch off roaming profiles > > while everyone seems to have problems using > roaming profiles I have them running, but like > them switched off. Background: > > We have a linux server here using samba2.0.6 in > share mode. Then we have an old NT server (4.0SP3) > which only does logon and wins. I want to replace > this server, because the company is growing and > we don't like to buy more user licenses for the > NT server. It looks like they never used roaming > profiles, but whenever I try to setup the samba > server as PDC (in user mode on a different IP then > the share mode server) it tries to use them. I've > tried disabling the profiles share, the logon path > etc. parameter, but then it still tries to use > roaming profiles (but complains that it can't access > them). Any ideas? > > Related to this: I like to take the users settings > on the machines into the new domain (Right now it > creates a new profile). What's the best way to do this? -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Gilson de Paiva E&L Produ??es de Software mailto:npd@el.com.br Domingos Martins - ES http://www.el.com.br/ Brazil =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From Lucio.Jankok at asz.nl Thu Jan 6 10:35:10 2000 From: Lucio.Jankok at asz.nl (Jankok, L. (dsc-pm)) Date: Tue Dec 2 02:27:48 2003 Subject: How to switch off roaming profiles... Message-ID: <7DE31FAF0D4FD211A4460000F87A853B617D7C@ASZMSG001.GAK.NL> Hi, Roaming profile is not the default on winnt, so you don't have to turn it off if you didn't turn it on. The profile path has to be specified on the client, as long as you don't specify anything you will be using local profiles.. if you specify a path you can still choose a local or remote path.. if you choose a remote path you will have a roaming profile which can be a .dat or a .man (which stands for mandatory roaming profile). Cheers, Lucio Jankok. -----Oorspronkelijk bericht----- Van: Gilson de Paiva [SMTP:g-paiva@el.com.br] Verzonden: Thursday, January 06, 2000 11:24 AM Aan: Multiple recipients of list SAMBA-NTDOM Onderwerp: Re: How to switch off roaming profiles... Hello All, Well ... First of all run the M$ user mananger and delete any content that might exist on the field "User Profile Path:" of the user that you want disable the roaming profile; After this, on a NT Server machine WITH SP4 or bigger, run the application "Poledit" and create a machine with the name of the one that you want not to save or generate any roaming profile ( or use the "Default Computer" if you want this rule to be applied on all stations ); Change the parameter "Choose Profile Default Operation" to "Use Local Profile" ( This only exist on SP4 or bigger ); Save everything whith the name "ntconfig.pol" on the "netlogon" share of the machine that authenticates the user; If you want, using NT as your workstation, the user himself can run Control Panel / System applet and on the User Profiles tab change his/her type of profile, from roaming to local. PS: The user must be at least a member of "Advanced Users" group at the moment of this operation. Hope I helped ... From lkcl at samba.org Thu Jan 6 11:52:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:48 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <387380F1.ABA49B8E@NetUSE.DE> Message-ID: On Wed, 5 Jan 2000, Lars Kneschke wrote: > IT WORKS!!!! :-) Very nice! It's so cool! :-) oh yehhh :) one happy customer. next stop, the world :) From lk at NetUSE.DE Thu Jan 6 12:29:11 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:48 2003 Subject: Change passwort fails with samba tng(only when acting as pdc) Message-ID: <38748A97.AF7E1C9D@NetUSE.DE> Hello! It is not possible to change the passwort from the win-nt workstation. Maybe this is not fully implemented. But the current implementation has a bug. This is from my log.smb: [2000/01/06 13:24:57, 1] rpc_server/srv_pipe_srv.c:api_pipe_ntlmssp_verify(347) Couldn't find user 'l' in UNIX password database. [2000/01/06 13:24:57, 1] rpc_server/srv_pipe_srv.c:api_pipe_ntlmssp_verify(347) Couldn't find user 'l' in UNIX password database. [2000/01/06 13:24:57, 1] rpc_server/srv_pipe_srv.c:api_pipe_ntlmssp_verify(347) Couldn't find user 'l' in UNIX password database. My username is 'lk' not 'l'. So it can't work! :-) Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From simar at gmx.net Thu Jan 6 13:12:09 2000 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as an NT PDC References: <001e01bf5778$b8355c20$0a00a8c0@office.striker.nl> Message-ID: <387494A9.EED7E68A@gmx.net> What documentation are you talking about ? The man pages ? The samba-ntdom.txt which points out that you should subscribe to this list ? I had a samba PDC running about half a year ago. But when I tried to set up one short before Christmas I was completely lost. So read WHAT documentation ? "S. Striker" schrieb: > Hi, > > > I wan tmore information about subject > > So read the documentation. > > Greetings, > > Sander Striker > > PS. Blunt request, blunt reply From fonya at gyurma.dspnet.hu Thu Jan 6 13:51:22 2000 From: fonya at gyurma.dspnet.hu (Akos Szabo) Date: Tue Dec 2 02:27:48 2003 Subject: CVS SAMBA-TNG compiling errors In-Reply-To: <19991231120731.60B8026E67@i3.golden.dom> Message-ID: On Fri, 31 Dec 1999, Giulio Orsero wrote: > On Fri, 31 Dec 1999 22:34:43 +1100, hai scritto: > >CVS SAMBA-TNG 1999/12/30 giving the following errors when compiling with-smbmount: > I think the latest smbmount (>= 2.0.6) wants at least 2.2.12 headers. I have 2.2.14 and the smbmount give me the same errors: libsmb/clientgen.o: In function `cli_init_creds': libsmb/clientgen.o(.text+0x467e): undefined reference to `copy_nt_creds' ... ... libsmb/smbencrypt.o: In function `create_ntlmssp_resp': libsmb/smbencrypt.o(.text+0x92b): undefined reference to `make_rpc_auth_ntlmssp_resp' So, what's the solution? Ciao: Fonya "I want to clean all windows on the world" For pgp key: `finger fonya@gyurma.dspnet.hu` From lk at NetUSE.DE Thu Jan 6 14:03:27 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:48 2003 Subject: How to become admininstrator? Message-ID: <3874A0AF.D0438D3C@NetUSE.DE> Is it possible to become a administrator if i use the current samba MAIN/SAMBA_TNG mix? Which parameter i have to use? domain admin users or domain group map? Can someone answer this? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From gtm at oracom.com Thu Jan 6 15:51:42 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:48 2003 Subject: PDC + multiple samba servers Message-ID: <3874BA0E.3CDD90AA@oracom.com> Hi all, I am thinking of putting samba on a Solaris 7 box running clearcase to give NT users access to the version control system. I have have samba pre-3.0.0 running on Linux as a PDC and file server. Is there a problem running 2 samba servers on the same network? On the sun box all it will be doing is giving access to a certain location. Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From greg at discreet.com Thu Jan 6 15:03:21 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:48 2003 Subject: PDC + multiple samba servers In-Reply-To: <3874BA0E.3CDD90AA@oracom.com> Message-ID: Absolutely no problems with that configuration, just make sure that they are not both WINS or PDC, etc. I use 2.0.6 for ClearCase access. Greg Greg On 06-Jan-00 Glenn MacGregor wrote: > Hi all, > > I am thinking of putting samba on a Solaris 7 box running clearcase > to give NT users access to the version control system. I have have > samba pre-3.0.0 running on Linux as a PDC and file server. Is there a > problem running 2 samba servers on the same network? On the sun box all > it will be doing is giving access to a certain location. > > > Thanks > > Glenn > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Thu Jan 6 15:10:30 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:48 2003 Subject: cvs HEAD does not compile Message-ID: Hi, Just updated HEAD and get this on IRIX 6.5.4f Compiling lib/talloc.c cc-3316 cc: ERROR File = lib/talloc.c, Line = 78 The expression must be a pointer to a complete object type. p = t->list->ptr + t->list->alloc_size; ^ 1 error detected in the compilation of "lib/talloc.c". *** Error code 2 (bu21) Thanks for fixing the sockaddr problem BTW. Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From kevinc at grainsystems.com Thu Jan 6 15:24:53 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as an NT PDC References: <001e01bf5778$b8355c20$0a00a8c0@office.striker.nl> <387494A9.EED7E68A@gmx.net> Message-ID: <3874B3C5.C292DFF@grainsystems.com> Omar Siam wrote: > > What documentation are you talking about? > The man pages? Yes. > The samba-ntdom.txt which points out that > you should subscribe to this list? Yes. You can also check out: (the second page is for 2.0, but much the same applies) http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html http://socrates.mps.ohio-state.edu/~ccunning/samba.html > I had a samba PDC running about half a year ago. > But when I tried to set up one short before Christmas > I was completely lost. I'm sorry, but "completely lost" is not a question. This list _may_ sometimes answer specific questions and address specific problems people are having. Since you have yet to mention one, I do not understand what reply you expect. - Kevin Colby kevinc@grainsystems.com From tomc at sosinet.com Thu Jan 6 15:34:26 2000 From: tomc at sosinet.com (Thomas Collison) Date: Tue Dec 2 02:27:48 2003 Subject: NT 4 Server RAS access through SAMBA 2.06 PDC Message-ID: <000901bf585b$84106b40$6401a8c0@sosinet.com> We are currently using SAMBA 2.06 as a login controller for our domain logons, which works perfectly. I have been trying to set up a NT server to act as a RAS server for dialup connections. The NT server can logon to the SAMBA domain. Whenever a dialup connection is attempted, the NT Server is able to pass on the dialup logon connection to the SAMBA domain, but an error occurs saying that the user does not have dialup privileges. Of course, if I add a user to the dialup server domain and logon through there, there is a successful connection. I cannot use the *map commands in smb.conf because they are not recognized, and havent found much information about the domain groups, admin users, and admin group commands. Can this even work in this configuration? Or, do I need to upgrade to the TNG code for this support? Thank you in advance, Thomas Collison From gtm at oracom.com Thu Jan 6 16:56:40 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:48 2003 Subject: oplocks Message-ID: <3874C948.62EE645@oracom.com> Greg, Do you turn off oplocks on your system running the vob share? If so how do you do that in the smb.conf file? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From greg at discreet.com Thu Jan 6 16:11:39 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:48 2003 Subject: oplocks In-Reply-To: <3874C948.62EE645@oracom.com> Message-ID: I don't normally since IRIX supports kernel oplocks but I've been getting too many SYSLOG errors about client timeouts so I will probably turn them off. oplocks = no Greg On 06-Jan-00 Glenn MacGregor wrote: > Greg, > > Do you turn off oplocks on your system running the vob share? If so > how do you do that in the smb.conf file? > > Thanks > > Glenn > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From chavousc at nudaymedia.com Thu Jan 6 16:29:03 2000 From: chavousc at nudaymedia.com (Chavous Camp) Date: Tue Dec 2 02:27:48 2003 Subject: domain admin group Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok guys, I'm running 100% samba-tng - no main code anywhere in here. Anyone know why i friggin can't get the domain admin group setting to work? my logs always tell me that it is an invalid parameter... domain group map, however, works, although it really shouldn't, should it? I thought that was removed from TNG. - ---- Chavous P. Camp chavousc@nudaymedia.com NuDay Media, Inc Columbia, SC -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOHTCzmJw39BzDJ9pEQKbMwCgocR18qZl9mtCw94UehFcRIGXrUMAoNjD zuS8dFNgx2F9LwDh2gsOTq7B =iLW3 -----END PGP SIGNATURE----- From p.mayers at ic.ac.uk Thu Jan 6 16:30:26 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as an NT PDC Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812B4@icex1.cc.ic.ac.uk> True, the documentation is a little behind the times, but you're making yourself no friends with that attitude. I suggest reading the list archives. In case you're wondering, the following smb.conf should suffice: workgroup = WORKGROUP server string = Samba Server security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY local master = yes os level = 110 domain master = yes preferred master = yes domain logons = yes logon script = %m.bat logon script = %U.bat logon path = \\%L\Profiles\%U wins support = yes dns proxy = no The important options being domain logons = yes. Then create a machine account smbpasswd -a -m MACHINENAME (note, no $ in smbpasswd command) MACHINENAME is the NetBIOS name. Join the domain, and away you go. Cheers, Phil -----Original Message----- From: Omar Siam To: Multiple recipients of list SAMBA-NTDOM Sent: 1/6/00 1:14 PM Subject: Re: Samba as an NT PDC What documentation are you talking about ? The man pages ? The samba-ntdom.txt which points out that you should subscribe to this list ? I had a samba PDC running about half a year ago. But when I tried to set up one short before Christmas I was completely lost. So read WHAT documentation ? "S. Striker" schrieb: > Hi, > > > I wan tmore information about subject > > So read the documentation. > > Greetings, > > Sander Striker > > PS. Blunt request, blunt reply From derrick at mercuryfilmworks.com Thu Jan 6 17:50:57 2000 From: derrick at mercuryfilmworks.com (Derrick MacPherson) Date: Tue Dec 2 02:27:48 2003 Subject: Can samba be in a domain & a workgroup at the same time? Message-ID: <3874D601.CC225845@mercuryfilmworks.com> Can I have samba running in a domain and a workgroup at the same time? And can they be named the same? Any pointers to info on this or help would be appreciated.. Thanks guys. -- Derrick MacPherson Systems Administrator Mercury Filmworks From p.mayers at ic.ac.uk Thu Jan 6 18:07:02 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:48 2003 Subject: Can samba be in a domain & a workgroup at the same time? Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812B6@icex1.cc.ic.ac.uk> For browsing purposes, if you're using a WINS server, the workgroup and domain are the same if they've got the same name - samba itself must either be part of the workgroup (security=user/server/share) or part of the domain (security=domain or security=user & domain logons=yes). In short, yes. Cheers, Phil -----Original Message----- From: Derrick MacPherson To: Multiple recipients of list SAMBA-NTDOM Sent: 06/01/00 17:42 Subject: Can samba be in a domain & a workgroup at the same time? Can I have samba running in a domain and a workgroup at the same time? And can they be named the same? Any pointers to info on this or help would be appreciated.. Thanks guys. -- Derrick MacPherson Systems Administrator Mercury Filmworks From vs at lasp.npi.msu.su Thu Jan 6 18:14:20 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:27:48 2003 Subject: ERROR: become root Message-ID: <200001061814.WAA18556@lasp.npi.msu.su> Hi, samba guru ! I've got lot of strings below in log: [2000/01/06 20:57:22, 0] smbd/uid.c:become_root(370) ERROR: become root depth is non zero [2000/01/06 20:57:22, 0] smbd/uid.c:unbecome_root(391) ERROR: unbecome root depth is 0 What this mean and how to get rid of it ? From maillist at nudaymedia.com Thu Jan 6 20:26:43 2000 From: maillist at nudaymedia.com (Chavous Camp) Date: Tue Dec 2 02:27:48 2003 Subject: domain admin group In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I need to revise my post. I had my stuff completely backwards... What I ment to say is this: Ok guys, I'm running 100% samba-tng - no main code anywhere in here. Anyone know why i friggin can't get the domain group map setting to work? my logs always tell me that it is an invalid parameter... domain admin group, however, works, although it really shouldn't, should it? I thought that was removed from TNG. - ---- Chavous Camp - -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Chavous Camp Sent: Thursday, January 06, 2000 11:31 AM To: Multiple recipients of list SAMBA-NTDOM Subject: domain admin group Ok guys, I'm running 100% samba-tng - no main code anywhere in here. Anyone know why i friggin can't get the domain admin group setting to work? my logs always tell me that it is an invalid parameter... domain group map, however, works, although it really shouldn't, should it? I thought that was removed from TNG. - ---- Chavous P. Camp chavousc@nudaymedia.com NuDay Media, Inc Columbia, SC -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOHT6gmJw39BzDJ9pEQIYYACeI6aJOwVsanZdXZ0+vMjDxm8nQ/sAn3ma chxYDFLHx+QnekNXiNxSBy/j =61M/ -----END PGP SIGNATURE----- From p.mayers at ic.ac.uk Thu Jan 6 21:35:20 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:27:48 2003 Subject: Ldap HEAD - map_domain_name_to_sid Message-ID: <38750A98.69E416F6@ic.ac.uk> [2000/01/06 19:26:36, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to WORKGROUP\phil NOT IMPLEMENTED [2000/01/06 19:26:36, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to WORKGROUP\phil NOT IMPLEMENTED [2000/01/06 19:26:36, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to WORKGROUP\phil NOT IMPLEMENTED [2000/01/06 19:26:36, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to WORKGROUP\phil NOT IMPLEMENTED [2000/01/06 19:26:39, 0] smbd/process.c:smbd_process(869) I know this isn't implemented in the copy I have (late october, LDAP passwd backend) but has it been yet? Has it been in any passwd code? I'm willing to code the LDAP version if there's a non-ldap version I could code from. Cheers, Phil From gtm at oracom.com Thu Jan 6 21:54:58 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:48 2003 Subject: Profiles ... again Message-ID: <38750F32.E69C522F@oracom.com> Hi all, I have profiles working on pre-3.0.0 If I create a dir in the profile share and login as that user it creates a new profile for that user. The probelm is that when i try to copy the profile from the local NT machine to the samba server it seems to fail updating ntuser.dat because everytime I login I get the welcome to Windows dialog box. All permissions look good. Is there a set I need to take for this to work. The reason I ask is if I leave the orig. profile that was created and try to run word 2000 it tries to finish the install but fails because I don't have the correct privs. I think another solution would be to put an allusers profile but I am not sure. Is there a way I can login to the domain as admin and run the install for all users? Sorry about all the questions Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From s.striker at striker.nl Thu Jan 6 22:20:26 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as an NT PDC In-Reply-To: <387494A9.EED7E68A@gmx.net> Message-ID: <003001bf5894$3b2a3850$0a00a8c0@office.striker.nl> Hi, >>> Omar Siam wrote: >>> I wan tmore information about subject >> Sander Striker wrote: >> So read the documentation. <-- snap --> >> PS. Blunt request, blunt reply > Omar Siam wrote: > What documentation are you talking about ? The man pages ? The > samba-ntdom.txt which points out that you should subscribe to this list > ? > I had a samba PDC running about half a year ago. But when I tried to set > up one short before Christmas I was completely lost. > So read WHAT documentation ? You could start with reading some back issues of the Kernel Cousin for Samba. It's at http://kt.linuxcare.com/KC/samba/. Furthermore Luke put a small readme on the changes with a PDC in the CVS tree SAMBA_TNG. The file is source/README. ;) The PDC code is now in a seperate branch (SAMBA_TNG), just so you know. Also someone stated in this mailinglist that he would put up a website when he got it working. Well he got it working alright, but I haven't seen an url yet. The only reason I snapped at you was because of the extremely short post in the mailinglist; it only said: 'I wan tmore information about subject' Most of the time it is someone that is to lazy to do some research and hasn't even checked out the docs/ directory of the samba version they've got. Greetings, Sander Striker > > "S. Striker" schrieb: > > > Hi, > > > > > I wan tmore information about subject > > > > So read the documentation. > > > > Greetings, > > > > Sander Striker > > > > From udgenzel at mcs.drexel.edu Thu Jan 6 23:24:07 2000 From: udgenzel at mcs.drexel.edu (Dmitriy Genzel) Date: Tue Dec 2 02:27:48 2003 Subject: Timeframe for domain logon fucntionality Message-ID: If I understand correctly, the HEAD/TNG/whatever branch is currently in a state of flux. Could anyone tell me how long it might take until it is reasonably stable, or at least in a state where I can just download, configure, make and use it, w/o using some complicated approach. Also, when is it going to be incorporated into the normal release branch? Dmitriy From s.striker at striker.nl Thu Jan 6 23:57:11 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:49 2003 Subject: Timeframe for domain logon fucntionality In-Reply-To: Message-ID: <003301bf58a1$bfb0b0b0$0a00a8c0@office.striker.nl> Hi, > If I understand correctly, the HEAD/TNG/whatever branch is currently in a > state of flux. Could anyone tell me how long it might take until it is > reasonably stable, or at least in a state where I can just download, > configure, make and use it, w/o using some complicated approach. You can do all this right now :-) Just check out the SAMBA_TNG branch and compile it. Read the source/README on how to run things. You might also want to consider running smbd/nmbd from the HEAD branch. There is someone working on a webpage as I recall. > Also, when is it going to be incorporated into the normal release branch? When is always the question :-) I think when it's ready and when Luke and Adrew are done argueing over the future design/features of Samba. Check the Kernel Cousin for Samba for recent developments taken from the mailing lists: http://kt.linuxcare.com/KC/samba/ Greetings, Sander Striker From atristan at acacia.ucr.edu Fri Jan 7 00:27:31 2000 From: atristan at acacia.ucr.edu (Andrew Tristan) Date: Tue Dec 2 02:27:49 2003 Subject: questions for large samba installations Message-ID: <20000107002731.90C1627E9B@acacia.ucr.edu> I'm curious to find out what those of you who run large (> 10,000 users and several hundred domain clients) samba installations do about passwords (in the abscence of BDC functionality). I guess I'm interested in two issues: one is optimizing access to smbpasswd (or moral equivalent), and the other is sync'ing passwords on multiple samba servers. I understand that LDAP is one possibility, and I vaguely recall someone mentioning that mysql can be used as a password repository. Anyone have any comments? Thanks, Andrew -- andrew.tristan@ucr.edu Unix Systems Group, UC Riverside From p.mayers at ic.ac.uk Fri Jan 7 01:51:16 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:27:49 2003 Subject: Profiles ... again References: <38750F32.E69C522F@oracom.com> Message-ID: <38754694.7A0A57C8@ic.ac.uk> I'm not really sure what your problem is. What is your smb.conf, and do an 'ls -la' in the profiles directory. Try creating a directory like this: [root@gw profiles]# ls -la total 3 drwxrwx--- 3 nobody users 1024 Sep 24 01:51 . drwxr-xr-x 6 root root 1024 Dec 11 19:35 .. All users have permission to create directories - when they logon for the first time, NT will use their local profile. When they log off, their profile will be updated to the server (and the directory will be created automatically, with the correct permissions). Alternatively, create the directory, log onto the NT machine as LOCAL admin, go control panel, system, profiles, Copy, browse to that directory (making sure you connect to the server as the user, or adjust unix permissions later on) and copy the profile that way. Cheers, Phil Glenn MacGregor wrote: > > Hi all, > > I have profiles working on pre-3.0.0 If I create a dir in the > profile share and login as that user it creates a new profile for that > user. The probelm is that when i try to copy the profile from the local > NT machine to the samba server it seems to fail updating ntuser.dat > because everytime I login I get the welcome to Windows dialog box. All > permissions look good. Is there a set I need to take for this to work. > The reason I ask is if I leave the orig. profile that was created and > try to run word 2000 it tries to finish the install but fails because I > don't have the correct privs. I think another solution would be to put > an allusers profile but I am not sure. Is there a way I can login to > the domain as admin and run the install for all users? > > Sorry about all the questions > > Thanks > > Glenn > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 From f.j.kouijzer at hccnet.nl Fri Jan 7 02:35:02 2000 From: f.j.kouijzer at hccnet.nl (F. J. Kouijzer) Date: Tue Dec 2 02:27:49 2003 Subject: join Message-ID: <387550D6.934A0819@hccnet.nl> sparhawk31@hotmail.com From lynn at cis.usouthal.edu Fri Jan 7 05:33:34 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC Message-ID: Hello, I am trying to set a UNIX server up to run 3 different laboratories. I want the three labs to appear to be on seperate domains. So what I tried to do was set up a conf file based on the NetBIOS name of a workstation and in that conf file list the workgroup that I want to use as the domain. However the NT client won't see that domain name. I was able to get the NT client to connect to the workgroup listed in the smb.conf file. Is there anyway I can make it so that these different laboratories can connect to three different domain names? Thanks. Keith Lynn From skvidal at phy.duke.edu Fri Jan 7 05:37:46 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I am trying to set a UNIX server up to run 3 different laboratories. > I want the three labs to appear to be on seperate domains. So what I tried > to do was set up a conf file based on the NetBIOS name of a workstation > and in that conf file list the workgroup that I want to use as the > domain. However the NT client won't see that domain name. I was able to > get the NT client to connect to the workgroup listed in the smb.conf file. > Is there anyway I can make it so that these different laboratories can > connect to three different domain names? Thanks. If you want it to be domained controlled by 3 different domains you'll need the samba pdc branch and you'll have to register the nt machines into each of the samba domains. Then select which domain to login to from the GINA of nt. -sv From patrickpaul at home.com Fri Jan 7 05:46:41 2000 From: patrickpaul at home.com (Patrick Paul) Date: Tue Dec 2 02:27:49 2003 Subject: some help please? run out of clues Message-ID: i know it's offtopic, but i am dumbfounded. i've tried everything, and for months have been stuck. the problem is with compiling the pre-code. it also happens on the release code. i've had to compile on another machine and ftp it back. here's what i get, i've tried upgrading the glibc, the gcc, and a bunch more. i'm running a mutt breed of mandrake 6.1, 7.0, redhat 6.1 and others. here's what i get when i compile. please help. make Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE=" /usr/local/samba/var" -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE=" /usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMH OSTSFILE="/usr/local/samba/lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSB INDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DSMBRUN="/u sr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba/lib/codepages" -DDRIV ERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/samba/bin" -DFOR MSFILE="/usr/local/samba/lib/ntforms.def" -DNTDRIVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/loca l/samba/bin/smbpasswd" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" -D SMB_PASSGRP_FILE="/usr/local/samba/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/lo cal/samba/private/smbgroup" -DSMB_ALIAS_FILE="/usr/local/samba/private/smbalias" Using LIBS = -lreadline -ldl -lcrypt -lpam -lcurses Compiling smbd/server.c In file included from /usr/include/linux/fs.h:12, from /usr/include/linux/capability.h:13, from /usr/include/sys/capability.h:23, from include/includes.h:313, from smbd/server.c:22: /usr/include/linux/wait.h:4: warning: `WNOHANG' redefined /usr/include/bits/waitflags.h:26: warning: this is the location of the previous definition /usr/include/linux/wait.h:5: warning: `WUNTRACED' redefined /usr/include/bits/waitflags.h:27: warning: this is the location of the previous definition In file included from /usr/include/linux/capability.h:13, from /usr/include/sys/capability.h:23, from include/includes.h:313, from smbd/server.c:22: /usr/include/linux/fs.h:46: warning: `BLOCK_SIZE' redefined /usr/include/sys/mount.h:28: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:85: warning: `MS_RDONLY' redefined /usr/include/sys/mount.h:37: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:86: warning: `MS_NOSUID' redefined /usr/include/sys/mount.h:39: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:87: warning: `MS_NODEV' redefined /usr/include/sys/mount.h:41: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:88: warning: `MS_NOEXEC' redefined /usr/include/sys/mount.h:43: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:89: warning: `MS_SYNCHRONOUS' redefined /usr/include/sys/mount.h:45: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:90: warning: `MS_REMOUNT' redefined /usr/include/sys/mount.h:47: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:91: warning: `MS_MANDLOCK' redefined /usr/include/sys/mount.h:49: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:93: warning: `S_APPEND' redefined /usr/include/sys/mount.h:53: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:94: warning: `S_IMMUTABLE' redefined /usr/include/sys/mount.h:55: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:95: warning: `MS_NOATIME' redefined /usr/include/sys/mount.h:57: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:96: warning: `MS_NODIRATIME' redefined /usr/include/sys/mount.h:59: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:105: warning: `MS_RMT_MASK' redefined /usr/include/sys/mount.h:63: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:110: warning: `MS_MGC_VAL' redefined /usr/include/sys/mount.h:68: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:145: warning: `BLKROSET' redefined /usr/include/sys/mount.h:76: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:146: warning: `BLKROGET' redefined /usr/include/sys/mount.h:77: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:147: warning: `BLKRRPART' redefined /usr/include/sys/mount.h:78: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:148: warning: `BLKGETSIZE' redefined /usr/include/sys/mount.h:79: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:149: warning: `BLKFLSBUF' redefined /usr/include/sys/mount.h:80: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:150: warning: `BLKRASET' redefined /usr/include/sys/mount.h:81: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:151: warning: `BLKRAGET' redefined /usr/include/sys/mount.h:82: warning: this is the location of the previous defin ition In file included from /usr/include/linux/vfs.h:4, from /usr/include/linux/fs.h:14, from /usr/include/linux/capability.h:13, from /usr/include/sys/capability.h:23, from include/includes.h:313, from smbd/server.c:22: /usr/include/asm/statfs.h:12: redefinition of `struct statfs' make: *** [smbd/server.o] Error 1 Patrick Paul consultant From lynn at cis.usouthal.edu Fri Jan 7 06:07:10 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: Where can I find the documentation for having it branch like that? How do I do the registration? Thanks. Keith Lynn On Fri, 7 Jan 2000, Seth Vidal wrote: > > I am trying to set a UNIX server up to run 3 different laboratories. > > I want the three labs to appear to be on seperate domains. So what I tried > > to do was set up a conf file based on the NetBIOS name of a workstation > > and in that conf file list the workgroup that I want to use as the > > domain. However the NT client won't see that domain name. I was able to > > get the NT client to connect to the workgroup listed in the smb.conf file. > > Is there anyway I can make it so that these different laboratories can > > connect to three different domain names? Thanks. > > If you want it to be domained controlled by 3 different domains you'll > need the samba pdc branch and you'll have to register the nt machines > into each of the samba domains. > > Then select which domain to login to from the GINA of nt. > > -sv > > > From skvidal at phy.duke.edu Fri Jan 7 06:08:47 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > Where can I find the documentation for having it branch like that? How do > I do the registration? Thanks. No. Its not that the server branches - its that you need the NT PDC controller BRANCH of the samba cvs tree (read the archives of this list for an explanation) Your best bet is to read: http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html its a little out of date but still somewhat true. -sv From Lucio.Jankok at asz.nl Fri Jan 7 08:48:04 2000 From: Lucio.Jankok at asz.nl (Jankok, L. (dsc-pm)) Date: Tue Dec 2 02:27:49 2003 Subject: Can samba be in a domain & a workgroup at the same time? Message-ID: <7DE31FAF0D4FD211A4460000F87A853B617D82@ASZMSG001.GAK.NL> Hi, A domain is a workgroup with centralized authentication. You can configure your winnt clients to join a domain test and your win95/98 to join a workgroup test. Win95/98 can't join a domain the same way winnt does for it doesn't support making a computer account in a domain. So for Win95/98 you will be supplying the domain name in the workgroup field. But if what you really want is a workgroup setup (no centralized authentication) and a pdc setup (centralized authentication) I think you can configure multiple instances of the samba server through your smb.conf, I don't have a smb.conf to show you that but I can recall that I saw this documented somewhere. cheers, Lucio Jankok. -----Oorspronkelijk bericht----- Van: Derrick MacPherson [SMTP:derrick@mercuryfilmworks.com] Verzonden: Thursday, January 06, 2000 6:42 PM Aan: Multiple recipients of list SAMBA-NTDOM Onderwerp: Can samba be in a domain & a workgroup at the same time? Can I have samba running in a domain and a workgroup at the same time? And can they be named the same? Any pointers to info on this or help would be appreciated.. Thanks guys. -- Derrick MacPherson Systems Administrator Mercury Filmworks From jeannie at mitre.org Fri Jan 7 09:39:08 2000 From: jeannie at mitre.org (Henchey,Jean L.) Date: Tue Dec 2 02:27:49 2003 Subject: semaphore errors References: Message-ID: <3875B43C.3B5EF301@mitre.org> I'm running 2.0.6 on sol2.6. Users are getting semaphore timeout errors. What is the best way to tune samba for semaphores? I've been thinking about turning keepalive to 15 mins or a few hours. Does anyone use the keepalive directive? How much does it help? Thanks for your ideas, Jean -------------- next part -------------- A non-text attachment was scrubbed... Name: jeannie.vcf Type: text/x-vcard Size: 228 bytes Desc: Card for Jean Henchey Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000107/f4bb7a1e/jeannie.vcf From M.Brendel at net.hcc.nl Fri Jan 7 09:41:28 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:49 2003 Subject: A domain controller cold not be contacted Message-ID: <3.0.3.32.20000107104128.009015f0@pop5.inter.nl.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 4376 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000107/23bb4e51/attachment.bin From devnull at epiuse.com Fri Jan 7 10:00:42 2000 From: devnull at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:27:49 2003 Subject: semaphore errors Message-ID: hi jean, i had this once due to a misconfiged subnet mask on one of the windows boxes. i couldn't figure out why that would cause this error, but fixing it did the trick. good luck, jan > -----Original Message----- > From: Henchey,Jean L. [mailto:jeannie@mitre.org] > Sent: Friday, January 07, 2000 11:42 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: semaphore errors > > > I'm running 2.0.6 on sol2.6. Users are getting semaphore timeout > errors. What is the best way to tune samba for semaphores? > > I've been thinking about turning keepalive to 15 mins or a few hours. > Does anyone use the keepalive directive? How much does it help? > > Thanks for your ideas, > > Jean > From lk at NetUSE.DE Fri Jan 7 13:39:16 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:49 2003 Subject: New webpage for Samba TNG Message-ID: <3875EC84.B04F1918@NetUSE.DE> Hello! I have created a webpage, to let you know what i have done to install Samba TNG. Until now i have finnished the "compile"-part only. I hope i can create the "configuration"-part tomorrow. If there are any spelling errors, plese send me message. I'm a german. Until now, i can join the domain with my Win-NT workstation, profiles work, startscripts are working and if i login as root, i can also work as administrator. Cu http://www.kneschke.de/projekte/samba_tng/index.php3 -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From nemeth at business.web.at Fri Jan 7 13:50:05 2000 From: nemeth at business.web.at (Andreas Nemeth) Date: Tue Dec 2 02:27:49 2003 Subject: Readding Machine to the Domain Message-ID: <01BF591F.51798580@Vienna-Remote47.profinet.at> I'm using Samba 2.0.5a (SuSE Distrib.) I just added "reboot" to make clear I restarted everything. (I know that linux doesn't have to reboot every five minutes or so!) I don't think the problem is adding a $ or not, for I use smbpasswd -a -m MACHINENAME$ for other computers too and didn't encountered trouble. I think --like described in one man page-- that changing the UID of the trust account can cause trouble with the RIDs, therefor I'm now searching for the SIDs and RIDs on my system (help needed!) Andrew -----Original Message----- From: James Willard [SMTP:james@whispering.org] Sent: Wednesday, January 05, 2000 7:26 PM To: nemeth@business.web.at; Multiple recipients of list SAMBA-NTDOM Subject: Re: Readding Machine to the Domain What version of Samba are you using? I too am having trouble adding a NT workstation to my Samba-controlled domain. The two problems are probably completely different, and I can get Samba 2.0.6 machines to join, just not NTWS. It's most likely just my NT workstation that is having trouble (Anyone else having trouble adding NT to domains in the current CVS?). I am using the latest HEAD branch in CVS, TNG is too broken to touch right now :). I believe you should use smbpasswd -a -m CAMP, not the $. What error messages are you seeing? There is no need to reboot the PDC. At most would might need to stop and restart smbd and nmbd. James ----- Original Message ----- From: Andreas Nemeth To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 05, 2000 12:59 PM Subject: Readding Machine to the Domain > Hi, > I have a small network of NT WS with a Linux box acting as PDC. I removed one of them to change it against another... Well it doesn't work! I have deleted all lines in /etc/passwd; /etc/smbpasswd containing info 'bout this computer. (rebooted) Added the user in /etc/passwd; made a smbpasswd -a -m CAMP$ but it didn't and doesn't work! > > help appreciated > From mike at ed.ac.uk Fri Jan 7 14:30:22 2000 From: mike at ed.ac.uk (Mike.Robinson) Date: Tue Dec 2 02:27:49 2003 Subject: Domain admins Message-ID: I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha of Samba downloaded in September 99 and running on Solaris 7. I am trying to put users into a Domain Admins group using the information in the FAQ. What I have is: fibratus#ypcat group |grep nt ntadmin:*:4219:mike,bc,cnd,ann automnt:*:31530: ntusers:*:4220:mike,bc,cnd,ann fibratus#grep domain smb.conf workgroup = met-domain domain group map = /usr/local/samba/lib/domaingroup.map domain master = yes domain logons = yes fibratus#cat /usr/local/samba/lib/domaingroup.map ntadmin="Domain Admins" ntusers="Domain Users" fibratus#grep group /etc/nsswitch.conf # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. group: files nis netgroup: nis When logging onto a PC as mike in the domain met-domain, mike does not have administrator privilegs. The samba logs do not appear to have anything that sheds any light on the matter. Does anyone know what the problem might be or what I can do to trace the cause of the problem? Best wishes, Mike ................................................................................ Mike Robinson Email: M.Robinson@ed.ac.uk EUCS Tel: 0131 650 5015 The University of Edinburgh Fax: 0131 650 8748 J.C.M.B The Kings Buildings Mayfield Road Edinburgh EH9 3JZ From lk at NetUSE.DE Fri Jan 7 16:26:19 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:49 2003 Subject: Domain admins References: Message-ID: <387613AB.276AAE1F@NetUSE.DE> "Mike.Robinson" wrote: > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > of Samba downloaded in September 99 and running on Solaris 7. > > I am trying to put users into a Domain Admins group using the information in > the FAQ. > > What I have is: > > fibratus#ypcat group |grep nt > ntadmin:*:4219:mike,bc,cnd,ann > automnt:*:31530: > ntusers:*:4220:mike,bc,cnd,ann > > fibratus#grep domain smb.conf > workgroup = met-domain > domain group map = /usr/local/samba/lib/domaingroup.map > domain master = yes > domain logons = yes > > fibratus#cat /usr/local/samba/lib/domaingroup.map > ntadmin="Domain Admins" > ntusers="Domain Users" > > fibratus#grep group /etc/nsswitch.conf > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > group: files nis > netgroup: nis > > When logging onto a PC as mike in the domain met-domain, mike does not have > administrator privilegs. The samba logs do not appear to have anything that > sheds any light on the matter. I use the latest samba from cvs(see my homepage http://www.kneschke.de/projekte/samba_tng/index.php3). And had this problem just today. Your smb.conf and your domaingroup.map are ok, but to let this, the in the /etc/passwd must be ntadmin or ntusers. The settings in /etc/group don't care samba much. :-( This works: /etc/group ntadmin::101: /etc/passwd lk:x:6010:101::/home/lk:/bin/sh lk is "Domain Admin". Hope this helps. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From David.Bear at asu.edu Fri Jan 7 16:28:21 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:49 2003 Subject: ldap and passwords Message-ID: I'm a little confused regarding ldap support. If samba uses ldap to authenticate, does ldap have to be configured to store password hashes? As I understand the password issue, only one way hashes are sent over the wire. So the authenticating server either has to know the original plain text password, or store the hash. The whole issue with having to create the additional smbpasswd file was related here correct? Now as far as I understood ldap, I thought it was a directory spec to enable access to x500 like hierarchical directories. So, I can see where ldap nodes -- end points -- could provide a directory of user names -- userid. But how does one store smbpasswords there? and how would one update the smbpassword? This is important to me at ASU because we have a kerberos infrastructure in place -- and they are just creating the ldap infrastructure. So, to mee I need to see if (1) ldap can be configure to help me with smb passwords, or (2) if kerberos is the way to go -- or (3) if ldap would provide some kind of gateway to kerberos principals?? Now I'm talking way out of my realm... David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From rajeeva at research.bell-labs.com Fri Jan 7 16:28:40 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:49 2003 Subject: NT connecting to SAMBA_TNG Message-ID: <38761438.6D8CE504@research.bell-labs.com> Hi, I am running SAMBA_TNG branch as PDC and trying to connect from a PC running NT4.0. The PC running NT is not in samba pdc domain. and when I try to browse samba sever from NT, I get a message "A network error has occurred". In the logs on samba server (debug level 4) I get [2000/01/07 10:44:37, 4] smbd/reply.c:reply_tcon_and_X(344) Got device type IPC [2000/01/07 10:44:37, 1] smbd/reply.c:map_nt_and_unix_username(97) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/07 10:44:37, 3] smbd/password.c:authorise_login(444) ACCEPTED: guest account and guest ok [2000/01/07 10:44:37, 3] smbd/vfs.c:vfs_init_default(79) Initialising default vfs hooks [2000/01/07 10:44:37, 3] smbd/service.c:make_connection(418) Connect path is /tmp [2000/01/07 10:44:37, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /tmp [2000/01/07 10:44:37, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /LPRng/samba/bin [2000/01/07 10:44:37, 3] smbd/service.c:make_connection(520) vkarma (135.104.54.44) connect to service IPC$ as user nobody (uid=99, gid=99) (pid 22232) [2000/01/07 10:44:37, 0] lib/fault.c:fault_report(40) =============================================================== [2000/01/07 10:44:37, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 22232 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [2000/01/07 10:44:37, 0] lib/fault.c:fault_report(43) Please let me know, what is it I am doing wrong. Thanks a lot. rajeev From sdseal at magma.ca Fri Jan 7 18:59:58 2000 From: sdseal at magma.ca (Stephen Seal) Date: Tue Dec 2 02:27:49 2003 Subject: Windows Login Test tools Message-ID: <20000107.18595800@stinky.sealtex.ca> Hi everyone: I'm hoping that someone on these lists can help. I've been trying to find a test tool for Win95/98/NT that can help diagnose problems with NT Domain login and authentication. I'm hoping that someone in the Samba community has a tool or knows where to find a REALLY GOOD description/overview of the NT Domain login process. Here's my problem scenario: If a user (a non technical user I might add) remotely connects to a network, and submits their username/password to a PDC, they sometimes get the "very helpful" Windows message "Cannot log in to the Domain" (or similar nonsense). What can be done at this point to help diagnose this problem? There appears to be no Windows tool to help resolve WHY they can't log in. Can anyone help? Frustratinly yours, Steve From ralf at is.rice.edu Fri Jan 7 19:14:45 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:27:49 2003 Subject: Undefined symbol Message-ID: Hello samba gurus, have a couple of questions if you will please! First: I'm trying to run 2.0.5a or 2.0.6 on a Solaris 2.5 box and smbd bails out with an "invalid argument" error when reading socket data. [2000/01/06 09:00:58, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2000/01/06 09:00:58, 3] lib/util_sock.c:open_socket_in(865) bind succeeded on port 0 [2000/01/06 09:00:58, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 19996, global_oplock_port = 37829 [2000/01/06 09:00:58, 0] lib/util_sock.c:read_socket_data(474) read_socket_data: recv failure for 4. Error = Invalid argument [2000/01/06 09:00:58, 3] smbd/process.c:timeout_processing(861) receive_smb error (Invalid argument) exiting [2000/01/06 09:00:58, 2] smbd/server.c:exit_server(408) Closing connections [2000/01/06 09:00:58, 3] smbd/server.c:exit_server(435) Server exit (normal exit) This happens with 2.0.5a and 2.0.6, but only on a Solaris 2.5 box (production). I can run both releases on a test box running Solaris 2.6 without any problems whatsoever. The only difference I see between the newer releases of samba and 2.0.4b (the one running in production) is the read_socket_data function in the util_sock.c module, the one causing the problems. And ofcourse the difference in OS's. I guess my first question is: does anybody know what's happenning here, and how do I get around it? The second question is in regards to the TNG cvs BRANCH code. make crashes when linking bin/smbd: .. .. .. Compiling tdb/tdb.c mkdir bin Linking bin/smbd Undefined first referenced symbol in file inet_aton libsmb/clientgen.o ld: fatal: Symbol referencing errors. No output written to bin/smbd *** Error code 1 make: Fatal error: Command failed for target `bin/smbd' I have samba-MAIN and samba-TNG from cvs. Downloaded them today. Compiling them as per Lars Kneschke's instructions on his web page: www.kneschke.de/projekte/samba_tng/index.php3, --Thanks for the page Lars--, produces the previous fatal error. My question here is: Why is 'bin/smbd' being created in TNG if smbd is suppossed to be created in MAIN and copied to TNG? This is according to the web page instructions. Am I doing it wrong? Please help! Al Ramos. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From p.mayers at ic.ac.uk Fri Jan 7 19:29:44 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:49 2003 Subject: ldap and passwords Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812B8@icex1.cc.ic.ac.uk> Yes - the LDAP support requires attributes lmpassword and ntpassword storing the password hashes (appropriately protected by ACLs of course). I don't think you understand LDAP very well. An entity can have attributes which contain data. For example: dn: uid=user, ou=People, dc=domain, dc=com objectclass: top objectclass: posixAccount objectclass: sambaAccount uid: user uidnumber: 8102 gidnumber: 5643 cn: Common Name homedirectory: /home/user userpassword: {crypt}64236jigr loginshell: /bin/bash gecos: Gecos field ntuid: users rid: 42c homedrive: Z: pwdcanchange: 00000000 pwdmustchange: FFFFFFFF lmpassword: ntpassword: pwdlastset: 38036B07 acctflags: [U ] profile: \\domctrl\profiles\user smbhome: \\file-server\\user This is (roughly, minus a few site-specifics) the template that we use here for unifies UNIX account (vis nss_ldap and pam_ldap) and NT account via samba. The samba server *needs* either the plaintext password or the password hash - kerberos' network protocol can't supply either. It can *check* the plaintext password, but that's not good enough. You're going to need some way for the samba server to obtain the password/password hash. It would be good if Samba would calculate the password hash if the password is stored in plaintext in the LDAP directory - that way, you could eliminate the need for lmpassword and ntpassword altogether. You're going to have to be more specific about your requirements before I could say any more though. Cheers, Phil -----Original Message----- From: David Bear To: Multiple recipients of list SAMBA-NTDOM Sent: 1/7/00 4:30 PM Subject: ldap and passwords I'm a little confused regarding ldap support. If samba uses ldap to authenticate, does ldap have to be configured to store password hashes? As I understand the password issue, only one way hashes are sent over the wire. So the authenticating server either has to know the original plain text password, or store the hash. The whole issue with having to create the additional smbpasswd file was related here correct? Now as far as I understood ldap, I thought it was a directory spec to enable access to x500 like hierarchical directories. So, I can see where ldap nodes -- end points -- could provide a directory of user names -- userid. But how does one store smbpasswords there? and how would one update the smbpassword? This is important to me at ASU because we have a kerberos infrastructure in place -- and they are just creating the ldap infrastructure. So, to mee I need to see if (1) ldap can be configure to help me with smb passwords, or (2) if kerberos is the way to go -- or (3) if ldap would provide some kind of gateway to kerberos principals?? Now I'm talking way out of my realm... David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From p.mayers at ic.ac.uk Fri Jan 7 19:32:59 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:49 2003 Subject: Windows Login Test tools Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812B9@icex1.cc.ic.ac.uk> There are no such tools. If the PDC is a samba one, look in the log files. If it's an NT one, then it's a little more difficult - try resetting the users profile (delete everything in the profile directory), that's a common one. Check NetBIOS and TCP/IP connectivity. Use a WINS server if you're not already. Check that the PCs in the network are only running TCP/IP - IPX and NetBEui complicate browser election. I'm afraid "some such nonsense" is simply not good enough, even if they were a non-technical user. What was the exact error message? Service packs at each end? I suspect it's profile related. Cheers, Phil -----Original Message----- From: Stephen Seal To: Multiple recipients of list SAMBA-NTDOM Sent: 1/7/00 7:00 PM Subject: Windows Login Test tools Hi everyone: I'm hoping that someone on these lists can help. I've been trying to find a test tool for Win95/98/NT that can help diagnose problems with NT Domain login and authentication. I'm hoping that someone in the Samba community has a tool or knows where to find a REALLY GOOD description/overview of the NT Domain login process. Here's my problem scenario: If a user (a non technical user I might add) remotely connects to a network, and submits their username/password to a PDC, they sometimes get the "very helpful" Windows message "Cannot log in to the Domain" (or similar nonsense). What can be done at this point to help diagnose this problem? There appears to be no Windows tool to help resolve WHY they can't log in. Can anyone help? Frustratinly yours, Steve From ringram at acpl.lib.wy.us Fri Jan 7 19:37:50 2000 From: ringram at acpl.lib.wy.us (Russel H. Ingram) Date: Tue Dec 2 02:27:49 2003 Subject: Adding Domain users to machine admin group Message-ID: I'm sure this has probably been answered at some point already, but I have been searching through the list archives for a couple of hours now and have not found a clear answer to my problem. Here's my problem: I want to add domain users to the local machine admin groups but not all of my domain users will show up in the list of domain users when running the workstation version of the User Manager. All of my NT machines are running 4.0 with SP5 and the Samba server (semi-emulating a PDC) is running version 2.0.5a on RedHat Linux 6.0 for Intel. To be just a little more specific the User Manager can only see the first 15 users listed in the smbpasswd file. Is this a configuration problem or a limitaion of Samba? Any help would be greatly appreciated. Thanx, --Russ ----------------------------------------------------------------------- Russel Ingram | Gargoyle Network Manager, Albany County PublicLibrary | Linux.com, Support Staff ringram@acpl.lib.wy.us | gargoyle@linux.com From jeremy at valinux.com Fri Jan 7 20:50:49 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:49 2003 Subject: Undefined symbol References: Message-ID: <387651A9.CB5125CF@valinux.com> Alfredo Ramos wrote: > > read_socket_data: recv failure for 4. Error = Invalid argument > [2000/01/06 09:00:58, 3] smbd/process.c:timeout_processing(861) > receive_smb error (Invalid argument) exiting > [2000/01/06 09:00:58, 2] smbd/server.c:exit_server(408) > Closing connections > [2000/01/06 09:00:58, 3] smbd/server.c:exit_server(435) > Server exit (normal exit) > > This happens with 2.0.5a and 2.0.6, but only on a Solaris 2.5 box > (production). I can run both releases on a test box running Solaris 2.6 > without any problems whatsoever. > > The only difference I see between the newer releases of samba and 2.0.4b > (the one running in production) is the read_socket_data function in the > util_sock.c module, the one causing the problems. And ofcourse the > difference in OS's. Amazingly, recv() is broken on Solaris 2.5. Change the recv() calls to read() calls in read_socket_data(). This fix will be in 2.0.7. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From ralf at is.rice.edu Fri Jan 7 20:24:16 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:27:49 2003 Subject: Undefined symbol In-Reply-To: <387651A9.CB5125CF@valinux.com> Message-ID: Thank you Jeremy! I appreciate the help. Best regards; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Fri, 7 Jan 2000, Jeremy Allison wrote: > > Amazingly, recv() is broken on Solaris 2.5. Change the > recv() calls to read() calls in read_socket_data(). > > This fix will be in 2.0.7. > > Regards, > > Jeremy Allison, > Samba Team. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- > From lynn at cis.usouthal.edu Fri Jan 7 20:32:13 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I have looked at that page, and I want to make sure I understand what I need. I downloaded the latest version of Samba through CVS so that it would act as a primary domain controller. Do I need to download something different to make it serve multiple domains? Thanks. Keith Lynn On Fri, 7 Jan 2000, Seth Vidal wrote: > > Where can I find the documentation for having it branch like that? How do > > I do the registration? Thanks. > > No. Its not that the server branches - its that you need the NT PDC > controller BRANCH of the samba cvs tree (read the archives of this list > for an explanation) > > Your best bet is to read: > http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html > > its a little out of date but still somewhat true. > > -sv > > > From skvidal at phy.duke.edu Fri Jan 7 20:34:35 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I have looked at that page, and I want to make sure I understand what I > need. I downloaded the latest version of Samba through CVS so that it > would act as a primary domain controller. Do I need to download something > different to make it serve multiple domains? Thanks. I don't think the current samba pdc code can server multiple domains. the most common way to server multiple domains is to run N multiple samba servers on 1 physical machine with N aliased ip addresses. -sv From lynn at cis.usouthal.edu Fri Jan 7 20:45:21 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I hope this isn't a stupid question, but I've never tried to alias IP addresses before. Is this something that can be done on the Solaris server I'm running? What I am planning to do is run each of my labs on a private subnet. Can I set up the server to listen to the IP address of the client or run completely seperate instances of smbd and nmbd? Keith Lynn On Sat, 8 Jan 2000, Seth Vidal wrote: > > I have looked at that page, and I want to make sure I understand what I > > need. I downloaded the latest version of Samba through CVS so that it > > would act as a primary domain controller. Do I need to download something > > different to make it serve multiple domains? Thanks. > > I don't think the current samba pdc code can server multiple domains. > > the most common way to server multiple domains is to run N multiple samba > servers on 1 physical machine with N aliased ip addresses. > > > -sv > > > From skvidal at phy.duke.edu Fri Jan 7 20:46:34 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I hope this isn't a stupid question, but I've never tried to alias IP > addresses before. Is this something that can be done on the Solaris server > I'm running? What I am planning to do is run each of my labs on a private > subnet. Can I set up the server to listen to the IP address of the client > or run completely seperate instances of smbd and nmbd? solaris multiple ip aliases: from the solaris faq 4.10) How can I have multiple addresses per interface? Solaris 2.x provides a feature in ifconfig that allows having more than one IP address per interfaces. Undocumented but existing prior to 2.5, documented in 2.5 and later. Syntax: ifconfig IF:N ip-address up where "IF" is an interface (e.g., le0) and N is a number between 1 and . Removing the pseudo interface and associated address is done with "ifconfig IF:N 0.0.0.0 down". As with physical interfaces, all you need to do is make the appropriate /etc/hostname.IF:X file. The maximum number of virtual interfaces, above, is 255 in Solaris releases prior to 2.6. Solaris 2.6 and Solaris 2.5.1 with the Solaris Internet Server Supplement (SISS) allow you to set this value with ndd, upto a hard maximum of 8192. /usr/sbin/ndd -set /dev/ip ip_addrs_per_if 4000 There's no limit inspired by the code; so if you bring out adb you can increase the maximum even further. then with samba setup multiple instances of smbd and nmbd called with -s [conf file location] each only binding to one interface with the interfaces= and bind interfaces only=yes parameters set a different domain for each and you should be on your way. -sv From cliff at scs.uiuc.edu Fri Jan 7 20:49:06 2000 From: cliff at scs.uiuc.edu (Clifford Meece) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC References: Message-ID: <38765142.FBAADC89@scs.uiuc.edu> ifconfig interface_name alias alias_address netmask your_netmask broadcast your_broadcast or man ifconfig Keith Lynn wrote: > I hope this isn't a stupid question, but I've never tried to alias IP > addresses before. Is this something that can be done on the Solaris server > I'm running? What I am planning to do is run each of my labs on a private > subnet. Can I set up the server to listen to the IP address of the client > or run completely seperate instances of smbd and nmbd? > Keith Lynn > > On Sat, 8 Jan 2000, Seth Vidal wrote: > > > > I have looked at that page, and I want to make sure I understand what I > > > need. I downloaded the latest version of Samba through CVS so that it > > > would act as a primary domain controller. Do I need to download something > > > different to make it serve multiple domains? Thanks. > > > > I don't think the current samba pdc code can server multiple domains. > > > > the most common way to server multiple domains is to run N multiple samba > > servers on 1 physical machine with N aliased ip addresses. > > > > > > -sv > > > > > > -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== From David.Bear at asu.edu Fri Jan 7 21:00:26 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:49 2003 Subject: authentication failures Message-ID: I am using an OS/2 Warp Server -- which is completely compatible with Lan Manager -- as my password server. It's worked well for a while. Now, I'm getting the following errors in my logs: (see below) What does it mean when the account is disabled? Is that something samba is doing? Furthermore, my server PPSRV1 allows users access to it, ie after they logon, they have no problem using shares on it. So, if they are PPSRV1 is properly authenticating them directly, why is samba not able to authenticate them through it? Moreover, why is it only 'sometimes' and not always?? [2000/01/06 08:15:38, 1] smbd/password.c:server_validate(1131) password server PPSRV1 rejected the password [2000/01/06 08:15:38, 1] smbd/password.c:pass_check_smb(510) Account for user 'jansoper' was disabled. [2000/01/06 08:15:38, 1] smbd/password.c:pass_check_smb(510) Account for user 'jansoper' was disabled. [2000/01/06 08:19:59, 1] smbd/password.c:server_validate(1131) password server PPSRV1 rejected the password [2000/01/06 08:19:59, 1] smbd/password.c:pass_check_smb(510) Account for user 'jansoper' was disabled. [2000/01/06 08:19:59, 1] smbd/password.c:pass_check_smb(510) Account for user 'jansoper' was disabled. [2000/01/06 08:22:04, 1] smbd/password.c:server_validate(1131) David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From mparker at myra.com Fri Jan 7 21:22:58 2000 From: mparker at myra.com (Margarita Parker) Date: Tue Dec 2 02:27:49 2003 Subject: samba domain Message-ID: <38765932.FF4B2B36@myra.com> Hello all, I have installed samba 2.06 on solaris and I have configured it using swat. I added the workstation_name$ to the etc/passwd file with no password I ran smbpasswd -a -m workstation_name When I try to join the domain with my NT 4.0 workstation it tells me : "Unable to connect to the domain controller for this domain. Have your administrator check your computer account on the domain." Then, if I try to add the worksttion to the workgroup from the workstation using a user name and password, I get the following error: "Unable to add or change accounts on the domain. The account information entered does not grant sufficient privilege to create or change accounts." What am I doing wrong? Any ideas? Thanks Margarita -------------- next part -------------- A non-text attachment was scrubbed... Name: mparker.vcf Type: text/x-vcard Size: 202 bytes Desc: Card for Margarita Parker Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000107/250686b9/mparker.vcf From lynn at cis.usouthal.edu Fri Jan 7 21:38:24 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: samba domain In-Reply-To: <38765932.FF4B2B36@myra.com> Message-ID: You have to have at least Samba 2.1 for Samba to act as a PCS. You can get it through cvs at cvs.samba.org. When you connect to this through pserver use the password cvs. If you need any other help, let me know. Keith Lynn On Sat, 8 Jan 2000, Margarita Parker wrote: > Hello all, > > I have installed samba 2.06 on solaris and I have configured it using > swat. > I added the workstation_name$ to the etc/passwd file with no password > I ran smbpasswd -a -m workstation_name > > When I try to join the domain with my NT 4.0 workstation it tells me : > > "Unable to connect to the domain controller for this domain. Have your > administrator check your computer account on the domain." > > Then, if I try to add the worksttion to the workgroup from the > workstation using a user name and password, I get the following error: > > "Unable to add or change accounts on the domain. The account > information entered does not grant sufficient privilege to create or > change accounts." > > What am I doing wrong? Any ideas? > > Thanks > > Margarita > > From lars at kneschke.de Fri Jan 7 21:38:59 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:49 2003 Subject: Samba TNG webpages Message-ID: <38765CF3.53D26E4F@kneschke.de> Hello! I have updated my samba tng webpages. Kevin Colby was so nice, to help me with the spelling. .de is germany! :-) He had not yet checked the new webpages. So the english may not be perfect on this pages. Can the gurus please also check this pages? Maybe something is wrong. http://www.kneschke.de/projekte/samba_tng/index.php3 Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From ely at txc.com Fri Jan 7 21:44:34 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:27:49 2003 Subject: Smbpasswd error Message-ID: <38765E42.E439E338@txc.com> Hi, I followed all instructions and run combined cvs main and SAMBA_TNG. When I tried to create the smbpasswd account for my samba server using smbpasswd -a -m my_samba_server I got the following messages: rpc_check_hdr: error in rpc header rpc_pipe_bind failed lsa query failed Can't setup password database vectors. With regards, Ely Zavin. -------------- next part -------------- A non-text attachment was scrubbed... Name: ely.vcf Type: text/x-vcard Size: 222 bytes Desc: Card for Ely Zavin Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000107/60189146/ely.vcf From james at whispering.org Fri Jan 7 21:53:17 2000 From: james at whispering.org (James Willard) Date: Tue Dec 2 02:27:49 2003 Subject: samba domain In-Reply-To: Message-ID: Strangely enough, I am getting the exact same thing when using Samba 3.0-prealpha (HEAD branch). I can add a Linux system running Samba 2.0.6 without problems, but when it comes to adding the NT machine, I see the same errors as the person below. Does anyone know for a fact that the recent versions of the HEAD branch didn't break somewhere along the way? I have previously used it for a long time, but then my harddisk started smoking (on New Year's Eve, no less). I don't see anything unusual in log.nmb. James > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Keith Lynn > Sent: Friday, January 07, 2000 4:37 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: samba domain > > > You have to have at least Samba 2.1 for Samba to act as a PCS. You can get > it through cvs at cvs.samba.org. When you connect to this through pserver > use the password cvs. If you need any other help, let me know. > Keith Lynn > > On Sat, 8 Jan 2000, Margarita Parker wrote: > > > Hello all, > > > > I have installed samba 2.06 on solaris and I have configured it using > > swat. > > I added the workstation_name$ to the etc/passwd file with no password > > I ran smbpasswd -a -m workstation_name > > > > When I try to join the domain with my NT 4.0 workstation it tells me : > > > > "Unable to connect to the domain controller for this domain. Have your > > administrator check your computer account on the domain." > > > > Then, if I try to add the worksttion to the workgroup from the > > workstation using a user name and password, I get the following error: > > > > "Unable to add or change accounts on the domain. The account > > information entered does not grant sufficient privilege to create or > > change accounts." > > > > What am I doing wrong? Any ideas? > > > > Thanks > > > > Margarita > > > > > From greg at discreet.com Fri Jan 7 21:55:27 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:49 2003 Subject: Smbpasswd error In-Reply-To: <38765E42.E439E338@txc.com> Message-ID: Me too. Attached is a level 10 log if anybody is interested... Greg On 07-Jan-00 Ely Zavin wrote: > Hi, > I followed all instructions and run combined cvs main and > SAMBA_TNG. > When I tried to create the smbpasswd account for my samba server using > smbpasswd -a -m my_samba_server > I got the following messages: > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > lsa query failed > Can't setup password database vectors. > > With regards, > Ely Zavin. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com -------------- next part -------------- doing parameter max log size = 500 doing parameter time server = Yes doing parameter deadtime = 5 doing parameter load printers = No doing parameter domain group map = /usr/local/samba/private/domain_group doing parameter logon script = logon.bat doing parameter logon path = \\tahiti\profiles\%U doing parameter logon drive = H: doing parameter logon home = \\cuba\%U\Windows doing parameter domain logons = Yes doing parameter wins server = 192.168.10.30 doing parameter unix realname = Yes doing parameter admin users = greg doing parameter hosts allow = 192.168. 172.16.100.121 doing parameter case sensitive = Yes doing parameter map to guest = bad password pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Derived broadcast address 192.168.60.255 Added interface ip=192.168.60.54 bcast=192.168.60.255 nmask=255.255.255.0 get_sam_domain_name: PDC/BDC DL_RDTEST local domain server list: (null) cli_connection_init: \\. \PIPE\lsarpc copy_nt_creds: null creds msrpc_use_add: lsarpc redir: No msrpc_find: lsarpc copy_nt_creds: null creds msrpc_establish_connection: connecting to lsarpc () - socket open succeeded. file name: /var/samba/locks/.msrpc/lsarpc create_user_creds: lsarpc 0 0 000004 creds_io_cmd creds 0004 version: 0000 0006 command: 0000 0008 name : 0010 ptr_creds: 00000001 000014 creds_io_hybrid creds 0014 reuse: 00000000 0018 ptr_ntc: 00000000 001c ptr_uxc: 00000000 0020 ptr_nts: 00000000 0024 ptr_uxs: 00000000 Bind RPC Pipe: \PIPE\lsarpc Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 00 00 00 02 .... 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 1630 0002 max_rsize: 1630 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 0010 data : 78 57 34 12 34 12 cd ab ef 00 01 23 45 67 89 ab 0020 version: 00000000 000024 smb_io_rpc_iface 0024 data : 04 5d 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 0034 version: 00000002 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 00 0004 pack_type : 00000010 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 msrpc_send_prs: data: 1013aec8 len 72 Can't setup password database vectors. [000] 05 00 0B 00 10 00 00 00 48 00 00 00 01 00 00 00 ........ H....... [010] 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 00 0.0..... ........ [020] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........ [040] 2B 10 48 60 02 00 00 00 +.H`.... write_socket(3,72) write_socket(3,72) wrote 72 msrpc_receive: 126 rpc_check_hdr: rdata->data_size: 0 000000 smb_io_rpc_hdr rpc_hdr _prs_uint8 error ps: io Yes align 4 offset 0 err 1 data 0 len 0 rpc_check_hdr: error in rpc header rpc_pipe_bind failed msrpc_net_use_del: \\.. force close: No lsa query info failed From karlheinz at khschulz.com Fri Jan 7 22:16:28 2000 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:49 2003 Subject: Memory Questions Message-ID: <009301bf595c$d86d5390$6e320180@charlielabtop> How does Samba release memory? On my RH From karlheinz at khschulz.com Fri Jan 7 22:17:14 2000 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:49 2003 Subject: Memory Questions Message-ID: <009401bf595c$f3ed4620$6e320180@charlielabtop> T From danch at priv.milw.str.com Fri Jan 7 23:26:53 2000 From: danch at priv.milw.str.com (Dan Christopherson) Date: Tue Dec 2 02:27:49 2003 Subject: authentication failures In-Reply-To: Message-ID: What OS are you running samba on? I have seen similiar problems on my Soloaris 2.6 boxen, but never on my linux boxlet. I'm running against an NT 4.0 PDC, btw. Dan Christopherson (danch) STR Technical Architect (www.str.com) Opinions expressed are my own and do not neccessarily reflect the opinions/positions of STR, my family, or (particularly) my cats. On Sat, 8 Jan 2000, David Bear wrote: > I am using an OS/2 Warp Server -- which is completely compatible with Lan > Manager -- as my password server. It's worked well for a while. Now, I'm > getting the following errors in my logs: (see below) > > What does it mean when the account is disabled? Is that something samba > is doing? Furthermore, my server PPSRV1 allows users access to it, ie > after they logon, they have no problem using shares on it. So, if they > are PPSRV1 is properly authenticating them directly, why is samba not able > to authenticate them through it? Moreover, why is it only 'sometimes' and > not always?? > > [2000/01/06 08:15:38, 1] smbd/password.c:server_validate(1131) > password server PPSRV1 rejected the password > [2000/01/06 08:15:38, 1] smbd/password.c:pass_check_smb(510) > Account for user 'jansoper' was disabled. > [2000/01/06 08:15:38, 1] smbd/password.c:pass_check_smb(510) > Account for user 'jansoper' was disabled. > [2000/01/06 08:19:59, 1] smbd/password.c:server_validate(1131) > password server PPSRV1 rejected the password > [2000/01/06 08:19:59, 1] smbd/password.c:pass_check_smb(510) > Account for user 'jansoper' was disabled. > [2000/01/06 08:19:59, 1] smbd/password.c:pass_check_smb(510) > Account for user 'jansoper' was disabled. > [2000/01/06 08:22:04, 1] smbd/password.c:server_validate(1131) > > David Bear > College of Public Programs/ASU > A word is just two nibbles and a byte... > From p.mayers at ic.ac.uk Fri Jan 7 23:58:49 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:27:49 2003 Subject: Samba TNG - where is it broken? How can I fix it? Message-ID: <38767DB9.48EEBE6A@ic.ac.uk> So far, so so. Using the "pure" TNG, not HEAD/TNG mix. I get the occasional error message: [2000/01/07 23:52:34, 1] lib/util.c:map_nt_and_unix_username(3634) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/07 23:52:34, 0] passdb/smbpassfile.c:trust_password_lock(78) trust_password_lock: cannot open file /usr/local/samba/private/MODEMS.GW.mac - Error was No such file or directory. [2000/01/07 23:52:34, 0] passdb/smbpassfile.c:trust_get_passwd(239) trust_get_passwd: unable to open the trust account password file for trust GW in domain MODEMS. I have added the server itself to the domain as a trust account, but do I have to join the domain (smbpasswd -j) to create the MAC file? LDAP specific bits: I haven't got any *huge* problems, but it seems a little bit of a step down. I use the LDAP code, and I'm suddenly not a member of any of my groups any more. It worked fine with the HEAD from november. I won't be moving up for production use, but it will be interesting to develop with. The questions I have are: 1) When was TNG forked off from HEAD? If it was quite recently, how come the TNG code seems in some ways less functional than the HEAD. I wouldn't really expect functionality to disappear... 2) If TNG was (accidentally or on purpose) made less functional, what are the major areas it was/is likely to be broken in? Note I'm not complaining (although it sounds like I am, I know... :o) - I'm offering to fix it, if that's sensible at this time. Specifically the LDAP code, which I rely on. On the whole, an improvement, but an "smbctl" program (like ndc, or apachectl) is on my todo list now Cheers, Phil From fredrikf at jmeab.se Sat Jan 8 00:10:52 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:27:50 2003 Subject: addr to samba TNG help site? Message-ID: <000601bf596c$d41c0790$6e00a8c0@kalve> Hello.. You told me that one person should put up a site with help about Win2k ?& samba...Have he done that yet? .. if i have.. do you have the addr? I mailed that person but he heavent answed.. -------------- next part -------------- HTML attachment scrubbed and removed From lynn at cis.usouthal.edu Sat Jan 8 01:37:09 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I have my Samba server on a machine that has a real IP address and want it to act as a PDC for machines on a different subset. What option do I need to add to smb.conf to make this happen? Thanks. Keith Lynn On Sat, 8 Jan 2000, Seth Vidal wrote: > > I hope this isn't a stupid question, but I've never tried to alias IP > > addresses before. Is this something that can be done on the Solaris server > > I'm running? What I am planning to do is run each of my labs on a private > > subnet. Can I set up the server to listen to the IP address of the client > > or run completely seperate instances of smbd and nmbd? > > solaris multiple ip aliases: > > from the solaris faq > > 4.10) How can I have multiple addresses per interface? > > Solaris 2.x provides a feature in ifconfig that allows having more than > one IP address per interfaces. Undocumented but existing prior to 2.5, > documented in 2.5 and > later. > > Syntax: > > ifconfig IF:N ip-address up > > where "IF" is an interface (e.g., le0) and N is a number between 1 and > . Removing the pseudo interface and associated address is done with > "ifconfig IF:N 0.0.0.0 > down". > > As with physical interfaces, all you need to do is make the appropriate > /etc/hostname.IF:X file. > > The maximum number of virtual interfaces, above, is 255 in Solaris > releases prior to 2.6. Solaris 2.6 and Solaris 2.5.1 with the Solaris > Internet Server Supplement > (SISS) allow you to set this value with ndd, upto a hard maximum of 8192. > > /usr/sbin/ndd -set /dev/ip ip_addrs_per_if 4000 > > There's no limit inspired by the code; so if you bring out adb you can > increase the maximum even further. > > > > then with samba setup multiple instances of smbd and nmbd called with -s > [conf file location] > each only binding to one interface with the > interfaces= > and > bind interfaces only=yes > parameters > > set a different domain for each and you should be on your way. > > -sv > > > > From skvidal at phy.duke.edu Sat Jan 8 01:38:49 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I have my Samba server on a machine that has a real IP address and want it > to act as a PDC for machines on a different subset. What option do I need > to add to smb.conf to make this happen? Thanks. do the machines on the different subnet know how to reach your solaris machine(ie: can they ping it?) then you'll want to set the wins servers of the other machines to be the ip of the samba server (unless they already have a wins server) then: turn on wins support in smb.conf wins support = yes if the other machines already have a wins server then you'll need to make sure you're samba server is broadcasting its existence to the wins server. -sv From lynn at cis.usouthal.edu Sat Jan 8 03:40:48 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I appreciate all the help you've given me. Something occurred to met that I needed to ask about. When I run the three seperate instances of smbd with different conf files, do I also have to run three seperate instances of nmbd? Thanks. Keith Lynn On Fri, 7 Jan 2000, Seth Vidal wrote: > > I have my Samba server on a machine that has a real IP address and want it > > to act as a PDC for machines on a different subset. What option do I need > > to add to smb.conf to make this happen? Thanks. > > do the machines on the different subnet know how to reach your solaris > machine(ie: can they ping it?) > > then you'll want to set the wins servers of the other machines to be the > ip of the samba server (unless they already have a wins server) > > > then: > turn on wins support in smb.conf > wins support = yes > > > if the other machines already have a wins server then you'll need to make > sure you're samba server is broadcasting its existence to the wins server. > > -sv > > > From skvidal at phy.duke.edu Sat Jan 8 03:40:14 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I appreciate all the help you've given me. Something occurred to met that > I needed to ask about. When I run the three seperate instances of smbd > with different conf files, do I also have to run three seperate instances > of nmbd? Thanks. yes -sv From lynn at cis.usouthal.edu Sat Jan 8 07:22:45 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: Do I run with the same command line as smbd? Thanks. Keith Lynn On Sat, 8 Jan 2000, Seth Vidal wrote: > > I appreciate all the help you've given me. Something occurred to met that > > I needed to ask about. When I run the three seperate instances of smbd > > with different conf files, do I also have to run three seperate instances > > of nmbd? Thanks. > > yes > > -sv > > > From skvidal at phy.duke.edu Sat Jan 8 07:33:22 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > Do I run with the same command line as smbd? Thanks. > Keith Lynn yep. -sv From s.striker at striker.nl Sat Jan 8 08:08:56 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:50 2003 Subject: addr to samba TNG help site? In-Reply-To: <000601bf596c$d41c0790$6e00a8c0@kalve> Message-ID: <000201bf59af$9c66e0c0$0a00a8c0@office.striker.nl> Hi, > Hello.. You told me that one person should put up a site with help about Win2k > ?& samba...Have he done that yet? .. if i have.. do you have the addr? The site is on WinNT and SAMBA_TNG as PDC. URL: http://www.kneschke.de/projekte/samba_tng/index.php3 > I mailed that person but he heavent answed.. Keep up with the mailinglist. A lot of (your) questions are/were answered there. Greetings, Sander Striker From darreb at hotmail.com Sat Jan 8 12:00:32 2000 From: darreb at hotmail.com (Darren Wilders) Date: Tue Dec 2 02:27:50 2003 Subject: Samba 2.1.0 Message-ID: <20000108120032.51055.qmail@hotmail.com> Hi, Where can I get a copy of Samba 2.1.0 pre-alpha? I have checked the Samba website and I can't CVS. Cheers, Darren ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From yvl at qad.com Sat Jan 8 11:08:31 2000 From: yvl at qad.com (Yves Lange) Date: Tue Dec 2 02:27:50 2003 Subject: Problem with samba-tng Message-ID: <88256860.003FE080.00@cont21.qad.com> Hi my last cvs check-out from 4.101999 of smaba PDC code runs for me very well since this time. I have an RedHat 6.1 server as PDC for my Domain an I can join this Domain from any WinNT WS or Server -- great. Yesterday I checkt out the new samba-tng code form the cvs tree. The Compile is OK. But when i start the new smbd and nmbd and netlogond .... ther are some Problems like this: [2000/01/08 12:19:10, 1] msrpc/msrpcd.c:msrpc_main(456) netlogond version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(905) create_pipe_socket: /var/lock/samba/.msrpc 448 /var/lock/samba/.msrpc/NETLOGON 448 [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(907) *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT *** Denied connection from 48.48.48.48 (48.48.48.48) [2000/01/08 12:54:19, 1] msrpc/msrpcd_process.c:process_msrpc(159) Connection denied from 48.48.48.48 [2000/01/08 12:54:19, 1] lib/util_sock.c:client_name(819) Gethostbyaddr failed for 48.48.48.48 [2000/01/08 12:54:19, 0] lib/access.c:check_access(236) Denied connection from 48.48.48.48 (48.48.48.48) [2000/01/08 12:54:19, 1] msrpc/msrpcd_process.c:process_msrpc(159) Connection denied from 48.48.48.48 remember: >> hosts allow = 192.168.,167.3. (/etc/smb.conf) << [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(919) remove on /var/lock/samba/.msrpc/NETLOGON failed or this [2000/01/08 12:19:08, 1] msrpc/msrpcd.c:msrpc_main(456) lsarpcd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(905) create_pipe_socket: /var/lock/samba/.msrpc 448 /var/lock/samba/.msrpc/lsarpc 4 48 [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(907) *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT *** [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(919) remove on /var/lock/samba/.msrpc/lsarpc failed can anybody help's me ? When i remove the parameter "hosts allow" then it works. Thank's Yves. From lars at kneschke.de Sat Jan 8 12:33:05 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:50 2003 Subject: Samba 2.1.0 References: <20000108120032.51055.qmail@hotmail.com> Message-ID: <38772E81.3CD26619@kneschke.de> Darren Wilders wrote: > > Hi, > > Where can I get a copy of Samba 2.1.0 pre-alpha? > I have checked the Samba website and I can't CVS. Please watch my homepage at http://www.kneschke.de/projekte/samba_tng. Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From yvl at qad.com Sat Jan 8 13:02:36 2000 From: yvl at qad.com (Yves Lange) Date: Tue Dec 2 02:27:50 2003 Subject: Samba-TNG other problems Message-ID: <88256860.004A51D7.00@cont21.qad.com> Hi again, here are some other problems of my Installation: 1. log.samr and log.NETLOGON [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) trust account gent05$ should be in DOMAIN_GROUP_RID_USERS [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) trust account gent06$ should be in DOMAIN_GROUP_RID_USERS [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) trust account geli06$ should be in DOMAIN_GROUP_RID_USERS [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) trust account geli07$ should be in DOMAIN_GROUP_RID_USERS passwd: gent05$:*:214:16:Samba gent05:/dev/null:/bin/false gent06$:*:215:16:Samba gent06:/dev/null:/bin/false geli06$:*:219:16:Samba geli06:/dev/null:/bin/false geli07$:*:220:16:Samba geli07:/dev/null:/bin/false group: samba::16: where is my Problem if i get this message ? 2. log.winreg [2000/01/08 14:58:25, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! [2000/01/08 14:58:25, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! where is my Problem if i get this message ? Thank's Yves. From lkcl at samba.org Sat Jan 8 14:32:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Problem with samba-tng In-Reply-To: <88256860.003FE080.00@cont21.qad.com> Message-ID: eek! hosts allow won't work on a unix socket! eek! On Sat, 8 Jan 2000, Yves Lange wrote: > > > Hi > > my last cvs check-out from 4.101999 of smaba PDC code runs for me very well > since this time. > > I have an RedHat 6.1 server as PDC for my Domain an I can join this Domain > from any WinNT WS or Server -- great. > > Yesterday I checkt out the new samba-tng code form the cvs tree. The > Compile is OK. But when i start the new smbd and nmbd and netlogond .... > > ther are some Problems like this: > > [2000/01/08 12:19:10, 1] msrpc/msrpcd.c:msrpc_main(456) > netlogond version 2.1.0-prealpha started. > Copyright Andrew Tridgell 1992-1999 > [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(905) > create_pipe_socket: /var/lock/samba/.msrpc 448 > /var/lock/samba/.msrpc/NETLOGON > 448 > [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(907) > *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT > *** > > Denied connection from 48.48.48.48 (48.48.48.48) > [2000/01/08 12:54:19, 1] msrpc/msrpcd_process.c:process_msrpc(159) > Connection denied from 48.48.48.48 > [2000/01/08 12:54:19, 1] lib/util_sock.c:client_name(819) > Gethostbyaddr failed for 48.48.48.48 > [2000/01/08 12:54:19, 0] lib/access.c:check_access(236) > Denied connection from 48.48.48.48 (48.48.48.48) > [2000/01/08 12:54:19, 1] msrpc/msrpcd_process.c:process_msrpc(159) > Connection denied from 48.48.48.48 > > remember: >> hosts allow = 192.168.,167.3. (/etc/smb.conf) << > > [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(919) > remove on /var/lock/samba/.msrpc/NETLOGON failed > > or this > > [2000/01/08 12:19:08, 1] msrpc/msrpcd.c:msrpc_main(456) > lsarpcd version 2.1.0-prealpha started. > Copyright Andrew Tridgell 1992-1999 > [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(905) > create_pipe_socket: /var/lock/samba/.msrpc 448 > /var/lock/samba/.msrpc/lsarpc 4 > 48 > [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(907) > *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT > *** > [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(919) > remove on /var/lock/samba/.msrpc/lsarpc failed > > can anybody help's me ? > > When i remove the parameter "hosts allow" then it works. > > Thank's > > Yves. > > From lkcl at samba.org Sat Jan 8 14:42:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Samba-TNG other problems In-Reply-To: <88256860.004A51D7.00@cont21.qad.com> Message-ID: 1) is because you should have "Domain Users=samba" in a "domain group map" file. this is, of course, assuming that domain name map functionality is currently working, and elrond is tracking a problem down. 2) don't know. you're probably having someone attempt to enumerate your registry, and you don't _have_ one! it would be good if you could get, and view, a level 100 log. "debug timestamp = no", debug level = 100. On Sun, 9 Jan 2000, Yves Lange wrote: > > > Hi again, > > here are some other problems of my Installation: > > 1. log.samr and log.NETLOGON > > [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account gent05$ should be in DOMAIN_GROUP_RID_USERS > [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account gent06$ should be in DOMAIN_GROUP_RID_USERS > [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account geli06$ should be in DOMAIN_GROUP_RID_USERS > [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account geli07$ should be in DOMAIN_GROUP_RID_USERS > passwd: > gent05$:*:214:16:Samba gent05:/dev/null:/bin/false > gent06$:*:215:16:Samba gent06:/dev/null:/bin/false > geli06$:*:219:16:Samba geli06:/dev/null:/bin/false > geli07$:*:220:16:Samba geli07:/dev/null:/bin/false > group: > samba::16: > > where is my Problem if i get this message ? > > 2. log.winreg > > [2000/01/08 14:58:25, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > [2000/01/08 14:58:25, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > > where is my Problem if i get this message ? > > Thank's > > Yves. > > From lkcl at samba.org Sat Jan 8 14:57:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Groups bug-fix Message-ID: elrond noticed this one a few days ago. i was so... not-getting-it that i asked him to give a staba t a a patch, and he got it right :) this may solve some of those issues people have been reporting, like LDAP doesn't see the entire SAM db, and USRMGR.EXE doesn't work any more. if it doesn't, please send more details. thx! ---------- Forwarded message ---------- Date: Sun, 9 Jan 2000 01:54:30 +1100 From: Luke Leighton To: Multiple recipients of list SAMBA-CVS Subject: CVS update: samba/source/lib Date: Sunday January 9, 2000 @ 1:53 Author: lkcl Update of /data/cvs/samba/source/lib In directory samba:/tmp/cvs-serv849/lib Modified Files: Tag: SAMBA_TNG domain_namemap.c Log Message: very cool. Elrond spotted that the SAM name was missing from auto-created groups in lookupsmbgrpgid(). damn! this may well likely solve several problems being reported on lists, to do with group enumeration etc. From JTait at wyrddreams.demon.co.uk Sat Jan 8 15:24:49 2000 From: JTait at wyrddreams.demon.co.uk (JTait@wyrddreams.demon.co.uk) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: <387550D6.934A0819@hccnet.nl> Message-ID: Hi all, I've been reading this list so long I realy should know the answer to this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as PDC. Domain logins work great, haven't tried logon scipts. The problem I have is with roaming profiles - I can't get them to work. I've looked through everything I can think of, plus as much documentation as I can (but it's a bit scatty at the moment), but I can't figure it out. Nothing ever gets written to my profile. wyrddreams{JTait}501: ls -l /usr/local/samba total 7 drwxr-xr-x 2 root root 1024 Dec 9 23:37 bin/ drwxr-xr-x 3 root root 1024 Dec 21 00:28 lib/ drwxr-xr-x 6 root root 1024 Dec 9 23:37 man/ drwxr-xr-x 2 root root 1024 Dec 9 23:54 private/ drwxrwxrwx 5 root root 1024 Dec 21 01:22 profiles/ drwxr-xr-x 5 root root 1024 Dec 9 23:37 swat/ drwxr-xr-x 4 root root 1024 Dec 28 11:07 var/ wyrddreams{JTait}502: ls -l /usr/local/samba/profiles total 3 drwx------ 15 JATait users 1024 Dec 21 00:56 JATait/ drwx------ 16 JTait users 1024 Dec 21 00:55 JTait/ drwx------ 15 RJTait users 1024 Dec 21 00:55 RJTait/ wyrddreams{JTait}503: cat /etc/smbusers # Username maps for SAMBA JTait = jtait Administrator RJTait = RJTait JATait = JATait jatait wyrddreams{JTait}504: cat /usr/local/samba/lib/smb.conf # # This is a working PDC config for samba 2.0.5a # by Christoph Christ, mailto:christoph@christ.wol.at # # it implements a primary domain controller for # Windows 98 Clients. It works with WinNT 4.0 too, but # you cannot setup the nt-client for domain logons (this is a # little bit different from domain logons under Win9X) # # # Global parameters [global] # this is my local windows workgroup workgroup = wyrddreams # the netbios name of my samba server is different from # the real internet address netbios name = cloudnine # please answer only on my local network, don't answer on the # internet device interfaces = 192.168.1.1/24 127.0.0.1 bind interfaces only = Yes # We want our windows clients to access samba without # patching the windows registry # you don't have to change anything on the windows client encrypt passwords = Yes update encrypted = Yes # all unknown users will be mapped to guest map to guest = Bad User username map = /etc/smbusers security = user # change the unix password with smbpasswd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = Yes unix password sync = Yes passwd program = /usr/bin/passwd # answer time requests from my clients time server = Yes keepalive = 30 socket options = TCP_NODELAY # map file name characters to latin-1 character set = ISO8859-1 # this will be \\rooty\netlogon\startup.bat logon script = startup.bat # map the netlogon share as drive h: from windows logon drive = h: # allow pdc stuff domain logons = Yes #domain admin users = JTait,root domain admin group = JTait,root #,wheel,smbadm # allow roaming profiles logon path = \\%L\profiles\%U logon home = \\%L\%U # make me win against all windows versions os level = 100 preferred master = Yes domain master = Yes # let samba be too a wins-server wins support = Yes debug level = 3 # this makes the user's home directory available as \\servername\username [homes] comment = home directory read only = No create mask = 0750 # don't show all user diretories browseable = No [profiles] comment = User Profiles Directory path = /usr/local/samba/profiles writable = yes create mode = 0600 directory mode = 0700 # make all in /etc/printcap defined printers [printers] comment = All Printers path = /tmp create mask = 0700 print ok = Yes browseable = No # this is a public share where all users have read+write perms [tmp] comment = Temporary File Space path = /backup/dadspc read only = No create mask = 0777 force create mode = 0666 directory mask = 0777 force directory mode = 0777 [C-Drive] comment = James' DOS/Winnt Drive path = /dos public = Yes only guest = yes printable = no # this is the most important share for domain logons - when this share # is not available or is inaccessibe win98 cannot find the domain controller # in this directory you have put a batch file, that sets up the shares on your # windows client [netlogon] comment = Logon Scripts path = /usr/local/samba/var/netlogon If anyone can help I'd greatly appreciate it. Thanks, -------------------------------------+------------------------------------ James Tait, BSc | ICQ# 17834893 MUD Programmer and Linux advocate | Mobile: +44 (0)956 652763 -------------------------------------+------------------------------------ From lynn at cis.usouthal.edu Sat Jan 8 15:41:39 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: I'm not sure, but a guess would be that it may be a permissions problem on your profile directories. Keith Lynn On Sun, 9 Jan 2000 JTait@wyrddreams.demon.co.uk wrote: > Hi all, > > I've been reading this list so long I realy should know the answer to > this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as > PDC. Domain logins work great, haven't tried logon scipts. The problem I > have is with roaming profiles - I can't get them to work. > > I've looked through everything I can think of, plus as much documentation > as I can (but it's a bit scatty at the moment), but I can't figure it out. > Nothing ever gets written to my profile. > > wyrddreams{JTait}501: ls -l /usr/local/samba > total 7 > drwxr-xr-x 2 root root 1024 Dec 9 23:37 bin/ > drwxr-xr-x 3 root root 1024 Dec 21 00:28 lib/ > drwxr-xr-x 6 root root 1024 Dec 9 23:37 man/ > drwxr-xr-x 2 root root 1024 Dec 9 23:54 private/ > drwxrwxrwx 5 root root 1024 Dec 21 01:22 profiles/ > drwxr-xr-x 5 root root 1024 Dec 9 23:37 swat/ > drwxr-xr-x 4 root root 1024 Dec 28 11:07 var/ > wyrddreams{JTait}502: ls -l /usr/local/samba/profiles > total 3 > drwx------ 15 JATait users 1024 Dec 21 00:56 JATait/ > drwx------ 16 JTait users 1024 Dec 21 00:55 JTait/ > drwx------ 15 RJTait users 1024 Dec 21 00:55 RJTait/ > wyrddreams{JTait}503: cat /etc/smbusers > # Username maps for SAMBA > > JTait = jtait Administrator > RJTait = RJTait > JATait = JATait jatait > wyrddreams{JTait}504: cat /usr/local/samba/lib/smb.conf > # > # This is a working PDC config for samba 2.0.5a > # by Christoph Christ, mailto:christoph@christ.wol.at > # > # it implements a primary domain controller for > # Windows 98 Clients. It works with WinNT 4.0 too, but > # you cannot setup the nt-client for domain logons (this is a > # little bit different from domain logons under Win9X) > # > # > # Global parameters > [global] > # this is my local windows workgroup > workgroup = wyrddreams > > # the netbios name of my samba server is different from > # the real internet address > netbios name = cloudnine > > # please answer only on my local network, don't answer on the > # internet device > interfaces = 192.168.1.1/24 127.0.0.1 > bind interfaces only = Yes > > # We want our windows clients to access samba without > # patching the windows registry > # you don't have to change anything on the windows client > encrypt passwords = Yes > update encrypted = Yes > > # all unknown users will be mapped to guest > map to guest = Bad User > username map = /etc/smbusers > security = user > > # change the unix password with smbpasswd > passwd chat = *new*password* %n\n *new*password* %n\n *changed* > passwd chat debug = Yes > unix password sync = Yes > passwd program = /usr/bin/passwd > > # answer time requests from my clients > time server = Yes > keepalive = 30 > socket options = TCP_NODELAY > > # map file name characters to latin-1 > character set = ISO8859-1 > > # this will be \\rooty\netlogon\startup.bat > logon script = startup.bat > > # map the netlogon share as drive h: from windows > logon drive = h: > > # allow pdc stuff > domain logons = Yes > #domain admin users = JTait,root > domain admin group = JTait,root > #,wheel,smbadm > > # allow roaming profiles > logon path = \\%L\profiles\%U > logon home = \\%L\%U > > # make me win against all windows versions > os level = 100 > preferred master = Yes > domain master = Yes > > # let samba be too a wins-server > wins support = Yes > > debug level = 3 > > # this makes the user's home directory available as \\servername\username > [homes] > comment = home directory > read only = No > create mask = 0750 > # don't show all user diretories > browseable = No > > [profiles] > comment = User Profiles Directory > path = /usr/local/samba/profiles > writable = yes > create mode = 0600 > directory mode = 0700 > > # make all in /etc/printcap defined printers > [printers] > comment = All Printers > path = /tmp > create mask = 0700 > print ok = Yes > browseable = No > > # this is a public share where all users have read+write perms > [tmp] > comment = Temporary File Space > path = /backup/dadspc > read only = No > create mask = 0777 > force create mode = 0666 > directory mask = 0777 > force directory mode = 0777 > > [C-Drive] > comment = James' DOS/Winnt Drive > path = /dos > public = Yes > only guest = yes > printable = no > > # this is the most important share for domain logons - when this share > # is not available or is inaccessibe win98 cannot find the domain > controller > # in this directory you have put a batch file, that sets up the shares on > your > # windows client > [netlogon] > comment = Logon Scripts > path = /usr/local/samba/var/netlogon > > If anyone can help I'd greatly appreciate it. > > Thanks, > > -------------------------------------+------------------------------------ > James Tait, BSc | ICQ# 17834893 > MUD Programmer and Linux advocate | Mobile: +44 (0)956 652763 > -------------------------------------+------------------------------------ > > From lkcl at samba.org Sat Jan 8 17:09:07 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: yeah, profiles are a bit of a pain to get set up propermy, particularly due to a bug in nt clients which we haven't been able to work-around all the time. WINLOGON.EXE is responsible for setting up the interactive user *prior* to exec'ing explorer.exe so they get a pretty-front-end. unfortunately, WINLOGON.EXE doesn't disconnect all shares (e.g \\SAMBA_PDC\homes) when the interactive user session terminates. it gets reused. hence the problems associated with an smbd process with a connection to [homes] set to the previous interactive user's home directory. a comparative netmon trace is really needed to sort this out, and someone to sit down and go through it to find out _exactly_ how nt srvreacts in the same situation. On Sun, 9 Jan 2000, Keith Lynn wrote: > I'm not sure, but a guess would be that it may be a permissions problem on > your profile directories. > Keith Lynn > > On Sun, 9 Jan 2000 JTait@wyrddreams.demon.co.uk wrote: > > > Hi all, > > > > I've been reading this list so long I realy should know the answer to > > this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as > > PDC. Domain logins work great, haven't tried logon scipts. The problem I > > have is with roaming profiles - I can't get them to work. > > > > I've looked through everything I can think of, plus as much documentation > > as I can (but it's a bit scatty at the moment), but I can't figure it out. > > Nothing ever gets written to my profile. > > > > wyrddreams{JTait}501: ls -l /usr/local/samba > > total 7 > > drwxr-xr-x 2 root root 1024 Dec 9 23:37 bin/ > > drwxr-xr-x 3 root root 1024 Dec 21 00:28 lib/ > > drwxr-xr-x 6 root root 1024 Dec 9 23:37 man/ > > drwxr-xr-x 2 root root 1024 Dec 9 23:54 private/ > > drwxrwxrwx 5 root root 1024 Dec 21 01:22 profiles/ > > drwxr-xr-x 5 root root 1024 Dec 9 23:37 swat/ > > drwxr-xr-x 4 root root 1024 Dec 28 11:07 var/ > > wyrddreams{JTait}502: ls -l /usr/local/samba/profiles > > total 3 > > drwx------ 15 JATait users 1024 Dec 21 00:56 JATait/ > > drwx------ 16 JTait users 1024 Dec 21 00:55 JTait/ > > drwx------ 15 RJTait users 1024 Dec 21 00:55 RJTait/ > > wyrddreams{JTait}503: cat /etc/smbusers > > # Username maps for SAMBA > > > > JTait = jtait Administrator > > RJTait = RJTait > > JATait = JATait jatait > > wyrddreams{JTait}504: cat /usr/local/samba/lib/smb.conf > > # > > # This is a working PDC config for samba 2.0.5a > > # by Christoph Christ, mailto:christoph@christ.wol.at > > # > > # it implements a primary domain controller for > > # Windows 98 Clients. It works with WinNT 4.0 too, but > > # you cannot setup the nt-client for domain logons (this is a > > # little bit different from domain logons under Win9X) > > # > > # > > # Global parameters > > [global] > > # this is my local windows workgroup > > workgroup = wyrddreams > > > > # the netbios name of my samba server is different from > > # the real internet address > > netbios name = cloudnine > > > > # please answer only on my local network, don't answer on the > > # internet device > > interfaces = 192.168.1.1/24 127.0.0.1 > > bind interfaces only = Yes > > > > # We want our windows clients to access samba without > > # patching the windows registry > > # you don't have to change anything on the windows client > > encrypt passwords = Yes > > update encrypted = Yes > > > > # all unknown users will be mapped to guest > > map to guest = Bad User > > username map = /etc/smbusers > > security = user > > > > # change the unix password with smbpasswd > > passwd chat = *new*password* %n\n *new*password* %n\n *changed* > > passwd chat debug = Yes > > unix password sync = Yes > > passwd program = /usr/bin/passwd > > > > # answer time requests from my clients > > time server = Yes > > keepalive = 30 > > socket options = TCP_NODELAY > > > > # map file name characters to latin-1 > > character set = ISO8859-1 > > > > # this will be \\rooty\netlogon\startup.bat > > logon script = startup.bat > > > > # map the netlogon share as drive h: from windows > > logon drive = h: > > > > # allow pdc stuff > > domain logons = Yes > > #domain admin users = JTait,root > > domain admin group = JTait,root > > #,wheel,smbadm > > > > # allow roaming profiles > > logon path = \\%L\profiles\%U > > logon home = \\%L\%U > > > > # make me win against all windows versions > > os level = 100 > > preferred master = Yes > > domain master = Yes > > > > # let samba be too a wins-server > > wins support = Yes > > > > debug level = 3 > > > > # this makes the user's home directory available as \\servername\username > > [homes] > > comment = home directory > > read only = No > > create mask = 0750 > > # don't show all user diretories > > browseable = No > > > > [profiles] > > comment = User Profiles Directory > > path = /usr/local/samba/profiles > > writable = yes > > create mode = 0600 > > directory mode = 0700 > > > > # make all in /etc/printcap defined printers > > [printers] > > comment = All Printers > > path = /tmp > > create mask = 0700 > > print ok = Yes > > browseable = No > > > > # this is a public share where all users have read+write perms > > [tmp] > > comment = Temporary File Space > > path = /backup/dadspc > > read only = No > > create mask = 0777 > > force create mode = 0666 > > directory mask = 0777 > > force directory mode = 0777 > > > > [C-Drive] > > comment = James' DOS/Winnt Drive > > path = /dos > > public = Yes > > only guest = yes > > printable = no > > > > # this is the most important share for domain logons - when this share > > # is not available or is inaccessibe win98 cannot find the domain > > controller > > # in this directory you have put a batch file, that sets up the shares on > > your > > # windows client > > [netlogon] > > comment = Logon Scripts > > path = /usr/local/samba/var/netlogon > > > > If anyone can help I'd greatly appreciate it. > > > > Thanks, > > > > -------------------------------------+------------------------------------ > > James Tait, BSc | ICQ# 17834893 > > MUD Programmer and Linux advocate | Mobile: +44 (0)956 652763 > > -------------------------------------+------------------------------------ > > > > > From lynn at cis.usouthal.edu Sat Jan 8 17:52:29 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I have had some success with multiple domains. I have three private subnets and assigned an IP address out of each of these as an additional IP address for the UNIX server. However, I am having trouble trying to get the subnets to only view what they are supposed to see. That is, if I start the first instance of smbd with the first conf file for the first subnet, when I start the daemon for the second subnet it only sees what the first one does. Is there a way to make these subnets see only what they are supposed to see. The following are my two conf files. # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] netbios name = ITETEMP2 workgroup = ITETEMP update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 [share] Comment = Share drive for FCE 19 path = /ili2/labs/fce19/share read only = no # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] netbios name = SOPHOMORE2 workgroup = SOPHOMORE1 update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.102.100/255.255.255.0 127.0.0.1/255.255.255.0 [share] Comment = Share drive for FCE 21 path = /ili2/labs/fce21/share read only = no [freshmen] Comment = Freshmen drive for FCE 21 path = /ili2/labs/freshmen read only = no I want students to be able to log into these seperate domains and see the shares that I have set up. If there is anything you can spot that I've done wrong I'd appreciate it. Thanks. Keith Lynn On Sat, 8 Jan 2000, Seth Vidal wrote: > > > Do I run with the same command line as smbd? Thanks. > > Keith Lynn > > yep. > -sv > > > From skvidal at phy.duke.edu Sat Jan 8 18:03:09 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I have had some success with multiple domains. I have three private > subnets and assigned an IP address out of each of these as an additional > IP address for the UNIX server. However, I am having trouble trying to get > the subnets to only view what they are supposed to see. That is, if I > start the first instance of smbd with the first conf file for the first > subnet, when I start the daemon for the second subnet it only sees what > the first one does. Is there a way to make these subnets see only what > they are supposed to see. The following are my two conf files. > > # Samba config file created using SWAT > # from 192.245.222.25 (192.245.222.25) > # Date: 2000/01/04 17:14:29 > > # Global parameters > [global] > netbios name = ITETEMP2 > workgroup = ITETEMP > update encrypted = Yes > wins support = Yes > domain logons = Yes > > security = user > > os level = 34 > local master = yes > preferred master = yes > domain master = yes > > encrypt passwords = yes > > interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 set bind interfaces only = yes and get rid of localhost as one of the interfaces. > [share] > Comment = Share drive for FCE 19 > path = /ili2/labs/fce19/share > read only = no > > # Samba config file created using SWAT > # from 192.245.222.25 (192.245.222.25) > # Date: 2000/01/04 17:14:29 > > # Global parameters > [global] > netbios name = SOPHOMORE2 > workgroup = SOPHOMORE1 > update encrypted = Yes > wins support = Yes > domain logons = Yes > > security = user > > os level = 34 > local master = yes > preferred master = yes > domain master = yes > > encrypt passwords = yes > > interfaces = 192.168.102.100/255.255.255.0 127.0.0.1/255.255.255.0 ditto here. -sv From giulioo at pobox.com Sat Jan 8 18:30:32 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: References: <387550D6.934A0819@hccnet.nl> Message-ID: <20000108183118.E91C5891D@i3.golden.dom> On Sun, 9 Jan 2000 02:27:52 +1100, hai scritto: >I've been reading this list so long I realy should know the answer to >this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as >PDC. Domain logins work great, haven't tried logon scipts. The problem I >have is with roaming profiles - I can't get them to work. samba-2.0.6 has a problem that causes profiles to be stored in the homedir, whatever you put in "logon path". See if they are there :) -- giulioo@pobox.com From lkcl at samba.org Sat Jan 8 18:39:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: <20000108183118.E91C5891D@i3.golden.dom> Message-ID: this will be because 2.0.6 was never intended to be a PDC. i actually removed the PDC code at one point, and jeremy put it back. if there's anything broken in 2.0.6 as a PDC, i have no intention of fixing it: you are on your own. if you want to follow the experimental PDC development, but still need stable file serving, see other messages on http://samba/org/listproc/samba-technical and others regarding how to set up SAMBA_TNG msrpc services with cvs main smb services: i added code to join these two together at an appropriate junction-point. instructions are in SAMBA_TNG's source/README. good luck, luke On Sun, 9 Jan 2000, Giulio Orsero wrote: > On Sun, 9 Jan 2000 02:27:52 +1100, hai scritto: > > >I've been reading this list so long I realy should know the answer to > >this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as > >PDC. Domain logins work great, haven't tried logon scipts. The problem I > >have is with roaming profiles - I can't get them to work. > > samba-2.0.6 has a problem that causes profiles to be stored in the > homedir, whatever you put in "logon path". > > See if they are there :) > > -- > giulioo@pobox.com > From giulioo at pobox.com Sat Jan 8 19:32:46 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: References: <20000108183118.E91C5891D@i3.golden.dom> Message-ID: <20000108193332.3C46F88E9@i3.golden.dom> On Sun, 9 Jan 2000 05:39:20 +1100, hai scritto: >this will be because 2.0.6 was never intended to be a PDC. i actually >removed the PDC code at one point, and jeremy put it back. samba-2.0.5 worked. But a change in ipc.c to make net use h: /home work, had the side-effect to make logon path ineffective. In samba < 2.0.6 net use h: /home would map to the profile share and logon path worked In samba 2.0.6 net use h: /home correctly maps to the home share but logon path doesn't work. -- giulioo@pobox.com From lkcl at samba.org Sat Jan 8 19:37:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: <20000108193332.3C46F88E9@i3.golden.dom> Message-ID: it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if you fix it, please feel free to publish it but please don't ask for it to be put into 2.0.7. the more people use 2.0.x as a PDC (unsupported and discouraged), the more traffic we will see on the lists "my pdc don't work now i upgraded to samba 3.0" when 3.0 is finally released. On Sat, 8 Jan 2000, Giulio Orsero wrote: > On Sun, 9 Jan 2000 05:39:20 +1100, hai scritto: > > >this will be because 2.0.6 was never intended to be a PDC. i actually > >removed the PDC code at one point, and jeremy put it back. > samba-2.0.5 worked. > But a change in ipc.c to make > net use h: /home > work, had the side-effect to make logon path ineffective. > > In samba < 2.0.6 > net use h: /home > would map to the profile share > and logon path worked > > In samba 2.0.6 > net use h: /home > correctly maps to the home share > but logon path doesn't work. > > -- > giulioo@pobox.com > From giulioo at pobox.com Sat Jan 8 19:46:44 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: References: <20000108193332.3C46F88E9@i3.golden.dom> Message-ID: <20000108194731.3267488E9@i3.golden.dom> On Sun, 9 Jan 2000 06:37:24 +1100, hai scritto: >it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if >you fix it, please feel free to publish it but please don't ask for it to >be put into 2.0.7. I don't know c :-) I say that's ipc.c because if you revert to the 2.0.5 ipc.c you get the 2.0.5 behavior (logon path and profiles ok, but net use /home not ok). It was ipc.c that was touched to make "net use h: /home" work, changing 2 logon_path's into 2 logon_home's. >the more people use 2.0.x as a PDC (unsupported and discouraged), the more >traffic we will see on the lists "my pdc don't work now i upgraded to Yes, I know your opinion about this :-) I agree, but I think this issue is very simple to be solved in 2.0.7: profiles are more important than "net use...", so it's just a matter of editing 2 lines. Ciao. -- giulioo@pobox.com From Jean-Francois.Micouleau at dalalu.fr Sat Jan 8 19:50:16 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: > it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if > you fix it, please feel free to publish it but please don't ask for it to > be put into 2.0.7. you're mixing NT and 95/98 profiles. NT profiles are working. Guilio is talking about 95 profiles. From lkcl at samba.org Sat Jan 8 20:01:16 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: <20000108194731.3267488E9@i3.golden.dom> Message-ID: > Yes, I know your opinion about this :-) he he :) From lkcl at samba.org Sat Jan 8 20:04:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: On Sat, 8 Jan 2000, Jean Francois Micouleau wrote: > > > On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if > > you fix it, please feel free to publish it but please don't ask for it to > > be put into 2.0.7. > > you're mixing NT and 95/98 profiles. NT profiles are working. Guilio is > talking about 95 profiles. he is? you are? AH! then yes, ipc.c. sorry, guilio. oo..kk... it's been a long time. the two functions you (or someone - c isn't that difficult!) want to look at are NetWkstaUserLogon, and NetUserGetInfo. both these use lp_logon_home() and lp_logon_script(). from what you say, lp_logon_home() may be returning the wrong info. From M.Brendel at net.hcc.nl Sat Jan 8 22:03:07 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:50 2003 Subject: Smbpasswd error In-Reply-To: References: <38765E42.E439E338@txc.com> Message-ID: <3.0.3.32.20000108230307.00912920@pop5.inter.nl.net> At 08:59 AM 1/8/00 +1100, you wrote: > >Me too. Attached is a level 10 log if anybody is interested... > >Greg > >On 07-Jan-00 Ely Zavin wrote: >> Hi, >> I followed all instructions and run combined cvs main and >> SAMBA_TNG. >> When I tried to create the smbpasswd account for my samba server using >> smbpasswd -a -m my_samba_server >> I got the following messages: >> rpc_check_hdr: error in rpc header >> rpc_pipe_bind failed >> lsa query failed >> Can't setup password database vectors. You must start the deamons. first smbd and nmmd and then the others. See source/README in the SAMBA_TNG branch or at http://www.kneschke.de/projekte/samba_tng/index.php3 Michiel From greg at discreet.com Sat Jan 8 22:07:59 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:50 2003 Subject: Smbpasswd error In-Reply-To: <3.0.3.32.20000108230307.00912920@pop5.inter.nl.net> Message-ID: Yup, they are started. Greg On 08-Jan-00 Michiel Brendel wrote: > At 08:59 AM 1/8/00 +1100, you wrote: >> >>Me too. Attached is a level 10 log if anybody is interested... >> >>Greg >> >>On 07-Jan-00 Ely Zavin wrote: >>> Hi, >>> I followed all instructions and run combined cvs main and >>> SAMBA_TNG. >>> When I tried to create the smbpasswd account for my samba server using >>> smbpasswd -a -m my_samba_server >>> I got the following messages: >>> rpc_check_hdr: error in rpc header >>> rpc_pipe_bind failed >>> lsa query failed >>> Can't setup password database vectors. > > You must start the deamons. first smbd and nmmd and then the others. See > source/README in the SAMBA_TNG branch > or at http://www.kneschke.de/projekte/samba_tng/index.php3 > > Michiel ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From lynn at cis.usouthal.edu Sat Jan 8 22:16:03 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I've tried various configurations and have not been able to get my UNIX server to service two domains simultaneously. With the configuration I have now, the first daemon I run is the only one that works. What I would like to do is be able to have one Solaris server act as a PDC for seperate domains but so far I have not been able to get them to work simultaneously. These are the two conf files again. # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] workgroup = ITETEMP update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 [share] Comment = Share drive for FCE 19 path = /ili2/labs/fce19/share read only = no # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] workgroup = SOPHOMORE1 update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.102.100/255.255.255.0 127.0.0.1/255.255.255.0 [share] Comment = Share drive for FCE 21 path = /ili2/labs/fce21/share read only = no [freshmen] Comment = Freshmen drive for FCE 21 path = /ili2/labs/freshmen read only = no I have tried taking out the loopback address and adding the bind interfaces only but I was not able to get them to work simultaneously. If you have any suggestions about how to make I work I would appreciate it. I am starting the daemons by the following command lines. /usr/local/samba/bin/smbd -D -s first conf file /usr/local/samba/bin/nmbd -D -s first conf file /usr/local/samba/bin/smbd -D -s second conf file /usr/local/samba/bin/nmbd -D -s second conf file Thanks. Keith Lynn From tavis at mahler.econ.columbia.edu Sat Jan 8 22:15:10 2000 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: So what about 2.1? Are you (plural) planning to create a stable release of that, or is it simply being discontinued in favor of 3.0? Curious, Tavis On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: > it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if > you fix it, please feel free to publish it but please don't ask for it to > be put into 2.0.7. > > the more people use 2.0.x as a PDC (unsupported and discouraged), the more > traffic we will see on the lists "my pdc don't work now i upgraded to > samba 3.0" when 3.0 is finally released. > > On Sat, 8 Jan 2000, Giulio Orsero wrote: > > > On Sun, 9 Jan 2000 05:39:20 +1100, hai scritto: > > > > >this will be because 2.0.6 was never intended to be a PDC. i actually > > >removed the PDC code at one point, and jeremy put it back. > > samba-2.0.5 worked. > > But a change in ipc.c to make > > net use h: /home > > work, had the side-effect to make logon path ineffective. > > > > In samba < 2.0.6 > > net use h: /home > > would map to the profile share > > and logon path worked > > > > In samba 2.0.6 > > net use h: /home > > correctly maps to the home share > > but logon path doesn't work. > > > > -- > > giulioo@pobox.com > > > > -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From skvidal at phy.duke.edu Sat Jan 8 22:17:55 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: Send these outputs: smbclient -L //ITETEMP -I 192.168.100.100 smbclient -L //SOPHOMORE1 -I 192.168.102.100 what is the networking configuration (full including wins servers etc) for your nt boxes on each network. -sv From lynn at cis.usouthal.edu Sat Jan 8 22:59:18 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: This is the output of the two commands. Can't find include file /usr/local/samba/lib/smb.conf. load_unicode_map: file /usr/local/samba/lib/codepages/unicode_map.850 is an incorrect size for a unicode map file (size=132). added interface ip=192.245.222.21 bcast=192.245.222.255 nmask=255.255.255.0 added interface ip=192.168.100.100 bcast=192.168.100.255 nmask=255.255.255.0 added interface ip=192.168.102.100 bcast=192.168.102.255 nmask=255.255.255.0 added interface ip=192.168.103.21 bcast=192.168.103.255 nmask=255.255.255.0 Anonymous login successful Domain=[ITETEMP] OS=[Unix] Server=[Samba pre-3.0.0] Sharename Type Comment --------- ---- ------- share Disk Share drive for FCE 19 IPC$ IPC IPC Service (Samba pre-3.0.0) Server Comment --------- ------- FREDERIC TSUNAMI Samba pre-3.0.0 Workgroup Master --------- ------- ANTARTICA GLACIER CISSTUDENT CISSTUDENTS COMPSCI ABELSON INSTRUCTORS HEINEBOREL ITE ITELAB ITETEMP TSUNAMI ORCLNT ORCLDBA SENIORPROJECT RJDAIGLE SOPHOMORE BACCHUS Can't find include file /usr/local/samba/lib/smb.conf. load_unicode_map: file /usr/local/samba/lib/codepages/unicode_map.850 is an incorrect size for a unicode map file (size=132). added interface ip=192.245.222.21 bcast=192.245.222.255 nmask=255.255.255.0 added interface ip=192.168.100.100 bcast=192.168.100.255 nmask=255.255.255.0 added interface ip=192.168.102.100 bcast=192.168.102.255 nmask=255.255.255.0 added interface ip=192.168.103.21 bcast=192.168.103.255 nmask=255.255.255.0 Anonymous login successful Domain=[ITETEMP] OS=[Unix] Server=[Samba pre-3.0.0] Sharename Type Comment --------- ---- ------- share Disk Share drive for FCE 19 IPC$ IPC IPC Service (Samba pre-3.0.0) Server Comment --------- ------- FREDERIC TSUNAMI Samba pre-3.0.0 Workgroup Master --------- ------- ANTARTICA GLACIER CISSTUDENT CISSTUDENTS COMPSCI ABELSON INSTRUCTORS HEINEBOREL ITE ITELAB ITETEMP TSUNAMI ORCLNT ORCLDBA SENIORPROJECT RJDAIGLE SOPHOMORE BACCHUS On the machine on the subnet 192.168.100. the IP address is set to 36. I gave the UNIX server the IP address 192.168.100.100. I put the actual IP address of my UNIX server as the WINS server on the client. On the subnet 192.168.102. the IP address of the machine is set to 30. I gave the UNIX server the IP address 192.168.102.100. I used the actual IP address of the UNIX server as the WINS server. Thanks for your help. Keith Lynn On Sun, 9 Jan 2000, Seth Vidal wrote: > Send these outputs: > smbclient -L //ITETEMP -I 192.168.100.100 > smbclient -L //SOPHOMORE1 -I 192.168.102.100 > > what is the networking configuration (full including wins servers etc) for > your nt boxes on each network. > > -sv > > From lynn at cis.usouthal.edu Sun Jan 9 01:01:40 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Printing Accounting Message-ID: Does Samba give the option of tracking activity through the spooler such as the number of pages printed? From lynn at cis.usouthal.edu Sun Jan 9 02:46:49 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Printer Problems Message-ID: Hello, I hope someone can help me with this problem. I have set up a printer share on my UNIX server. I can see it on my Windows NT 4.0 client. However, as a regular user, it does not allow me to set up the printer because I don't have permission. Is there a way around this? Because I need to have users with the ability to add the printer. Thanks. Keith Lynn From bobby at math02.cs.upd.edu.ph Sun Jan 9 04:44:01 2000 From: bobby at math02.cs.upd.edu.ph (Bobby Corpuz Jr.) Date: Tue Dec 2 02:27:50 2003 Subject: Printer Problems In-Reply-To: Message-ID: Log in as administrator to your NT workstation and double click your printer share in Network Neighborhood. NT ask you to install a driver for your printer. Click OK and install the driver. Print a test page to see the result. Now log out and log in as an ordinary user. You can now print to your printer by selecting from the printer menu. Bobby O. Corpus, Jr. Department of Mathematics University of the Philippines ----- Nick the Greek's Law of Life: All things considered, life is 9 to 5 against. On Sun, 9 Jan 2000, Keith Lynn wrote: > Hello, > I hope someone can help me with this problem. I have set up a printer > share on my UNIX server. I can see it on my Windows NT 4.0 client. > However, as a regular user, it does not allow me to set up the printer > because I don't have permission. Is there a way around this? Because I > need to have users with the ability to add the printer. Thanks. > Keith Lynn > From lkcl at samba.org Sun Jan 9 07:09:01 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Smbpasswd error In-Reply-To: <3.0.3.32.20000108230307.00912920@pop5.inter.nl.net> Message-ID: i got fed up with this one being reported for smbpasswd. smbpasswd is a _local_ management tool so i took out its get-me-the-head-of-the-baptist code. i mean, the domain SIDs, not the baptist. if the LDAP back-end decides to store the full Domain SID, then that's going to be a different story. On Sun, 9 Jan 2000, Michiel Brendel wrote: > At 08:59 AM 1/8/00 +1100, you wrote: > > > >Me too. Attached is a level 10 log if anybody is interested... > > > >Greg > > > >On 07-Jan-00 Ely Zavin wrote: > >> Hi, > >> I followed all instructions and run combined cvs main and > >> SAMBA_TNG. > >> When I tried to create the smbpasswd account for my samba server using > >> smbpasswd -a -m my_samba_server > >> I got the following messages: > >> rpc_check_hdr: error in rpc header > >> rpc_pipe_bind failed > >> lsa query failed > >> Can't setup password database vectors. > > You must start the deamons. first smbd and nmmd and then the others. See > source/README in the SAMBA_TNG branch > or at http://www.kneschke.de/projekte/samba_tng/index.php3 > > Michiel > From lkcl at samba.org Sun Jan 9 07:09:33 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: On Sat, 8 Jan 2000, Tavis Barr wrote: > > So what about 2.1? Are you (plural) planning to create a stable release of > that, or is it simply being discontinued in favor of 3.0? probably straight to 3.0. From lkcl at samba.org Sun Jan 9 07:10:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: On Sat, 8 Jan 2000, Tavis Barr wrote: > > So what about 2.1? Are you (plural) planning to create a stable release of > that, or is it simply being discontinued in favor of 3.0? 2.1 now reserved for the 2.0.x next major version. From krawietz at pol.pl Sun Jan 9 10:29:58 2000 From: krawietz at pol.pl (Krawietz) Date: Tue Dec 2 02:27:51 2003 Subject: Different workgroup Message-ID: <00010911452500.00551@salem> Hi, I have LAN in my lab in 4 different workgroups when I have assigned samba server to one workgroup with parameter WORKGROUP = one then workgroup two , three, four could not access resources. Server is visible but not accessible. How to configure samba server to work in different workgroups. Thank you Krawietz From M.Brendel at net.hcc.nl Sun Jan 9 11:40:41 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:51 2003 Subject: No subject Message-ID: <3.0.3.32.20000109124041.008f8020@pop5.inter.nl.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2141 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000109/a6650413/attachment.bin -------------- next part -------------- total 0 srwx------ 1 0 0 0 Jan 9 12:24 NETLOGON -rw-r--r-- 1 0 0 0 Jan 9 12:34 lgo srwx------ 1 0 0 0 Jan 9 12:24 lsarpc srwx------ 1 0 0 0 Jan 9 12:24 samr srwx------ 1 0 0 0 Jan 9 12:24 spoolss srwx------ 1 0 0 0 Jan 9 12:24 srvsvc srwx------ 1 0 0 0 Jan 9 12:24 svcctl srwx------ 1 0 0 0 Jan 9 12:24 winreg srwx------ 1 0 0 0 Jan 9 12:24 wkssvc From lkcl at samba.org Sun Jan 9 12:18:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: your mail In-Reply-To: <3.0.3.32.20000109124041.008f8020@pop5.inter.nl.net> Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2381 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000109/920a794e/attachment.bin -------------- next part -------------- total 0 srwx------ 1 0 0 0 Jan 9 12:24 NETLOGON -rw-r--r-- 1 0 0 0 Jan 9 12:34 lgo srwx------ 1 0 0 0 Jan 9 12:24 lsarpc srwx------ 1 0 0 0 Jan 9 12:24 samr srwx------ 1 0 0 0 Jan 9 12:24 spoolss srwx------ 1 0 0 0 Jan 9 12:24 srvsvc srwx------ 1 0 0 0 Jan 9 12:24 svcctl srwx------ 1 0 0 0 Jan 9 12:24 winreg srwx------ 1 0 0 0 Jan 9 12:24 wkssvc From igor at mail.bkc.lv Sun Jan 9 13:44:08 2000 From: igor at mail.bkc.lv (Igor) Date: Tue Dec 2 02:27:51 2003 Subject: Looking for codepage_def.1251 Message-ID: <00fe01bf5aa7$9adbd640$83aed8c3@skyportal.com> Hi. I'm looking for codepage_def.1251. Trying cvs.samba.org/samba/source/codepages on SAMBA_2_0 and all branches/tags, but can't find it. Where can I get it? ------------------------------------------------------------- > Date: Saturday January 8, 2000 @ 6:48 > Author: jra > > Update of /data/cvs/samba/source/codepages > In directory samba:/tmp/cvs-serv23818/codepages > > Added Files: > Tag: SAMBA_2_0 > codepage_def.1251 ------------------------------------------------------------- Thank you. From lists at ohlmeier.de Sat Jan 8 01:48:57 2000 From: lists at ohlmeier.de (Nils Ohlmeier) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain In-Reply-To: <38765932.FF4B2B36@myra.com> Message-ID: On Sat, 8 Jan 2000, Margarita Parker wrote: > I have installed samba 2.06 on solaris and I have configured it using > swat. > I added the workstation_name$ to the etc/passwd file with no password > I ran smbpasswd -a -m workstation_name > > When I try to join the domain with my NT 4.0 workstation it tells me : > > "Unable to connect to the domain controller for this domain. Have your > administrator check your computer account on the domain." Did you ran smbpasswd -a -m server_name also? When i tryed to setup an PDC for first time, i haven't understand that you also have to add the server to the smbpasswd. BTW: Exists any documentation which points that? Greetings Nils From simar at gmx.net Sun Jan 9 14:59:27 2000 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:27:51 2003 Subject: Samba as an NT PDC References: <001e01bf5778$b8355c20$0a00a8c0@office.striker.nl> <387494A9.EED7E68A@gmx.net> <3874B3C5.C292DFF@grainsystems.com> Message-ID: <3878A24F.35A5BD89@gmx.net> Thaks a lot. The last thing was a statement. I apologize. Kevin Colby schrieb: > Omar Siam wrote: > > > > What documentation are you talking about? > > The man pages? > > Yes. > > > The samba-ntdom.txt which points out that > > you should subscribe to this list? > > Yes. > You can also check out: > (the second page is for 2.0, but much the same applies) > > http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html > http://socrates.mps.ohio-state.edu/~ccunning/samba.html > > > I had a samba PDC running about half a year ago. > > But when I tried to set up one short before Christmas > > I was completely lost. > > I'm sorry, but "completely lost" is not a question. > This list _may_ sometimes answer specific questions > and address specific problems people are having. Since > you have yet to mention one, I do not understand what > reply you expect. > > - Kevin Colby > kevinc@grainsystems.com From list-samba-ntdom at faerber.muc.de Sun Jan 9 12:57:00 2000 From: list-samba-ntdom at faerber.muc.de (=?ISO-8859-1?Q?Claus_F=E4rber?=) Date: Tue Dec 2 02:27:51 2003 Subject: Printing Accounting In-Reply-To: Message-ID: <7WZF6id3cDB@faerber.muc.de> Keith Lynn schrieb/wrote: > Does Samba give the option of tracking activity through the spooler such > as the number of pages printed? Hm, there's a problem with that: What printer drivers actually send is raw printer data or raw Postscript. You would have to parse that in order to determine the pages printed. -- Claus Andre Faerber PGP: ID=1024/527CADCD FP=12 20 49 F3 E1 04 9E 9E 25 56 69 A5 C6 A0 C9 DC From mg at plum.de Sun Jan 9 16:37:50 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:51 2003 Subject: Printing Accounting References: <7WZF6id3cDB@faerber.muc.de> Message-ID: <3878B95E.9CF7CD61@plum.de> Claus F?rber wrote: > > Keith Lynn schrieb/wrote: > > Does Samba give the option of tracking activity through the spooler such > > as the number of pages printed? > > Hm, there's a problem with that: What printer drivers actually send is > raw printer data or raw Postscript. You would have to parse that in > order to determine the pages printed. Yes .. IIRC that is possible when using postscript printers. You should give the LPRng project some closer look, (www.lprng.org) It comes with some filters that DO printing accounting for postscrpipt printers. (They just count the "begin page" words in postscript documents :) But ... this is more a LPR issue than a samba issue ... :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From petersv at psv.nu Sun Jan 9 16:47:14 2000 From: petersv at psv.nu (Peter Svensson) Date: Tue Dec 2 02:27:51 2003 Subject: Printing Accounting In-Reply-To: <3878B95E.9CF7CD61@plum.de> Message-ID: On Mon, 10 Jan 2000, Michael Glauche wrote: > Yes .. IIRC that is possible when using postscript printers. > You should give the LPRng project some closer look, (www.lprng.org) > It comes with some filters that DO printing accounting for postscrpipt > printers. (They just count the "begin page" words in postscript > documents :) There are also filters which query the printer's page counter. They work rather nicely. Peter -- Peter Svensson ! Pgp key available by finger, fingerprint: ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF ! ------------------------------------------------------------------------ Remember, Luke, your source will be with you... always... From Jean-Francois.Micouleau at dalalu.fr Sun Jan 9 16:49:42 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:51 2003 Subject: Printing Accounting In-Reply-To: <3878B95E.9CF7CD61@plum.de> Message-ID: On Mon, 10 Jan 2000, Michael Glauche wrote: > Yes .. IIRC that is possible when using postscript printers. > You should give the LPRng project some closer look, (www.lprng.org) > It comes with some filters that DO printing accounting for postscrpipt > printers. (They just count the "begin page" words in postscript > documents :) > But ... this is more a LPR issue than a samba issue ... :) yep. but you can hack postscript files to return a null number of pages whatever the real number is. From greg at discreet.com Sun Jan 9 17:14:52 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:51 2003 Subject: Smbpasswd error In-Reply-To: Message-ID: Brilliant - it works now, ta much. Tomorrow, I'll try adding some NT machines. Greg On 09-Jan-00 Luke Kenneth Casson Leighton wrote: > i got fed up with this one being reported for smbpasswd. smbpasswd is a > _local_ management tool so i took out its get-me-the-head-of-the-baptist > code. > > i mean, the domain SIDs, not the baptist. > > if the LDAP back-end decides to store the full Domain SID, then that's > going to be a different story. > > On Sun, 9 Jan 2000, Michiel Brendel wrote: > >> At 08:59 AM 1/8/00 +1100, you wrote: >> > >> >Me too. Attached is a level 10 log if anybody is interested... >> > >> >Greg >> > >> >On 07-Jan-00 Ely Zavin wrote: >> >> Hi, >> >> I followed all instructions and run combined cvs main and >> >> SAMBA_TNG. >> >> When I tried to create the smbpasswd account for my samba server using >> >> smbpasswd -a -m my_samba_server >> >> I got the following messages: >> >> rpc_check_hdr: error in rpc header >> >> rpc_pipe_bind failed >> >> lsa query failed >> >> Can't setup password database vectors. >> >> You must start the deamons. first smbd and nmmd and then the others. See >> source/README in the SAMBA_TNG branch >> or at http://www.kneschke.de/projekte/samba_tng/index.php3 >> >> Michiel >> ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From giulioo at pobox.com Sun Jan 9 17:22:14 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:51 2003 Subject: Looking for codepage_def.1251 In-Reply-To: <00fe01bf5aa7$9adbd640$83aed8c3@skyportal.com> References: <00fe01bf5aa7$9adbd640$83aed8c3@skyportal.com> Message-ID: <20000109172304.F2B01878C@i3.golden.dom> On Mon, 10 Jan 2000 01:01:53 +1100, hai scritto: >I'm looking for codepage_def.1251. >Trying cvs.samba.org/samba/source/codepages on SAMBA_2_0 and all branches/tags, but can't find it. >Where can I get it? It should be in SAMBA_2_0, retry. I do cvs update -d -P -r SAMBA_2_0 $ ls -l codepage_def.1251 -rw-rw--r-- 1 go go 2474 Jan 7 20:48 codepage_def.1251 -- giulioo@pobox.com From lynn at cis.usouthal.edu Sun Jan 9 17:35:54 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:51 2003 Subject: Need help with printer drivers Message-ID: I have set up a PDC on a UNIX server with a printer share. However, when I try to set the printer up on a local machine and download the drivers it does nothing. Does someone know how to make the drivers download and setup on an NT Client? Thanks. Keith Lynn From lars at kneschke.de Sun Jan 9 17:32:20 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain References: Message-ID: <3878C624.93102DDA@kneschke.de> Nils Ohlmeier wrote: > > On Sat, 8 Jan 2000, Margarita Parker wrote: > > > I have installed samba 2.06 on solaris and I have configured it using > > swat. > > I added the workstation_name$ to the etc/passwd file with no password > > I ran smbpasswd -a -m workstation_name > > > > When I try to join the domain with my NT 4.0 workstation it tells me : > > > > "Unable to connect to the domain controller for this domain. Have your > > administrator check your computer account on the domain." > > Did you ran smbpasswd -a -m server_name also? > When i tryed to setup an PDC for first time, i haven't understand that you > also have to add the server to the smbpasswd. > > BTW: Exists any documentation which points that? documentation exists at my homepage under http://www.kneschke.de/projekte/samba_tng. Another point is, that the windows nt workstation can't join the domain. This is not possible with samba-2.0.6. Only windows 9X can join this domains. Look at my homepage, to find out, what you need, to get this work. Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From breshear at eoni.com Sun Jan 9 18:45:27 2000 From: breshear at eoni.com (Doug Breshears) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain Message-ID: <009a01bf5ad1$b98180c0$e0cbe4d8@douglabr> -----Original Message----- From: Lars Kneschke To: Multiple recipients of list SAMBA-NTDOM Date: Sunday, January 09, 2000 9:43 AM Subject: Re: samba domain >documentation exists at my homepage under >http://www.kneschke.de/projekte/samba_tng. Another point is, that the >windows nt workstation can't join the domain. This is not possible with >samba-2.0.6. Only windows 9X can join this domains. Look at my homepage, >to find out, what you need, to get this work. > > This is not true, 2.0.6 will allow NT 4.0 SP4 machines to join the domain, I have 2 networks running right now on 2.0.6 with nothing but NT4 clients and nothing but samba server. And No, with 2.0.6 you do not have to add the server with smbpasswd, only with the new PDC support and that software is still "non stable", 2.0.6 is the latest "stable" distribution. Other than the advice lars gave I would make sure the NT clients TCP/IP properties were set up correctly. Doug Breshears From lynn at cis.usouthal.edu Sun Jan 9 19:05:30 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:51 2003 Subject: Printer Problems In-Reply-To: Message-ID: Thanks for your help. I have logged on as adminstrator, but I tell it what driver to use, it won't do anything. Do you have any ideas? This is my smb.conf file # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] netbios name = ITELAB workgroup = INFOTECH update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 printer driver file = /usr/local/samba/print/printers.def logon path = \\itelab\profile\%U [netlogon] comment = The domain logon service path = /export/samba/logon public = no writeable = no browseable = no [profile] comment = User profiles path = /export/samba/profile create mode = 0600 directory mode = 0700 writeable = yes browseable = no [share] Comment = Share drive for FCE 19 path = /ili2/labs/fce19/share read only = no [PRINTER$] path = /usr/local/samba/print read only = yes browsable = yes guest ok = yes [hplj19] path = /var/spool/samba/printers printable = yes postscript = yes printer driver = HP LaserJet 4000 Series PCL 6 printer driver location = \\%L\PRINTER$ Thanks. Keith Lynn On Sun, 9 Jan 2000, Bobby Corpuz Jr. wrote: > > Log in as administrator to your NT workstation and double click your > printer share in Network Neighborhood. NT ask you to install a driver for > your printer. Click OK and install the driver. Print a test page to see > the result. Now log out and log in as an ordinary user. You can now print > to your printer by selecting from the printer menu. > > > Bobby O. Corpus, Jr. > Department of Mathematics > University of the Philippines > ----- > Nick the Greek's Law of Life: > All things considered, life is 9 to 5 against. > > On Sun, 9 Jan 2000, Keith Lynn wrote: > > > Hello, > > I hope someone can help me with this problem. I have set up a printer > > share on my UNIX server. I can see it on my Windows NT 4.0 client. > > However, as a regular user, it does not allow me to set up the printer > > because I don't have permission. Is there a way around this? Because I > > need to have users with the ability to add the printer. Thanks. > > Keith Lynn > > > > > From giulioo at pobox.com Sun Jan 9 19:06:06 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:51 2003 Subject: Need help with printer drivers In-Reply-To: References: Message-ID: <20000109190655.9B8E4878C@i3.golden.dom> On Mon, 10 Jan 2000 04:36:00 +1100, hai scritto: >I have set up a PDC on a UNIX server with a printer share. However, when I >try to set the printer up on a local machine and download the drivers it >does nothing. Does someone know how to make the drivers download and setup >on an NT Client? Thanks. Samba docs (printer_driver.txt) says driver download works with win9x only; nt is not supported yet. -- giulioo@pobox.com From lynn at cis.usouthal.edu Sun Jan 9 20:41:35 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:51 2003 Subject: Printing in NT Message-ID: How do you go about setting up an NT Workstation to use a Samba printer? From Jean-Francois.Micouleau at dalalu.fr Sun Jan 9 21:53:06 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:51 2003 Subject: Printing in NT In-Reply-To: Message-ID: On Mon, 10 Jan 2000, Keith Lynn wrote: > How do you go about setting up an NT Workstation to use a Samba printer? you setup the printers locally on each NT workstations or, you switch to SAMBA_TNG and search the samba-ntdom archive for a mail I sent several months ago, or you wait for samba 3.0 where full NT printing will be included. J.F. From Jean-Francois.Micouleau at dalalu.fr Sun Jan 9 21:54:56 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:51 2003 Subject: Need help with printer drivers In-Reply-To: <20000109190655.9B8E4878C@i3.golden.dom> Message-ID: On Mon, 10 Jan 2000, Giulio Orsero wrote: > Samba docs (printer_driver.txt) says driver download works with win9x > only; nt is not supported yet. NT is supported in SAMBA_TNG. only NT4 x86 SP3 and below. J.F. From jjm at iname.com Mon Jan 10 03:37:22 2000 From: jjm at iname.com (Johan Meiring) Date: Tue Dec 2 02:27:51 2003 Subject: Roaming Profiles Message-ID: Hi all, Everybody seems to be worried about whether het use x: /home or roaming profiles should work for Win 95. If the one works, the other one breaks. Keep in mind that in an NT ONLY environment Windows 95 will store roaming profiles in your home directory! This is by M$ braindead design. Samba should therefore do this as well. i.e. 2.0.6 behaviour. Johan >On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: >> it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if >> you fix it, please feel free to publish it but please don't ask for it to >> be put into 2.0.7. > >you're mixing NT and 95/98 profiles. NT profiles are working. Guilio is >talking about 95 profiles. From lars at kneschke.de Mon Jan 10 03:22:46 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain References: <009a01bf5ad1$b98180c0$e0cbe4d8@douglabr> Message-ID: <38795086.B410C3C0@kneschke.de> Doug Breshears wrote: > >documentation exists at my homepage under > >http://www.kneschke.de/projekte/samba_tng. Another point is, that the > >windows nt workstation can't join the domain. This is not possible with > >samba-2.0.6. Only windows 9X can join this domains. Look at my homepage, > >to find out, what you need, to get this work. > > > > > > This is not true, 2.0.6 will allow NT 4.0 SP4 machines to join the > domain, I > have 2 networks running right now on 2.0.6 with nothing but NT4 clients > and > nothing but samba server. Ok, then my last stating was wrong. Sorry! Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From tavis at columbia.edu Mon Jan 10 05:03:01 2000 From: tavis at columbia.edu (tavis.barr) Date: Tue Dec 2 02:27:51 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: Good. I would encourage you all to release it. Perhaps like many sys admins, I'm inherently lazy, and basically 2.1 works fine as my PDC (the user manager stuff is an important improvement over 2.0). Printers can be managed easily enough through other means (e.g., the M$ lpr client). Someday I'll need support for Win2K, but I don't look forward to all the reconfiguration involved in setting up 3.0. I guess I'll I'm trying to say is I think 2.1 will have an audience. Cheers, Tavis On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: > On Sat, 8 Jan 2000, Tavis Barr wrote: > > > > > So what about 2.1? Are you (plural) planning to create a stable release of > > that, or is it simply being discontinued in favor of 3.0? > > 2.1 now reserved for the 2.0.x next major version. > > From mike at ed.ac.uk Mon Jan 10 10:34:46 2000 From: mike at ed.ac.uk (Mike.Robinson) Date: Tue Dec 2 02:27:51 2003 Subject: Domain admins In-Reply-To: <387613AB.276AAE1F@NetUSE.DE> Message-ID: On Fri, 7 Jan 2000, Lars Kneschke wrote: > "Mike.Robinson" wrote: > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > of Samba downloaded in September 99 and running on Solaris 7. > > > > I am trying to put users into a Domain Admins group using the information in > > the FAQ. > > > > What I have is: > > > > fibratus#ypcat group |grep nt > > ntadmin:*:4219:mike,bc,cnd,ann > > automnt:*:31530: > > ntusers:*:4220:mike,bc,cnd,ann > > > > fibratus#grep domain smb.conf > > workgroup = met-domain > > domain group map = /usr/local/samba/lib/domaingroup.map > > domain master = yes > > domain logons = yes > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > ntadmin="Domain Admins" > > ntusers="Domain Users" > > > > fibratus#grep group /etc/nsswitch.conf > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > group: files nis > > netgroup: nis > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > administrator privilegs. The samba logs do not appear to have anything that > > sheds any light on the matter. > I use the latest samba from cvs(see my homepage > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > this problem just today. Your smb.conf and your domaingroup.map > are ok, but to let this, the in the /etc/passwd must be ntadmin > or ntusers. The settings in /etc/group don't care samba much. :-( > > This works: > > /etc/group > ntadmin::101: > > /etc/passwd > lk:x:6010:101::/home/lk:/bin/sh > > lk is "Domain Admin". > > Hope this helps. Many thanks, I've solved the problem following a pointer from "Mayers, P J" . By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as miker instead of mike. Although miker was not in smbpasswd or in the nis group it is in the NIS passwd (intentionally - with the same user id but different shell). Not sure why it does this since: fractus#groups miker eucsup wheel fractus#groups mike eucsup wheel met erdas ntadmin ntusers www - but putting miker into smbpasswd and logging in as miker instead circumvents the problem? ****** Is this a bug in the samba software? ******* Best wishes, Mike ................................................................................ Mike Robinson Email: M.Robinson@ed.ac.uk EUCS Tel: 0131 650 5015 The University of Edinburgh Fax: 0131 650 8748 J.C.M.B The Kings Buildings Mayfield Road Edinburgh EH9 3JZ From lkcl at samba.org Mon Jan 10 12:08:46 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals Message-ID: It's now available from Macmillan Technical Publishing. The only source of information publicly available on Windows NT authentication and password-update methods, including NTLMv1, NTLMv2, NTLMSSP, the Domain Logon Protocol (NETLOGON and NETLOGON "Secure Channel"), Windows 95 user, NT user and NT Administrative password changes, and how the SAM database is encrypted when transferred from a PDC to a BDC. It also contains information on how to understand, at a very detailed and boring level, NT Domain traffic (DCE/RPC) such as NT Domain Logons and running User Manager for Domains. It also matches official MSDN functions with unpublished Microsoft APIs, evidence for the existence of which can only be deduced from examining network traces or by purchasing an NT Source Code License. Despite what it says on the cover, this book is, "An expert guide to improving the efficiency and security *OF* Windows NT". Enjoy. Luke K.C. Leighton (Samba Team, ISS X-Force Research). From lk at NetUSE.DE Mon Jan 10 12:10:26 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:51 2003 Subject: the mailinglist archives are broken Message-ID: <3879CC32.7E645B16@NetUSE.DE> Hello! The mailinglist archive doesn't work. Can someone fix this? I could fix this, if i get a temporarly account at this machine. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From greg at discreet.com Mon Jan 10 12:37:41 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:51 2003 Subject: the mailinglist archives are broken In-Reply-To: <3879CC32.7E645B16@NetUSE.DE> Message-ID: Some more info on this:it looks like someone cleaned up the archives by splitting it off in 3 separate directories (old, current, jan2000?) by the links did not follow. Greg On 10-Jan-00 Lars Kneschke wrote: > Hello! > > The mailinglist archive doesn't work. Can someone fix this? > I could fix this, if i get a temporarly account at this machine. > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From michael at kawo2.rwth-aachen.de Mon Jan 10 13:06:11 2000 From: michael at kawo2.rwth-aachen.de (Michael Mess) Date: Tue Dec 2 02:27:51 2003 Subject: WinNT Server logins into a Samba PDC References: Message-ID: <3879D943.498E7775@kawo2.rwth-aachen.de> Does an error appear like "Login incorrect" or does just the login prompt appear again after a few seconds? If the second of both appears, this seems to be a permission problem. One important file does not have enough rights to be accessed to. This might happen if some files are installed on a domain administrator account which does not further exist and is not known by the system anymore. To solve that problem, take ownership as a local administrator and set the access rights so that everybody can read important program-files like explorer.exe and DLLs. Then check, if domain users are allowed to login at these NT machine. Greetings, Michael Kyle Schustyk wrote: > > Are there any known issues with users on a Windows NT Server failing to > login to a Samba controlled NT Domain ? > > I've got encryption set up, and the smbpasswd file created. The Windows > NT server has successfully joined the domain, but it won't allow users to > log on. However, if I blank a users password in smbpasswd, then the > windows NT server WILL successfully process the logon. This is, however, > not a feasable solution:) > > FYI: Windows 95, and 98 nodes have no trouble logging in with the same > usernames and passwords that fail from the WinNT Server. > > WinNT Server is Service Pack 3 From lkcl at samba.org Mon Jan 10 13:28:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain In-Reply-To: <009a01bf5ad1$b98180c0$e0cbe4d8@douglabr> Message-ID: > > >documentation exists at my homepage under > >http://www.kneschke.de/projekte/samba_tng. Another point is, that the > >windows nt workstation can't join the domain. This is not possible with > >samba-2.0.6. Only windows 9X can join this domains. Look at my homepage, > >to find out, what you need, to get this work. > > > > > > > This is not true, 2.0.6 will allow NT 4.0 SP4 machines to join the domain, I > have 2 networks running right now on 2.0.6 with nothing but NT4 clients and > nothing but samba server. > > And No, with 2.0.6 you do not have to add the server with smbpasswd, only yeah, that's because you are using "security = server", if i guess correctly. btw win9x doesn't _have_ the concept of domains, therefore they can't "join" a domain. From lkcl at samba.org Mon Jan 10 13:35:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: Domain admins In-Reply-To: Message-ID: mike, i use getwnam() getpwuid() getgrnam() etc to convert to / from unix / nt groups, because i have *absolutely* no idea what i am doing. should i be using something else? nisgetpwnam()? ok, i say "i", but i'm not qualified to actually get it right. does someone want to look at this? luke On Mon, 10 Jan 2000, Mike.Robinson wrote: > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > "Mike.Robinson" wrote: > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > I am trying to put users into a Domain Admins group using the information in > > > the FAQ. > > > > > > What I have is: > > > > > > fibratus#ypcat group |grep nt > > > ntadmin:*:4219:mike,bc,cnd,ann > > > automnt:*:31530: > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > fibratus#grep domain smb.conf > > > workgroup = met-domain > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > domain master = yes > > > domain logons = yes > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > ntadmin="Domain Admins" > > > ntusers="Domain Users" > > > > > > fibratus#grep group /etc/nsswitch.conf > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > group: files nis > > > netgroup: nis > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > administrator privilegs. The samba logs do not appear to have anything that > > > sheds any light on the matter. > > I use the latest samba from cvs(see my homepage > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > this problem just today. Your smb.conf and your domaingroup.map > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > This works: > > > > /etc/group > > ntadmin::101: > > > > /etc/passwd > > lk:x:6010:101::/home/lk:/bin/sh > > > > lk is "Domain Admin". > > > > Hope this helps. > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > . > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > miker instead of mike. Although miker was not in smbpasswd or in the nis group > it is in the NIS passwd (intentionally - with the same user id but different > shell). > > Not sure why it does this since: > > fractus#groups miker > eucsup wheel > > fractus#groups mike > eucsup wheel met erdas ntadmin ntusers www > > - but putting miker into smbpasswd and logging in as miker instead circumvents > the problem? > > ****** Is this a bug in the samba software? ******* > > Best wishes, > > Mike > > ............................................................................... > Mike Robinson Email: M.Robinson@ed.ac.uk > EUCS Tel: 0131 650 5015 > The University of Edinburgh Fax: 0131 650 8748 > J.C.M.B > The Kings Buildings > Mayfield Road > Edinburgh EH9 3JZ > > From fredrikf at jmeab.se Mon Jan 10 13:35:30 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:27:51 2003 Subject: Logon Error! Message-ID: <001e01bf5b6f$91836c70$6e00a8c0@kalve> Hello, i get this error after enter user/pass to the domain..: The following error occured attempting to join the domain "REDHAT": The credentials suppled conflict with an existing set of credentials. Anyone know whats wrong ?.. Please help me From bobby at math01.cs.upd.edu.ph Mon Jan 10 15:03:02 2000 From: bobby at math01.cs.upd.edu.ph (Bobby Corpuz Jr.) Date: Tue Dec 2 02:27:51 2003 Subject: Printer Problems In-Reply-To: Message-ID: My samba setup is not as complicated as yours. I don't have a "printer driver file" configuration in my smb.conf but I'm very satified with my samba setup. Here is my setup: -------------- | Samba Server | | A | |______________| | ------------ ------------ -------------- | NT |_______| NT |_________|Linux Box B | |Workstation | |Workstation | |Printer server| ------------ ------------ -------------- I setup a linux box as a samba PDC for my NT workstations. A setup another linux box on a slow machine that acts a my printer server. What I do is setup my Samba server A to print on my print server B, i.e., set up B to be a remote printer for A. Now, when I log in as administrator in each of my NT boxes and do the following: 1. Double click on Network Neighborhood and look for the icon of my Samba Server. 2. Double click on my Samba Server's icon. NT will the ask for the a username and password to connect to my Samba Server. I will then type root in username and type the root password. After that, I will be able to see root's folder, netlogon, lp, etc. 3. I click on the icon of lp. Notice that the icon is that of a printer. 4. Now, NT will tell me that I cannot print to this device because it does not have a driver. I click ok. NT will then ask me if I want to install a driver for this printer. I click ok. 5. NT will now go into the process of installing a printer driver. It will ask me for the installation disk of my printer which I have in hand. NT will also ask me if I want a test page printed. I say yes. 6. After the installation, NT will ask me if the test page was printed correctly. I go to my printer and find that it's there, so I say yes. 7. Now I log out as administrator and log in as myself. 8. I open a word document and print it, selecting the printer that I just installed. I find that the document is printed beautifully. 9. I do the same process to all my other NT boxes. Of course, I could have attached the printer directly to my Samba server and set the printer up as a local printer and do the same process as above for my NT boxes. But I can't do that because my Samba server is in a different room. Lastly, I have no need of the parameter "printer driver file". Printer works great for me without this parameter. Bobby O. Corpus, Jr. Department of Mathematics University of the Philippines ----- It is easier to change the specification to fit the program than vice versa. On Mon, 10 Jan 2000, Keith Lynn wrote: > Thanks for your help. I have logged on as adminstrator, but I tell it what > driver to use, it won't do anything. Do you have any ideas? This is my > smb.conf file > > # Samba config file created using SWAT > # from 192.245.222.25 (192.245.222.25) > # Date: 2000/01/04 17:14:29 > > # Global parameters > [global] > netbios name = ITELAB > workgroup = INFOTECH > update encrypted = Yes > wins support = Yes > domain logons = Yes > > security = user > > os level = 34 > local master = yes > preferred master = yes > domain master = yes > > encrypt passwords = yes > > interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 > > printer driver file = /usr/local/samba/print/printers.def > > logon path = \\itelab\profile\%U > > [netlogon] > comment = The domain logon service > path = /export/samba/logon > public = no > writeable = no > browseable = no > > [profile] > comment = User profiles > path = /export/samba/profile > create mode = 0600 > directory mode = 0700 > writeable = yes > browseable = no > > [share] > Comment = Share drive for FCE 19 > path = /ili2/labs/fce19/share > read only = no > > [PRINTER$] > path = /usr/local/samba/print > read only = yes > browsable = yes > guest ok = yes > > [hplj19] > path = /var/spool/samba/printers > printable = yes > postscript = yes > > printer driver = HP LaserJet 4000 Series PCL 6 > printer driver location = \\%L\PRINTER$ > > Thanks. > Keith Lynn > > On Sun, 9 Jan 2000, Bobby Corpuz Jr. wrote: > > > > > Log in as administrator to your NT workstation and double click your > > printer share in Network Neighborhood. NT ask you to install a driver for > > your printer. Click OK and install the driver. Print a test page to see > > the result. Now log out and log in as an ordinary user. You can now print > > to your printer by selecting from the printer menu. > > > > > > Bobby O. Corpus, Jr. > > Department of Mathematics > > University of the Philippines > > ----- > > Nick the Greek's Law of Life: > > All things considered, life is 9 to 5 against. > > > > On Sun, 9 Jan 2000, Keith Lynn wrote: > > > > > Hello, > > > I hope someone can help me with this problem. I have set up a printer > > > share on my UNIX server. I can see it on my Windows NT 4.0 client. > > > However, as a regular user, it does not allow me to set up the printer > > > because I don't have permission. Is there a way around this? Because I > > > need to have users with the ability to add the printer. Thanks. > > > Keith Lynn > > > > > > > > > > From lkcl at samba.org Mon Jan 10 15:06:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: smbpasswd -j SAMBA_DOMAIN - fixed Message-ID: ok, i got so fed up with all the reports of people using smbpasswd bitching about how it couldn't be used to join its own domain that i fixed it. HOWEVER... you should be aware that smbpasswd sets the initial trust account password to server_name_in_lower_case, and then changes it, using the initial password to encrypt the new one. this is to be compatible with NT 4.0. IF you are concerned about network sniffing from hostile users, THEN: use rpcclient instead (lsaquery; createuser sambaserver$ -j). the password change is done using the administrator's username / password to encrypt the trust account change, NOT the old trust account password. luke From greg at discreet.com Mon Jan 10 15:28:35 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:51 2003 Subject: smbpasswd -j SAMBA_DOMAIN - fixed In-Reply-To: Message-ID: Here's another silly question: will rpcclient work like below without gnu readline? I ask because if I try I get this: smb: > createuser tahiti$ -j createuser tahiti$ -j SAM Create Domain User Domain: DL_RDTEST Name: tahiti$ Description: -j Create Domain User: FAILED smb: > createuser -j tahiti$ createuser -j tahiti$ SAM Create Domain User Domain: DL_RDTEST Name: -j Description: tahiti$ Create Domain User: FAILED Sorry to be so much trouble... Greg On 10-Jan-00 Luke Kenneth Casson Leighton wrote: > ok, i got so fed up with all the reports of people using smbpasswd > bitching about how it couldn't be used to join its own domain that i fixed > it. > > HOWEVER... > > you should be aware that smbpasswd sets the initial trust account password > to server_name_in_lower_case, and then changes it, using the initial > password to encrypt the new one. this is to be compatible with NT 4.0. > > IF you are concerned about network sniffing from hostile users, THEN: > > use rpcclient instead (lsaquery; createuser sambaserver$ -j). > > the password change is done using the administrator's username / password > to encrypt the trust account change, NOT the old trust account password. > > luke --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Jennifer_Arbogast at digi.com Mon Jan 10 15:41:27 2000 From: Jennifer_Arbogast at digi.com (Jennifer Arbogast) Date: Tue Dec 2 02:27:51 2003 Subject: FW: [Fwd: [Fwd: You Are My Sunshine!]] Message-ID: <415A9F6DCFA0D211B78D0008C7A42FB3021F1460@gopostal.digi.com> oh this is good!*sniff* -----Original Message----- From: Vickie English [mailto:vickiee@pbs.com] Sent: Thursday, January 06, 2000 5:10 PM To: Jennifer_Arbogast@digi.com; Guelzow Subject: [Fwd: [Fwd: You Are My Sunshine!]] I almost cried while reading this...Too sweet... -------------- next part -------------- An embedded message was scrubbed... From: Teresa Matzek Subject: [Fwd: You Are My Sunshine!] Date: Thu, 6 Jan 2000 08:49:20 -0600 Size: 5726 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000110/f7ab5e25/attachment.eml -------------- next part -------------- A non-text attachment was scrubbed... Name: vickiee.vcf Type: text/x-vcard Size: 310 bytes Desc: Card for Vickie English Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000110/f7ab5e25/vickiee.vcf From fricke at team.owl-online.de Mon Jan 10 15:45:24 2000 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:27:51 2003 Subject: Antwort: FW: [Fwd: [Fwd: You Are My Sunshine!]] Message-ID: This is a technial mailing-list and not a church! -------------------------------------------------------------------------------------------------- Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.team.owl-online.de/ A bus station is where a bus stops A train station is where a train stops On my desk I have work station... From Jennifer_Arbogast at digi.com Mon Jan 10 16:02:31 2000 From: Jennifer_Arbogast at digi.com (Jennifer Arbogast) Date: Tue Dec 2 02:27:51 2003 Subject: sorry Message-ID: <415A9F6DCFA0D211B78D0008C7A42FB3021F1463@gopostal.digi.com> I apologize for that email. Not too sure how I messed up and added this list to the email. I try to be careful, but I guess we are all human. Again my apologies Jennifer From romanjd at udmercy.edu Mon Jan 10 16:03:04 2000 From: romanjd at udmercy.edu (James D Roman) Date: Tue Dec 2 02:27:51 2003 Subject: Adding machine to Samba NT Domain Message-ID: Hello all, I know that their are articles on this in the archives, but I am having no luck in following the links in the archive search. How do you add a machine to a Samba NT domain. I have a group of NT workstations which I would like to connect to a Samba domain. I beleive that I have configured the server correctly to act as the PDC for the domain, but when I try to add the machine to the domain in the NT workstation network applet, I get a number of different errors. If I try to add it, with out supplying a username and password, it states that the machine needs to be added to the domain. When I try to supply a password, root or an administrative password, I get errors that the username password is invalid or doesn't exist. TIA for your help. James D. Roman Network Administrator School of Architecture U of D Mercy From lkcl at samba.org Mon Jan 10 16:15:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: smbpasswd -j SAMBA_DOMAIN - fixed In-Reply-To: Message-ID: On Mon, 10 Jan 2000, Greg Dickie wrote: > > Here's another silly question: will rpcclient work like below without > gnu readline? I ask because if I try I get this: it should do, yes. did you specify root username / password? otherwise, yes, it will fail: you are modifying a remote SAM database, after all! also, try running rpcclient -S . on the local machine (you must be running as root to do this). > smb: > createuser tahiti$ -j > createuser tahiti$ -j > > SAM Create Domain User > Domain: DL_RDTEST Name: tahiti$ Description: -j > Create Domain User: FAILED > smb: > createuser -j tahiti$ > createuser -j tahiti$ > > SAM Create Domain User > Domain: DL_RDTEST Name: -j Description: tahiti$ > Create Domain User: FAILED > > Sorry to be so much trouble... > > Greg > > > On 10-Jan-00 Luke Kenneth Casson Leighton wrote: > > ok, i got so fed up with all the reports of people using smbpasswd > > bitching about how it couldn't be used to join its own domain that i fixed > > it. > > > > HOWEVER... > > > > you should be aware that smbpasswd sets the initial trust account password > > to server_name_in_lower_case, and then changes it, using the initial > > password to encrypt the new one. this is to be compatible with NT 4.0. > > > > IF you are concerned about network sniffing from hostile users, THEN: > > > > use rpcclient instead (lsaquery; createuser sambaserver$ -j). > > > > the password change is done using the administrator's username / password > > to encrypt the trust account change, NOT the old trust account password. > > > > luke > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > From mike at ed.ac.uk Mon Jan 10 16:17:50 2000 From: mike at ed.ac.uk (Mike.Robinson) Date: Tue Dec 2 02:27:51 2003 Subject: Domain admins In-Reply-To: Message-ID: On Tue, 11 Jan 2000, Luke Kenneth Casson Leighton wrote: > mike, > > i use getwnam() getpwuid() getgrnam() etc to convert to / from unix / nt > groups, because i have *absolutely* no idea what i am doing. > > should i be using something else? nisgetpwnam()? > > ok, i say "i", but i'm not qualified to actually get it right. > > does someone want to look at this? > > luke Perhaps I was at fault having more than one user name (mike and miker) assigned to a single uid - although both refer to one (physical) user. I've changed this now, giving miker a different uid to mike. That seems to solve the problem. Mike -------------------------------------------------------------------------------- > > On Mon, 10 Jan 2000, Mike.Robinson wrote: > > > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > > > "Mike.Robinson" wrote: > > > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > > > I am trying to put users into a Domain Admins group using the information in > > > > the FAQ. > > > > > > > > What I have is: > > > > > > > > fibratus#ypcat group |grep nt > > > > ntadmin:*:4219:mike,bc,cnd,ann > > > > automnt:*:31530: > > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > > > fibratus#grep domain smb.conf > > > > workgroup = met-domain > > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > > domain master = yes > > > > domain logons = yes > > > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > > ntadmin="Domain Admins" > > > > ntusers="Domain Users" > > > > > > > > fibratus#grep group /etc/nsswitch.conf > > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > > group: files nis > > > > netgroup: nis > > > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > > administrator privilegs. The samba logs do not appear to have anything that > > > > sheds any light on the matter. > > > I use the latest samba from cvs(see my homepage > > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > > this problem just today. Your smb.conf and your domaingroup.map > > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > > > This works: > > > > > > /etc/group > > > ntadmin::101: > > > > > > /etc/passwd > > > lk:x:6010:101::/home/lk:/bin/sh > > > > > > lk is "Domain Admin". > > > > > > Hope this helps. > > > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > > . > > > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > > miker instead of mike. Although miker was not in smbpasswd or in the nis group > > it is in the NIS passwd (intentionally - with the same user id but different > > shell). > > > > Not sure why it does this since: > > > > fractus#groups miker > > eucsup wheel > > > > fractus#groups mike > > eucsup wheel met erdas ntadmin ntusers www > > > > - but putting miker into smbpasswd and logging in as miker instead circumvents > > the problem? > > > > ****** Is this a bug in the samba software? ******* > > > > Best wishes, > > > > Mike > > > > ............................................................................... > > Mike Robinson Email: M.Robinson@ed.ac.uk > > EUCS Tel: 0131 650 5015 > > The University of Edinburgh Fax: 0131 650 8748 > > J.C.M.B > > The Kings Buildings > > Mayfield Road > > Edinburgh EH9 3JZ > > > > > Best wishes, Mike ................................................................................ Mike Robinson Email: M.Robinson@ed.ac.uk EUCS Tel: 0131 650 5015 The University of Edinburgh Fax: 0131 650 8748 J.C.M.B The Kings Buildings Mayfield Road Edinburgh EH9 3JZ From lkcl at samba.org Mon Jan 10 16:19:17 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: sorry In-Reply-To: <415A9F6DCFA0D211B78D0008C7A42FB3021F1463@gopostal.digi.com> Message-ID: On Tue, 11 Jan 2000, Jennifer Arbogast wrote: > I apologize for that email. Not too sure how I messed up and added > this list to the email. I try to be careful, but I guess we are all > human. it happens :) at least you didn't post your home telephone number... From lk at NetUSE.DE Mon Jan 10 16:41:41 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:52 2003 Subject: Adding machine to Samba NT Domain References: Message-ID: <387A0BC5.1B8053D7@NetUSE.DE> James D Roman wrote: > > Hello all, > > I know that their are articles on this in the archives, but > I am having no luck in following the links in the archive > search. How do you add a machine to a Samba NT domain. I > have a group of NT workstations which I would like to > connect to a Samba domain. I beleive that I have configured > the server correctly to act as the PDC for the domain, but > when I try to add the machine to the domain in the NT > workstation network applet, I get a number of different > errors. If I try to add it, with out supplying a username > and password, it states that the machine needs to be added > to the domain. When I try to supply a password, root or an > administrative password, I get errors that the username > password is invalid or doesn't exist. TIA for your help. Have you read my homepage? http://www.kneschke.de/projekte/samba_tng You don't need to supply a username and password. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From gtm at oracom.com Mon Jan 10 17:26:18 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:52 2003 Subject: net use (home) Message-ID: <387A163A.75F59BDA@oracom.com> Hi all, I have just got the combination of SAMBA_TNG and the main branch running as a PDC. Everything seems fine except when I login and run a script which uses the following command: net use * /HOME I get the error System error 5 has occured Access is denied In the same login file (all.bat) I have the following command: net time \\oxford /set /yes which works fine so it is not a file problem. In the NT environment I have the following: HOMEDRIVE = z: HOMEPATH = \ HOMESHARE = \\\user Are the later two correct? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From swaters at amicus.com Mon Jan 10 17:27:40 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:52 2003 Subject: Domain admins References: Message-ID: <387A168C.1BB60937@amicus.com> "Mike.Robinson" wrote: > > Perhaps I was at fault having more than one user name (mike and miker) assigned > to a single uid - although both refer to one (physical) user. I've changed this > now, giving miker a different uid to mike. That seems to solve the problem. this functionality can be extremely useful. for instance, some of our programmers need root level access to get to some of the logs so we have a root equivalent account called "rooter". only a few select people have the true root passwords and they are changed very frequently. if the rooter password is suspected to have been compromised, it is simple to disable it and still have root functioning properly. mind you, if they've already installed root-equiv backdoors and whatnot then this is not so useful... but back to samba, it would be nice if samba could understand multiple names referring to the same UID. -s > -------------------------------------------------------------------------------- > > > > > On Mon, 10 Jan 2000, Mike.Robinson wrote: > > > > > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > > > > > "Mike.Robinson" wrote: > > > > > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > > > > > I am trying to put users into a Domain Admins group using the information in > > > > > the FAQ. > > > > > > > > > > What I have is: > > > > > > > > > > fibratus#ypcat group |grep nt > > > > > ntadmin:*:4219:mike,bc,cnd,ann > > > > > automnt:*:31530: > > > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > > > > > fibratus#grep domain smb.conf > > > > > workgroup = met-domain > > > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > > > domain master = yes > > > > > domain logons = yes > > > > > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > > > ntadmin="Domain Admins" > > > > > ntusers="Domain Users" > > > > > > > > > > fibratus#grep group /etc/nsswitch.conf > > > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > > > group: files nis > > > > > netgroup: nis > > > > > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > > > administrator privilegs. The samba logs do not appear to have anything that > > > > > sheds any light on the matter. > > > > I use the latest samba from cvs(see my homepage > > > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > > > this problem just today. Your smb.conf and your domaingroup.map > > > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > > > > > This works: > > > > > > > > /etc/group > > > > ntadmin::101: > > > > > > > > /etc/passwd > > > > lk:x:6010:101::/home/lk:/bin/sh > > > > > > > > lk is "Domain Admin". > > > > > > > > Hope this helps. > > > > > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > > > . > > > > > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > > > miker instead of mike. Although miker was not in smbpasswd or in the nis group > > > it is in the NIS passwd (intentionally - with the same user id but different > > > shell). > > > > > > Not sure why it does this since: > > > > > > fractus#groups miker > > > eucsup wheel > > > > > > fractus#groups mike > > > eucsup wheel met erdas ntadmin ntusers www > > > > > > - but putting miker into smbpasswd and logging in as miker instead circumvents > > > the problem? > > > > > > ****** Is this a bug in the samba software? ******* > > > > > > Best wishes, > > > > > > Mike > > > > > > ............................................................................... > > > Mike Robinson Email: M.Robinson@ed.ac.uk > > > EUCS Tel: 0131 650 5015 > > > The University of Edinburgh Fax: 0131 650 8748 > > > J.C.M.B > > > The Kings Buildings > > > Mayfield Road > > > Edinburgh EH9 3JZ > > > > > > > > > > Best wishes, > > Mike > > ............................................................................... > Mike Robinson Email: M.Robinson@ed.ac.uk > EUCS Tel: 0131 650 5015 > The University of Edinburgh Fax: 0131 650 8748 > J.C.M.B > The Kings Buildings > Mayfield Road > Edinburgh EH9 3JZ From jeremy at valinux.com Mon Jan 10 18:41:36 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:52 2003 Subject: Roaming Profiles References: Message-ID: <387A27E0.720B5E5E@valinux.com> Luke Kenneth Casson Leighton wrote: > > this will be because 2.0.6 was never intended to be a PDC. i actually > removed the PDC code at one point, and jeremy put it back. This is nothing to do with PDC support. This is a profiles problem that also bites Win9x clients. Also, if I hadn't put it back in we wouldn't have a working RPC layer (needed for NT browsing and printing) or NT change password support in 2.0.x - both of which we need. Stop moaning :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jeremy at valinux.com Mon Jan 10 18:42:46 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:52 2003 Subject: Roaming Profiles References: <20000108193332.3C46F88E9@i3.golden.dom> <20000108194731.3267488E9@i3.golden.dom> Message-ID: <387A2826.35C272AF@valinux.com> Giulio Orsero wrote: > > On Sun, 9 Jan 2000 06:37:24 +1100, hai scritto: > > >it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if > >you fix it, please feel free to publish it but please don't ask for it to > >be put into 2.0.7. > I don't know c :-) > I say that's ipc.c because if you revert to the 2.0.5 ipc.c you get the > 2.0.5 behavior (logon path and profiles ok, but net use /home not ok). > It was ipc.c that was touched to make "net use h: /home" work, changing > 2 logon_path's into 2 logon_home's. > > >the more people use 2.0.x as a PDC (unsupported and discouraged), the more > >traffic we will see on the lists "my pdc don't work now i upgraded to > Yes, I know your opinion about this :-) > I agree, but I think this issue is very simple to be solved in 2.0.7: > profiles are more important than "net use...", so it's just a matter of > editing 2 lines. Indeed. We will *definately* fix this before 2.0.7 ships. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Alan.Hourihane at pinacl.co.uk Mon Jan 10 17:53:07 2000 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:52 2003 Subject: SAMBA_TNG problem starting smbd Message-ID: <01BF5B93.8DF691D0.Alan.Hourihane@pinacl.co.uk> With snapshot as of 3:00pm 10/1/2000. I get this from starting smbd. Problem opening /tmp/.smb.0/agent ? Alan. [2000/01/10 17:51:06, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/10 17:51:06, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [2000/01/10 17:51:06, 1] lib/util_sock.c:open_socket_out(749) error connecting to 193.32.209.22:445 (Connection refused) [2000/01/10 17:51:06, 0] lib/util_sock.c:open_pipe_sock(890) socket connect to /tmp/.smb.0/agent failed [2000/01/10 17:51:07, 1] lib/util_sock.c:open_socket_out(749) error connecting to 193.32.209.22:445 (Connection refused) [2000/01/10 17:51:07, 0] lib/fault.c:fault_report(40) =============================================================== [2000/01/10 17:51:07, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 19402 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [2000/01/10 17:51:07, 0] lib/fault.c:fault_report(43) =============================================================== [2000/01/10 17:51:07, 0] lib/util.c:smb_panic(2561) PANIC: internal error From ctooley at joslyn.org Mon Jan 10 18:10:26 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:52 2003 Subject: Printer Problems In-Reply-To: Message-ID: <000301bf5b95$f9503060$1900a8c0@joslyn.org> If you want to give EVERYONE the right to add the printer, you have to go to the Workstations and give everyone access to add printers to the local machine. If you are going to do this, you might as well, add the printer yourself. Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Keith Lynn Sent: Saturday, January 08, 2000 8:44 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Printer Problems Hello, I hope someone can help me with this problem. I have set up a printer share on my UNIX server. I can see it on my Windows NT 4.0 client. However, as a regular user, it does not allow me to set up the printer because I don't have permission. Is there a way around this? Because I need to have users with the ability to add the printer. Thanks. Keith Lynn From gtm at oracom.com Mon Jan 10 18:12:25 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:52 2003 Subject: Usrmgr for domains Message-ID: <387A2109.888FE66@oracom.com> Hi all....again PDC Pre2.1.0 (TNG branch) and smbd and nmbd from the main branch. When I start usrmgr for domains I just get a blank screen. Is this a known problem? I am running many different deamons. smbd, nmbd, browserd, lsarpcd, netlogond, samrd, spoolssd, srvsvcd, svcctld, winregd, wkssvcd. Do I need to run something else? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From ntstuff at caffeine.ennui.net Mon Jan 10 19:50:39 2000 From: ntstuff at caffeine.ennui.net (Jacks Sambaspool) Date: Tue Dec 2 02:27:52 2003 Subject: subscribe Message-ID: subscibe From lkcl at samba.org Mon Jan 10 19:52:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Domain admins In-Reply-To: <387A168C.1BB60937@amicus.com> Message-ID: that's really tricky to do. the only way to correctly and securely identify a user is by uid, _not_ by username. On Tue, 11 Jan 2000, Stephen Waters wrote: > "Mike.Robinson" wrote: > > > > Perhaps I was at fault having more than one user name (mike and miker) assigned > > to a single uid - although both refer to one (physical) user. I've changed this > > now, giving miker a different uid to mike. That seems to solve the problem. > > this functionality can be extremely useful. for instance, some of our > programmers need root level access to get to some of the logs so we have > a root equivalent account called "rooter". only a few select people have > the true root passwords and they are changed very frequently. if the > rooter password is suspected to have been compromised, it is simple to > disable it and still have root functioning properly. > > mind you, if they've already installed root-equiv backdoors and whatnot > then this is not so useful... but back to samba, it would be nice if > samba could understand multiple names referring to the same UID. > > -s > > > -------------------------------------------------------------------------------- > > > > > > > > On Mon, 10 Jan 2000, Mike.Robinson wrote: > > > > > > > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > > > > > > > "Mike.Robinson" wrote: > > > > > > > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > > > > > > > I am trying to put users into a Domain Admins group using the information in > > > > > > the FAQ. > > > > > > > > > > > > What I have is: > > > > > > > > > > > > fibratus#ypcat group |grep nt > > > > > > ntadmin:*:4219:mike,bc,cnd,ann > > > > > > automnt:*:31530: > > > > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > > > > > > > fibratus#grep domain smb.conf > > > > > > workgroup = met-domain > > > > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > > > > domain master = yes > > > > > > domain logons = yes > > > > > > > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > > > > ntadmin="Domain Admins" > > > > > > ntusers="Domain Users" > > > > > > > > > > > > fibratus#grep group /etc/nsswitch.conf > > > > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > > > > group: files nis > > > > > > netgroup: nis > > > > > > > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > > > > administrator privilegs. The samba logs do not appear to have anything that > > > > > > sheds any light on the matter. > > > > > I use the latest samba from cvs(see my homepage > > > > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > > > > this problem just today. Your smb.conf and your domaingroup.map > > > > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > > > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > > > > > > > This works: > > > > > > > > > > /etc/group > > > > > ntadmin::101: > > > > > > > > > > /etc/passwd > > > > > lk:x:6010:101::/home/lk:/bin/sh > > > > > > > > > > lk is "Domain Admin". > > > > > > > > > > Hope this helps. > > > > > > > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > > > > . > > > > > > > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > > > > miker instead of mike. Although miker was not in smbpasswd or in the nis group > > > > it is in the NIS passwd (intentionally - with the same user id but different > > > > shell). > > > > > > > > Not sure why it does this since: > > > > > > > > fractus#groups miker > > > > eucsup wheel > > > > > > > > fractus#groups mike > > > > eucsup wheel met erdas ntadmin ntusers www > > > > > > > > - but putting miker into smbpasswd and logging in as miker instead circumvents > > > > the problem? > > > > > > > > ****** Is this a bug in the samba software? ******* > > > > > > > > Best wishes, > > > > > > > > Mike > > > > > > > > ............................................................................... > > > > Mike Robinson Email: M.Robinson@ed.ac.uk > > > > EUCS Tel: 0131 650 5015 > > > > The University of Edinburgh Fax: 0131 650 8748 > > > > J.C.M.B > > > > The Kings Buildings > > > > Mayfield Road > > > > Edinburgh EH9 3JZ > > > > > > > > > > > > > > > Best wishes, > > > > Mike > > > > ............................................................................... > > Mike Robinson Email: M.Robinson@ed.ac.uk > > EUCS Tel: 0131 650 5015 > > The University of Edinburgh Fax: 0131 650 8748 > > J.C.M.B > > The Kings Buildings > > Mayfield Road > > Edinburgh EH9 3JZ > From lkcl at samba.org Mon Jan 10 19:56:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Roaming Profiles In-Reply-To: <387A27E0.720B5E5E@valinux.com> Message-ID: On Mon, 10 Jan 2000, Jeremy Allison wrote: > Luke Kenneth Casson Leighton wrote: > > > > this will be because 2.0.6 was never intended to be a PDC. i actually > > removed the PDC code at one point, and jeremy put it back. > > This is nothing to do with PDC support. This is a profiles > problem that also bites Win9x clients. probably - i read emails so fast (lots of them) i misunderstood this message. jean-f had to point out to me that it was a win9x issue :) > Also, if I hadn't put it back in we wouldn't have a working > RPC layer (needed for NT browsing and printing) or NT change > password support in 2.0.x - both of which we need. i took NETLOGON out, and i don't think i had NT password change at that point. i left lsarpc, srvsvc and spoolss in, so that it could be a domain member and nothing else. remember? > Stop moaning :-). oh, all right then :) From lkcl at samba.org Mon Jan 10 20:41:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Usrmgr for domains In-Reply-To: <387A2109.888FE66@oracom.com> Message-ID: On Tue, 11 Jan 2000, Glenn MacGregor wrote: > Hi all....again > > PDC Pre2.1.0 (TNG branch) and smbd and nmbd from the main > branch. When I start usrmgr for domains I just get a blank screen. Is > this a known problem? I am running many different deamons. > smbd, nmbd, browserd, lsarpcd, netlogond, samrd, spoolssd, srvsvcd, > svcctld, winregd, wkssvcd. > Do I need to run something else? mur, mu mur, mu mur... no, that looks complete. you don't really need browserd or svcctld, strictly speaking. ok, suggest you send smb.conf, domainname.map etc, plus your private/smbpasswd file (if it's short!!! and PLEASE DELETE THE PASSWORDS!) :) From bjoern.simon at ruhr-uni-bochum.de Mon Jan 10 20:52:27 2000 From: bjoern.simon at ruhr-uni-bochum.de (=?iso-8859-1?Q?Bj=F6rn?= Simon) Date: Tue Dec 2 02:27:52 2003 Subject: Readding Machine to the Domain Message-ID: <387A468B.67917155@ruhr-uni-bochum.de> Hello, I had similar problems with some NTWS while changing from a NT4.0 Server controlled domain to a Samba 2.05a controlled without changing the domain name. It worked fine for all machines, only a few other identical machines (cloned, but different SIDs) were not able to join the domain. NT seems to cache/store the actual domain name somewhere. Workaround: use another domain name first, let NTWS join the new domain, reboot NT, change the server back to the real domain name, join this domain with your NTWS, reboot NT, smile. Think about the different initial password for the first "contact" between PDC and client (eg NTWS). If you delete the client from the Samba server, you also have to "reset the account" on the client, eg joining another domain or changing to another client name and changing back afterwards. Cheers Bj?rn From gtm at oracom.com Mon Jan 10 21:02:44 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:52 2003 Subject: Usrmgr for domains References: Message-ID: <387A48F4.86E2499D@oracom.com> Luke Kenneth Casson Leighton wrote: > On Tue, 11 Jan 2000, Glenn MacGregor wrote: > > > Hi all....again > > > > PDC Pre2.1.0 (TNG branch) and smbd and nmbd from the main > > branch. When I start usrmgr for domains I just get a blank screen. Is > > this a known problem? I am running many different deamons. > > smbd, nmbd, browserd, lsarpcd, netlogond, samrd, spoolssd, srvsvcd, > > svcctld, winregd, wkssvcd. > > Do I need to run something else? > > mur, mu mur, mu mur... no, that looks complete. you don't really need > browserd or svcctld, strictly speaking. > > ok, suggest you send smb.conf, domainname.map etc, plus your > private/smbpasswd file (if it's short!!! and PLEASE DELETE THE > PASSWORDS!) :) Attached is the smb.conf file. I don't have a domainname.map file. Also attached is the smbpasswd file. I have a domaingroup.map file which is included as well. Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 -------------- next part -------------- # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = OFFICE # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /opt/samba-tng/var/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /usr/local/samba/lib/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 34 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat logon script = all.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U logon path = \\OXFORD\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no domain group map = /opt/samba-tng/private/domaingroup.map #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /opt/samba-tng/netlogon guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles] path = /opt/samba-tng/profiles browseable = no guest ok = yes writeable = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /usr/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %U option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 -------------- next part -------------- oxford$:10102:A91A7258CAD6D161AAD3B435B51404EE:148E8D5873304F6F5D6AFDD9C42D4EBB:[W ]:LCT-3879EC56: celis$:10001:186FBF570CF671478AC66FA3D140D8CC:186FBF570CF671478AC66FA3D140D8CC:[W ]:LCT-3879EE2B: gtm:1007:xxxxxxxxxxxxxxxxxxxxx5919C61DB3D:xxxxxxxxxxxxxxxxxF124AF25151981F:[U ]:LCT-3879EC6B: scott:1001:xxxxxxxxxxxxxxxxxxxxxxxxxxxxDB3D:BB7xxxxxxxxxxxx7xxxxxxx260B35998:[U ]:LCT-3879EC77: samsmith$:10002:9C8490D5EE2535EFF9F06864D70AEE02:9C8490D5EE2535EFF9F06864D70AEE02:[W ]:LCT-387A0AE5: testuser:10100:xxxxxxxxxx645D0A94xxxxxxxxxxxxxx:xxxxxxxxAxxxxxxxxxxxxxCxxxxxxxxx:[U ]:LCT-387A1866: -------------- next part -------------- domainadmin = "Domain Admins" From lkcl at samba.org Mon Jan 10 21:20:31 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Usrmgr for domains In-Reply-To: <387A48F4.86E2499D@oracom.com> Message-ID: nothing springs to mind as immediately obvious. give me a lttle while, i'm back with my test network now, and finding all sorts of little issues. plus, run at debug log level 100, debug timestamps = no, and search the log.samr file for the first non-zero "status" message in one of the msrpc functions, let me know what happens. thx, luke On Mon, 10 Jan 2000, Glenn MacGregor wrote: > Luke Kenneth Casson Leighton wrote: > > > On Tue, 11 Jan 2000, Glenn MacGregor wrote: > > > > > Hi all....again > > > > > > PDC Pre2.1.0 (TNG branch) and smbd and nmbd from the main > > > branch. When I start usrmgr for domains I just get a blank screen. Is > > > this a known problem? I am running many different deamons. > > > smbd, nmbd, browserd, lsarpcd, netlogond, samrd, spoolssd, srvsvcd, > > > svcctld, winregd, wkssvcd. > > > Do I need to run something else? > > > > mur, mu mur, mu mur... no, that looks complete. you don't really need > > browserd or svcctld, strictly speaking. > > > > ok, suggest you send smb.conf, domainname.map etc, plus your > > private/smbpasswd file (if it's short!!! and PLEASE DELETE THE > > PASSWORDS!) :) > > Attached is the smb.conf file. I don't have a domainname.map file. Also > attached is the smbpasswd file. I have a domaingroup.map file which is > included as well. > > Thanks > > Glenn > > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > > From mgeddes at xavier.sa.edu.au Mon Jan 10 21:44:47 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals References: Message-ID: <387A52CF.4ECDCFF9@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > Despite what it says on the cover, this book is, "An expert guide to > improving the efficiency and security *OF* Windows NT". > Surely installing Samba can be classed as improving the efficiency and security of Windows NT ;-) Matt From lkcl at samba.org Mon Jan 10 21:49:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals In-Reply-To: <387A52CF.4ECDCFF9@xavier.sa.edu.au> Message-ID: On Tue, 11 Jan 2000, Matthew Geddes wrote: > Luke Kenneth Casson Leighton wrote: > > > Despite what it says on the cover, this book is, "An expert guide to > > improving the efficiency and security *OF* Windows NT". > > > > Surely installing Samba can be classed as improving the efficiency and > security of Windows NT ;-) hmmm, i think i mention that somewhere in the first few paragraphs of the introduction... From lkcl at samba.org Mon Jan 10 21:50:44 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals In-Reply-To: <387A52CF.4ECDCFF9@xavier.sa.edu.au> Message-ID: > Surely installing Samba can be classed as improving the efficiency and > security of Windows NT ;-) yep: page 1, paragraph 2. hee hee :) From mgeddes at xavier.sa.edu.au Mon Jan 10 22:02:28 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: Domain admins References: <387A168C.1BB60937@amicus.com> Message-ID: <387A56F4.5DF9FF78@xavier.sa.edu.au> Stephen Waters wrote: > "Mike.Robinson" wrote: > > > > Perhaps I was at fault having more than one user name (mike and miker) assigned > > to a single uid - although both refer to one (physical) user. I've changed this > > now, giving miker a different uid to mike. That seems to solve the problem. > > this functionality can be extremely useful. for instance, some of our > programmers need root level access to get to some of the logs so we have > a root equivalent account called "rooter". only a few select people have > the true root passwords and they are changed very frequently. if the > rooter password is suspected to have been compromised, it is simple to > disable it and still have root functioning properly. > > mind you, if they've already installed root-equiv backdoors and whatnot > then this is not so useful... but back to samba, it would be nice if > samba could understand multiple names referring to the same UID. I was under the impression that the admin users = line in smb.conf gave that NT user UID and GID 0. Has this been changed? If so, you have your remote access to logs, without the root password / second root account. Unix users could do the same with the samba client.... > > > -s > > > -------------------------------------------------------------------------------- > > > > > > > > On Mon, 10 Jan 2000, Mike.Robinson wrote: > > > > > > > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > > > > > > > "Mike.Robinson" wrote: > > > > > > > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > > > > > > > I am trying to put users into a Domain Admins group using the information in > > > > > > the FAQ. > > > > > > > > > > > > What I have is: > > > > > > > > > > > > fibratus#ypcat group |grep nt > > > > > > ntadmin:*:4219:mike,bc,cnd,ann > > > > > > automnt:*:31530: > > > > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > > > > > > > fibratus#grep domain smb.conf > > > > > > workgroup = met-domain > > > > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > > > > domain master = yes > > > > > > domain logons = yes > > > > > > > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > > > > ntadmin="Domain Admins" > > > > > > ntusers="Domain Users" > > > > > > > > > > > > fibratus#grep group /etc/nsswitch.conf > > > > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > > > > group: files nis > > > > > > netgroup: nis > > > > > > > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > > > > administrator privilegs. The samba logs do not appear to have anything that > > > > > > sheds any light on the matter. > > > > > I use the latest samba from cvs(see my homepage > > > > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > > > > this problem just today. Your smb.conf and your domaingroup.map > > > > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > > > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > > > > > > > This works: > > > > > > > > > > /etc/group > > > > > ntadmin::101: > > > > > > > > > > /etc/passwd > > > > > lk:x:6010:101::/home/lk:/bin/sh > > > > > > > > > > lk is "Domain Admin". > > > > > > > > > > Hope this helps. > > > > > > > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > > > > . > > > > > > > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > > > > miker instead of mike. Although miker was not in smbpasswd or in the nis group > > > > it is in the NIS passwd (intentionally - with the same user id but different > > > > shell). > > > > > > > > Not sure why it does this since: > > > > > > > > fractus#groups miker > > > > eucsup wheel > > > > > > > > fractus#groups mike > > > > eucsup wheel met erdas ntadmin ntusers www > > > > > > > > - but putting miker into smbpasswd and logging in as miker instead circumvents > > > > the problem? > > > > > > > > ****** Is this a bug in the samba software? ******* > > > > > > > > Best wishes, > > > > > > > > Mike > > > > > > > > ............................................................................... > > > > Mike Robinson Email: M.Robinson@ed.ac.uk > > > > EUCS Tel: 0131 650 5015 > > > > The University of Edinburgh Fax: 0131 650 8748 > > > > J.C.M.B > > > > The Kings Buildings > > > > Mayfield Road > > > > Edinburgh EH9 3JZ > > > > > > > > > > > > > > > Best wishes, > > > > Mike > > > > ............................................................................... > > Mike Robinson Email: M.Robinson@ed.ac.uk > > EUCS Tel: 0131 650 5015 > > The University of Edinburgh Fax: 0131 650 8748 > > J.C.M.B > > The Kings Buildings > > Mayfield Road > > Edinburgh EH9 3JZ From mgeddes at xavier.sa.edu.au Mon Jan 10 22:13:32 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals References: Message-ID: <387A598C.F026DCF0@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > > Surely installing Samba can be classed as improving the efficiency and > > security of Windows NT ;-) > > yep: page 1, paragraph 2. > > hee hee :) *That* late in the book. I would have thought that it would have been the book..... Simon, I have seen other (truly) independent tests - I think ZDNet did some. They all say that Samba / Linux is up to 2.5 times better than NT at it's own job. Windows NT is a little better than Samba for up to 16 users and then it tends to go rapidly downhill. He He He.... I'll try and dig up some links.... Matt From mgeddes at xavier.sa.edu.au Mon Jan 10 22:36:49 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: [Fwd: DCE/RPC over SMB: Samba and Windows NT Domain Internals] Message-ID: <387A5F01.550C0D48@xavier.sa.edu.au> Matthew Geddes wrote: > Simon Murcott wrote: > > > On Tue, 11 Jan 2000, Matthew Geddes wrote: > > > > Simon, I have seen other (truly) independent tests - I think ZDNet did > > some. They all say that Samba / Linux is up to 2.5 times better than NT at > > it's own job. Windows NT is a little better than Samba for up to 16 users > > and then it tends to go rapidly downhill. He He He.... I'll try and dig up > > > > > some links.... > > > > Cool I could do with some ammo to aim at my fellow workmates :) > > > > A little out of date, but so is NT apparently (Hooray for Windows 2000, for > it... is...... well......... the same as NT, but with IE5 and more bloat - oh > yeah, and the "updated" (incompatible) NTFS) > > http://www.zdnet.com/products/stories/reviews/0,4161,396321,00.html > > According to this one, Samba is hard to configure and expensive to maintain. It > hasn't cost me a cent yet (it's saved me a little time and came to the rescue of > a couple of major South Australian hospitals a few times). > http://www.zdnet.com/products/stories/reviews/0,4161,394079,00.html > > And finally, a bunch of Linux related articles. Some are good. > http://www.zdnet.com/sr/filters/linux/ > Matt From lkcl at samba.org Mon Jan 10 22:33:47 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals In-Reply-To: <387A598C.F026DCF0@xavier.sa.edu.au> Message-ID: On Tue, 11 Jan 2000, Matthew Geddes wrote: > Luke Kenneth Casson Leighton wrote: > > > > Surely installing Samba can be classed as improving the efficiency and > > > security of Windows NT ;-) > > > > yep: page 1, paragraph 2. > > > > hee hee :) > > *That* late in the book. I would have thought that it would have been the > book..... > > Simon, I have seen other (truly) independent tests - I think ZDNet did > some. They all say that Samba / Linux is up to 2.5 times better than NT at > it's own job. Windows NT is a little better than Samba for up to 16 users > and then it tends to go rapidly downhill. He He He.... I'll try and dig up > some links.... 12 users, not 16. From mgeddes at xavier.sa.edu.au Mon Jan 10 22:47:25 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals References: Message-ID: <387A617D.58D5230@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > On Tue, 11 Jan 2000, Matthew Geddes wrote: > > > Luke Kenneth Casson Leighton wrote: > > > > > > Surely installing Samba can be classed as improving the efficiency and > > > > security of Windows NT ;-) > > > > > > yep: page 1, paragraph 2. > > > > > > hee hee :) > > > > *That* late in the book. I would have thought that it would have been the > > book..... > > > > Simon, I have seen other (truly) independent tests - I think ZDNet did > > some. They all say that Samba / Linux is up to 2.5 times better than NT at > > it's own job. Windows NT is a little better than Samba for up to 16 users > > and then it tends to go rapidly downhill. He He He.... I'll try and dig up > > some links.... > > 12 users, not 16. Sorry ;-) From sdseal at magma.ca Mon Jan 10 22:54:46 2000 From: sdseal at magma.ca (Stephen Seal) Date: Tue Dec 2 02:27:52 2003 Subject: Windows Login Test tools In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F812B9@icex1.cc.ic.ac.uk> References: <0846B011B9A4D111A1EE006097DA4FCE02F812B9@icex1.cc.ic.ac.uk> Message-ID: <20000110.22544600@stinky.sealtex.ca> >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 1/7/00, 2:34:39 PM, "Mayers, P J" wrote regarding RE: Windows Login Test tools: > There are no such tools. If the PDC is a samba one, look in the log files. > If it's an NT one, then it's a little more difficult - try resetting the > users profile (delete everything in the profile directory), that's a common > one. Check NetBIOS and TCP/IP connectivity. Use a WINS server if you're not > already. Check that the PCs in the network are only running TCP/IP - IPX and > NetBEui complicate browser election. OK, I'll check into it. > I'm afraid "some such nonsense" is simply not good enough, even if they were > a non-technical user. What was the exact error message? Service packs at > each end? Actually, the comment is my editorializing, but point taken. > I suspect it's profile related. I'll look into it. Thanks for the pointer. Steve > Cheers, > Phil > -----Original Message----- > From: Stephen Seal > To: Multiple recipients of list SAMBA-NTDOM > Sent: 1/7/00 7:00 PM > Subject: Windows Login Test tools > Hi everyone: > I'm hoping that someone on these lists can help. > I've been trying to find a test tool for Win95/98/NT that can help > diagnose problems with NT Domain login and authentication. I'm hoping > that someone in the Samba community has a tool or knows where to find > a REALLY GOOD description/overview of the NT Domain login process. > Here's my problem scenario: If a user (a non technical user I might > add) remotely connects to a network, and submits their > username/password to a PDC, they sometimes get the "very helpful" > Windows message "Cannot log in to the Domain" (or similar nonsense). > What can be done at this point to help diagnose this problem? There > appears to be no Windows tool to help resolve WHY they can't log in. > Can anyone help? > Frustratinly yours, > Steve From cynthia at email.webgalaxy.com Tue Jan 11 02:07:48 2000 From: cynthia at email.webgalaxy.com (Cynthia LaPier) Date: Tue Dec 2 02:27:52 2003 Subject: LDAP Message-ID: Some of the Samba documentation refers to an install "with LDAP" could someone please tell me how I do this??? I want to have mail users authenticate against an NT LDAP server. Thanks for your help. CLP Cynthia LaPier IT Development Web Galaxy, Inc. 1001 West Seneca Street, Suite 100 Ithaca, New York 14850 Phone: 607.256.5150 Fax: 607.256.2967 From Daniel.Sandmeier at ca.kamp.net Tue Jan 11 07:41:05 2000 From: Daniel.Sandmeier at ca.kamp.net (Daniel Sandmeier) Date: Tue Dec 2 02:27:52 2003 Subject: What is Samba_TNG? Message-ID: <387ADE91.5417F583@hwk-do.de> Hi everyone, perhaps this is a really stupid question, but I couldn't find any documentation about it. So, what exactly is Samba_TNG? What does the TNG stand for? It would be nice if someone could explain, or at least could send a link to an online documentation. Thanx DerSandos From mg at plum.de Tue Jan 11 08:26:45 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:52 2003 Subject: What is Samba_TNG? References: <387ADE91.5417F583@hwk-do.de> Message-ID: <387AE945.AA01248D@plum.de> Daniel Sandmeier wrote: > > Hi everyone, > > perhaps this is a really stupid question, but I couldn't find any > documentation about it. So, what exactly is Samba_TNG? What does the TNG > stand for? > > It would be nice if someone could explain, or at least could send a link > to an online documentation. The Samba TNG (The Next Generation) is the "old" 2.1.pre Tree. There were some reshufflings in the CVS lately ... Basicly the TNG tree is the tree for NT Domain logons. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From inge at cc.uit.no Tue Jan 11 09:58:01 2000 From: inge at cc.uit.no (=?iso-8859-1?Q?Inge=2DH=E5vard?= Hunstad) Date: Tue Dec 2 02:27:52 2003 Subject: LDAP References: Message-ID: <387AFEA9.B4E49554@cc.uit.no> Cynthia LaPier wrote: > > Some of the Samba documentation refers to an install "with LDAP" could > someone please tell me how I do this??? I want to have mail users > authenticate against an NT LDAP server. Thanks for your help. CLP > A good place to start is the Samba-PDC LDAP howto made by Ignacio Coupeau: http://www.unav.es/cti/ldap-smb-howto.html I would also recomend this LDAP faq for general LDAP info: http://www.openldap.org/faq/data/cache/1.html I have a question for you: How does your mail users relate to samba? As I understood it the ldap server answers on a specific port. As long as your machine are allowed to speak to the machine, where the LDAP server is located, on this specific port you shouldn't need to worry about the operating system the the server is running under. Please correct me someone if I'm wrong. Regards, Inge-H?vard From lkcl at samba.org Tue Jan 11 10:16:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: What is Samba_TNG? In-Reply-To: <387ADE91.5417F583@hwk-do.de> Message-ID: On Tue, 11 Jan 2000, Daniel Sandmeier wrote: > Hi everyone, > > perhaps this is a really stupid question, but I couldn't find any > documentation about it. So, what exactly is Samba_TNG? What does the TNG > stand for? Samba, The Next Generation. ... or Samba, Dis No Good. > It would be nice if someone could explain, or at least could send a link > to an online documentation. there's always the archives. http://samba.org/listproc. been discussed for _days_ now. there's also a source/README. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From s_colombo at iol.it Wed Jan 12 10:40:35 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:52 2003 Subject: Samba used as client Message-ID: Hi all , maybe a dumb ,or old , question please forgive me if it's the case Is there a way I can use a samba server to mount a NT share ? TIA Stefano From M.Brendel at net.hcc.nl Tue Jan 11 11:43:39 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:52 2003 Subject: Bug in SAMBA_TNG from 10-1-2000 Message-ID: <3.0.3.32.20000111124339.00912ec0@pop5.inter.nl.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 3139 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000111/f5bb0879/attachment.bin From lkcl at samba.org Tue Jan 11 12:54:49 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Bug in SAMBA_TNG from 10-1-2000 In-Reply-To: <3.0.3.32.20000111124339.00912ec0@pop5.inter.nl.net> Message-ID: michiel, please recompile with ./configure.developer and do another gdb, i need to know exactly where it's terminating (which line number, what function arguments). also please show any local variables if you think they may be relevant. use up and print var_name or print *var_name if it's a pointer. thx! On Tue, 11 Jan 2000, Michiel Brendel wrote: > Hello, > > > Today I tried to start running Samba_TNG from 10-1-2000 around 21:00 > hours, dutch time. > > When I try to logon the samba server with nt 4 sp 5 NETLOGON (log level > 20) gifs the following error message: > > > [2000/01/11 11:55:04, 10] > rpc_parse/parse_prs.c:_prs_uint16(539) > > 0008 frag_len : 0024 > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint16(539) > > 000a auth_len : 0000 > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint32(591) > > 000c call_id : 00000001 > > [2000/01/11 11:55:04, 5] rpc_parse/parse_prs.c:prs_debug(34) > > 000010 smb_io_rpc_hdr_resp resp > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint32(591) > > 0010 alloc_hint: 0000000c > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint16(539) > > 0014 context_id: f964 > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint8(515) > > 0016 cancel_ct : ff > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint8(515) > > 0017 reserved : bf > > [2000/01/11 11:55:04, 10] > rpc_server/srv_pipe_srv.c:create_rpc_reply(64) > > create_rpc_reply: finished sending > > [2000/01/11 11:55:04, 10] lib/msrpc-client.c:msrpc_send(93) > > msrpc_send_prs: data: 0x80e1c70 len 36 > > [2000/01/11 11:55:04, 10] lib/util.c:dump_data(3056) > > [000] 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 00 ........ > $....... > > [010] 0C 00 00 00 64 F9 FF BF 61 0E 2C AF 3E BE 30 81 ....d... > a.,.>.0. > > [020] 00 00 00 00 .... > > [2000/01/11 11:55:04, 6] lib/util_sock.c:write_socket(188) > > write_socket(11,36) > > [2000/01/11 11:55:04, 6] lib/util_sock.c:write_socket(191) > > write_socket(11,36) wrote 36 > > [2000/01/11 11:55:04, 0] lib/fault.c:fault_report(40) > > =============================================================== > > [2000/01/11 11:55:04, 0] lib/fault.c:fault_report(41) > > INTERNAL ERROR: Signal 11 in pid 1950 (2.1.0-prealpha) > > Please read the file BUGS.txt in the distribution > > [2000/01/11 11:55:04, 0] lib/fault.c:fault_report(43) > > =============================================================== > > [2000/01/11 11:55:04, 0] lib/util.c:smb_panic(2561) > > PANIC: internal error > > > > > gdb /opt/samba/bin/smbd /opt/samba/core says: > > > GNU gdb 4.18 > > This GDB was configured as "i386-redhat-linux"... > > Core was generated by `/opt/samba/bin/smbd -D'. > > Program terminated with signal 6, Aborted. > > Reading symbols from /usr/lib/libreadline.so.3...done. > > Reading symbols from /lib/libdl.so.2...done. > > Reading symbols from /lib/libcrypt.so.1...done. > > Reading symbols from /lib/libpam.so.0...done. > > Reading symbols from /usr/lib/libncurses.so.4...done. > > Reading symbols from /lib/libc.so.6...done. > > Reading symbols from /lib/libtermcap.so.2...done. > > Reading symbols from /lib/ld-linux.so.2...done. > > Reading symbols from /lib/libnss_files.so.2...done. > > Reading symbols from /lib/libnss_nisplus.so.2...done. > > Reading symbols from /lib/libnsl.so.1...done. > > Reading symbols from /lib/libnss_nis.so.2...done. > > Reading symbols from /lib/libnss_dns.so.2...done. > > Reading symbols from /lib/libresolv.so.2...done. > > #0 0x400ce4e1 in __kill () from /lib/libc.so.6 > > > > > Michiel > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lk at netuse.de Tue Jan 11 13:04:27 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:52 2003 Subject: Today usermanager doesn't work anymore Message-ID: <387B2A5B.D9397FAD@netuse.de> Hello! I recompiled everything today. Yesterday the usermanager was showing only the groups from domain group map and no users. Today the usermanager shows the user and no groups. After the usermanager had shown the users, a window pops up "a rpc call was not succesfull" (translated from german). And rpcclient exits whith a message: "bus error". Should i send some logfiles? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From umehlig at uni-bremen.de Tue Jan 11 14:19:58 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:27:52 2003 Subject: dificulties to log in domain Message-ID: <200001111419.PAA16252@pandora3.localnet> Hello out there, today I downloaded the CVS of the TNG branch. Compiled it successfully and started smbd, nmbd and all the other daemons. Afterwards, I renewed the machine accounts for "pandora3" (my Samba server) and "pseudo" (a vmware virtual machine with German NT 4.0/SP5) by doing smbpasswd -a -m pandora3 smbpasswd -a -m pseudo This produced smbpasswd entries like this (passphrases replaced by *): pandora3$:9999:*:*:[W ]:LCT-387B20FE: pseudo$:8000:*:*:[W ]:LCT-387B339B: File "OLYMP.SID" (OLYMP is the domain name) contains S-1-5-21-4087483020-4273277335-1947210404 Afterwards, I tried to enter the domain, but it did not work (some NT error message saying that I had to look after my domain account). In log.pseudo I found [2000/01/11 13:01:17, 1] lib/util.c:map_nt_and_unix_username(3647) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_password_lock(78) trust_password_lock: cannot open file /usr/local/samba/private/OLYMP.PANDORA3.mac - Error was Datei oder Verzeichnis nicht gefunden. [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_get_passwd(239) trust_get_passwd: unable to open the trust account password file for trust PANDORA3 in domain OLYMP. (Datei oder Verzeichnis nicht gefunden = File or directory not found) After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported having joined domain OLYMP as PDC and produced a file OLYMP.PANDORA3.mac in .../private: 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: Nevertheless, I was not able to join the domain with the client. The next thing I tried is giving the Unix root user a smbpasswd (different form the Unix passwd) and putting "root" and that passwd in the "add to domain" dialog on the NT client (before I hadn't enabled that option, because I thought just adding a machine passwd by smbpasswd -m should be enough). Now the client reported having joined the domain. But after rebooting I was not able to login as a domain user (having added an entry to smbpasswd with "smbpasswd -a username"). I can access all the shares, but after login (which is possible probably due to an old local copy of the user profile from my experiments with 2.0.x as PDC) there is a message that the computer couldn't connect to a PDC in OLYMP. In log.pseudo there is a message [2000/01/11 14:44:41, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(150) domain_client_validate: unable to validate password for user PSEUDO$ in domain OLYMP to Domain controller \\.. Any suggestions? Many thanks for your attention, Ulf Mehlig ---------------------------------------------------------------------- Samba is configured with # Global parameters workgroup = OLYMP netbios name = PANDORA3 server string = Samba Server encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n *changed* unix password sync = Yes log file = /usr/local/samba/var/log.%m max log size = 50 time server = Yes domain group map = /usr/local/samba/private/domaingroup.map logon script = sysstart.cmd logon path = \\%L\profiles\%U logon home = \\%L\%U domain logons = Yes os level = 17 preferred master = True domain master = True dns proxy = No wins support = Yes vfs option = [homes] comment = Home Directories read only = No create mask = 0644 preserve case = No short preserve case = No browseable = No vfs option = [netlogon] comment = Network Logon Service path = /home/netlogon share modes = No vfs option = [profiles] comment = Benutzerprofile path = /home/nt_profiles read only = No create mask = 0700 directory mask = 0700 vfs option = -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From mike at psand.net Tue Jan 11 15:38:26 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:52 2003 Subject: Samba 2.1 and W2K Message-ID: <003d01bf5c4a$2f48d1e0$0164a8c0@win981> I seem to be forever on about W2K at the moment.... Looking at the latest samba development CVS, got mine on the 10/01/2000 after a spell away for Christmas and the New Year, I notice that smbd and nmbd have been breeding into numerous services similar in name (and presumably function) to those in Windows NT. I have a Red Hat 6.x init script to start all these services, if anybody wants it - its at http://www.psand.net/scripts/samba/smb-2.1 Right, the reason for this email is to ask if theres any document around (or if anybody can give me some guidance) about how to simply (!?) set-up my Samba 2.1 as a PDC and join a single W2K Professional RC3 client to that domain. And in fact, with Samba 2.1, I cannot currently seem to join a NT4 Workstation to the domain either. Help would be much appreciated, I've scoured the hundreds of entires in this mailing list that I missed over Christmas in the hope I might find something, but to no avail. Am I missing a vital README or bit of information somewhere?? Thanks in advance, Mike Harris Psand Espa?a. -------------- next part -------------- HTML attachment scrubbed and removed From mike at psand.net Tue Jan 11 16:44:24 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:52 2003 Subject: Samba 2.1 and W2K References: <003d01bf5c4a$2f48d1e0$0164a8c0@win981> <387B4CFD.9EF9E9A3@cc.uit.no> Message-ID: <006c01bf5c53$204e3320$0164a8c0@win981> Sorry Inge, posted the message before I put the script up there, try: www.psand.net/scripts/samba/smb-2.1.html Mike. ----- Original Message ----- From: Inge-H?vard Hunstad To: Sent: Tuesday, January 11, 2000 3:32 PM Subject: Re: Samba 2.1 and W2K > > Mike Harris wrote: > > > in name (and presumably function) to those in Windows NT. I have a > > Red Hat 6.x init script to start all these services, if anybody wants > > it - its at http://www.psand.net/scripts/samba/smb-2.1 > > I get a "403 Forbidden" when trying to get the script. > > regards, > > inge From mike at psand.net Tue Jan 11 17:07:10 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:52 2003 Subject: W2K and OS levels. Message-ID: <00b001bf5c56$4ff0fec0$0164a8c0@win981> Does any body out there know what the OS levels are for Windows 2000 Professional and Server and consequently, the minimum OS level required for Samba to over-ride them to be a DMB ?? I know that os level=65 seems to do the trick, but I'd like to be more accurate. Also, is there a way of discovering this value from within W2K or via the use of rpcclient ?? Thanks in advance, Mike Harris, Psand Espa?a. -------------- next part -------------- HTML attachment scrubbed and removed From cartegw at Eng.Auburn.EDU Tue Jan 11 17:04:48 2000 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:27:52 2003 Subject: W2K and OS levels. In-Reply-To: <00b001bf5c56$4ff0fec0$0164a8c0@win981> Message-ID: On Wed, 12 Jan 2000, Mike Harris wrote: > Does any body out there know what the OS levels are for Windows 2000 > Professional and Server and consequently, the minimum OS level > required for Samba to over-ride them to be a DMB ?? > > I know that os level=65 seems to do the trick, but I'd like to be more > accurate. > > Also, is there a way of discovering this value from within W2K or via > the use of rpcclient ?? > I just posted this to Samba-technical. Windows 2000 Server as a DC 32 Windows 2000 Server as standalone 16 Windows 2000 Professional 16 jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From kellermg at potsdam.edu Tue Jan 11 17:20:47 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:27:52 2003 Subject: Printing Accounting References: Message-ID: <387B666F.32B602C5@potsdam.edu> Jean Francois Micouleau wrote: > > On Mon, 10 Jan 2000, Michael Glauche wrote: > > > Yes .. IIRC that is possible when using postscript printers. > > You should give the LPRng project some closer look, (www.lprng.org) > > It comes with some filters that DO printing accounting for postscrpipt > > printers. (They just count the "begin page" words in postscript > > documents :) > > But ... this is more a LPR issue than a samba issue ... :) > > yep. but you can hack postscript files to return a null number of pages > whatever the real number is. A crafty user can hack your print spooler. :) The LPRng solution is ideal for most environs. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From s.striker at striker.nl Tue Jan 11 15:29:53 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:52 2003 Subject: Samba 2.1 and W2K In-Reply-To: <003d01bf5c4a$2f48d1e0$0164a8c0@win981> Message-ID: <006401bf5c48$b50e57c0$0a00a8c0@office.striker.nl> Hi, The information that you seek is at http://www.kneschke.de/projekte/samba_tng and in samba/source/README of the SAMBA_TNG branch. However I don't think W2K is mentioned there... For developments, look at some back issues of the Kernel Cousin for Samba http://kt.linuxcare.com/KC/samba/ Greetings, Sander Striker > I seem to be forever on about W2K at the moment.... > Looking at the latest samba development CVS, got mine on the 10/01/2000 after a spell away for > Christmas and the New Year, I notice that smbd and nmbd have been breeding into numerous services > similar in name (and presumably function) to those in Windows NT. I have a Red Hat 6.x init script > to start all these services, if anybody wants it - its at http://www.psand.net/scripts/samba/smb-2.1 > Right, the reason for this email is to ask if theres any document around (or if anybody can give me > some guidance) about how to simply (!?) set-up my Samba 2.1 as a PDC and join a single W2K > Professional RC3 client to that domain. And in fact, with Samba 2.1, I cannot currently seem to join > a NT4 Workstation to the domain either. > Help would be much appreciated, I've scoured the hundreds of entires in this mailing list that I > missed over Christmas in the hope I might find something, but to no avail. Am I missing a vital > README or bit of information somewhere?? From SRuth at LANDAM.com Tue Jan 11 18:55:38 2000 From: SRuth at LANDAM.com (Ruth, Sven) Date: Tue Dec 2 02:27:52 2003 Subject: Samba used as client Message-ID: <6768A16CA846D3119104009027998CC3028FE57C@LANDE04> Hello, try using smbmount. man pages are available for this command. Sven -----Original Message----- From: Stefano Colombo [mailto:s_colombo@iol.it] Sent: Tuesday, January 11, 2000 5:42 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Samba used as client Hi all , maybe a dumb ,or old , question please forgive me if it's the case Is there a way I can use a samba server to mount a NT share ? TIA Stefano From lkcl at samba.org Tue Jan 11 20:58:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:53 2003 Subject: dificulties to log in domain In-Reply-To: <200001111419.PAA16252@pandora3.localnet> Message-ID: hi, you also need to do smbpasswd -j OLYMP. On Wed, 12 Jan 2000, Ulf Mehlig wrote: > Hello out there, > > today I downloaded the CVS of the TNG branch. Compiled it successfully > and started smbd, nmbd and all the other daemons. Afterwards, I > renewed the machine accounts for "pandora3" (my Samba server) and > "pseudo" (a vmware virtual machine with German NT 4.0/SP5) by doing > > smbpasswd -a -m pandora3 > smbpasswd -a -m pseudo > > This produced smbpasswd entries like this (passphrases replaced by *): > > pandora3$:9999:*:*:[W ]:LCT-387B20FE: > pseudo$:8000:*:*:[W ]:LCT-387B339B: > > File "OLYMP.SID" (OLYMP is the domain name) contains > > S-1-5-21-4087483020-4273277335-1947210404 > > Afterwards, I tried to enter the domain, but it did not work (some NT > error message saying that I had to look after my domain account). In > log.pseudo I found > > [2000/01/11 13:01:17, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_password_lock(78) > trust_password_lock: cannot open file /usr/local/samba/private/OLYMP.PANDORA3.mac - Error was > Datei oder Verzeichnis nicht gefunden. > [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_get_passwd(239) > trust_get_passwd: unable to open the trust account password file for trust PANDORA3 in domain > OLYMP. > > (Datei oder Verzeichnis nicht gefunden = File or directory not found) > > After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported > having joined domain OLYMP as PDC and produced a file > OLYMP.PANDORA3.mac in .../private: > > 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: > > Nevertheless, I was not able to join the domain with the client. The > next thing I tried is giving the Unix root user a smbpasswd (different > form the Unix passwd) and putting "root" and that passwd in the "add > to domain" dialog on the NT client (before I hadn't enabled that > option, because I thought just adding a machine passwd by smbpasswd > -m should be enough). Now the client reported having joined the > domain. But after rebooting I was not able to login as a domain user > (having added an entry to smbpasswd with "smbpasswd -a username"). I > can access all the shares, but after login (which is possible probably > due to an old local copy of the user profile from my experiments with > 2.0.x as PDC) there is a message that the computer couldn't connect to > a PDC in OLYMP. In log.pseudo there is a message > > [2000/01/11 14:44:41, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(150) > domain_client_validate: unable to validate password for user PSEUDO$ in domain > OLYMP to Domain controller \\.. > > Any suggestions? > > Many thanks for your attention, > Ulf Mehlig > > > > ---------------------------------------------------------------------- > Samba is configured with > > # Global parameters > workgroup = OLYMP > netbios name = PANDORA3 > server string = Samba Server > encrypt passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n *changed* > unix password sync = Yes > log file = /usr/local/samba/var/log.%m > max log size = 50 > time server = Yes > domain group map = /usr/local/samba/private/domaingroup.map > logon script = sysstart.cmd > logon path = \\%L\profiles\%U > logon home = \\%L\%U > domain logons = Yes > os level = 17 > preferred master = True > domain master = True > dns proxy = No > wins support = Yes > vfs option = > [homes] > comment = Home Directories > read only = No > create mask = 0644 > preserve case = No > short preserve case = No > browseable = No > vfs option = > [netlogon] > comment = Network Logon Service > path = /home/netlogon > share modes = No > vfs option = > > [profiles] > comment = Benutzerprofile > path = /home/nt_profiles > read only = No > create mask = 0700 > directory mask = 0700 > vfs option = > > -- > ====================================================================== > Ulf Mehlig > Center for Tropical Marine Ecology/ZMT, Bremen, Germany > ---------------------------------------------------------------------- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From s_colombo at iol.it Wed Jan 12 20:46:25 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:53 2003 Subject: Samba & cadds5 Message-ID: Hi all Since this mailing list has proven to be so helpful here I am again in searching of any tips anyone would be so kind to give. A customer of our runs several PC workstations with a CAD sw CADDS5 , and several Unix boxes used as files servers with Samba of course. Recently Samba has been upgraded from 1.9xx release to the 2.06 . Since then a major problem has been reported by the customer. CADDS5 seems to use a proprietary way to list files and directory ,and after samba's upgrade it doesn't work anymore. The smb.conf hasn't changed and other programs on the PC like Word works properly , even if slowly. I'm not a CADDS5 engineer ,nor I know how it works , so I wonder if anyone knows what this problem might be , or if it is already seen . As usual thanks in advance. Stefano Colombo ( scolombo@cdmtc.it ) -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2072 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/78d359e2/winmail.bin From lkcl at samba.org Tue Jan 11 22:07:49 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:53 2003 Subject: [samba-tng] status Message-ID: i had some memory uninitialisation issues after UNICODE strings, so i do a memset(.. 0.. ) on all NDR marshalling, now. this cleared up a lot of problems. i've yet to test usrmgr. thx 4 all the reports, keep 'em coming! i'm getting a bit swamped by them all, however, so i may just have to try to run through a series of tests against NT and see what breaks, myself. thx ppl! luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From eriks at ci.conover.nc.us Tue Jan 11 22:29:34 2000 From: eriks at ci.conover.nc.us (erik schlichting) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please Message-ID: <387BAECE.6B43365A@ci.conover.nc.us> Hi I am the de-facto administrator of our city's Sun box(Solaris 2.6). I know very little about networking. This machine was set up with Samba(v1.9.18) by an administrator that is no longer with the city. The rest of the city runs on an NT network, which I know even less about. I have no administrative rights or responsibilities on the NT network. The UNIX box houses ArcInfo GIS files which are shared out to NT users, who have limited accounts (no home directory) on the sun machine. Not all the city's users have accounts on the Sun. Here's the problem: lately, the Sun machine has been getting promoted to PDC daily, which of course causes havoc with the users when they can't log in. The NT administrators can't solve the problem (other than "It's Samba. you must bring it down" or reboot their machine), and I don't know what to tell them. I know this happened when Samba was first installed, but then solved & went w/o a hitch for months. Have others had this problem, and can you offer some advice? Is it NT or Unix having troubles? Is it really Samba causing the problem? Thanks -- Erik Schlichting GIS Coordinator City of Conover, NC Phone: (828)464-1191 Fax: (828)465-5177 From mgeddes at xavier.sa.edu.au Tue Jan 11 22:52:58 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please References: <387BAECE.6B43365A@ci.conover.nc.us> Message-ID: <387BB449.1014FB2E@xavier.sa.edu.au> erik schlichting wrote: > Hi > > I am the de-facto administrator of our city's Sun > box(Solaris 2.6). I know very little about networking. This > machine was set up with Samba(v1.9.18) by an administrator > that is no longer with the city. The rest of the city runs > on an NT network, which I know even less about. I have no > administrative rights or responsibilities on the NT network. > > The UNIX box houses ArcInfo GIS files which are shared out > to NT users, who have limited accounts (no home directory) > on the sun machine. Not all the city's users have accounts > on the Sun. > > Here's the problem: lately, the Sun machine has been getting > promoted to PDC daily, which of course causes havoc with the > users when they can't log in. The NT administrators can't > solve the problem (other than "It's Samba. you must bring it > down" or reboot their machine), and I don't know what to > tell them. I know this happened when Samba was first > installed, but then solved & went w/o a hitch for months. > > Have others had this problem, and can you offer some advice? > Is it NT or Unix having troubles? Is it really Samba causing > the problem? Samba is promoting *itself* to PDC? Do you mean Master Browser? What version of Samba? Is there any info in the log files? Matt From benski at pacbell.net Tue Jan 11 23:14:50 2000 From: benski at pacbell.net (Benjamin Hyatt) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please In-Reply-To: <387BB449.1014FB2E@xavier.sa.edu.au> Message-ID: I agree with Matt, Take a look at your log files, usually in /usr/local/samba/var/log.smb & log.nmb I would also closely examine your smb.conf file (/usr/local/samba/lib/smb.conf). {Ben} > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Matthew Geddes > Sent: Tuesday, January 11, 2000 2:47 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: rookie help, please > What version of Samba? Is there any info in the log files? > > Matt From gaurav at carroll.com Tue Jan 11 23:28:23 2000 From: gaurav at carroll.com (G. Naik) Date: Tue Dec 2 02:27:53 2003 Subject: TSE and Samba PDC Message-ID: I have Windows NT Terminal Server set up as a "stand-alone" server in my network. I was wondering, if anyone has/is used/using Samba as the PDC for Terminal Server clients. If you are, what functionality is implemented (profiles, netlogon, etc) and if you have hints or suggestions on making this type of setup working properly Thanks, any input is appreciated. --- Gaurav Naik ("g") | C A R R O L L - N E T, Inc. 201-488-1332 | www.carroll.com From sharpe at ns.aus.com Wed Jan 12 00:24:04 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please In-Reply-To: Message-ID: <3.0.6.32.20000112102404.00b6e280@mail.adelaide.on.net> At 10:12 AM 1/12/00 +1100, Benjamin Hyatt wrote: >I agree with Matt, > >Take a look at your log files, usually in /usr/local/samba/var/log.smb & >log.nmb >I would also closely examine your smb.conf file >(/usr/local/samba/lib/smb.conf). Except, of course, if you are on the most popular version of UNIX, called Linux, where they are in /var/log/samba/log.{smb,nmb,%m}. :-) >{Ben} > >> -----Original Message----- >> From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of >> Matthew Geddes >> Sent: Tuesday, January 11, 2000 2:47 PM >> To: Multiple recipients of list SAMBA-NTDOM >> Subject: Re: rookie help, please >> What version of Samba? Is there any info in the log files? >> >> Matt > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From mgeddes at xavier.sa.edu.au Tue Jan 11 23:49:17 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please References: <3.0.6.32.20000112102404.00b6e280@mail.adelaide.on.net> Message-ID: <387BC17D.FBFDF08B@xavier.sa.edu.au> Richard Sharpe wrote: > At 10:12 AM 1/12/00 +1100, Benjamin Hyatt wrote: > >I agree with Matt, > > > >Take a look at your log files, usually in /usr/local/samba/var/log.smb & > >log.nmb > >I would also closely examine your smb.conf file > >(/usr/local/samba/lib/smb.conf). > > Except, of course, if you are on the most popular version of UNIX, called > Linux, where they are in /var/log/samba/log.{smb,nmb,%m}. Unless you install using the defaults from the source. Or it's on Solaris (as the case is). Matt From cartegw at Eng.Auburn.EDU Tue Jan 11 23:53:41 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:53 2003 Subject: Usenix LISA NT 2000 conference Call for papers Message-ID: <387BC285.1361DC54@eng.auburn.edu> [------------------------------------------------------] [ Cross-posted to samba and samba-ntdom mailing lists. ] [ Apologies for duplicates. ] [------------------------------------------------------] Fyi folks, Last year I served as co-chair for this conference (LISA-NT). It provides a very good outlet for letting others know some of the extremely interesting sysadmin stuff you people are doing. And because you run Samba I know you using Windows clients in some fashion. :-) This year's conference is in Seattle, Washington, USA, from July 30 - August 2. Should be a very good program with respect to technical content. I really believe some of you could offer a lot of input with regards to NT administration, deployment and integration. The deadline for paper proposals is February 16 (that gives you about one month). This deadline does **not** require a completed paper. Just an abstract and proposal is fine. The original call for papers is at http://www.usenix.org/events/lisa-nt2000/cfp/ Here's a blurb about the conference itself... > LISA-NT 2000 will bring together peers and experts in our > field to discuss leading edge solutions that have a proven track > record of working. LISA-NT is put together by and for > Windows NT administrators who need solutions to problems > such as integration, migration, security, and management using > today's technology. We invite you to submit technical papers as > well as proposals for invited talks, panel sessions, tutorials, > and work-in-progress reports. There are also opportunities for > Birds-of-a-Feather sessions and demonstrations of products > and solutions. Please review this call for papers, prepare a > submission, and join us in making LISA-NT 2000 the premiere > conference for system administrators of distributed NT-based > environments. If you have any specific questions regarding logistics, etc..., send mail to btw...I have presented two papers in the past involving Samba and Windows NT. If you want to see them as examples, the URL's are http://www.eng.auburn.edu/~cartegw/patch32/ and http://www.eng.auburn.edu/~cartegw/non-NT_PDC/ Cheers, jerry SAMBA Team ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Steven.Gordon at motorola.com Tue Jan 11 23:53:31 2000 From: Steven.Gordon at motorola.com (Gordon Steven-QSG001) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please Message-ID: <2608E16E82ACD3118DEF0008C7CF80453373A4@tx14exm01.fwrdc.rtsg.mot.com> Try adding: local master = No to your smb.conf file. ------------------------------------------------------------------------ __/ / _ __ | /_ / /__ / /__ /__ / | MOTOROLA _/ ____/ _/ _/ ___/ _/ _/ | | Steve Gordon | Cellular Infrastructure Group (817) 245-6811 | Information Technology Services qsg001@email.mot.com | ------------------------------------------------------------------------ -----Original Message----- From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] Sent: Tuesday, January 11, 2000 4:46 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: rookie help, please erik schlichting wrote: > Hi > > I am the de-facto administrator of our city's Sun > box(Solaris 2.6). I know very little about networking. This > machine was set up with Samba(v1.9.18) by an administrator > that is no longer with the city. The rest of the city runs > on an NT network, which I know even less about. I have no > administrative rights or responsibilities on the NT network. > > The UNIX box houses ArcInfo GIS files which are shared out > to NT users, who have limited accounts (no home directory) > on the sun machine. Not all the city's users have accounts > on the Sun. > > Here's the problem: lately, the Sun machine has been getting > promoted to PDC daily, which of course causes havoc with the > users when they can't log in. The NT administrators can't > solve the problem (other than "It's Samba. you must bring it > down" or reboot their machine), and I don't know what to > tell them. I know this happened when Samba was first > installed, but then solved & went w/o a hitch for months. > > Have others had this problem, and can you offer some advice? > Is it NT or Unix having troubles? Is it really Samba causing > the problem? Samba is promoting *itself* to PDC? Do you mean Master Browser? What version of Samba? Is there any info in the log files? Matt From lblunk at yahoo.com Wed Jan 12 00:28:22 2000 From: lblunk at yahoo.com (Larry Blunk) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article Message-ID: <20000112002822.20013.qmail@web125.yahoomail.com> I just ran across the following article in Microsoft's Knowledbase. See the following URL: http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. Anyone know what this is about? __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com From karl at Denninger.Net Wed Jan 12 00:36:34 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000112002822.20013.qmail@web125.yahoomail.com>; from Larry Blunk on Wed, Jan 12, 2000 at 11:30:32AM +1100 References: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: <20000111183634.A55155@Denninger.Net> Cute. "Turn off the Samba server". How about: Format your disks, install Linux or FreeBSD, and tell Microsoft to go fuck themselves with a football - preferrably to the same regional sales force that sold you the NT crapware in the first place? I hate corporate arrogance - especially this kind of arrogance. This kind of bullshit is PRECISELY what the US DOJ was after when they threw the whole library (instead of one book) at Microsoft. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com From mgeddes at xavier.sa.edu.au Wed Jan 12 00:48:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: <387BCF7B.33F9F645@xavier.sa.edu.au> Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com It looks *remarkably* similar to erik schlichting's problem earlier this morning. I personally haven't had any problems like that with versions 2.0.6, 2.0.5a or 1.9.18. If you turned PDC support on, it would do something similar (the NT PDCs in that domain would demote themselves if they were started second) when Samba was started. Erik, did you find anything in the Samba logs? Matt BTW, I heard someone is hosting a site full of links to linux in the M$ knowledgebase. Does anyone here know the URL? From matty at samba.org Tue Jan 11 23:29:18 2000 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000112002822.20013.qmail@web125.yahoomail.com>; from lblunk@yahoo.com on Wed, Jan 12, 2000 at 11:31:05AM +1100 References: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: <20000112102917.A1127@matty.localdomain> On Wed, Jan 12, 2000 at 11:31:05AM +1100, Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. "To resolve this behavior, turn off the Samba server." :-) Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From swaters at amicus.com Wed Jan 12 00:42:03 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: <387BCDDB.162EB4F4@amicus.com> talk about brute force problem resolution. ;) they couldn't just have you edit the smb.conf file and restart the daemon now could they? -s Larry Blunk wrote: > > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com From mgeddes at xavier.sa.edu.au Wed Jan 12 01:00:50 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> <20000112102917.A1127@matty.localdomain> Message-ID: <387BD242.18BA135B@xavier.sa.edu.au> Matt Chapman wrote: > On Wed, Jan 12, 2000 at 11:31:05AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > "To resolve this behavior, turn off the Samba server." > > :-) .... and take it home with you. Go and find a job in a magical land, where they have never heard of NT and live happily ever after. > > > Matt > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member From tavis at mahler.econ.columbia.edu Wed Jan 12 01:19:49 2000 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please In-Reply-To: <2608E16E82ACD3118DEF0008C7CF80453373A4@tx14exm01.fwrdc.rtsg.mot.com> Message-ID: Another approach, if you're worried about too much reconfiguration, is to turn down the os level to something that won't override the NT servers, like 20. You should also make sure you have domain logons = no unless there are users logging onto your Samba box, and that domian master = no. Good luck, Tavis On Wed, 12 Jan 2000, Gordon Steven-QSG001 wrote: > Try adding: > > local master = No > > to your smb.conf file. > > ------------------------------------------------------------------------ > __/ / _ __ | > /_ / /__ / /__ /__ / | MOTOROLA > _/ ____/ _/ _/ ___/ _/ _/ | > | > Steve Gordon | Cellular Infrastructure Group > (817) 245-6811 | Information Technology Services > qsg001@email.mot.com | > ------------------------------------------------------------------------ > > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Tuesday, January 11, 2000 4:46 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: rookie help, please > > > erik schlichting wrote: > > > Hi > > > > I am the de-facto administrator of our city's Sun > > box(Solaris 2.6). I know very little about networking. This > > machine was set up with Samba(v1.9.18) by an administrator > > that is no longer with the city. The rest of the city runs > > on an NT network, which I know even less about. I have no > > administrative rights or responsibilities on the NT network. > > > > The UNIX box houses ArcInfo GIS files which are shared out > > to NT users, who have limited accounts (no home directory) > > on the sun machine. Not all the city's users have accounts > > on the Sun. > > > > Here's the problem: lately, the Sun machine has been getting > > promoted to PDC daily, which of course causes havoc with the > > users when they can't log in. The NT administrators can't > > solve the problem (other than "It's Samba. you must bring it > > down" or reboot their machine), and I don't know what to > > tell them. I know this happened when Samba was first > > installed, but then solved & went w/o a hitch for months. > > > > Have others had this problem, and can you offer some advice? > > Is it NT or Unix having troubles? Is it really Samba causing > > the problem? > > Samba is promoting *itself* to PDC? Do you mean Master Browser? > > > What version of Samba? Is there any info in the log files? > > Matt > -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From sharpe at ns.aus.com Wed Jan 12 02:19:32 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please In-Reply-To: References: <" <2608E16E82ACD3118DEF0008C7CF80453373A4"@tx14exm01.fwrdc.rtsg.mot.com> Message-ID: <3.0.6.32.20000112121932.00ac6370@mail.adelaide.on.net> Hi, At 12:21 PM 1/12/00 +1100, Tavis Barr wrote: > >Another approach, if you're worried about too much reconfiguration, is to >turn down the os level to something that won't override the NT servers, >like 20. You should also make sure you have domain logons = no unless there >are users logging onto your Samba box, and that domian master = no. Well, actually, as I found out when trawling through the code, os level = 20 is the default with Samba 2.0.6 and beyond ... If there are users logging onto your Samba box, they you probably have Samba as your PDC, but the advice is good. Hmmm. thinks! >Good luck, >Tavis > > >On Wed, 12 Jan 2000, Gordon Steven-QSG001 wrote: > >> Try adding: >> >> local master = No >> >> to your smb.conf file. >> >> ------------------------------------------------------------------------ >> __/ / _ __ | >> /_ / /__ / /__ /__ / | MOTOROLA >> _/ ____/ _/ _/ ___/ _/ _/ | >> | >> Steve Gordon | Cellular Infrastructure Group >> (817) 245-6811 | Information Technology Services >> qsg001@email.mot.com | >> ------------------------------------------------------------------------ >> >> -----Original Message----- >> From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] >> Sent: Tuesday, January 11, 2000 4:46 PM >> To: Multiple recipients of list SAMBA-NTDOM >> Subject: Re: rookie help, please >> >> >> erik schlichting wrote: >> >> > Hi >> > >> > I am the de-facto administrator of our city's Sun >> > box(Solaris 2.6). I know very little about networking. This >> > machine was set up with Samba(v1.9.18) by an administrator >> > that is no longer with the city. The rest of the city runs >> > on an NT network, which I know even less about. I have no >> > administrative rights or responsibilities on the NT network. >> > >> > The UNIX box houses ArcInfo GIS files which are shared out >> > to NT users, who have limited accounts (no home directory) >> > on the sun machine. Not all the city's users have accounts >> > on the Sun. >> > >> > Here's the problem: lately, the Sun machine has been getting >> > promoted to PDC daily, which of course causes havoc with the >> > users when they can't log in. The NT administrators can't >> > solve the problem (other than "It's Samba. you must bring it >> > down" or reboot their machine), and I don't know what to >> > tell them. I know this happened when Samba was first >> > installed, but then solved & went w/o a hitch for months. >> > >> > Have others had this problem, and can you offer some advice? >> > Is it NT or Unix having troubles? Is it really Samba causing >> > the problem? >> >> Samba is promoting *itself* to PDC? Do you mean Master Browser? >> >> >> What version of Samba? Is there any info in the log files? >> >> Matt >> > >-------------------------------------------------------- > >Tavis Barr ,-~~-.___. >Senior Systems Coordinator / | ' \ >Institute for Social and Economic ( ) 0 > Theory and Research \_/-, ,----' >509E Int'l Affairs Bldg ==== // >Columbia University / \-'~; /~~~(O) >212-854-4237 / __/~| / | >tavis@mahler.econ.columbia.edu =( _____| (_________| > >--------------------------------------------------------- > > > > > > > > > > > > > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From greg at discreet.com Wed Jan 12 01:40:44 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000112102917.A1127@matty.localdomain> Message-ID: Isn't this caused by NT's broken implementation that can't separate a PDC from a DMB? Freak'in M$ FUD! Greg On 12-Jan-00 Matt Chapman wrote: > On Wed, Jan 12, 2000 at 11:31:05AM +1100, Larry Blunk wrote: >> I just ran across the following article in >> Microsoft's Knowledbase. See the following URL: >> http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > "To resolve this behavior, turn off the Samba server." > >:-) > > Matt > > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From mgeddes at xavier.sa.edu.au Wed Jan 12 01:54:40 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please References: Message-ID: <387BDEE0.10BF6F02@xavier.sa.edu.au> Tavis Barr wrote: > Another approach, if you're worried about too much reconfiguration, is to > turn down the os level to something that won't override the NT servers, > like 20. You should also make sure you have domain logons = no unless there > are users logging onto your Samba box, and that domian master = no. > > Good luck, > Tavis > > On Wed, 12 Jan 2000, Gordon Steven-QSG001 wrote: > > > Try adding: > > > > local master = No > > > > to your smb.conf file. > > > > ------------------------------------------------------------------------ > > __/ / _ __ | > > /_ / /__ / /__ /__ / | MOTOROLA > > _/ ____/ _/ _/ ___/ _/ _/ | > > | > > Steve Gordon | Cellular Infrastructure Group > > (817) 245-6811 | Information Technology Services > > qsg001@email.mot.com | > > ------------------------------------------------------------------------ > > > > -----Original Message----- > > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > > Sent: Tuesday, January 11, 2000 4:46 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: rookie help, please > > > > > > erik schlichting wrote: > > > > > Hi > > > > > > I am the de-facto administrator of our city's Sun > > > box(Solaris 2.6). I know very little about networking. This > > > machine was set up with Samba(v1.9.18) by an administrator > > > that is no longer with the city. The rest of the city runs > > > on an NT network, which I know even less about. I have no > > > administrative rights or responsibilities on the NT network. > > > > > > The UNIX box houses ArcInfo GIS files which are shared out > > > to NT users, who have limited accounts (no home directory) > > > on the sun machine. Not all the city's users have accounts > > > on the Sun. > > > > > > Here's the problem: lately, the Sun machine has been getting > > > promoted to PDC daily, which of course causes havoc with the > > > users when they can't log in. The NT administrators can't > > > solve the problem (other than "It's Samba. you must bring it > > > down" or reboot their machine), and I don't know what to > > > tell them. I know this happened when Samba was first > > > installed, but then solved & went w/o a hitch for months. > > > > > > Have others had this problem, and can you offer some advice? > > > Is it NT or Unix having troubles? Is it really Samba causing > > > the problem? > > > > Samba is promoting *itself* to PDC? Do you mean Master Browser? > > > > > > What version of Samba? Is there any info in the log files? > > > > Matt > > > > -------------------------------------------------------- > > Tavis Barr ,-~~-.___. > Senior Systems Coordinator / | ' \ > Institute for Social and Economic ( ) 0 > Theory and Research \_/-, ,----' > 509E Int'l Affairs Bldg ==== // > Columbia University / \-'~; /~~~(O) > 212-854-4237 / __/~| / | > tavis@mahler.econ.columbia.edu =( _____| (_________| > > --------------------------------------------------------- I was under the impression the the OS level was for Browse list elections. In domain controlling, there are no elections. Try looking at the entries in the WINS database (look for the name that is that of the domain and has a type of 1b, check that IP against your servers). If the WINS server has changed the entries, try adding static mappings. Try an LMHOSTS file on a workstation. Add a line like [IP address] [PDCname] #PRE #DOM:[domainname] then run nbtstat -R and try logging in. run nbtstat -A [IP address] on the samba server and all Windows NT servers. See which one(s) have the [domain name] <1B> entry. (You could also Boot the Domain controllers off a Linux Install disk and follow the installation procedure. Tell samba on these machines to be the Domain Controller. No more NT = No more problems). Matt P.S. you probably won't want to follow the last one, the NT guys may get a little pissed ;-) From mgeddes at xavier.sa.edu.au Wed Jan 12 01:57:09 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387BDF75.57495A66@xavier.sa.edu.au> Greg Dickie wrote: > Isn't this caused by NT's broken implementation that can't separate a PDC from > a DMB? Freak'in M$ FUD! > > Greg > A bit like some NT admins I know.... (the not being able to tell difference between DMB / PDC, as well as the FUD) Matt From ed at schernau.com Wed Jan 12 02:12:53 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> <387BCDDB.162EB4F4@amicus.com> Message-ID: <387BE324.C723AACC@schernau.com> Stephen Waters wrote: > > talk about brute force problem resolution. ;) > they couldn't just have you edit the smb.conf file and restart the > daemon now could they? > > -s Daemon? What's that? Can I turn it off with Server Manager? Won't I have to reboot? Twice? -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From paul.l.allen at boeing.com Wed Jan 12 02:13:31 2000 From: paul.l.allen at boeing.com (Paul Allen) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> <20000111183634.A55155@Denninger.Net> Message-ID: <387BE34B.A2EE0FE9@boeing.com> Karl Denninger wrote: > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. I hope someone who *knows* the right answer will set Microsoft straight, but please don't allow this much of your passion to show. We as a community have a reputation for shoot-from-the-hip profanity- filled flamage in response to stupid attacks on Linux. It doesn't make us look very good. Well-reasoned fact-based correction of error always works much better. 'Nuff said. Also, the book has not yet been actually thrown at Microsoft. One of my Microsoft stockholding friends even told me with a straight face that nothing has been proven yet. I had a good laugh, but the fact remains that the trial is not over yet, and there will be an appeal. I'm not holding my breath. I figure if the government and Microsoft keep each other busy long enough, Linux will have plenty of time to achieve world domination. (No smileys here. I'm dead serious.) Paul Allen -- Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964 Unix Technical Support | paul.l.allen@boeing.com Boeing Phantom Works Math & Computing Technology Site Operations, POB 3707 M/S 7L-68, Seattle, WA 98124-2207 From ed at schernau.com Wed Jan 12 02:15:06 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:53 2003 Subject: That Microsoft KB article Message-ID: <387BE3AA.9167766C@schernau.com> Of course, we could all flame them on the "Did this help you solve your problem?" webform they have on the KB pages. I did. And it felt good. -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From karl at Denninger.Net Wed Jan 12 02:33:36 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BE34B.A2EE0FE9@boeing.com>; from Paul Allen on Wed, Jan 12, 2000 at 01:16:55PM +1100 References: <20000112002822.20013.qmail@web125.yahoomail.com> <20000111183634.A55155@Denninger.Net> <387BE34B.A2EE0FE9@boeing.com> Message-ID: <20000111203336.A68265@Denninger.Net> On Wed, Jan 12, 2000 at 01:16:55PM +1100, Paul Allen wrote: > Karl Denninger wrote: > > > How about: > > > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > > go fuck themselves with a football - preferrably to the same > > regional sales force that sold you the NT crapware in the first > > place? > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > > the whole library (instead of one book) at Microsoft. > > I hope someone who *knows* the right answer will set Microsoft > straight, but please don't allow this much of your passion to show. > We as a community have a reputation for shoot-from-the-hip profanity- > filled flamage in response to stupid attacks on Linux. It doesn't > make us look very good. Well-reasoned fact-based correction of > error always works much better. 'Nuff said. I understand what you speak of but must respectfully disagree. This kind of thing - "remove the piece we didn't sell you from your network" - went out of favor when IBM's monopoly on hardware and software was broken up in the mainframe world. We cannot allow it to occur here. A few thousand copies of *Not Tested* thrown back at their direct sales force (who get REALLY pushy with corporate folks) would have a rather serious impact back in Redmond in a big hurry. > Also, the book has not yet been actually thrown at Microsoft. One > of my Microsoft stockholding friends even told me with a straight > face that nothing has been proven yet. I had a good laugh, but the > fact remains that the trial is not over yet, and there will be an > appeal. I'm not holding my breath. Yeah, those findings of fact were just random musings :-) > I figure if the government and > Microsoft keep each other busy long enough, Linux will have plenty > of time to achieve world domination. (No smileys here. I'm dead > serious.) Solve the application interoperability problem for non-Microsoft software and the issue will disappear in a day. Yes, that means reverse-engineer whatever is necessary to have Winblows application software install and run on Linux. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From mgeddes at xavier.sa.edu.au Wed Jan 12 03:01:52 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> <20000111183634.A55155@Denninger.Net> <387BE34B.A2EE0FE9@boeing.com> <20000111203336.A68265@Denninger.Net> Message-ID: <387BEEA0.EBC7080F@xavier.sa.edu.au> Karl Denninger wrote: > We cannot allow it to occur here. A few thousand copies of *Not Tested* Really? I honestly thought it stood for "Needs a Terabyte". ;-) From moebius at ip-solutions.net Wed Jan 12 03:00:09 2000 From: moebius at ip-solutions.net (moebius@ip-solutions.net) Date: Tue Dec 2 02:27:53 2003 Subject: That Microsoft KB article In-Reply-To: <88256864.000CF4C6.00@notes.r-u-i.com> Message-ID: I did the same, even provided them with the correct solution to post. Harry Hoffman Product Systems Specialist Restaurants Unlimited Inc. Seattle WA 206 634-3082 ext. 270 On Wed, 12 Jan 2000, Edward Schernau wrote: > > > > > > Of course, we could all flame them on the "Did this help you solve > your problem?" webform they have on the KB pages. > > I did. And it felt good. > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth > > From lonnie at borntreger.com Wed Jan 12 03:37:06 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:53 2003 Subject: difficulties to log in domain In-Reply-To: Message-ID: <000d01bf5cae$4d3a6240$0500000a@borntreger.com> Luke, The latest TNG (9PM CST). Getting closer, I have the .mac file, so I'm assuming that something is wrong with my config. (I attached the, hopefully, relevant files). Lonnie Borntreger *** Command results *** gto-> smbpasswd -j WHNET Joining Domain as PDC error connecting to 10.0.0.7:445 (Connection refused) rpc_check_hdr: error in rpc header rpc_pipe_bind failed cli_nt_setup_creds: request challenge failed 2000/01/11 21:10:43 : change_trust_account_password: Failed to change password for domain WHNET. Unable to join domain WHNET. *** log.smb *** [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) rpc_check_hdr: error in rpc header [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) rpc_pipe_bind failed [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) cli_nt_setup_creds: request challenge failed [2000/01/11 21:10:33, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(106) domain_client_validate: credentials failed (\\.) [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) rpc_check_hdr: error in rpc header [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) rpc_pipe_bind failed [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) cli_nt_setup_creds: request challenge failed [2000/01/11 21:10:33, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(106) domain_client_validate: credentials failed (\\.) *** smbpasswd *** gto$:801:...:...:[DUWP ]:LCT-387ABF75: 67goat:21749:...:...:[U ]:LCT-38785238:Lonnie Borntreger donnab:21752:...:...:[U ]:LCT-3878523D:Donnaa Borntreger guest:60000:...:...:[U ]:LCT-3878557D:Guest *** /etc/passwd *** gto$:x:801:800:GTO:/:/bin/false *** /etc/group *** other::1:67goat,donnab,pocket0$,gto$ staff::10:root,67goat,gto$,pocket0$ samba::800:pocket0$,gto$ *** my attempts to do the group mapping *** builtingroup.map:samba = Users builtingroup.map:samba = Domain Users domaingroup.map:samba = Domain Users domaingroup.map:samba = WHNET\Users *** smb.conf *** [global] passwd chat debug = True interfaces = 10.0.0.7/255.255.255.0 dont descend = /proc,/dev,/devices server string = Borntreger PDC (%v,%h) security = user lock directory = /usr/local/samba/var/locks dead time = 15 max log size = 1000 client code page = 437 nt smb support = yes server ntlmv2 = yes client ntlmv2 = auto encrypt passwords = yes smbpasswd file = /usr/local/samba/private/smbpasswd domain group map = /usr/local/samba/lib/domaingroup.map builtin group map = /usr/local/samba/lib/builtingroup.map domain user map = /usr/local/samba/lib/domainuser.map username map = /usr/local/samba/lib/user.map null passwords = true domain logons = yes logon script = %U.bat unix realname = yes workgroup = WHNET domain master = yes name resolve order = lmhosts bcast host wins os level = 65 preferred master = yes local master = yes wins support = yes socket options = TCP_NODELAY guest account = guest hide dot files = no browseable = yes writable = yes [... shares ...] From xs at castle.bg Wed Jan 12 09:00:32 2000 From: xs at castle.bg (Ivan Iliev) Date: Tue Dec 2 02:27:53 2003 Subject: Browsing question Message-ID: <387C42B0.339C1B8C@castle.bg> Hi there, I want to achieve something, but don't know if it's possible. the background: Subnet 192.168.7.0 with Samba 2.0.6 (IRIX 6.5) acting as PDC for domain A Subnet 192.168.0.0 with NT Server 4.0 acting as PDC for domain B There are no problems with the intradomain browsing. There is a routing between the both networks. Is there a way to browse domain A from a domain B computer and vice versa? Thanks in advance Ivan From paul.rogers at mis-cds.com Wed Jan 12 08:55:52 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article Message-ID: Erm, do a search for linux on the M$ KB and read some of the articles!! Also here's one that is *particularly* relevant to this list: http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP Perhaps someone (like the powers that be) regarding samba could pop a polite e-mail to M$ explaining the solutions to their problems? Perhaps they might listen to someone with an e-mail address @samba.org??? Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. From lk at netuse.de Wed Jan 12 09:17:55 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:53 2003 Subject: Browsing question References: <387C42B0.339C1B8C@castle.bg> Message-ID: <387C46C3.C4853E5F@netuse.de> Ivan Iliev wrote: > > Hi there, > > I want to achieve something, but don't know if it's possible. > > the background: > Subnet 192.168.7.0 with Samba 2.0.6 (IRIX 6.5) acting as PDC for domain > A > Subnet 192.168.0.0 with NT Server 4.0 acting as PDC for domain B > There are no problems with the intradomain browsing. > There is a routing between the both networks. > > Is there a way to browse domain A from a domain B computer and vice > versa? A WINS-Server should solve your problem. If all workstations and servers register with the same WINS-server, you should be able to browse them all. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From hanak at IRIS.osu.cz Wed Jan 12 09:21:57 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:27:53 2003 Subject: Browsing question Message-ID: I recomend you to read /usr/doc/samba-xxx/.../BROWSING.txt. You need to start wins server, cause there is no way to see network over routers via NetBIOS. Ciao O.H. From umehlig at uni-bremen.de Wed Jan 12 10:14:58 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:27:53 2003 Subject: dificulties to log in domain In-Reply-To: (lkcl@samba.org) References: Message-ID: <200001121014.LAA02622@pandora3.localnet> Luke Kenneth Casson Leighton wrote: > hi, you also need to do smbpasswd -j OLYMP. Many thanks! I already had tried that, it's somewhere below in my much too-long previuos mail (BTW, this information should maybe go into Lars Keschke's FAQ and in source/README, shouldn't it?): > > After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported > > having joined domain OLYMP as PDC and produced a file > > OLYMP.PANDORA3.mac in .../private: > > > > 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: > > > > Nevertheless, I was not able to join the domain with the client. Today, I deleted the .../private/OLYMP.* files and included an "interfaces = ..." option in smb.conf which was missing: netbios name = PANDORA3 interfaces = 192.168.1.8/255.255.255.0 192.168.0.1/255.255.255.0 (192.168.0.1/255.255.255.0: vmware net, 192.168.1.8/255.255.255.0: my "real" network card, not connected to other machines in the moment) Afterwards I re-generated the machine entries in smbpasswd and then got the following message when giving the "smbpasswd -j OLYMP": Joining Domain as PDC socket connect to /tmp/.smb.0/agent failed error connecting to 192.168.1.8:445 (Verbindungsaufbau abgelehnt) 2000/01/12 10:43:14 : change_trust_account_password: Changed password for domain OLYMP. Joined domain OLYMP. ("Verbindungsaufbau abgelehnt" = "rejected to establish connection"; from where comes this German message?! My inetd? I uncommented everything in hosts.allow/hosts.deny and HUPed inetd, but no change occurred. telnet to port 445 doesn't work. Who should be listening there?) There is nothing like ".smb.0" in /tmp. Do you have any idea what's going wrong? Which additional information do I have to send? Many thanks for your attention & patience! Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From Daniel.Sandmeier at HWK-DO.DE Wed Jan 12 10:49:12 2000 From: Daniel.Sandmeier at HWK-DO.DE (Daniel Sandmeier) Date: Tue Dec 2 02:27:53 2003 Subject: My favourite Knowledge Base article! Message-ID: <387C5C28.5A66E945@hwk-do.de> I really liked the last article mentioned on this list, so I just wanted to share my most favourite with you!!! Here is my favourite article. I really like it. I hope you will, too! http://support.microsoft.com/support/kb/articles/q247/8/04.asp?LNG=ENG&SA=PER Der Sandos P.S.: I know it is a bit offtopic, I hope you'll excuse. From greg at discreet.com Wed Jan 12 10:58:03 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BEEA0.EBC7080F@xavier.sa.edu.au> Message-ID: you are both wrong, it's "Nice Try" Greg On 12-Jan-00 Matthew Geddes wrote: > Karl Denninger wrote: > >> We cannot allow it to occur here. A few thousand copies of *Not Tested* > > Really? I honestly thought it stood for "Needs a Terabyte". ;-) > ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From matthias at waechter.wol.at Wed Jan 12 11:28:57 2000 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Wed, 12 Jan 2000, Greg Dickie wrote: > you are both wrong, it's "Nice Try" Still wondering about "NT", which is supposed to stand for "New Technology". Windows 2000 Startup-Splash-Screen says: "Built on NT Technology", which, if resolved, says: "Built on New Technology Technology". Hmmm... I like the recursive ones as "GNU's Not Unix" better :-) Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From lk at netuse.de Wed Jan 12 11:52:37 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:53 2003 Subject: dificulties to log in domain References: <200001121014.LAA02622@pandora3.localnet> Message-ID: <387C6B05.13531B8@netuse.de> Ulf Mehlig wrote: > > Luke Kenneth Casson Leighton wrote: > > > hi, you also need to do smbpasswd -j OLYMP. > > Many thanks! I already had tried that, it's somewhere below in my much > too-long previuos mail (BTW, this information should maybe go into > Lars Keschke's FAQ and in source/README, shouldn't it?): Yes, i will add thi soon. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From greg at discreet.com Wed Jan 12 11:59:25 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: Windows 2000 should more properly have "Renamed NT Technology" Greg On 12-Jan-00 Matthias Wächter wrote: > On Wed, 12 Jan 2000, Greg Dickie wrote: > >> you are both wrong, it's "Nice Try" > > Still wondering about "NT", which is supposed to stand for "New > Technology". Windows 2000 Startup-Splash-Screen says: "Built on NT > Technology", which, if resolved, says: "Built on New Technology > Technology". > > Hmmm... I like the recursive ones as "GNU's Not Unix" better :-) > > Sehr Wus, > - Matthias > > -- > Wer reitet so spät durch Nacht und Wind? > - Wos waas I > ----------------------------------------------------------------------------- --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From p.mayers at ic.ac.uk Wed Jan 12 12:04:06 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812BE@icex1.cc.ic.ac.uk> I particularly like the bootup screen: "Built on NT technology". A friend of mine was watching that boot up, and he read it out loud, then said "It really sounds like 'Built on the smoking ruins of NT technology'" Laugh? I nearly died... Cheers, Phil ===================== The world is divided into two kinds of people, those who divide the world into two kinds of people, and those who don't... -----Original Message----- From: Greg Dickie [mailto:greg@discreet.com] Sent: Wednesday, January 12, 2000 12:01 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article Windows 2000 should more properly have "Renamed NT Technology" Greg On 12-Jan-00 Matthias W?chter wrote: > On Wed, 12 Jan 2000, Greg Dickie wrote: > >> you are both wrong, it's "Nice Try" > > Still wondering about "NT", which is supposed to stand for "New > Technology". Windows 2000 Startup-Splash-Screen says: "Built on NT > Technology", which, if resolved, says: "Built on New Technology > Technology". > > Hmmm... I like the recursive ones as "GNU's Not Unix" better :-) > > Sehr Wus, > - Matthias > > -- > Wer reitet so sp?t durch Nacht und Wind? > - Wos waas I > ---------------------------------------------------------------------------- - --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From iainr at civ.hw.ac.uk Wed Jan 12 12:16:00 2000 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Wed, 12 Jan 2000, Greg Dickie wrote: > > Windows 2000 should more properly have "Renamed NT Technology" > > Greg I think you mean "Buillt on reworked VMS technology" ;) From s_colombo at iol.it Wed Jan 12 12:19:15 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:53 2003 Subject: smbmount Message-ID: Hi where can I find smbmount for HPUX ? Thanks -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1352 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/ad24ee9d/winmail.bin From greg at discreet.com Wed Jan 12 12:24:50 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: Except VMS is rock stable. On 12-Jan-00 Iain Rae wrote: > > > On Wed, 12 Jan 2000, Greg Dickie wrote: > >> >> Windows 2000 should more properly have "Renamed NT Technology" >> >> Greg > I think you mean "Buillt on reworked VMS technology" > ;) > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From giulioo at pobox.com Wed Jan 12 12:41:27 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:54 2003 Subject: smbmount In-Reply-To: References: Message-ID: <20000112124224.427668917@i3.golden.dom> On Wed, 12 Jan 2000 23:22:42 +1100, hai scritto: > where can I find smbmount for HPUX ? Nowhere, smbmount is linux-only. For other unix systems try "sharity": http://www.obdev.at/ -- giulioo@pobox.com From mhw at wittsend.com Wed Jan 12 13:12:40 2000 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: ; from greg@discreet.com on Wed, Jan 12, 2000 at 09:59:33PM +1100 References: <387BEEA0.EBC7080F@xavier.sa.edu.au> Message-ID: <20000112081240.C10106@alcove.wittsend.com> On Wed, Jan 12, 2000 at 09:59:33PM +1100, Greg Dickie wrote: > you are both wrong, it's "Nice Try" In the security arena, it's "Nice Target". :-) > Greg > On 12-Jan-00 Matthew Geddes wrote: > > Karl Denninger wrote: > >> We cannot allow it to occur here. A few thousand copies of *Not Tested* > > Really? I honestly thought it stood for "Needs a Terabyte". ;-) > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From mike at psand.net Wed Jan 12 12:32:02 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:54 2003 Subject: dificulties to log in domain References: <200001121014.LAA02622@pandora3.localnet> Message-ID: <001201bf5d07$b3b68220$0164a8c0@win981> Is this the same (or related) problem?? I get the following error when running, for example: nmblookup -M - ... socket connect to /tmp/.nmb/agent failed name_query failed to find name __MSBROWSE__ .... And my clients can browse but not connect to the latest Samba TNG, well as of two days ago.... Mike Harris, Psand. ----- Original Message ----- From: Ulf Mehlig To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 10:16 AM Subject: Re: dificulties to log in domain > Luke Kenneth Casson Leighton wrote: > > > hi, you also need to do smbpasswd -j OLYMP. > > Many thanks! I already had tried that, it's somewhere below in my much > too-long previuos mail (BTW, this information should maybe go into > Lars Keschke's FAQ and in source/README, shouldn't it?): > > > > After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported > > > having joined domain OLYMP as PDC and produced a file > > > OLYMP.PANDORA3.mac in .../private: > > > > > > 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: > > > > > > Nevertheless, I was not able to join the domain with the client. > > Today, I deleted the .../private/OLYMP.* files and included an > "interfaces = ..." option in smb.conf which was missing: > > netbios name = PANDORA3 > interfaces = 192.168.1.8/255.255.255.0 192.168.0.1/255.255.255.0 > > (192.168.0.1/255.255.255.0: vmware net, 192.168.1.8/255.255.255.0: my > "real" network card, not connected to other machines in the moment) > > Afterwards I re-generated the machine entries in smbpasswd and then > got the following message when giving the "smbpasswd -j OLYMP": > > Joining Domain as PDC > socket connect to /tmp/.smb.0/agent failed > error connecting to 192.168.1.8:445 (Verbindungsaufbau abgelehnt) > 2000/01/12 10:43:14 : change_trust_account_password: Changed password for domain OLYMP. > Joined domain OLYMP. > > ("Verbindungsaufbau abgelehnt" = "rejected to establish connection"; > from where comes this German message?! My inetd? I uncommented > everything in hosts.allow/hosts.deny and HUPed inetd, but no change > occurred. telnet to port 445 doesn't work. Who should be listening > there?) > > There is nothing like ".smb.0" in /tmp. Do you have any idea what's > going wrong? Which additional information do I have to send? > > Many thanks for your attention & patience! > Ulf > > -- > ====================================================================== > Ulf Mehlig > Center for Tropical Marine Ecology/ZMT, Bremen, Germany > ---------------------------------------------------------------------- From mike at psand.net Wed Jan 12 13:12:50 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:54 2003 Subject: dificulties to log in domain References: <200001121014.LAA02622@pandora3.localnet> Message-ID: <001801bf5d07$b87e4360$0164a8c0@win981> Don't know whether this helps, but suddenly it works for me: PERSEUS - Samba 2.1 TNG Server NT4WKS-1 - NT 4 Workstation Domain is MYDOMAIN Commands: smbpasswd -a -m PERSEUS smbpasswd -j MYDOMAIN smbpasswd -a -m NT4WKS-1 The 'join' command now works fine and then the NT4 Workstation can join the domain and browse. Here's my smb.conf global settings for reference. workgroup = MYDOMAIN netbios name = PERSEUS interfaces = 192.168.100.2/255.255.255.0 bind interfaces only = Yes encrypt passwords = Yes username map = /usr/local/samba/lib/smbusers log level = 5 announce version = 5.0 printcap name = /etc/printcap domain logons = Yes os level = 34 wins support = Yes printing = bsd vfs option = [homes] guest ok = Yes vfs option = [public] path = /home/public guest ok = Yes vfs option = Hope that's useful, Mike. ----- Original Message ----- From: Ulf Mehlig To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 10:16 AM Subject: Re: dificulties to log in domain > Luke Kenneth Casson Leighton wrote: > > > hi, you also need to do smbpasswd -j OLYMP. > > Many thanks! I already had tried that, it's somewhere below in my much > too-long previuos mail (BTW, this information should maybe go into > Lars Keschke's FAQ and in source/README, shouldn't it?): > > > > After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported > > > having joined domain OLYMP as PDC and produced a file > > > OLYMP.PANDORA3.mac in .../private: > > > > > > 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: > > > > > > Nevertheless, I was not able to join the domain with the client. > > Today, I deleted the .../private/OLYMP.* files and included an > "interfaces = ..." option in smb.conf which was missing: > > netbios name = PANDORA3 > interfaces = 192.168.1.8/255.255.255.0 192.168.0.1/255.255.255.0 > > (192.168.0.1/255.255.255.0: vmware net, 192.168.1.8/255.255.255.0: my > "real" network card, not connected to other machines in the moment) > > Afterwards I re-generated the machine entries in smbpasswd and then > got the following message when giving the "smbpasswd -j OLYMP": > > Joining Domain as PDC > socket connect to /tmp/.smb.0/agent failed > error connecting to 192.168.1.8:445 (Verbindungsaufbau abgelehnt) > 2000/01/12 10:43:14 : change_trust_account_password: Changed password for domain OLYMP. > Joined domain OLYMP. > > ("Verbindungsaufbau abgelehnt" = "rejected to establish connection"; > from where comes this German message?! My inetd? I uncommented > everything in hosts.allow/hosts.deny and HUPed inetd, but no change > occurred. telnet to port 445 doesn't work. Who should be listening > there?) > > There is nothing like ".smb.0" in /tmp. Do you have any idea what's > going wrong? Which additional information do I have to send? > > Many thanks for your attention & patience! > Ulf > > -- > ====================================================================== > Ulf Mehlig > Center for Tropical Marine Ecology/ZMT, Bremen, Germany > ---------------------------------------------------------------------- From mike at psand.net Wed Jan 12 14:15:49 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:54 2003 Subject: Smbd crashes when W2K RC3 attempts to join Samba domain. Message-ID: <001901bf5d07$be064760$0164a8c0@win981> Hi, Am persisting to try to join a W2K RC3 Professional workstation to a Samba domain - am using today's cut of Samba TNG. My NT4 SP5 Workstation joins perfectly happily. When I try to join the domain from my W2K workstation, it makes the initial request to the Samba server apparently okay and then requests an Administrator username and password. Once entered, it goes off and queries the Samba server, which takes a long time - perhaps 1 or 2 minutes, then reports back something along the lines of ... 'the domain no longer exists' and fails to join the domain. Looking at log.smb, I see that the smbd daemon has crashed. The except from log.smb is as follows: [2000/01/12 13:56:16, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/12 13:56:16, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(40) =============================================================== [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 26383 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(43) =============================================================== [2000/01/12 13:58:04, 0] lib/util.c:smb_panic(2561) PANIC: internal error [2000/01/12 14:05:08, 1] smbd/server.c:main(632) smbd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1998 [2000/01/12 14:05:08, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/12 14:05:08, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode Any help with this would be much appreciated, I can get more log detail, W2K event log and conf files if required. Thanks in advance, Mike Harris, Psand. -------------- next part -------------- HTML attachment scrubbed and removed From lkcl at samba.org Wed Jan 12 13:22:11 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: this is because people xxxx up the samba installation by puttting "domain master = yes" and "domain logons = yes" when there's already a PDC on the network. anyone that's stupid enough to do this deserves to have their samba server switched off, as suggested by the KB article. it would be better if the article suggested the likely cause, which is that there are two PDCs on the network. regardless of the fact that one of them is a samba server, you _cannot_ have two PDCs for the same domain. this is very easy to do if you do not bother to use the same WINS server or bother to use a WINS server at all. so, like i said, anyone who is stupid enough to do this does not deserve to have _any_ computers on their network. can this be addressed, scott? the KB article applies just as much to having two NT PDCs as it does to having mixed samba/nt pdcs. luke On Wed, 12 Jan 2000, Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:23:50 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000111183634.A55155@Denninger.Net> Message-ID: you know, i was cross with them too, and thought about swearing in my message, as well. then i decided to cc someone at microsoft, so i took it out. we'll see if it gets sorted out. On Wed, 12 Jan 2000, Karl Denninger wrote: > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mike at psand.net Wed Jan 12 14:25:17 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <004801bf5d08$dfd282e0$0164a8c0@win981> How about .. "Now including archaic 30 year old UNIX technology" ? ;-) ----- Original Message ----- From: Iain Rae To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 12:17 PM Subject: Re: New Microsoft Knowledgebase article > > > On Wed, 12 Jan 2000, Greg Dickie wrote: > > > > > Windows 2000 should more properly have "Renamed NT Technology" > > > > Greg > I think you mean "Buillt on reworked VMS technology" > ;) > > > From lkcl at samba.org Wed Jan 12 13:24:56 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BCDDB.162EB4F4@amicus.com> Message-ID: well, of course not. the person who set up the samba server was probably so stupid that they don't know what an smb.conf file IS. ... which is 100% of the problem in the first place. On Wed, 12 Jan 2000, Stephen Waters wrote: > talk about brute force problem resolution. ;) > they couldn't just have you edit the smb.conf file and restart the > daemon now could they? > > -s > > Larry Blunk wrote: > > > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:26:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: rookie help, please In-Reply-To: <387BDEE0.10BF6F02@xavier.sa.edu.au> Message-ID: > Tavis Barr wrote: > > > Another approach, if you're worried about too much reconfiguration, is to > > turn down the os level to something that won't override the NT servers, > > like 20. You should also make sure you have domain logons = no unless there > > are users logging onto your Samba box, and that domian master = no. > > > > Good luck, > > Tavis > > > > On Wed, 12 Jan 2000, Gordon Steven-QSG001 wrote: > > > > > Try adding: > > > > > > > > > > > Here's the problem: lately, the Sun machine has been getting > > > > promoted to PDC daily, which of course causes havoc with the > > > > users when they can't log in. The NT administrators can't > > > > solve the problem (other than "It's Samba. you must bring it > > > > down" or reboot their machine), and I don't know what to > > > > tell them. I know this happened when Samba was first > > > > installed, but then solved & went w/o a hitch for months. > > > > > > > > Have others had this problem, and can you offer some advice? > > > > Is it NT or Unix having troubles? Is it really Samba causing > > > > the problem? > > > > > > Samba is promoting *itself* to PDC? Do you mean Master Browser? > > > > > > > > > What version of Samba? Is there any info in the log files? > > > > > > Matt > > > > > > > -------------------------------------------------------- > > > > Tavis Barr ,-~~-.___. > > Senior Systems Coordinator / | ' \ > > Institute for Social and Economic ( ) 0 > > Theory and Research \_/-, ,----' > > 509E Int'l Affairs Bldg ==== // > > Columbia University / \-'~; /~~~(O) > > 212-854-4237 / __/~| / | > > tavis@mahler.econ.columbia.edu =( _____| (_________| > > > > --------------------------------------------------------- > > I was under the impression the the OS level was for Browse list elections. In correct. > domain controlling, there are no elections. correct. From lkcl at samba.org Wed Jan 12 13:29:10 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BE324.C723AACC@schernau.com> Message-ID: On Wed, 12 Jan 2000, Edward Schernau wrote: > Stephen Waters wrote: > > > > talk about brute force problem resolution. ;) > > they couldn't just have you edit the smb.conf file and restart the > > daemon now could they? > > > > -s > > Daemon? What's that? Can I turn it off with Server Manager? on SAMBA_TNG?? YES YOU CAN!!! :-) :-) hee hee ... but you need an rc.services script in /usr/local/samba/bin, and you need to run svcctld. can i start that with server manager? "NO YOU DAMN WELL CAN'T: COLLECT YOUR P45 DO NOT PASS THE NETWORK ROOM DO NOT COLLECT GOLDEN HAND-SHAKE!" From lkcl at samba.org Wed Jan 12 13:32:12 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BE34B.A2EE0FE9@boeing.com> Message-ID: > I hope someone who *knows* the right answer will set Microsoft > straight i did. > but please don't allow this much of your passion to show. thx for the down-to-earth message, paul. > appeal. I'm not holding my breath. I figure if the government and > Microsoft keep each other busy long enough, Linux will have plenty > of time to achieve world domination. (No smileys here. I'm dead > serious.) you mean, the u.s. govt. forget the EEC, who are considering bringing a case of their own. and yes, i know you mean it, and i'll be helping out. From lkcl at samba.org Wed Jan 12 13:33:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: That Microsoft KB article In-Reply-To: <387BE3AA.9167766C@schernau.com> Message-ID: excellent idea! be nice, now... btw i filled it in, too, with _sensible_ suggestions. please don't do anything too stupid, i don't want then to keep hitting delete, delete, delete... On Wed, 12 Jan 2000, Edward Schernau wrote: > Of course, we could all flame them on the "Did this help you solve > your problem?" webform they have on the KB pages. > > I did. And it felt good. > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:38:15 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: difficulties to log in domain In-Reply-To: <000d01bf5cae$4d3a6240$0500000a@borntreger.com> Message-ID: great! please could people remember that logs of less than 100 for dce/rpc errors are almost completely useless to me, and please also remember that i absolutely detest the "debug timestamps", so please either set this parameter to "no", or use grep -v "2000/01/11" on the log output, to get rid of the dated lines, they're a damn nuisance. log level 100s are a bit like netmon traces / packet dumps, only better :-) :-) thx! luke On Wed, 12 Jan 2000, Lonnie J. Borntreger wrote: > Luke, > > The latest TNG (9PM CST). Getting closer, I have the .mac file, so I'm > assuming that something is wrong with my config. (I attached the, > hopefully, relevant files). > > Lonnie Borntreger > > *** Command results *** > gto-> smbpasswd -j WHNET > Joining Domain as PDC > error connecting to 10.0.0.7:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/11 21:10:43 : change_trust_account_password: Failed to change > password for domain WHNET. > Unable to join domain WHNET. > > > *** log.smb *** > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > > *** smbpasswd *** > gto$:801:...:...:[DUWP ]:LCT-387ABF75: > 67goat:21749:...:...:[U ]:LCT-38785238:Lonnie Borntreger > donnab:21752:...:...:[U ]:LCT-3878523D:Donnaa Borntreger > guest:60000:...:...:[U ]:LCT-3878557D:Guest > > *** /etc/passwd *** > gto$:x:801:800:GTO:/:/bin/false > > *** /etc/group *** > other::1:67goat,donnab,pocket0$,gto$ > staff::10:root,67goat,gto$,pocket0$ > samba::800:pocket0$,gto$ > > *** my attempts to do the group mapping *** > builtingroup.map:samba = Users > builtingroup.map:samba = Domain Users > domaingroup.map:samba = Domain Users > domaingroup.map:samba = WHNET\Users > > *** smb.conf *** > [global] > passwd chat debug = True > interfaces = 10.0.0.7/255.255.255.0 > dont descend = /proc,/dev,/devices > server string = Borntreger PDC (%v,%h) > security = user > lock directory = /usr/local/samba/var/locks > dead time = 15 > max log size = 1000 > client code page = 437 > nt smb support = yes > server ntlmv2 = yes > client ntlmv2 = auto > encrypt passwords = yes > smbpasswd file = /usr/local/samba/private/smbpasswd > domain group map = /usr/local/samba/lib/domaingroup.map > builtin group map = /usr/local/samba/lib/builtingroup.map > domain user map = /usr/local/samba/lib/domainuser.map > username map = /usr/local/samba/lib/user.map > null passwords = true > domain logons = yes > logon script = %U.bat > unix realname = yes > workgroup = WHNET > domain master = yes > name resolve order = lmhosts bcast host wins > os level = 65 > preferred master = yes > local master = yes > wins support = yes > socket options = TCP_NODELAY > guest account = guest > hide dot files = no > browseable = yes > writable = yes > > > [... shares ...] > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:39:32 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: difficulties to log in domain In-Reply-To: <000d01bf5cae$4d3a6240$0500000a@borntreger.com> Message-ID: lonnie, please disable "client ntlmv2" and "server ntlmv2", for now, by setting both these parameters to "no". there are issues with them that i need to resolve: they produce challenges that are >24 bytes long, and some of the buffers they get copied into are only 24 bytes long. *dur*! On Wed, 12 Jan 2000, Lonnie J. Borntreger wrote: > Luke, > > The latest TNG (9PM CST). Getting closer, I have the .mac file, so I'm > assuming that something is wrong with my config. (I attached the, > hopefully, relevant files). > > Lonnie Borntreger > > *** Command results *** > gto-> smbpasswd -j WHNET > Joining Domain as PDC > error connecting to 10.0.0.7:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/11 21:10:43 : change_trust_account_password: Failed to change > password for domain WHNET. > Unable to join domain WHNET. > > > *** log.smb *** > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > > *** smbpasswd *** > gto$:801:...:...:[DUWP ]:LCT-387ABF75: > 67goat:21749:...:...:[U ]:LCT-38785238:Lonnie Borntreger > donnab:21752:...:...:[U ]:LCT-3878523D:Donnaa Borntreger > guest:60000:...:...:[U ]:LCT-3878557D:Guest > > *** /etc/passwd *** > gto$:x:801:800:GTO:/:/bin/false > > *** /etc/group *** > other::1:67goat,donnab,pocket0$,gto$ > staff::10:root,67goat,gto$,pocket0$ > samba::800:pocket0$,gto$ > > *** my attempts to do the group mapping *** > builtingroup.map:samba = Users > builtingroup.map:samba = Domain Users > domaingroup.map:samba = Domain Users > domaingroup.map:samba = WHNET\Users > > *** smb.conf *** > [global] > passwd chat debug = True > interfaces = 10.0.0.7/255.255.255.0 > dont descend = /proc,/dev,/devices > server string = Borntreger PDC (%v,%h) > security = user > lock directory = /usr/local/samba/var/locks > dead time = 15 > max log size = 1000 > client code page = 437 > nt smb support = yes > server ntlmv2 = yes > client ntlmv2 = auto > encrypt passwords = yes > smbpasswd file = /usr/local/samba/private/smbpasswd > domain group map = /usr/local/samba/lib/domaingroup.map > builtin group map = /usr/local/samba/lib/builtingroup.map > domain user map = /usr/local/samba/lib/domainuser.map > username map = /usr/local/samba/lib/user.map > null passwords = true > domain logons = yes > logon script = %U.bat > unix realname = yes > workgroup = WHNET > domain master = yes > name resolve order = lmhosts bcast host wins > os level = 65 > preferred master = yes > local master = yes > wins support = yes > socket options = TCP_NODELAY > guest account = guest > hide dot files = no > browseable = yes > writable = yes > > > [... shares ...] > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:52:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: dificulties to log in domain In-Reply-To: <200001121014.LAA02622@pandora3.localnet> Message-ID: > There is nothing like ".smb.0" in /tmp. Do you have any idea what's > going wrong? Which additional information do I have to send? i really don't know. examine logs at level 100, see if you can find anything. contact me again later in the week after i've run a few tests. From greg at discreet.com Wed Jan 12 13:53:47 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: OK everybody hold your breath ;-) On 12-Jan-00 Luke Kenneth Casson Leighton wrote: > you know, i was cross with them too, and thought about swearing in my > message, as well. > > then i decided to cc someone at microsoft, so i took it out. we'll see if > it gets sorted out. > > On Wed, 12 Jan 2000, Karl Denninger wrote: > >> Cute. >> >> "Turn off the Samba server". >> >> How about: >> >> Format your disks, install Linux or FreeBSD, and tell Microsoft to >> go fuck themselves with a football - preferrably to the same >> regional sales force that sold you the NT crapware in the first >> place? >> >> I hate corporate arrogance - especially this kind of arrogance. >> >> This kind of bullshit is PRECISELY what the US DOJ was after when they threw >> the whole library (instead of one book) at Microsoft. >> >> -- >> -- >> Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org >> Isn't it time we started putting KIDS first? See the above URL for >> a plan to do exactly that! >> >> >> On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: >> > I just ran across the following article in >> > Microsoft's Knowledbase. See the following URL: >> > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. >> > Anyone know what this is about? >> > __________________________________________________ >> > Do You Yahoo!? >> > Talk to your friends online with Yahoo! Messenger. >> > http://im.yahoo.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From emercer at rad.upenn.edu Wed Jan 12 13:55:59 2000 From: emercer at rad.upenn.edu (Eric Mercer) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387C87EF.E08E1E75@rad.upenn.edu> Either the MS server won't work with the linux version of netscape, or Microsoft pulled the page: I can't get to it. Is it still there? -Eric Luke Kenneth Casson Leighton wrote: > > you know, i was cross with them too, and thought about swearing in my > message, as well. > > then i decided to cc someone at microsoft, so i took it out. we'll see if > it gets sorted out. > > On Wed, 12 Jan 2000, Karl Denninger wrote: > > > Cute. > > > > "Turn off the Samba server". > > > > How about: > > > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > > go fuck themselves with a football - preferrably to the same > > regional sales force that sold you the NT crapware in the first > > place? > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > > the whole library (instead of one book) at Microsoft. > > > > -- > > -- > > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > > Isn't it time we started putting KIDS first? See the above URL for > > a plan to do exactly that! > > > > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > > I just ran across the following article in > > > Microsoft's Knowledbase. See the following URL: > > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > > Anyone know what this is about? > > > __________________________________________________ > > > Do You Yahoo!? > > > Talk to your friends online with Yahoo! Messenger. > > > http://im.yahoo.com > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:56:29 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: actually, i believe that it's known as "Nice Target", amongst hackers. enough of this people (me included). Archives Are Forever (And Written In Stone), and there are microsoft people on the lists. we'd like to be able to speak with them on non-hostile terms, and not scare them too much. thx, luke > you are both wrong, it's "Nice Try" > >> We cannot allow it to occur here. A few thousand copies of *Not Tested* > > > > Really? I honestly thought it stood for "Needs a Terabyte". ;-) From lkcl at samba.org Wed Jan 12 13:57:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: smbmount In-Reply-To: Message-ID: look up rumba, a user-space version of smbfs. On Wed, 12 Jan 2000, Stefano Colombo wrote: > > Hi > where can I find smbmount for HPUX ? > Thanks > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1352 bytes Desc: Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000113/80416fac/winmail.bin From ctooley at joslyn.org Wed Jan 12 14:04:03 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:54 2003 Subject: difficulties to log in domain In-Reply-To: Message-ID: <001801bf5d05$e2e45e20$1900a8c0@joslyn.org> You can sure tell when Luke decides to read and reply to his mail. Going through my list I see big spots where the only Sender is Luke Kenneth Casso... :) Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Luke Kenneth Casson Leighton Sent: Wednesday, January 12, 2000 7:54 AM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: difficulties to log in domain lonnie, please disable "client ntlmv2" and "server ntlmv2", for now, by setting both these parameters to "no". there are issues with them that i need to resolve: they produce challenges that are >24 bytes long, and some of the buffers they get copied into are only 24 bytes long. *dur*! On Wed, 12 Jan 2000, Lonnie J. Borntreger wrote: > Luke, > > The latest TNG (9PM CST). Getting closer, I have the .mac file, so I'm > assuming that something is wrong with my config. (I attached the, > hopefully, relevant files). > > Lonnie Borntreger > > *** Command results *** > gto-> smbpasswd -j WHNET > Joining Domain as PDC > error connecting to 10.0.0.7:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/11 21:10:43 : change_trust_account_password: Failed to change > password for domain WHNET. > Unable to join domain WHNET. > > > *** log.smb *** > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > > *** smbpasswd *** > gto$:801:...:...:[DUWP ]:LCT-387ABF75: > 67goat:21749:...:...:[U ]:LCT-38785238:Lonnie Borntreger > donnab:21752:...:...:[U ]:LCT-3878523D:Donnaa Borntreger > guest:60000:...:...:[U ]:LCT-3878557D:Guest > > *** /etc/passwd *** > gto$:x:801:800:GTO:/:/bin/false > > *** /etc/group *** > other::1:67goat,donnab,pocket0$,gto$ > staff::10:root,67goat,gto$,pocket0$ > samba::800:pocket0$,gto$ > > *** my attempts to do the group mapping *** > builtingroup.map:samba = Users > builtingroup.map:samba = Domain Users > domaingroup.map:samba = Domain Users > domaingroup.map:samba = WHNET\Users > > *** smb.conf *** > [global] > passwd chat debug = True > interfaces = 10.0.0.7/255.255.255.0 > dont descend = /proc,/dev,/devices > server string = Borntreger PDC (%v,%h) > security = user > lock directory = /usr/local/samba/var/locks > dead time = 15 > max log size = 1000 > client code page = 437 > nt smb support = yes > server ntlmv2 = yes > client ntlmv2 = auto > encrypt passwords = yes > smbpasswd file = /usr/local/samba/private/smbpasswd > domain group map = /usr/local/samba/lib/domaingroup.map > builtin group map = /usr/local/samba/lib/builtingroup.map > domain user map = /usr/local/samba/lib/domainuser.map > username map = /usr/local/samba/lib/user.map > null passwords = true > domain logons = yes > logon script = %U.bat > unix realname = yes > workgroup = WHNET > domain master = yes > name resolve order = lmhosts bcast host wins > os level = 65 > preferred master = yes > local master = yes > wins support = yes > socket options = TCP_NODELAY > guest account = guest > hide dot files = no > browseable = yes > writable = yes > > > [... shares ...] > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 14:01:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: dificulties to log in domain In-Reply-To: <001201bf5d07$b3b68220$0164a8c0@win981> Message-ID: On Thu, 13 Jan 2000, Mike Harris wrote: > Is this the same (or related) problem?? > > I get the following error when running, for example: nmblookup -M - > > .. > socket connect to /tmp/.nmb/agent failed [ignore this, btw: nmblookup does. ignore the error, that is] > name_query failed to find name __MSBROWSE__ > ... > > And my clients can browse but not connect to the latest Samba TNG, well as > of two days ago.... :) that's well over 48 hours, mike!!!!! damn, i dunno. some people, they expect code to just stay the same :) do another cvs update, see what happens. love, luke From giulioo at pobox.com Wed Jan 12 14:26:05 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:54 2003 Subject: smbmount In-Reply-To: References: Message-ID: <20000112142503.06E288917@i3.golden.dom> On Thu, 13 Jan 2000 01:09:27 +1100, hai scritto: >look up rumba, a user-space version of smbfs. rumba is now "Sharity light". http://www.obdev.at/ -- giulioo@pobox.com From lkcl at samba.org Wed Jan 12 14:37:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: Smbd crashes when W2K RC3 attempts to join Samba domain. In-Reply-To: <001901bf5d07$be064760$0164a8c0@win981> Message-ID: ok, i fixed a few things, just rebooting to make sure i can log in... zzz, bllllblblll.. zzz.. oh! nt5 woke up, now, so can i! oops, it says "stub data failed" on login, i'll fix that, too. On Thu, 13 Jan 2000, Mike Harris wrote: > Hi, > > Am persisting to try to join a W2K RC3 Professional workstation to a Samba domain - am using today's cut of Samba TNG. My NT4 SP5 Workstation joins perfectly happily. > > When I try to join the domain from my W2K workstation, it makes the initial request to the Samba server apparently okay and then requests an Administrator username and password. Once entered, it goes off and queries the Samba server, which takes a long time - perhaps 1 or 2 minutes, then reports back something along the lines of ... 'the domain no longer exists' and fails to join the domain. > > Looking at log.smb, I see that the smbd daemon has crashed. The except from log.smb is as follows: > > [2000/01/12 13:56:16, 1] smbd/files.c:file_init(219) > file_init: Information only: requested 10000 open files, 1014 are available. > [2000/01/12 13:56:16, 0] smbd/dfs.c:init_dfs_table(128) > No DFS map, Samba is running in NON DFS mode > [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(40) > =============================================================== > [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 26383 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(43) > =============================================================== > [2000/01/12 13:58:04, 0] lib/util.c:smb_panic(2561) > PANIC: internal error > [2000/01/12 14:05:08, 1] smbd/server.c:main(632) > smbd version 2.1.0-prealpha started. > Copyright Andrew Tridgell 1992-1998 > [2000/01/12 14:05:08, 1] smbd/files.c:file_init(219) > file_init: Information only: requested 10000 open files, 1014 are available. > [2000/01/12 14:05:08, 0] smbd/dfs.c:init_dfs_table(128) > No DFS map, Samba is running in NON DFS mode > > Any help with this would be much appreciated, I can get more log detail, W2K event log and conf files if required. > > Thanks in advance, > > Mike Harris, > Psand. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 14:47:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: difficulties to log in domain In-Reply-To: <001801bf5d05$e2e45e20$1900a8c0@joslyn.org> Message-ID: On Thu, 13 Jan 2000, Chris Tooley wrote: > You can sure tell when Luke decides to read and reply to his mail. Going > through my list I see big spots where the only Sender is Luke Kenneth > Casso... :) tee hee. i didn't think about that, but yeah :) :) From mkuhne at microsoft.com Wed Jan 12 14:11:21 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article Message-ID: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> I'm afraid what you wrote will be hard to get published. Does anyone have a practical suggestion on how to instruct an inexperienced administrator to disable PDC functionality in Samba? Regards, Martin Microsoft GmbH -----Original Message----- From: Karl Denninger [mailto:karl@Denninger.Net] Sent: Mittwoch, 12. Januar 2000 01:39 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article Cute. "Turn off the Samba server". How about: Format your disks, install Linux or FreeBSD, and tell Microsoft to go fuck themselves with a football - preferrably to the same regional sales force that sold you the NT crapware in the first place? I hate corporate arrogance - especially this kind of arrogance. This kind of bullshit is PRECISELY what the US DOJ was after when they threw the whole library (instead of one book) at Microsoft. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com From paul.rogers at mis-cds.com Wed Jan 12 15:13:51 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article Message-ID: Yes: In /etc/smb.conf, edit / add the following lines to be: domain master = no local master = no domain logons = no os level = 20 to be a member of an NT controlled domain, edit / add: security = server password server = workgroup = win server = HTH Microsoft - it would be nice if instructions were added to the article with an apology? Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. > -----Original Message----- > From: Martin Kuhne [mailto:mkuhne@microsoft.com] > Sent: Wednesday, January 12, 2000 3:06 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > > > I'm afraid what you wrote will be hard to get published. > Does anyone have a practical suggestion on how to instruct an > inexperienced > administrator to disable PDC functionality in Samba? > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell > Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after > when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > From greg at discreet.com Wed Jan 12 15:19:04 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> Message-ID: in smb.conf preferred master = no domain logons = no Greg On 12-Jan-00 Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: >> I just ran across the following article in >> Microsoft's Knowledbase. See the following URL: >> http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. >> Anyone know what this is about? >> __________________________________________________ >> Do You Yahoo!? >> Talk to your friends online with Yahoo! Messenger. >> http://im.yahoo.com --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From davisson at pfp.net Wed Jan 12 15:26:27 2000 From: davisson at pfp.net (David M. Davisson) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387C9D23.4BAEB412@pfp.net> Paul Rogers wrote: > > Erm, do a search for linux on the M$ KB and read some of the articles!! > > Also here's one that is *particularly* relevant to this list: > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > Perhaps someone (like the powers that be) regarding samba could pop a polite > e-mail to M$ explaining the solutions to their problems? Perhaps they might > listen to someone with an e-mail address @samba.org??? This is very interesting. At least M$ is aware that there are problems with domain browsing and nmb lookups, even if they are in denial. It is amazing how ignorant this article is about the basic underlying protocols. Its resolution is absolutely wrong. Samba when properly configured need not be the Master Browser. It is, however, the _ONLY_ way to tame and tune browser elections. I have two questions: 1. Will M$ even listen to the Samba community? 2. If yes to 1, who should we contact to try and educate them? -- David M. Davisson davisson@pfp.net From appro at fy.chalmers.se Wed Jan 12 15:33:37 2000 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:27:54 2003 Subject: Samba "contaminates" Solaris ACLs Message-ID: <387C9ED1.ADA9DAB8@fy.chalmers.se> Hi! Given: - Solaris 2.6 box running Samba 2.0.6; - a directory within a share with ACL (access control list) ensuring that the files are created writable for certain group (kind of per directory umask, very neat and useful); - share is shared with the default "create mask" of 0744; Problem. If created on Windows the files don't appear writable to the intended group, group write permissions are revoked. Cause. smbd sets umask(0) at startup and explicitly passes access permissions to creat(2) (or open(...O_CREAT,mode)). With "create mask" set to 0744 files files get created with at least 0644 as second argument to creat(2) which makes group ACL to be demoted to read-only. The latter is intended and logical behavior. Well, the former (umask(0)) is also intended, but is it logical? I don't know... In either case, relaxing the "create mask" to 0764 on the whole share isn't an option. Arranging separate share for just the subcatalog in question is too confusing for users. Being squeezed between Samba, Solaris and users I came up with the following kludge. But before you proceed I want to make it clear that the presented code is just a wild experiment and my *only* point is that the problem probably needs further discussion. And I want to point out that the attached patch addresses *two* Solaris problems. I've already posted the SHUFFLE_OVER_256 code described in the comment once before to this list. The "solution" to the problem with ACLs is not commented at all, but the idea is trivial. I derive intended umask value from the "create mask" and pass it in 16 most significant bits of mode argument to sys_[creat|open]. In order to minimize amount of system calls, umask value is cached in lib_system_umask global variable. Cheers. Andy. ------------------------------------------------ *** ./smbd/dosmode.c.orig Wed Jul 21 03:25:20 1999 --- ./smbd/dosmode.c Tue Jan 11 23:59:52 2000 *************** *** 49,56 **** --- 49,60 ---- /* We never make directories read only for the owner as under DOS a user can always create a file in a read-only directory. */ result |= (S_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH | S_IWUSR); + #if 0 /* Apply directory mask */ result &= lp_dir_mask(SNUM(conn)); + #else + result |= ((~lp_dir_mask(SNUM(conn))) & 0777) << 16; + #endif /* Add in force bits */ result |= lp_force_dir_mode(SNUM(conn)); } else { *************** *** 63,70 **** --- 67,78 ---- if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode)) result |= S_IXOTH; + #if 0 /* Apply mode mask */ result &= lp_create_mask(SNUM(conn)); + #else + result |= ((~lp_create_mask(SNUM(conn))) & 0777) << 16; + #endif /* Add in force bits */ result |= lp_force_create_mode(SNUM(conn)); } *** ./lib/doscalls.c.orig Thu Apr 8 23:13:01 1999 --- ./lib/doscalls.c Tue Jan 11 23:57:38 2000 *************** *** 108,114 **** int dos_mkdir(char *dname,mode_t mode) { ! return(mkdir(dos_to_unix(dname,False),mode)); } /******************************************************************* --- 108,119 ---- int dos_mkdir(char *dname,mode_t mode) { ! extern mode_t lib_system_umask; ! mode_t new_umask = (mode>>16) & 0777; ! ! if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); ! ! return(mkdir(dos_to_unix(dname,False),mode&0xFFFF)); } /******************************************************************* *** ./lib/system.c.orig Wed Jul 21 03:25:09 1999 --- ./lib/system.c Tue Jan 11 23:54:51 2000 *************** *** 280,285 **** --- 280,310 ---- #endif } + #if defined(SUNOS4) || (defined(SUNOS5) && !defined(__sparcv9)) + /* + * Under SunOS/32 the member of FILE structure that keeps the UNIX file + * descriptor is only 8 bits wide:-( This means that stdio will fail + * *miserably* if first 256 file descriptors are exhausted by calls to + * open(2) and creat(2). In order to avoid this let's try to shuffle file + * descriptors obtained from mentioned system calls over when we start + * approaching the limit. + * Andy + */ + #define KEEP_SOME_FD_FOR_STDIO 32 + #define SHUFFLE_OVER_256(fd) \ + if (fd < 256 && fd > 256-KEEP_SOME_FD_FOR_STDIO) { \ + int fdd; \ + if ((fdd = fcntl(fd,F_DUPFD,256)) >= 256) \ + close(fd), fd = fdd; \ + } + #else + /* + * Other OS that would suffer from this is IRIX 5.x and earlier. + */ + #endif + + mode_t lib_system_umask=0; + /******************************************************************* A creat() wrapper that will deal with 64 bit filesizes. ********************************************************************/ *************** *** 286,300 **** int sys_creat(const char *path, mode_t mode) { #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CREAT64) ! return creat64(path, mode); #else /* * If creat64 isn't defined then ensure we call a potential open64. * JRA. */ ! return sys_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode); #endif } /******************************************************************* --- 311,334 ---- int sys_creat(const char *path, mode_t mode) { + int fd; + mode_t new_umask = (mode>>16) & 0777; + + if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); + #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CREAT64) ! fd = creat64(path, mode&0xFFFF); #else /* * If creat64 isn't defined then ensure we call a potential open64. * JRA. */ ! fd = sys_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode); ! #endif ! #ifdef SHUFFLE_OVER_256 ! SHUFFLE_OVER_256(fd); #endif + return fd; } /******************************************************************* *************** *** 303,313 **** int sys_open(const char *path, int oflag, mode_t mode) { #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64) ! return open64(path, oflag, mode); #else ! return open(path, oflag, mode); #endif } /******************************************************************* --- 337,356 ---- int sys_open(const char *path, int oflag, mode_t mode) { + int fd; + mode_t new_umask = (mode>>16) & 0777; + + if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); + #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64) ! fd = open64(path, oflag, mode&0xFFFF); #else ! fd = open(path, oflag, mode&0xFFFF); ! #endif ! #ifdef SHUFFLE_OVER_256 ! SHUFFLE_OVER_256(fd); #endif + return fd; } /******************************************************************* From iainr at civ.hw.ac.uk Wed Jan 12 15:33:42 2000 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> Message-ID: On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? 1. Explain what the problem actually is (two PDC Controllers on the same workgroup) and why this can't work. 2. Point them at suitable documentation (say http://us1.samba.org/samba/docs/man/smb.conf.5.html#domainmaster or the DOMAIN.txt file) 3. Suggest they subscribe to one of the samba mailing lists if they need further help (point them at www.samba.org) What is particularly annoying about the KB article is that it doesn't solve the problem merely the symptom. > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > From mike at psand.net Wed Jan 12 16:40:40 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:55 2003 Subject: dificulties to log in domain References: Message-ID: <00ca01bf5d1b$c8418320$0164a8c0@win981> Luke, I'm not only about 3 hours out of date, surely not much could have changed since then? Still get the same problem though :-( it still can't find __MSBROWSE__, going to run some tests with a PDC involved ..... Also, rpcclient has a similar problem .... rpcclient -S NT4WKS-1 -SAdministrator%Secret then, lsaquery ... yields ... socket connect to /tmp/.smb.0/agent failed error connecting to 192.168.100.7:445 (Connection refused) failed session setup cli_net_use_add: connection failed. ! ... I can send a debug 100 file if you like :-) Cheers, Mike. ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Mike Harris Cc: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 2:01 PM Subject: RE: dificulties to log in domain > On Thu, 13 Jan 2000, Mike Harris wrote: > > > Is this the same (or related) problem?? > > > > I get the following error when running, for example: nmblookup -M - > > > > .. > > socket connect to /tmp/.nmb/agent failed > > [ignore this, btw: nmblookup does. ignore the error, that is] > > > name_query failed to find name __MSBROWSE__ > > ... > > > > And my clients can browse but not connect to the latest Samba TNG, well as > > of two days ago.... > > :) that's well over 48 hours, mike!!!!! damn, i dunno. some people, they > expect code to just stay the same :) > > do another cvs update, see what happens. > > love, > > luke > From lkcl at samba.org Wed Jan 12 15:41:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> Message-ID: On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. yeah, it will a bit. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? "domain logons = no" to disable BDC / PDC functionality (NETLOGON) this stops samba registering DOMAIN<1c> internet group name, and from answering SAMLOGON, GETDC requests. "domain master = no" to disable PDC / DMB functionality. this stops samba registering DOMAIN<1c> pdc unique name. these are the defaults, so anyone who enables them on an existing domain clearly _doesn't_ know what they are doing. alternatively, they can move the Samba Server to a different workgroup / domain, which is a [good] suggestion of one of your other KB articles. thx for responding, martin. luke > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From SCody at Gulbrandsen.com Wed Jan 12 15:40:16 2000 From: SCody at Gulbrandsen.com (Steve Cody) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: How about reading the post of Martin Kuhne [mkuhne@microsoft.com]......... -----Original Message----- From: David M. Davisson [mailto:davisson@pfp.net] Sent: Wednesday, January 12, 2000 10:32 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article Paul Rogers wrote: > > Erm, do a search for linux on the M$ KB and read some of the articles!! > > Also here's one that is *particularly* relevant to this list: > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > Perhaps someone (like the powers that be) regarding samba could pop a polite > e-mail to M$ explaining the solutions to their problems? Perhaps they might > listen to someone with an e-mail address @samba.org??? This is very interesting. At least M$ is aware that there are problems with domain browsing and nmb lookups, even if they are in denial. It is amazing how ignorant this article is about the basic underlying protocols. Its resolution is absolutely wrong. Samba when properly configured need not be the Master Browser. It is, however, the _ONLY_ way to tame and tune browser elections. I have two questions: 1. Will M$ even listen to the Samba community? 2. If yes to 1, who should we contact to try and educate them? -- David M. Davisson davisson@pfp.net From lkcl at samba.org Wed Jan 12 15:42:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> Message-ID: [to karl, and other samba subscribers: venting feelings is good, ppl (i do it all the time). channeled venting is better, though.] On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mhw at wittsend.com Wed Jan 12 15:42:55 2000 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387C9D23.4BAEB412@pfp.net>; from davisson@pfp.net on Thu, Jan 13, 2000 at 02:31:56AM +1100 References: <387C9D23.4BAEB412@pfp.net> Message-ID: <20000112104255.A3374@alcove.wittsend.com> On Thu, Jan 13, 2000 at 02:31:56AM +1100, David M. Davisson wrote: > Paul Rogers wrote: > > Erm, do a search for linux on the M$ KB and read some of the articles!! > > Also here's one that is *particularly* relevant to this list: > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > Perhaps someone (like the powers that be) regarding samba could pop a polite > > e-mail to M$ explaining the solutions to their problems? Perhaps they might > > listen to someone with an e-mail address @samba.org??? > This is very interesting. At least M$ is aware that there are problems > with domain browsing and nmb lookups, even if they are in denial. It is > amazing how ignorant this article is about the basic underlying > protocols. Its resolution is absolutely wrong. Samba when properly > configured need not be the Master Browser. It is, however, the _ONLY_ > way to tame and tune browser elections. > I have two questions: > 1. Will M$ even listen to the Samba community? They have already. Sometimes unwillingly, but they have listened to some of us, particularly on security matters. :-> > 2. If yes to 1, who should we contact to try and educate them? Several of us are going to be at the CIFS conference which is sponsored by Microsoft and attended by numerous Microsoft managers. They are rather sensitive to critism at that conference. I was accused of flaming Paul Leach's boss over some DNS compatibility issues at the last conference. It wasn't a flame (at least not by my standards) but it got their attention and feedback. Since they are trying to play like they are cooperating and it's in front of dozens of companies who are trying to interoperate with Microsoft servers, then might be a good time to bring this up. > -- > David M. Davisson > davisson@pfp.net Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From lkcl at samba.org Wed Jan 12 15:47:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387C9D23.4BAEB412@pfp.net> Message-ID: On Thu, 13 Jan 2000, David M. Davisson wrote: > Paul Rogers wrote: > > > > Erm, do a search for linux on the M$ KB and read some of the articles!! > > > > Also here's one that is *particularly* relevant to this list: > > > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > > > Perhaps someone (like the powers that be) regarding samba could pop a polite > > e-mail to M$ explaining the solutions to their problems? Perhaps they might > > listen to someone with an e-mail address @samba.org??? > > This is very interesting. At least M$ is aware that there are problems > with domain browsing and nmb lookups, even if they are in denial. It is > amazing how ignorant this article is about the basic underlying > protocols. Its resolution is absolutely wrong. Samba when properly > configured need not be the Master Browser. It is, however, the _ONLY_ > way to tame and tune browser elections. > > I have two questions: > > 1. Will M$ even listen to the Samba community? yes. eventually. maybe they'll even take our advice. they _are_ starting to, but it's a long process. there are several thousand microsoft employees, after all. > 2. If yes to 1, who should we contact to try and educate them? there _are_ people monitoring the samba lists, as their customers often complain to _them_ these days, if samba doesn't work with windows. From lkcl at samba.org Wed Jan 12 15:48:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: dificulties to log in domain In-Reply-To: <00ca01bf5d1b$c8418320$0164a8c0@win981> Message-ID: On Wed, 12 Jan 2000, Mike Harris wrote: > Luke, > > I'm not only about 3 hours out of date, surely not much could have changed > since then? yep! > Still get the same problem though :-( > > it still can't find __MSBROWSE__, going to run some tests with a PDC > involved ..... > > Also, rpcclient has a similar problem .... > > rpcclient -S NT4WKS-1 -SAdministrator%Secret > > then, lsaquery ... yields ... > socket connect to /tmp/.smb.0/agent failed > error connecting to 192.168.100.7:445 (Connection refused) > failed session setup > cli_net_use_add: connection failed. what _Exactly_ are you running???? this works fine. you're not running smb-agent, are you? :) From ed at schernau.com Wed Jan 12 15:55:06 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:55 2003 Subject: Linux KB article #1 - possible virus? Message-ID: <387CA3DA.11D7E86@schernau.com> Symptom: Random system lockups, vanishing storage space, irate users. Solution: Shut off the Windows NT server. Go to each Windows95,98 and NT workstation Run FDISK, and delete the virus (fdisk /mbr) Get a boot floppy and Linux CD. Reboot machine. (wink) -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From davisson at pfp.net Wed Jan 12 15:57:27 2000 From: davisson at pfp.net (David M. Davisson) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article References: <387C9D23.4BAEB412@pfp.net> <20000112104255.A3374@alcove.wittsend.com> Message-ID: <387CA467.EE966651@pfp.net> "Michael H. Warfield" wrote: > > > 2. If yes to 1, who should we contact to try and educate them? > > Several of us are going to be at the CIFS conference which is > sponsored by Microsoft and attended by numerous Microsoft managers. > They are rather sensitive to critism at that conference. I was accused > of flaming Paul Leach's boss over some DNS compatibility issues at the > last conference. It wasn't a flame (at least not by my standards) but > it got their attention and feedback. Since they are trying to play > like they are cooperating and it's in front of dozens of companies who > are trying to interoperate with Microsoft servers, then might be a good > time to bring this up. > Well, I am a developer, just not in the Samba world. I have found Samba a godsend to solving interoperability issues in my network administration. So, would it be useful for those of you going to the CIFS conference to gather the experiences of administrators using Samba? I would think that showing how Samba solves so many nagging networking problems might be useful. This DNS/netbios lookup issue is of particular importance. Most NT admins do not seem to have any idea about how important this is to smooth netowrk operation. In fact, ignorance seems to abound, netbios names and DNS names seem synonymous to many. Over the last 5 years and three assistant domain administrators (NT certified in some cases), I have had to hammer this issue home. It seems every time I get a new assistant I start finding client machines configured with the DNS domain name set to the netbios domain name. -- David M. Davisson davisson@pfp.net From timothy_d_cole at md.northgrum.com Wed Jan 12 16:04:13 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631BD@xcgmd008.md.essd.northgrum.com> Yes, this actually happened a few weeks ago when we tried to promote a BDC. It seems that I'd left "domain master = yes" on on one of the Samba servers, and for some reason, even though 0x1b is the PDC record, NT seems to assume that anything that has 0x1c (DMB) also has 0x1b (PDC), and doesn't actually bother to check. I was out at the time, though, so the IS folks fixed it by setting up a static 0x1c record. > -----Original Message----- > From: Larry Blunk [SMTP:lblunk@yahoo.com] > Sent: Tuesday, January 11, 2000 19:30 > To: Multiple recipients of list SAMBA-NTDOM > Subject: New Microsoft Knowledgebase article > > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com From timothy_d_cole at md.northgrum.com Wed Jan 12 16:06:02 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631BE@xcgmd008.md.essd.northgrum.com> The real solution/workaround to the problem does seem to be turning off "domain master" in smb.conf, in any case. > -----Original Message----- > From: Matthew Geddes [SMTP:mgeddes@xavier.sa.edu.au] > Sent: Tuesday, January 11, 2000 20:51 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > Greg Dickie wrote: > > > Isn't this caused by NT's broken implementation that can't separate a > PDC from > > a DMB? Freak'in M$ FUD! > > > > Greg > > > > A bit like some NT admins I know.... > > (the not being able to tell difference between DMB / PDC, as well as the > FUD) > > Matt From timothy_d_cole at md.northgrum.com Wed Jan 12 16:22:27 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631BF@xcgmd008.md.essd.northgrum.com> you forgot: domain master = no > -----Original Message----- > From: Greg Dickie [SMTP:greg@discreet.com] > Sent: Wednesday, January 12, 2000 10:22 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > > in smb.conf > > preferred master = no > domain logons = no > > Greg > > > On 12-Jan-00 Martin Kuhne wrote: > > I'm afraid what you wrote will be hard to get published. > > Does anyone have a practical suggestion on how to instruct an > inexperienced > > administrator to disable PDC functionality in Samba? > > > > Regards, > > Martin > > Microsoft GmbH > > > > -----Original Message----- > > From: Karl Denninger [mailto:karl@Denninger.Net] > > Sent: Mittwoch, 12. Januar 2000 01:39 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: New Microsoft Knowledgebase article > > > > > > Cute. > > > > "Turn off the Samba server". > > > > How about: > > > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > > go fuck themselves with a football - preferrably to the same > > regional sales force that sold you the NT crapware in the first > > place? > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > This kind of bullshit is PRECISELY what the US DOJ was after when they > threw > > the whole library (instead of one book) at Microsoft. > > > > -- > > -- > > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > > Isn't it time we started putting KIDS first? See the above URL for > > a plan to do exactly that! > > > > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > >> I just ran across the following article in > >> Microsoft's Knowledbase. See the following URL: > >> http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > >> Anyone know what this is about? > >> __________________________________________________ > >> Do You Yahoo!? > >> Talk to your friends online with Yahoo! Messenger. > >> http://im.yahoo.com > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com From lkcl at samba.org Wed Jan 12 16:29:56 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: Linux KB article #1 - possible virus? In-Reply-To: <387CA3DA.11D7E86@schernau.com> Message-ID: now, i don't want anyone asking for this to be added as a feature to samba. ... but if you put "fstype = CDFS" in a [sharename], and put an AUTORUN.INF file in the root of the share, windows will run the program at the pathname listed in AUTORUN.INF when that share is first accessed, like it was a CDROM drive. i'm sure that if you configured samba as a BDC, you could get a script to view that share on first user-login. this is a very easy way to upgrade all your windows workstations. luke On Thu, 13 Jan 2000, Edward Schernau wrote: > Symptom: Random system lockups, vanishing storage space, irate users. > > Solution: Shut off the Windows NT server. > Go to each Windows95,98 and NT workstation > Run FDISK, and delete the virus (fdisk /mbr) > Get a boot floppy and Linux CD. > Reboot machine. > > (wink) > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From timothy_d_cole at md.northgrum.com Wed Jan 12 16:33:09 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:55 2003 Subject: Samba "contaminates" Solaris ACLs Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631C0@xcgmd008.md.essd.northgrum.com> Yeah; this is actually something that we need to think about WRT ACL support in general. With ACLs, create mask and friends aren't necessarily relevent any more, and many times just serve to hose things up. As for the umask thing, on a system with Solaris/POSIX ACLs, it would probably be best to take the umask from the 'mask' ACE (if it exists) of the container you're creating the object in. I think. force mode creates yet more problems :( > -----Original Message----- > From: Andy Polyakov [SMTP:appro@fy.chalmers.se] > Sent: Wednesday, January 12, 2000 10:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Samba "contaminates" Solaris ACLs > > Hi! Given: > > - Solaris 2.6 box running Samba 2.0.6; > - a directory within a share with ACL (access control list) ensuring > that the files are created writable for certain group (kind of per > directory umask, very neat and useful); > - share is shared with the default "create mask" of 0744; > > Problem. If created on Windows the files don't appear writable to the > intended group, group write permissions are revoked. > > Cause. smbd sets umask(0) at startup and explicitly passes access > permissions to creat(2) (or open(...O_CREAT,mode)). With "create mask" > set to 0744 files files get created with at least 0644 as second argument > to creat(2) which makes group ACL to be demoted to read-only. The latter > is intended and logical behavior. Well, the former (umask(0)) is also > intended, but is it logical? I don't know... > > In either case, relaxing the "create mask" to 0764 on the whole share > isn't an option. Arranging separate share for just the subcatalog in > question is too confusing for users. Being squeezed between Samba, Solaris > and users I came up with the following kludge. But before you proceed I > want to make it clear that the presented code is just a wild experiment > and my *only* point is that the problem probably needs further discussion. > And I want to point out that the attached patch addresses *two* Solaris > problems. I've already posted the SHUFFLE_OVER_256 code described in the > comment once before to this list. The "solution" to the problem with ACLs > is not commented at all, but the idea is trivial. I derive intended umask > value from the "create mask" and pass it in 16 most significant bits of > mode argument to sys_[creat|open]. In order to minimize amount of system > calls, umask value is cached in lib_system_umask global variable. > > Cheers. Andy. > ------------------------------------------------ > *** ./smbd/dosmode.c.orig Wed Jul 21 03:25:20 1999 > --- ./smbd/dosmode.c Tue Jan 11 23:59:52 2000 > *************** > *** 49,56 **** > --- 49,60 ---- > /* We never make directories read only for the owner as under DOS a > user > can always create a file in a read-only directory. */ > result |= (S_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH | S_IWUSR); > + #if 0 > /* Apply directory mask */ > result &= lp_dir_mask(SNUM(conn)); > + #else > + result |= ((~lp_dir_mask(SNUM(conn))) & 0777) << 16; > + #endif > /* Add in force bits */ > result |= lp_force_dir_mode(SNUM(conn)); > } else { > *************** > *** 63,70 **** > --- 67,78 ---- > if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode)) > result |= S_IXOTH; > > + #if 0 > /* Apply mode mask */ > result &= lp_create_mask(SNUM(conn)); > + #else > + result |= ((~lp_create_mask(SNUM(conn))) & 0777) << 16; > + #endif > /* Add in force bits */ > result |= lp_force_create_mode(SNUM(conn)); > } > *** ./lib/doscalls.c.orig Thu Apr 8 23:13:01 1999 > --- ./lib/doscalls.c Tue Jan 11 23:57:38 2000 > *************** > *** 108,114 **** > > int dos_mkdir(char *dname,mode_t mode) > { > ! return(mkdir(dos_to_unix(dname,False),mode)); > } > > /******************************************************************* > --- 108,119 ---- > > int dos_mkdir(char *dname,mode_t mode) > { > ! extern mode_t lib_system_umask; > ! mode_t new_umask = (mode>>16) & 0777; > ! > ! if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); > ! > ! return(mkdir(dos_to_unix(dname,False),mode&0xFFFF)); > } > > /******************************************************************* > *** ./lib/system.c.orig Wed Jul 21 03:25:09 1999 > --- ./lib/system.c Tue Jan 11 23:54:51 2000 > *************** > *** 280,285 **** > --- 280,310 ---- > #endif > } > > + #if defined(SUNOS4) || (defined(SUNOS5) && !defined(__sparcv9)) > + /* > + * Under SunOS/32 the member of FILE structure that keeps the UNIX file > + * descriptor is only 8 bits wide:-( This means that stdio will fail > + * *miserably* if first 256 file descriptors are exhausted by calls to > + * open(2) and creat(2). In order to avoid this let's try to shuffle > file > + * descriptors obtained from mentioned system calls over when we start > + * approaching the limit. > + * Andy > + */ > + #define KEEP_SOME_FD_FOR_STDIO 32 > + #define SHUFFLE_OVER_256(fd) \ > + if (fd < 256 && fd > 256-KEEP_SOME_FD_FOR_STDIO) { \ > + int fdd; \ > + if ((fdd = fcntl(fd,F_DUPFD,256)) >= 256) \ > + close(fd), fd = fdd; \ > + } > + #else > + /* > + * Other OS that would suffer from this is IRIX 5.x and earlier. > + */ > + #endif > + > + mode_t lib_system_umask=0; > + > /******************************************************************* > A creat() wrapper that will deal with 64 bit filesizes. > ********************************************************************/ > *************** > *** 286,300 **** > > int sys_creat(const char *path, mode_t mode) > { > #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CREAT64) > ! return creat64(path, mode); > #else > /* > * If creat64 isn't defined then ensure we call a potential open64. > * JRA. > */ > ! return sys_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode); > #endif > } > > /******************************************************************* > --- 311,334 ---- > > int sys_creat(const char *path, mode_t mode) > { > + int fd; > + mode_t new_umask = (mode>>16) & 0777; > + > + if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); > + > #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CREAT64) > ! fd = creat64(path, mode&0xFFFF); > #else > /* > * If creat64 isn't defined then ensure we call a potential open64. > * JRA. > */ > ! fd = sys_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode); > ! #endif > ! #ifdef SHUFFLE_OVER_256 > ! SHUFFLE_OVER_256(fd); > #endif > + return fd; > } > > /******************************************************************* > *************** > *** 303,313 **** > > int sys_open(const char *path, int oflag, mode_t mode) > { > #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64) > ! return open64(path, oflag, mode); > #else > ! return open(path, oflag, mode); > #endif > } > > /******************************************************************* > --- 337,356 ---- > > int sys_open(const char *path, int oflag, mode_t mode) > { > + int fd; > + mode_t new_umask = (mode>>16) & 0777; > + > + if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); > + > #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64) > ! fd = open64(path, oflag, mode&0xFFFF); > #else > ! fd = open(path, oflag, mode&0xFFFF); > ! #endif > ! #ifdef SHUFFLE_OVER_256 > ! SHUFFLE_OVER_256(fd); > #endif > + return fd; > } > > /******************************************************************* From scrappy at hub.org Wed Jan 12 16:32:53 2000 From: scrappy at hub.org (The Hermit Hacker) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BE34B.A2EE0FE9@boeing.com> Message-ID: On Wed, 12 Jan 2000, Paul Allen wrote: > fact remains that the trial is not over yet, and there will be an > appeal. I'm not holding my breath. I figure if the government and > Microsoft keep each other busy long enough, Linux will have plenty > of time to achieve world domination. (No smileys here. I'm dead > serious.) Isn't that the mess we are in now? One OS dominiating the market? :) Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org From larry at ptcoupling.com Wed Jan 12 16:43:12 2000 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387CA467.EE966651@pfp.net> Message-ID: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> David: Gald you mentioned that, it's always been a bit of mystery to me. I know what a DNS name is, but what exactly is a netbios name? Where is it used? Larry -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of David M. Davisson Sent: Wednesday, January 12, 2000 10:23 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article "Michael H. Warfield" wrote: > > > 2. If yes to 1, who should we contact to try and educate them? > > Several of us are going to be at the CIFS conference which is > sponsored by Microsoft and attended by numerous Microsoft managers. > They are rather sensitive to critism at that conference. I was accused > of flaming Paul Leach's boss over some DNS compatibility issues at the > last conference. It wasn't a flame (at least not by my standards) but > it got their attention and feedback. Since they are trying to play > like they are cooperating and it's in front of dozens of companies who > are trying to interoperate with Microsoft servers, then might be a good > time to bring this up. > Well, I am a developer, just not in the Samba world. I have found Samba a godsend to solving interoperability issues in my network administration. So, would it be useful for those of you going to the CIFS conference to gather the experiences of administrators using Samba? I would think that showing how Samba solves so many nagging networking problems might be useful. This DNS/netbios lookup issue is of particular importance. Most NT admins do not seem to have any idea about how important this is to smooth netowrk operation. In fact, ignorance seems to abound, netbios names and DNS names seem synonymous to many. Over the last 5 years and three assistant domain administrators (NT certified in some cases), I have had to hammer this issue home. It seems every time I get a new assistant I start finding client machines configured with the DNS domain name set to the netbios domain name. -- David M. Davisson davisson@pfp.net From lk at NetUSE.DE Wed Jan 12 16:44:30 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:55 2003 Subject: Linux KB article #1 - possible virus? References: Message-ID: <387CAF6E.DA8D0305@NetUSE.DE> Luke Kenneth Casson Leighton wrote: > > now, i don't want anyone asking for this to be added as a feature to > samba. > > .. but if you put "fstype = CDFS" in a [sharename], and put an > AUTORUN.INF file in the root of the share, windows will run the program at > the pathname listed in AUTORUN.INF when that share is first accessed, like > it was a CDROM drive. i'm sure that if you configured samba as a BDC, you > could get a script to view that share on first user-login. > > this is a very easy way to upgrade all your windows workstations. Elegant! :-) Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From ink at inconnu.isu.edu Wed Jan 12 16:58:33 2000 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: BTW: When are the Samba lists going to become multipart-MIME in the digest? Every other list in the world is easy to browse in digest format, but not the Samba ones. :) On Thu, 13 Jan 2000 samba-ntdom@samba.org wrote: > Date: Thu, 13 Jan 2000 00:22:11 +1100 > From: Luke Kenneth Casson Leighton > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > this is because people xxxx up the samba installation by puttting "domain > master = yes" and "domain logons = yes" when there's already a PDC on the > network. > > anyone that's stupid enough to do this deserves to have their samba server > switched off, as suggested by the KB article. > > it would be better if the article suggested the likely cause, which is > that there are two PDCs on the network. regardless of the fact that one > of them is a samba server, you _cannot_ have two PDCs for the same domain. > this is very easy to do if you do not bother to use the same WINS server > or bother to use a WINS server at all. so, like i said, anyone who is > stupid enough to do this does not deserve to have _any_ computers on their > network. > > can this be addressed, scott? the KB article applies just as much to > having two NT PDCs as it does to having mixed samba/nt pdcs. I believe some of the blame lies with the company that decided "elections" were a secure form of controlling your network browse lists (and hence the keys to all your machines). I wonder what genius came up with that idea. :) From paul.rogers at mis-cds.com Wed Jan 12 16:57:37 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: Sorry about having to reply to my own post but you will need to restart the samba service after editing the smb.conf by either: login as root edit the /etc/smb.conf (details below:) run: testparm smb.conf to verify that the new config file is ok. If not, re-edit the file and test again. Red Hat systems & Linux systems that run samba from the /etc/rc.d/init.d directory: run: /etc/rc.d/init.d/smb restart other systems that don't run samba from /etc/rc.d/init.d directory: run the attached script on the samba server (will require transferring to any area on the samba machine) by typing: chmod 755 killdm ; ./killdm smbd This will re-load samba with the new configuration. HTH, Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. > > -----Original Message----- > > From: Paul Rogers [mailto:paul.rogers@mis-cds.com] > > Sent: Wednesday, January 12, 2000 3:17 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: RE: New Microsoft Knowledgebase article > > > > > > Yes: > > > > In /etc/smb.conf, edit / add the following lines to be: > > > > domain master = no > > preferred master = no > > local master = no > > domain logons = no > > os level = 20 > > > > to be a member of an NT controlled domain, edit / add: > > > > security = server > > password server = > > workgroup = > > win server = > > > > HTH Microsoft - it would be nice if instructions were added > > to the article > > with an apology? > > > > Paul Rogers, > > Development Analyst. > > > > MIS Corporate Defence Solutions Limited > > > > Tel: +44 (0)1622 723422 (Direct Line) > > +44 (0)1622 723400 (Switchboard) > > Fax: +44 (0)1622 728580 > > Website: http://www.mis-cds.com > > > > The information contained in this message or any of its > > attachments may be > > privileged and confidential and intended for the exclusive > use of the > > addressee. If you are not the addressee any disclosure, > reproduction, > > distribution or other dissemination or use of this communications is > > strictly prohibited. If you have received this > transmission in error, > > please contact our Security Manager on 44 (0) 1622 723400. > > > > > -----Original Message----- > > > From: Martin Kuhne [mailto:mkuhne@microsoft.com] > > > Sent: Wednesday, January 12, 2000 3:06 PM > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: RE: New Microsoft Knowledgebase article > > > > > > > > > I'm afraid what you wrote will be hard to get published. > > > Does anyone have a practical suggestion on how to instruct an > > > inexperienced > > > administrator to disable PDC functionality in Samba? > > > > > > Regards, > > > Martin > > > Microsoft GmbH > > > > > > -----Original Message----- > > > From: Karl Denninger [mailto:karl@Denninger.Net] > > > Sent: Mittwoch, 12. Januar 2000 01:39 > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: Re: New Microsoft Knowledgebase article > > > > > > > > > Cute. > > > > > > "Turn off the Samba server". > > > > > > How about: > > > > > > Format your disks, install Linux or FreeBSD, and tell > > > Microsoft to > > > go fuck themselves with a football - preferrably to the same > > > regional sales force that sold you the NT crapware in the first > > > place? > > > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > > > This kind of bullshit is PRECISELY what the US DOJ was after > > > when they threw > > > the whole library (instead of one book) at Microsoft. > > > > > > -- > > > -- > > > Karl Denninger (karl@denninger.net) Web: > > http://childrens-justice.org > > > Isn't it time we started putting KIDS first? See the > above URL for > > > a plan to do exactly that! > > > > > > > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > > > I just ran across the following article in > > > > Microsoft's Knowledbase. See the following URL: > > > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > > > Anyone know what this is about? > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Talk to your friends online with Yahoo! Messenger. > > > > http://im.yahoo.com > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: killdm Type: application/octet-stream Size: 190 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/e9e73d78/killdm.obj From davisson at pfp.net Wed Jan 12 17:05:37 2000 From: davisson at pfp.net (David M. Davisson) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article References: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> Message-ID: <387CB461.F88D1867@pfp.net> Larry McElderry wrote: > > David: > > Gald you mentioned that, it's always been a bit of mystery to me. I know > what a DNS name is, but what exactly is a netbios name? Where is it used? > > Larry Simply put, the netbios name is the name you give the computer in networking properties on Windows clients or servers. The DNS name is the host name and domain name that you put in the DNS networking properties. The host name and netbios name could (M$ says should) be the same. The netbios domain name is the name of the domain that you you and logon to. The DNS domain name is the same as your registered DNS domain name on ther internet. So the confusion could be like this: Host Name: PENTIUM NT (netbios) domain name: COMPANY DNS domain name: company.com In the network neighborhood you would see the computer Pentium. In your sendmail logs, the host would be recorded as pentium.company.com. As I said, simply put. There is a lot more to this issue. There are a couple of good docs in the Samba docs on this, and there is a brief and excellent explanation of netbios netowrking in the "Learn Samba in 24 Hours" book. I haven't read "Using Samba" yet, but I am sure there is a good explanation there too. Once you understand how DNS and netbios interact and work together, the source of a lot of those nagging little network miseries becomes apparent. -- David M. Davisson davisson@pfp.net From lk at NetUSE.DE Wed Jan 12 17:18:58 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:55 2003 Subject: smbd is crashing, after i joined the domain Message-ID: <387CB782.683A3AE3@NetUSE.DE> Hello! I had succesfully joined my samba-controlled domain(current TNG cvs). The PDC is a samba tng PDC. I created a workstation trust account (smbpasswd -m -a weigon) on the server. After that i joined the domain from other samba-server. When i start smbd i get follwing messages in log.smb: Added interface ip=192.168.254.67 bcast=192.168.254.255 nmask=255.255.255.0 file_init: Information only: requested 10000 open files, 1014 are available. No DFS map, Samba is running in NON DFS mode resolve_name: Attempting lmhosts lookup for name SH-INST resolve_name: Attempting host lookup for name SH-INST Connecting to 192.168.254.217 at port 445 error connecting to 192.168.254.217:445 (Connection refused) Connecting to 192.168.254.217 at port 139 resolve_name: Attempting lmhosts lookup for name SH-INST resolve_name: Attempting host lookup for name SH-INST socket connect to /tmp/.smb.0/agent failed Connecting to 192.168.254.217 at port 445 error connecting to 192.168.254.217:445 (Connection refused) Connecting to 192.168.254.217 at port 139 =============================================================== INTERNAL ERROR: Signal 11 in pid 17554 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error This is important part from my smb.conf. Is there somethin wrong? [global] debug level=3 security = domain workgroup = LARS encrypt passwords = yes os level = 3 wins server = 192.168.254.217 status = yes password server = sh-inst Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From mg at plum.de Wed Jan 12 17:35:30 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article References: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> <387CB461.F88D1867@pfp.net> Message-ID: <387CBB62.50428A75@plum.de> "David M. Davisson" wrote: > > Simply put, the netbios name is the name you give the computer in > networking properties on Windows clients or servers. The DNS name is > the host name and domain name that you put in the DNS networking > properties. The host name and netbios name could (M$ says should) be > the same. The netbios domain name is the name of the domain that you > you and logon to. The DNS domain name is the same as your registered > DNS domain name on ther internet. So the confusion could be like this: > > Host Name: PENTIUM > NT (netbios) domain name: COMPANY > DNS domain name: company.com > > In the network neighborhood you would see the computer Pentium. In your > sendmail logs, the host would be recorded as pentium.company.com. > > As I said, simply put. There is a lot more to this issue. There are a > couple of good docs in the Samba docs on this, and there is a brief and > excellent explanation of netbios netowrking in the "Learn Samba in 24 > Hours" book. I haven't read "Using Samba" yet, but I am sure there is a > good explanation there too. Once you understand how DNS and netbios > interact and work together, the source of a lot of those nagging little > network miseries becomes apparent. Btw .. while we are at this topic : are there some scripts that take the netbios name from a dhcpd.leases file and genereate some bind config files (some A, and IN PTR records ..) ? (in order to keep the DNS and netbios names in sync ...) TIA, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From benski at pacbell.net Wed Jan 12 17:39:18 2000 From: benski at pacbell.net (Benjamin Hyatt) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387CB461.F88D1867@pfp.net> Message-ID: Ha ha , you guys/gals crack me up. Most "NT Admins" wouldn't know how to setup DNS on a Unix box to save their life. While we are on the subject of M$..... Has anyone been following M$'s SFU (services for UNIX)? http://www.microsoft.com/windows/sfu Interesting.... {Ben} From jlevine at siphoto.com Wed Jan 12 17:34:48 2000 From: jlevine at siphoto.com (Jason Levine) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <38792070@webmail.siphoto.com> Paul Rogers wrote: >In /etc/smb.conf, edit / add the following lines to be: > >domain master = no >local master = no >domain logons = no >os level = 20 No -- "local master" has nothing to do with being a primary domain controller, it's purely a local master browser thing. Likewise, "os level" is only whether or not a machine can become the local master browser in the selection process with other machines, and has nothing to do with the PDC role. And "domain logons", so far as I can tell, has absolutely no effect when the security model is set to domain ("security=domain") -- it's a Win9X thing, and it's purely for workgroups, not for domains. All this illustrates my problem with this whole discussion -- there's a lot of ego flying around about how certain users aren't "qualified" to have samba boxes, when we're talking about a configuration that's clearly confusing even to some long-time samba users. "DOmain master" and "local master" mean very different things, about entirely different roles (PDC/DMB vs LMB), despite being named such that it's not an entirely out-there conclusion that they are similar, and I'd venture to guess that many samba admins have made this mistake (and fixed it on their own, when they read the docs). Yes, MS didn't document the right remedy -- but then again, neither did a lot of posts to this very list, the technical list for samba and NT domain controller code. /jason /--------------------------------------------------------------\ For PGP public key, go to: http://www.queso.com/keys/siphoto.txt Fingerprint: DB4C C56A 74ED 5F6E 1A7C 39B4 7354 01FD 8793 E537 From ed at schernau.com Wed Jan 12 17:46:08 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article References: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> <387CB461.F88D1867@pfp.net> <387CBB62.50428A75@plum.de> Message-ID: <387CBDE0.83773B83@schernau.com> Michael Glauche wrote: > Btw .. while we are at this topic : > are there some scripts that take the netbios name from a dhcpd.leases > file and genereate some bind config files (some A, and IN PTR records > .) ? > (in order to keep the DNS and netbios names in sync ...) > > TIA, > Michael Or a specially patched bind that magically handles this? ;-) -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From larry at ptcoupling.com Wed Jan 12 17:48:55 2000 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387CB461.F88D1867@pfp.net> Message-ID: <000d01bf5d25$4be42800$01f4dd80@larry.cmt> >-----Original Message----- >From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of >David M. Davisson >Sent: Wednesday, January 12, 2000 11:11 AM >To: Multiple recipients of list SAMBA-NTDOM >Subject: Re: New Microsoft Knowledgebase article > > >Larry McElderry wrote: >> >> David: >> >> Gald you mentioned that, it's always been a bit of mystery to >me. I know >> what a DNS name is, but what exactly is a netbios name? Where >is it used? >> >> Larry > >Simply put, the netbios name is the name you give the computer in >networking properties on Windows clients or servers. The DNS name is >the host name and domain name that you put in the DNS networking >properties. The host name and netbios name could (M$ says should) be >the same. The netbios domain name is the name of the domain that you >you and logon to. The DNS domain name is the same as your registered >DNS domain name on ther internet. So the confusion could be like this: > >Host Name: PENTIUM >NT (netbios) domain name: COMPANY >DNS domain name: company.com > >In the network neighborhood you would see the computer Pentium. In your >sendmail logs, the host would be recorded as pentium.company.com. > >As I said, simply put. There is a lot more to this issue. There are a >couple of good docs in the Samba docs on this, and there is a brief and >excellent explanation of netbios netowrking in the "Learn Samba in 24 >Hours" book. I haven't read "Using Samba" yet, but I am sure there is a >good explanation there too. Once you understand how DNS and netbios >interact and work together, the source of a lot of those nagging little >network miseries becomes apparent. > >-- >David M. Davisson >davisson@pfp.net > OK. That's what I thought it was. I guess it's never been an issue since I always use the same name for each (things can confusing enough without having multiple names for 1 machine). Personally, I also like the machine name to match the user's (login) name. Thanks for clearing that up. Larry From mhw at wittsend.com Wed Jan 12 17:51:37 2000 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: <387CBB62.50428A75@plum.de>; from mg@plum.de on Thu, Jan 13, 2000 at 04:32:10AM +1100 References: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> <387CB461.F88D1867@pfp.net> <387CBB62.50428A75@plum.de> Message-ID: <20000112125137.A5244@alcove.wittsend.com> On Thu, Jan 13, 2000 at 04:32:10AM +1100, Michael Glauche wrote: > "David M. Davisson" wrote: > > Simply put, the netbios name is the name you give the computer in > > networking properties on Windows clients or servers. The DNS name is > > the host name and domain name that you put in the DNS networking > > properties. The host name and netbios name could (M$ says should) be > > the same. The netbios domain name is the name of the domain that you > > you and logon to. The DNS domain name is the same as your registered > > DNS domain name on ther internet. So the confusion could be like this: > > > > Host Name: PENTIUM > > NT (netbios) domain name: COMPANY > > DNS domain name: company.com > > > > In the network neighborhood you would see the computer Pentium. In your > > sendmail logs, the host would be recorded as pentium.company.com. > > > > As I said, simply put. There is a lot more to this issue. There are a > > couple of good docs in the Samba docs on this, and there is a brief and > > excellent explanation of netbios netowrking in the "Learn Samba in 24 > > Hours" book. I haven't read "Using Samba" yet, but I am sure there is a > > good explanation there too. Once you understand how DNS and netbios > > interact and work together, the source of a lot of those nagging little > > network miseries becomes apparent. > > Btw .. while we are at this topic : > are there some scripts that take the netbios name from a dhcpd.leases > file and genereate some bind config files (some A, and IN PTR records > .) ? > (in order to keep the DNS and netbios names in sync ...) I saw (had) some scripts that worked with the ISC dhcpd server and translated to dynamic DNS updates. Problem was that you need to do some REALLY GOOD filtering because some of those netbios names are ILLEGAL in DNS (names with illegal characters likes spaces, dashes, dots, etc, etc, etc). Then you have to decide just what to do when someone DOES add a name with illegal characters. It seems that the DHCP protocol has no provisions for refusing an address because the name is illegal. The "netbios name with characters that are illegal in DNS" is going to get real amusing as chumps (uh admins) try to upgrade to Windows 2000 and try and get everything running under DNS. "Uh gee, I don't know why the name 'My PC-2.3' doesn't work any more. It worked with Windows NT 3.51 and 4.0!" > TIA, > Michael > -- > Samba NT-Domain howto (in german) > http://www.sambahq.de Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From ed at schernau.com Wed Jan 12 17:57:04 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:55 2003 Subject: Microsoft Knowledgebase article / smb.conf References: <38792070@webmail.siphoto.com> Message-ID: <387CC070.288BD757@schernau.com> Jason Levine wrote: > >Yes, MS didn't document the right remedy -- but then again, neither did a lot > of posts to this very list, the technical list for samba and NT domain > controller code. Perhaps a revamp of the docs, or maybe renaming (aliasing??) some of the smb.conf parameters would help. some sort of new notation maybe? like: browser.domain.master = no browser.os.level = NT (with some sort of DOS,Win9x,NT, or NT++ setting). since you only need to be > than 1 OS, you dont NEED os level = 20, you just need a 2, 17 or 33 really. So Samba can either = DOS, Win9x, or NT, or be 1 level higher if needed. security.security.mode = server security.password.server = to help illustrate the types of things that the commands do?? i.e. wins.activate.server = no wins.server = w.x.y.z -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From JJones at nwnets.com Wed Jan 12 18:01:14 2000 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <4128C0428F94D3118F1E00902773CED201B3C2@NNSBOIS1> Okay... You're all quite right for bashing MS as far as this article is concerned, and for many other things as well. It is very much true that even MS's implemetations of "standards" are so filled with "enhancements" (i.e. w2k's kerberos and ldap implementations, for starters) that interoperability is difficult at best. It seems, however, that some on this list have animosity not only towards MS as a company and NT as an OS, but also towards those of us who administer NT networks. If you'd like cooperation from NT admins, and are genuinely interested in the possibility of heterogeneous networking, why would you work so hard to alienate so many of the people you will more than likeley need to work with? It is true that some of us--myself included--are not as technically adept with linux/unix as with NT. These OSs require different skill sets and training. If an NT admin has not heard of a file called "krb5.conf" it does not mean that the NT admin is an imbecil. It means the NT admin is unfamiliar with configuring kerberos v5 on a Unix box. At least some NT admins are interested in interoperability. And at least some of us are not complete morons. Please keep this in mind. Thanks, Jeremy Jones, MA, MCSE, CCNA Systems Analyst Northwest Network Services (208) 343-5260 x106 http://www.nwnets.com mailto:jjones@nwnets.com From paul.rogers at mis-cds.com Wed Jan 12 18:00:46 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: > Paul Rogers wrote: > > >In /etc/smb.conf, edit / add the following lines to be: > > > >domain master = no > >local master = no > >domain logons = no > >os level = 20 > > No -- "local master" has nothing to do with being a primary domain > controller, it's purely a local master browser thing. True, but trying to oust a PDC from being a local master, as far as I understand, isn't a blindingly intelligent thing to do?? > Likewise, "os level" is only whether or not a machine can become the > local master browser in the selection process with other machines, and > has nothing to do with the PDC role. Again, could someone (Luke) please verify this. I was of the understanding that it is relevant. > And "domain logons", so far as I can tell, has absolutely no effect when > the security model is set to domain ("security=domain") -- it's a > Win9X thing, and it's purely for workgroups, not for domains. domain logons *does have* an affect. It did when installing our Samba boxes - please see Luke's earlier posting confirming this when another PDC exists on the network! > All this illustrates my problem with this whole discussion -- > there's a lot of ego flying around about how certain users aren't > "qualified" to have samba boxes.... Wooohhhhhh! Slow down! I was only posting in reply to the question asked what would be a solution. This has worked for me and as far as I understand it is correct. In my opinion to have options completely locked down rather than unspecified is a more sensible way of implementing configurations for any daemon because you then know *exactly* what each parameter is set to. Sorry - will remember to post a disclaimer next time! > when we're talking about a configuration that's clearly confusing even to > some long-time samba users. quite > "DOmain master" and "local master" mean very different things, about > entirely different roles (PDC/DMB vs LMB) That's true - they do mean different things but they can affect the running of an NT PDC if local master = yes (it did on our net). despite > Yes, MS didn't document the right remedy -- but then again, neither did > alot of posts to this very list, the technical list for samba and > NT domain controller code. I haven't seen Luke disagree with the posts here? Perhaps Luke should post his solution here? Only trying to help! > > /jason > Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. From lkcl at samba.org Wed Jan 12 18:02:00 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Thu, 13 Jan 2000, Craig Kelley wrote: > > BTW: When are the Samba lists going to become multipart-MIME in the > digest? Every other list in the world is easy to browse in digest format, > but not the Samba ones. :) when someone hacks the freely-available version listproc sources to do it. From lkcl at samba.org Wed Jan 12 18:05:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: smbd is crashing, after i joined the domain In-Reply-To: <387CB782.683A3AE3@NetUSE.DE> Message-ID: hmm, i think i need to set up samba-tng as a domain-member. another thing on my todo-list. On Thu, 13 Jan 2000, Lars Kneschke wrote: > Hello! > > I had succesfully joined my samba-controlled domain(current TNG > cvs). > The PDC is a samba tng PDC. I created a workstation trust account > (smbpasswd -m -a weigon) on the server. After that i joined the > domain from other samba-server. > > When i start smbd i get follwing messages in log.smb: > > Added interface ip=192.168.254.67 bcast=192.168.254.255 > nmask=255.255.255.0 > file_init: Information only: requested 10000 open files, 1014 are > available. > No DFS map, Samba is running in NON DFS mode > resolve_name: Attempting lmhosts lookup for name SH-INST > resolve_name: Attempting host lookup for name SH-INST > Connecting to 192.168.254.217 at port 445 > error connecting to 192.168.254.217:445 (Connection refused) > Connecting to 192.168.254.217 at port 139 > resolve_name: Attempting lmhosts lookup for name SH-INST > resolve_name: Attempting host lookup for name SH-INST > socket connect to /tmp/.smb.0/agent failed > Connecting to 192.168.254.217 at port 445 > error connecting to 192.168.254.217:445 (Connection refused) > Connecting to 192.168.254.217 at port 139 > =============================================================== > INTERNAL ERROR: Signal 11 in pid 17554 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > =============================================================== > PANIC: internal error > > This is important part from my smb.conf. Is there somethin wrong? > > [global] > debug level=3 > security = domain > workgroup = LARS > encrypt passwords = yes > os level = 3 > wins server = 192.168.254.217 > status = yes > password server = sh-inst > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 18:10:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: <387CBDE0.83773B83@schernau.com> Message-ID: andrew has added a WINS registration "script" option that allows you to run scripts on registration / release of NetBIOS names. On Thu, 13 Jan 2000, Edward Schernau wrote: > Michael Glauche wrote: > > Btw .. while we are at this topic : > > are there some scripts that take the netbios name from a dhcpd.leases > > file and genereate some bind config files (some A, and IN PTR records > > .) ? > > (in order to keep the DNS and netbios names in sync ...) > > > > TIA, > > Michael > > Or a specially patched bind that magically handles this? ;-) > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 18:12:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: <20000112125137.A5244@alcove.wittsend.com> Message-ID: > > are there some scripts that take the netbios name from a dhcpd.leases > > file and genereate some bind config files (some A, and IN PTR records > > .) ? > > (in order to keep the DNS and netbios names in sync ...) > > I saw (had) some scripts that worked with the ISC dhcpd server > and translated to dynamic DNS updates. Problem was that you need to > do some REALLY GOOD filtering because some of those netbios names are > ILLEGAL in DNS (names with illegal characters likes spaces, dashes, dots, > etc, etc, etc). Then you have to decide just what to do when someone > DOES add a name with illegal characters. It seems that the DHCP > protocol has no provisions for refusing an address because the name > is illegal. only <00> / <20> and <1b> names should be registered (SMB client / SMB server / DOMAIN name). From lkcl at samba.org Wed Jan 12 18:14:43 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Thu, 13 Jan 2000, Paul Rogers wrote: > > Paul Rogers wrote: > > > > >In /etc/smb.conf, edit / add the following lines to be: > > > > > >domain master = no > > >local master = no > > >domain logons = no > > >os level = 20 > > > > No -- "local master" has nothing to do with being a primary domain > > controller, it's purely a local master browser thing. > > True, but trying to oust a PDC from being a local master, as far as I > understand, isn't a blindingly intelligent thing to do?? said this once, said it a hundred times. DMB functionality has NOTHING to do with LMB funcitonality. try it yorself, if you like: domain master = yes domain logons = yes local master = no preferred mater = no os level = 0 all that will happen is that your browser lists will take slightly longer to update. From pfrazao at ualg.pt Wed Jan 12 18:14:43 2000 From: pfrazao at ualg.pt (Pedro Miguel Frazao Fernandes Ferreira) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387CC493.514545@ualg.pt> Hi All, Benjamin Hyatt wrote: > > Ha ha , you guys/gals crack me up. > Most "NT Admins" wouldn't know how to setup DNS on a Unix box to save their > life. > While we are on the subject of M$..... > Has anyone been following M$'s SFU (services for UNIX)? > http://www.microsoft.com/windows/sfu > > Interesting.... Not so much. The only thing I tryed to use (in the ancient days we had an NT server) was M$ telnet server. The version we ran kept crashing when a second user accessed the service. In the issue of interoperability between Unixes and Windozes I strongly believe SAMBA is the way. It will be much more painfull to provide Win with "reliable" Unix style services than the opposite way. Pedro > > {Ben} -- The ideas or conclusions in this message dont necessarily reflect those from the institution providing my email adress. They are my own ideas and all the rest of the bla bla bla bla. Got the idea ? ;-) ------------------------------------------------------------------------ Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal pfrazao@ualg.pt Tel.:+351 289 800950 / 872959 Fax: +351 289 818560 http://w3.ualg.pt/~pfrazao From lkcl at samba.org Wed Jan 12 18:15:46 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: > I haven't seen Luke disagree with the posts here? Perhaps Luke should post > his solution here? i did. domain master = no; domain logons = no. or move the samba server to a different workgroup/domain. From jeremy at valinux.com Wed Jan 12 19:20:26 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article References: <4128C0428F94D3118F1E00902773CED201B3C2@NNSBOIS1> Message-ID: <387CD3FA.9E7FCB87@valinux.com> Jeremy Jones wrote: > It seems, however, that some on this list have animosity not only towards MS > as a company and NT as an OS, but also towards those of us who administer NT > networks. If you'd like cooperation from NT admins, and are genuinely > interested in the possibility of heterogeneous networking, why would you > work so hard to alienate so many of the people you will more than likeley > need to work with? It is true that some of us--myself included--are not as > technically adept with linux/unix as with NT. These OSs require different > skill sets and training. If an NT admin has not heard of a file called > "krb5.conf" it does not mean that the NT admin is an imbecil. It means the > NT admin is unfamiliar with configuring kerberos v5 on a Unix box. > > At least some NT admins are interested in interoperability. And at least > some of us are not complete morons. Please keep this in mind. *Very* good point. I have been watching this thread degenerate into a "I hate Microsoft" rant (too busy to post anything as I'm trying to get all the pending patches integrated for 2.0.7. I shouldn't be posting this :-). Not very inspiring for anyone working with NT on a daily basis (this includes me !). Remember, Samba is an outreach tool to help NT and UNIX interoperate (at least that's how I'd classify it). It's the glue between UNIX and Windows. I always welcome the chance to talk to Windows administrators because they are usually very interested in improving their skillset and see Samba running on a UNIX system as a good way to move their skills into the higher paid UNIX world. Microsoft Certified Professional magazine even commissioned a front page article on Samba ! Let's help MCSE's to move into the UNIX/Linux world. Remember, people tend to recommend what they know, so spread the knowledge around :-). Let's all just play nice on the same networks, and help everyone to learn how to do the same. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From paul.rogers at mis-cds.com Wed Jan 12 18:25:12 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Wednesday, January 12, 2000 6:16 PM > To: Paul Rogers > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > i did. domain master = no; domain logons = no. or move the > samba server > to a different workgroup/domain. Apologies - missed that one. Any chance of the solution you sent to Microsoft? Regarding the LMB issue - it sent our NT PDC cranky when one of our Samba boxes became the local master. Just speaking from experience! Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. From mhw at wittsend.com Wed Jan 12 18:33:38 2000 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:27:56 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: ; from lkcl@samba.org on Thu, Jan 13, 2000 at 05:12:08AM +1100 References: <20000112125137.A5244@alcove.wittsend.com> Message-ID: <20000112133338.A5247@alcove.wittsend.com> On Thu, Jan 13, 2000 at 05:12:08AM +1100, Luke Kenneth Casson Leighton wrote: > > > are there some scripts that take the netbios name from a dhcpd.leases > > > file and genereate some bind config files (some A, and IN PTR records > > > .) ? > > > (in order to keep the DNS and netbios names in sync ...) > > I saw (had) some scripts that worked with the ISC dhcpd server > > and translated to dynamic DNS updates. Problem was that you need to > > do some REALLY GOOD filtering because some of those netbios names are > > ILLEGAL in DNS (names with illegal characters likes spaces, dashes, dots, > > etc, etc, etc). Then you have to decide just what to do when someone > > DOES add a name with illegal characters. It seems that the DHCP > > protocol has no provisions for refusing an address because the name > > is illegal. > only <00> / <20> and <1b> names should be registered (SMB client / SMB > server / DOMAIN name). But we're not talking about names from the Netbios name table, Luke. We're talking about the name that shows up in the DHCP leases file. That name is the node name / workstation name that the workstation uses when requesting a dhcp lease. That would be the basis for the names you mentioned after it gets on the net (has the lease) and is able to add the appropriately synthesized netbios names. That 15 character name can have characters which are illegal in a DNS zone file. So someone names their PC "My PC_2.". Note that the space and the underbar (I was thinking it was a dash - but a dash is legal) are illegal in a domain name. Putting a "." in a simple name is a sure fired way to commit random acts of terrorism, especially trailing dots which have very specific, very special, meaning in DNS zone specifications (it means don't append the current zone to the name). Some guys discovered the hard way that arbitrarily taking the node name from the dhcp leases file and plugging it into a DNS zone file was a good way to get bind to bitch and dump your entire zone into the dumper due to an illegal entry. Happened to several people playing with the DHCP to Dynamic DNS scripts. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From lkcl at samba.org Wed Jan 12 18:37:28 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: <20000112133338.A5247@alcove.wittsend.com> Message-ID: On Wed, 12 Jan 2000, Michael H. Warfield wrote: > On Thu, Jan 13, 2000 at 05:12:08AM +1100, Luke Kenneth Casson Leighton wrote: > > > > are there some scripts that take the netbios name from a dhcpd.leases > > > > file and genereate some bind config files (some A, and IN PTR records > > > > .) ? > > > > (in order to keep the DNS and netbios names in sync ...) > > > > I saw (had) some scripts that worked with the ISC dhcpd server > > > and translated to dynamic DNS updates. Problem was that you need to > > > do some REALLY GOOD filtering because some of those netbios names are > > > ILLEGAL in DNS (names with illegal characters likes spaces, dashes, dots, > > > etc, etc, etc). Then you have to decide just what to do when someone > > > DOES add a name with illegal characters. It seems that the DHCP > > > protocol has no provisions for refusing an address because the name > > > is illegal. > > > only <00> / <20> and <1b> names should be registered (SMB client / SMB > > server / DOMAIN name). > > But we're not talking about names from the Netbios name table, Luke. have i got this the other way round, then? yes, i have, haven't i. i'm thinking of "wins server" should only register 00 / 20 / 1b names with bind, using "wins script". From lkcl at samba.org Wed Jan 12 18:40:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Thu, 13 Jan 2000, Paul Rogers wrote: > > -----Original Message----- > > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > > Sent: Wednesday, January 12, 2000 6:16 PM > > To: Paul Rogers > > Cc: Multiple recipients of list SAMBA-NTDOM > > Subject: RE: New Microsoft Knowledgebase article > > i did. domain master = no; domain logons = no. or move the > > samba server > > to a different workgroup/domain. > > Apologies - missed that one. Any chance of the solution you sent to > Microsoft? that was basically it. original's in archives. > Regarding the LMB issue - it sent our NT PDC cranky when one of our Samba > boxes became the local master. Just speaking from experience! this should only disrupt the network neighbourhood, though, not critical domain services. From timothy_d_cole at md.northgrum.com Wed Jan 12 18:45:45 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:56 2003 Subject: Linux KB article #1 - possible virus? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631C1@xcgmd008.md.essd.northgrum.com> As a matter of interest, you can (theoretically, I haven't tried this yet) also use this to add entries to the context menu for the drive, and to set the drive's icon in Explorer. Setting the fstype to CDFS doesn't appear to affect any other properties of the share, either. > -----Original Message----- > From: Lars Kneschke [SMTP:lk@NetUSE.DE] > Sent: Wednesday, January 12, 2000 11:51 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Linux KB article #1 - possible virus? > > Luke Kenneth Casson Leighton wrote: > > > > now, i don't want anyone asking for this to be added as a feature to > > samba. > > > > .. but if you put "fstype = CDFS" in a [sharename], and put an > > AUTORUN.INF file in the root of the share, windows will run the program > at > > the pathname listed in AUTORUN.INF when that share is first accessed, > like > > it was a CDROM drive. i'm sure that if you configured samba as a BDC, > you > > could get a script to view that share on first user-login. > > > > this is a very easy way to upgrade all your windows workstations. > Elegant! :-) > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From mkuhne at microsoft.com Wed Jan 12 16:34:27 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article Message-ID: <0D0BF2D3C30CD3118D4F00805FA70CE803F36244@MUC-MSG-01> Thanks for the feedback. That's the proposed change: CAUSE ===== When adding a Samba server configured as Primary Domain Controller to an existing Windows NT domain, there will be two PDCs in this domain. This is not allowed in Windows NT. RESOLUTION ========== To restore PDC functionality, take the Samba server off the network and restart the netlogon service on the original Windows NT PDC. To resolve this problem, disable the domain controller functionality on the Samba server. This can be done by changing the following values in the Samba configuration file (smb.conf): domain master = no preferred master = no domain logons = no For further information, please refer to the product documentation or to the manufacturer's web site (http://www.samba.org) MORE INFORMATION ================ SAMBA is a third-party implementation of the SMB networking protocol used by Windows NT. Regards, Martin Microsoft GmbH -----Original Message----- From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] Sent: Mittwoch, 12. Januar 2000 16:41 To: Martin Kuhne Cc: Multiple recipients of list SAMBA-NTDOM Subject: RE: New Microsoft Knowledgebase article On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. yeah, it will a bit. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? "domain logons = no" to disable BDC / PDC functionality (NETLOGON) this stops samba registering DOMAIN<1c> internet group name, and from answering SAMLOGON, GETDC requests. "domain master = no" to disable PDC / DMB functionality. this stops samba registering DOMAIN<1c> pdc unique name. these are the defaults, so anyone who enables them on an existing domain clearly _doesn't_ know what they are doing. alternatively, they can move the Samba Server to a different workgroup / domain, which is a [good] suggestion of one of your other KB articles. thx for responding, martin. luke > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From jlevine at siphoto.com Wed Jan 12 19:02:03 2000 From: jlevine at siphoto.com (Jason Levine) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article Message-ID: <387921FA@webmail.siphoto.com> >> No -- "local master" has nothing to do with being a primary domain >> controller, it's purely a local master browser thing. > >True, but trying to oust a PDC from being a local master, as far as I >understand, isn't a blindingly intelligent thing to do?? Again, so far as I understand, the PDC cannot be ousted as a local master; even if it *can*, though, the "local master" setting isn't a definitive samba-will-become-LMB setting, it's a samba-will-try-to-become-an-LMB setting. >> Likewise, "os level" is only whether or not a machine can become the >> local master browser in the selection process with other machines, and >> has nothing to do with the PDC role. > >Again, could someone (Luke) please verify this. I was of the understanding >that it is relevant. It's relevant only to the master browser election process, but there can only be one PDC, and there's no election process for that per se. >> And "domain logons", so far as I can tell, has absolutely no effect when >> the security model is set to domain ("security=domain") -- it's a >> Win9X thing, and it's purely for workgroups, not for domains. > >domain logons *does have* an affect. It did when installing our Samba >boxes - please see Luke's earlier posting confirming this when another >PDC exists on the network! If it does have an effect, then the docs need to be changed; the DOMAIN.TXT file says that it's only relevant in two security settings (the ones that they are I don't remember, and I don't have access to that file right now). >> All this illustrates my problem with this whole discussion -- >> there's a lot of ego flying around about how certain users aren't >> "qualified" to have samba boxes.... > >Wooohhhhhh! Slow down! I was only posting in reply to the question asked >what would be a solution. This has worked for me and as far as I understand >it is correct. In my opinion to have options completely locked down rather >than unspecified is a more sensible way of implementing configurations for >any daemon because you then know *exactly* what each parameter is set to. > >Sorry - will remember to post a disclaimer next time! Me too -- I wasn't impugning you specifically, Paul. I was talking about the whole conversation -- you just posted the solution that I corrected, but specifically did NOT trash the notion of Windows users with samba boxes. I apologize for the implication otherwise. On the whole, I like Jeremy Jones's post today that it's idiotic to turn the samba wrath onto all WinNT admins -- a lot of us are quite competent, and also are learning samba the same way that everyone else did, by docs and by experience. But this animosity makes me not want to use the product, which I know most people here couldn't care less about... which I guess is also part of the problem. /jason /--------------------------------------------------------------\ For PGP public key, go to: http://www.queso.com/keys/siphoto.txt Fingerprint: DB4C C56A 74ED 5F6E 1A7C 39B4 7354 01FD 8793 E537 From SCody at Gulbrandsen.com Wed Jan 12 19:15:49 2000 From: SCody at Gulbrandsen.com (Steve Cody) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article - OVER?? Message-ID: To EVERYONE who has been whining about this issue all day on this same thread: As you can see by the response below, it takes serious replies, and serious emails to the right people to make things happen. A bunch of complaining, whining, OS bashing doesn't do anything but boost your ego. There has always been one thing you could tell about Linux lovers... About 90% of them are fanatics, and the remaining 10% get things accomplished. How many RAVING Microsoft fanatics are there out there? I myself, use Linux, and Windows NT on my networks. They both have their appropriate uses. It's time to come to reality and see that software CAN co-exist. WHAT DO YOU THINK THE PURPOSE OF SAMBA IS ANYWAY?! Steve Cody Information Systems Administrator Gulbrandsen Manufacturing, Inc. Office - 803-531-2413 x102 Email - scody@gulbrandsen.com -----Original Message----- From: Martin Kuhne [mailto:mkuhne@microsoft.com] Sent: Wednesday, January 12, 2000 2:06 PM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: New Microsoft Knowledgebase article Thanks for the feedback. That's the proposed change: CAUSE ===== When adding a Samba server configured as Primary Domain Controller to an existing Windows NT domain, there will be two PDCs in this domain. This is not allowed in Windows NT. RESOLUTION ========== To restore PDC functionality, take the Samba server off the network and restart the netlogon service on the original Windows NT PDC. To resolve this problem, disable the domain controller functionality on the Samba server. This can be done by changing the following values in the Samba configuration file (smb.conf): domain master = no preferred master = no domain logons = no For further information, please refer to the product documentation or to the manufacturer's web site (http://www.samba.org) MORE INFORMATION ================ SAMBA is a third-party implementation of the SMB networking protocol used by Windows NT. Regards, Martin Microsoft GmbH -----Original Message----- From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] Sent: Mittwoch, 12. Januar 2000 16:41 To: Martin Kuhne Cc: Multiple recipients of list SAMBA-NTDOM Subject: RE: New Microsoft Knowledgebase article On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. yeah, it will a bit. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? "domain logons = no" to disable BDC / PDC functionality (NETLOGON) this stops samba registering DOMAIN<1c> internet group name, and from answering SAMLOGON, GETDC requests. "domain master = no" to disable PDC / DMB functionality. this stops samba registering DOMAIN<1c> pdc unique name. these are the defaults, so anyone who enables them on an existing domain clearly _doesn't_ know what they are doing. alternatively, they can move the Samba Server to a different workgroup / domain, which is a [good] suggestion of one of your other KB articles. thx for responding, martin. luke > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From greg at discreet.com Wed Jan 12 19:18:03 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36244@MUC-MSG-01> Message-ID: Thank-you Martin, I'm impressed. Glad to see some of you Redmond guys actually take this seriously. Greg On 12-Jan-00 Martin Kuhne wrote: > Thanks for the feedback. That's the proposed change: > > CAUSE > ===== > > When adding a Samba server configured as Primary Domain Controller to an > existing Windows NT domain, there will be two PDCs in this domain. This is > not allowed in Windows NT. > > RESOLUTION > ========== > > To restore PDC functionality, take the Samba server off the network and > restart the netlogon service on the original Windows NT PDC. > > To resolve this problem, disable the domain controller functionality on the > Samba server. This can be done by changing the following values in the Samba > configuration file (smb.conf): > domain master = no > preferred master = no > domain logons = no > > For further information, please refer to the product documentation or to the > manufacturer's web site (http://www.samba.org) > > MORE INFORMATION > ================ > > SAMBA is a third-party implementation of the SMB networking protocol used by > Windows NT. > > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Mittwoch, 12. Januar 2000 16:41 > To: Martin Kuhne > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > > > On Thu, 13 Jan 2000, Martin Kuhne wrote: > >> I'm afraid what you wrote will be hard to get published. > > yeah, it will a bit. > >> Does anyone have a practical suggestion on how to instruct an > inexperienced >> administrator to disable PDC functionality in Samba? > > "domain logons = no" to disable BDC / PDC functionality (NETLOGON) > > this stops samba registering DOMAIN<1c> internet group name, and from > answering SAMLOGON, GETDC requests. > > > "domain master = no" to disable PDC / DMB functionality. > > this stops samba registering DOMAIN<1c> pdc unique name. > > > these are the defaults, so anyone who enables them on an existing domain > clearly _doesn't_ know what they are doing. > > > alternatively, they can move the Samba Server to a different workgroup / > domain, which is a [good] suggestion of one of your other KB articles. > > thx for responding, martin. > > luke > >> Regards, >> Martin >> Microsoft GmbH >> >> -----Original Message----- >> From: Karl Denninger [mailto:karl@Denninger.Net] >> Sent: Mittwoch, 12. Januar 2000 01:39 >> To: Multiple recipients of list SAMBA-NTDOM >> Subject: Re: New Microsoft Knowledgebase article >> >> >> Cute. >> >> "Turn off the Samba server". >> >> How about: >> >> Format your disks, install Linux or FreeBSD, and tell Microsoft to >> go fuck themselves with a football - preferrably to the same >> regional sales force that sold you the NT crapware in the first >> place? >> >> I hate corporate arrogance - especially this kind of arrogance. >> >> This kind of bullshit is PRECISELY what the US DOJ was after when they > threw >> the whole library (instead of one book) at Microsoft. >> >> -- >> -- >> Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org >> Isn't it time we started putting KIDS first? See the above URL for >> a plan to do exactly that! >> >> >> On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: >> > I just ran across the following article in >> > Microsoft's Knowledbase. See the following URL: >> > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. >> > Anyone know what this is about? >> > __________________________________________________ >> > Do You Yahoo!? >> > Talk to your friends online with Yahoo! Messenger. >> > http://im.yahoo.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Wed Jan 12 19:21:31 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387921FA@webmail.siphoto.com> Message-ID: All of this is neatly avoided if you set up and use a WINS server is it not? Or are there still gotchas? Besides browsing. Greg On 12-Jan-00 Jason Levine wrote: >>> No -- "local master" has nothing to do with being a primary domain >>> controller, it's purely a local master browser thing. >> >>True, but trying to oust a PDC from being a local master, as far as I >>understand, isn't a blindingly intelligent thing to do?? > > Again, so far as I understand, the PDC cannot be ousted as a local master; > even if it *can*, though, the "local master" setting isn't a definitive > samba-will-become-LMB setting, it's a samba-will-try-to-become-an-LMB > setting. > >>> Likewise, "os level" is only whether or not a machine can become the >>> local master browser in the selection process with other machines, and >>> has nothing to do with the PDC role. >> >>Again, could someone (Luke) please verify this. I was of the understanding >>that it is relevant. > > It's relevant only to the master browser election process, but there can only > be one PDC, and there's no election process for that per se. > >>> And "domain logons", so far as I can tell, has absolutely no effect when >>> the security model is set to domain ("security=domain") -- it's a >>> Win9X thing, and it's purely for workgroups, not for domains. >> >>domain logons *does have* an affect. It did when installing our Samba >>boxes - please see Luke's earlier posting confirming this when another >>PDC exists on the network! > > If it does have an effect, then the docs need to be changed; the DOMAIN.TXT > file says that it's only relevant in two security settings (the ones that > they > are I don't remember, and I don't have access to that file right now). > >>> All this illustrates my problem with this whole discussion -- >>> there's a lot of ego flying around about how certain users aren't >>> "qualified" to have samba boxes.... >> >>Wooohhhhhh! Slow down! I was only posting in reply to the question asked >>what would be a solution. This has worked for me and as far as I understand >>it is correct. In my opinion to have options completely locked down rather >>than unspecified is a more sensible way of implementing configurations for >>any daemon because you then know *exactly* what each parameter is set to. >> >>Sorry - will remember to post a disclaimer next time! > > Me too -- I wasn't impugning you specifically, Paul. I was talking about the > whole conversation -- you just posted the solution that I corrected, but > specifically did NOT trash the notion of Windows users with samba boxes. I > apologize for the implication otherwise. > > On the whole, I like Jeremy Jones's post today that it's idiotic to turn the > samba wrath onto all WinNT admins -- a lot of us are quite competent, and > also > are learning samba the same way that everyone else did, by docs and by > experience. But this animosity makes me not want to use the product, which I > know most people here couldn't care less about... which I guess is also part > of the problem. > > /jason > > /--------------------------------------------------------------\ > > For PGP public key, go to: http://www.queso.com/keys/siphoto.txt > > Fingerprint: DB4C C56A 74ED 5F6E 1A7C 39B4 7354 01FD 8793 E537 --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Wed Jan 12 19:38:54 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36244@MUC-MSG-01> Message-ID: martin, thx very much. On Wed, 12 Jan 2000, Martin Kuhne wrote: > Thanks for the feedback. That's the proposed change: > > CAUSE > ===== > > When adding a Samba server configured as Primary Domain Controller to an > existing Windows NT domain, there will be two PDCs in this domain. This is > not allowed in Windows NT. [you damn right it isn't!!!!] personally, i would say, "This is not allowed in a Windows NT Domain Environment". > > RESOLUTION > ========== > > To restore PDC functionality, take the Samba server off the network and > restart the netlogon service on the original Windows NT PDC. > > To resolve this problem, disable the domain controller functionality on the > Samba server. This can be done by changing the following values ... ", to the manufacturer default values," > in the Samba > configuration file (smb.conf): > domain master = no > domain logons = no delete the "preferred master = no", it's to do with browsing, not LOGON functionality, and will have no effect if it's changed or not changed. an _alternative_ is to move the samba server to be a Domain Controller for a different domain, for example: workgroup = A_DIFFERENT_DOMAIN which is the suggestion of one of the other KB articles that someone quoted on samba-ntdom. > For further information, please refer to the product documentation or to the > manufacturer's web site (http://www.samba.org) this can be http://samba.org (which i personally prefer) but it doesn't make much odds either way. > > MORE INFORMATION > ================ > > SAMBA is a third-party implementation of the SMB networking protocol used by > Windows NT. > > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Mittwoch, 12. Januar 2000 16:41 > To: Martin Kuhne > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > > > On Thu, 13 Jan 2000, Martin Kuhne wrote: > > > I'm afraid what you wrote will be hard to get published. > > yeah, it will a bit. > > > Does anyone have a practical suggestion on how to instruct an > inexperienced > > administrator to disable PDC functionality in Samba? > > "domain logons = no" to disable BDC / PDC functionality (NETLOGON) > > this stops samba registering DOMAIN<1c> internet group name, and from > answering SAMLOGON, GETDC requests. > > > "domain master = no" to disable PDC / DMB functionality. > > this stops samba registering DOMAIN<1c> pdc unique name. > > > these are the defaults, so anyone who enables them on an existing domain > clearly _doesn't_ know what they are doing. > > > alternatively, they can move the Samba Server to a different workgroup / > domain, which is a [good] suggestion of one of your other KB articles. > > thx for responding, martin. > > luke > > > Regards, > > Martin > > Microsoft GmbH > > > > -----Original Message----- > > From: Karl Denninger [mailto:karl@Denninger.Net] > > Sent: Mittwoch, 12. Januar 2000 01:39 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: New Microsoft Knowledgebase article > > > > > > Cute. > > > > "Turn off the Samba server". > > > > How about: > > > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > > go fuck themselves with a football - preferrably to the same > > regional sales force that sold you the NT crapware in the first > > place? > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > This kind of bullshit is PRECISELY what the US DOJ was after when they > threw > > the whole library (instead of one book) at Microsoft. > > > > -- > > -- > > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > > Isn't it time we started putting KIDS first? See the above URL for > > a plan to do exactly that! > > > > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > > I just ran across the following article in > > > Microsoft's Knowledbase. See the following URL: > > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > > Anyone know what this is about? > > > __________________________________________________ > > > Do You Yahoo!? > > > Talk to your friends online with Yahoo! Messenger. > > > http://im.yahoo.com > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From ely at txc.com Wed Jan 12 20:28:03 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. Message-ID: <387CE3D3.D111CC1D@txc.com> Hi, I am running combined SAMBA_TNG which I downloaded today at 1:00 pm and SAMBA main. I successfully created server account using smbpasswd, joined server to domain as PDC using smbpasswd -j DOMAIN, created NT Workstation account and user account. I also have domaingroup.map file with Domain Administrators group. When I logged to the domain I didn't get the local administrative rights. When I logged locally as administrator ,opened User Manager for Domain and connected to my domain I got massage "A remote procedure call (RPC) protocol error occurred." With local User Manager I tried to add domain users to local Administrator group. At first I could see all my users and add them. They are recognized as DOMAIN/user. When I opened local Administrator group again I can see only DOMAIN/Account Unknown instead of DOMAIN/user. -------------- next part -------------- A non-text attachment was scrubbed... Name: ely.vcf Type: text/x-vcard Size: 222 bytes Desc: Card for Ely Zavin Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/0443bba2/ely.vcf From ldoan at knowledgeplanet.com Wed Jan 12 20:54:43 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. References: <387CE3D3.D111CC1D@txc.com> Message-ID: <02a201bf5d3f$40a0b520$14804ecf@mindq.com> Well, you got further than I did: >smbpasswd -j ENGINEERING Joining Domain as PDC error connecting to :445 (Connection refused) As far as I can tell, there is nothing listening on port 445. What additional parameters do I need to add to smb.conf to get this to work? My smb.conf: # Samba config file created using SWAT # from long.mindq.com (207.78.128.20) # Date: 1999/10/01 12:54:21 # Global parameters workgroup = ENGINEERING netbios name = RA server string = %h server (Samba %v) encrypt passwords = Yes map to guest = Bad User null passwords = Yes security = user # password server = MQS1 passwd program = /bin/passwd %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *successfully*changed* username map = /usr/local/samba/lib/smbusers unix password sync = Yes # dfs map = /usr/local/samba/lib/dfsmap log file = /usr/local/samba/var/log.%m max log size = 50 time server = Yes deadtime = 15 socket options = TCP_NODELAY local group map = /usr/local/samba/lib/local.map domain group map = /usr/local/samba/lib/domain.map domain user map = /usr/local/samba/lib/domainuser.map logon path = \\ra\%U\profile logon drive = U: logon home = \\ra\%U domain logons = Yes preferred master = True domain master = True dns proxy = No wins support = Yes socket address = guest account = pcguest admin users = ld root guest ok = Yes hosts allow = 207.78.128. 127. # vfs option = [homes] comment = Home Directories read only = No browseable = No # vfs option = [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon share modes = No # vfs option = [printers] comment = All Printers path = /usr/spool/samba guest ok = No print ok = Yes # vfs option = [tmp] comment = Temporary file space path = /tmp read only = No # vfs option = [public] comment = Public Stuff path = /export/home/samba write list = @staff # vfs option = [sambalog] path = /usr/local/samba/var hide dot files = No # vfs option = [print$] comment = Printer drivers path = /usr/local/samba/printer read only = No # vfs option = ----- Original Message ----- From: "Ely Zavin" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, January 12, 2000 3:32 PM Subject: Problem with samba domain users. Hi, I am running combined SAMBA_TNG which I downloaded today at 1:00 pm and SAMBA main. I successfully created server account using smbpasswd, joined server to domain as PDC using smbpasswd -j DOMAIN, created NT Workstation account and user account. I also have domaingroup.map file with Domain Administrators group. When I logged to the domain I didn't get the local administrative rights. When I logged locally as administrator ,opened User Manager for Domain and connected to my domain I got massage "A remote procedure call (RPC) protocol error occurred." With local User Manager I tried to add domain users to local Administrator group. At first I could see all my users and add them. They are recognized as DOMAIN/user. When I opened local Administrator group again I can see only DOMAIN/Account Unknown instead of DOMAIN/user. From David.Bear at asu.edu Wed Jan 12 21:02:09 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:56 2003 Subject: DNS/netbios In-Reply-To: <387CBB62.50428A75@plum.de> Message-ID: This will really bite you in the tail if you have your smb resolver in nt set to look in a dns for netbios names... The BIG thing about netbios and dns is DNS is heirarchical and partitionable. whereas the netbios name space is flat and non-partionalable. It would be very difficult if not impossible to have a netbios name server handle every netbios name in the known world. This is why dns was invented, so you could partition the name space and delagate management of those names to downline servers. Moreover, smb clients and servers register more than a single name -- and there are shared/non-unique names -- and it is all very dynamic. My question is, when nt uses dns to resolve a netbios name, what does it do to the 16 byte when looking for machine name, workgroup name, pdc name, etc? David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From lkcl at samba.org Wed Jan 12 21:06:15 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: <02a201bf5d3f$40a0b520$14804ecf@mindq.com> Message-ID: On Thu, 13 Jan 2000, Long Doan wrote: > Well, you got further than I did: > > >smbpasswd -j ENGINEERING > Joining Domain as PDC > error connecting to :445 (Connection refused) > > > As far as I can tell, there is nothing listening on port 445. What correct. clientgen.c skips port 445 and tries 139 instead. From lkcl at samba.org Wed Jan 12 21:10:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: DNS/netbios In-Reply-To: Message-ID: actually, NBT (NetBIOS over TCP/IP) (rfc1001 / 1002) was designed to be hierarchical. NBNS is based on DNS (extended to include name registration and name release). the DNS sub-zone field was overloaded to be NetBIOS "scope", and was intended to be exactly the same as the DNS sub-zone, from the first leading period, onwards (just like DNS?). what went wrong? nobody bothered to implement NetBIOS scope properly or fully. it's for LAN use, right??? so, if vendors started actually _using_ scope properly (e.g reporting it in the Network Neighbourhood: NetBIOSNAME[.scope]) then it would soon get used properly, as intended. On Thu, 13 Jan 2000, David Bear wrote: > This will really bite you in the tail if you have your smb resolver in nt > set to look in a dns for netbios names... The BIG thing about netbios and > dns is DNS is heirarchical and partitionable. whereas the netbios name > space is flat and non-partionalable. It would be very difficult if not > impossible to have a netbios name server handle every netbios name in the > known world. This is why dns was invented, so you could partition the > name space and delagate management of those names to downline servers. > Moreover, smb clients and servers register more than a single name -- and > there are shared/non-unique names -- and it is all very dynamic. My > question is, when nt uses dns to resolve a netbios name, what does it do > to the 16 byte when looking for machine name, workgroup name, pdc name, > etc? > > David Bear > College of Public Programs/ASU > A word is just two nibbles and a byte... > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From greg at discreet.com Wed Jan 12 21:28:03 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: <02a201bf5d3f$40a0b520$14804ecf@mindq.com> Message-ID: I believe 445 is the new port number for Win2k and sa,ba is ready for it. It will try at 445 and default back to 139 (?) so that in itself is not the problem. I've had problems but there's always been an error message, it doesn't just hang... Greg On 12-Jan-00 Long Doan wrote: > Well, you got further than I did: > >>smbpasswd -j ENGINEERING > Joining Domain as PDC > error connecting to :445 (Connection refused) > > > As far as I can tell, there is nothing listening on port 445. What > additional parameters do I need to add to smb.conf to get this to work? > > My smb.conf: > ># Samba config file created using SWAT ># from long.mindq.com (207.78.128.20) ># Date: 1999/10/01 12:54:21 > ># Global parameters > workgroup = ENGINEERING > netbios name = RA > server string = %h server (Samba %v) > encrypt passwords = Yes > map to guest = Bad User > null passwords = Yes > security = user ># password server = MQS1 > passwd program = /bin/passwd %u > passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n > *successfully*changed* > username map = /usr/local/samba/lib/smbusers > unix password sync = Yes ># dfs map = /usr/local/samba/lib/dfsmap > log file = /usr/local/samba/var/log.%m > max log size = 50 > time server = Yes > deadtime = 15 > socket options = TCP_NODELAY > local group map = /usr/local/samba/lib/local.map > domain group map = /usr/local/samba/lib/domain.map > domain user map = /usr/local/samba/lib/domainuser.map > logon path = \\ra\%U\profile > logon drive = U: > logon home = \\ra\%U > domain logons = Yes > preferred master = True > domain master = True > dns proxy = No > wins support = Yes > socket address = > guest account = pcguest > admin users = ld root > guest ok = Yes > hosts allow = 207.78.128. 127. ># vfs option = > > [homes] > comment = Home Directories > read only = No > browseable = No ># vfs option = > > [netlogon] > comment = Network Logon Service > path = /usr/local/samba/lib/netlogon > share modes = No ># vfs option = > > [printers] > comment = All Printers > path = /usr/spool/samba > guest ok = No > print ok = Yes ># vfs option = > > [tmp] > comment = Temporary file space > path = /tmp > read only = No ># vfs option = > > [public] > comment = Public Stuff > path = /export/home/samba > write list = @staff ># vfs option = > > [sambalog] > path = /usr/local/samba/var > hide dot files = No ># vfs option = > > [print$] > comment = Printer drivers > path = /usr/local/samba/printer > read only = No ># vfs option = > > > ----- Original Message ----- > From: "Ely Zavin" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 3:32 PM > Subject: Problem with samba domain users. > > > Hi, > I am running combined SAMBA_TNG which I downloaded today at 1:00 pm > and SAMBA main. I successfully created server account using smbpasswd, > joined server to domain as PDC using smbpasswd -j DOMAIN, created NT > Workstation account and user account. I also have domaingroup.map file > with Domain Administrators group. When I logged to the domain I didn't > get the > local administrative rights. When I logged locally as administrator > ,opened > User Manager for Domain and connected to my domain I got massage "A > remote procedure call (RPC) protocol error occurred." With local User > Manager I tried > to add domain users to local Administrator group. At first I could see > all my users > and add them. They are recognized as DOMAIN/user. When I opened local > Administrator group again I can see only DOMAIN/Account Unknown instead > of DOMAIN/user. > > > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From ldoan at knowledgeplanet.com Wed Jan 12 21:40:13 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. References: Message-ID: <02bc01bf5d45$9bd66970$14804ecf@mindq.com> You are right. After about 1 minute, smbpasswd fails with: Unable to join domain ENGINEERING. Joining Domain as PDC error connecting to 207.78.128.51:445 (Connection refused) rpc_check_hdr: error in rpc header rpc_pipe_bind failed cli_nt_setup_creds: request challenge failed 2000/01/12 16:29:35 : change_trust_account_password: Failed to change password for domain ENGINEERING. And "log.ra" contains (\\RA being the Samba box): map_nt_and_unix_username: NT->Unix map DISABLED map_nt_and_unix_username: NT->Unix map DISABLED rpc_check_hdr: error in rpc header rpc_pipe_bind failed cli_nt_setup_creds: request challenge failed domain_client_validate: credentials failed (\\.) Long. ----- Original Message ----- From: "Greg Dickie" To: "Long Doan" Cc: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, January 12, 2000 4:28 PM Subject: Re: Problem with samba domain users. I believe 445 is the new port number for Win2k and sa,ba is ready for it. It will try at 445 and default back to 139 (?) so that in itself is not the problem. I've had problems but there's always been an error message, it doesn't just hang... Greg On 12-Jan-00 Long Doan wrote: > Well, you got further than I did: > >>smbpasswd -j ENGINEERING > Joining Domain as PDC > error connecting to :445 (Connection refused) > > > As far as I can tell, there is nothing listening on port 445. What > additional parameters do I need to add to smb.conf to get this to work? > [...] From mike at psand.net Wed Jan 12 22:53:52 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:56 2003 Subject: dificulties to log in domain References: Message-ID: <008301bf5d4f$e8499840$0164a8c0@win981> Luke, Okay, I'm going to update myself tonight .... what a life eh? Um ... I'm running smbd, nmbd, wkssvcd, srvsvcd, lsarpcd, samrd, netlogond, winregd, spollssd, svcctld ... okay that's basically everything! What's samba-agent by the way? .... Cheers, Mike. ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Mike Harris Cc: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 3:48 PM Subject: RE: dificulties to log in domain > On Wed, 12 Jan 2000, Mike Harris wrote: > > > Luke, > > > > I'm not only about 3 hours out of date, surely not much could have changed > > since then? > > yep! > > > Still get the same problem though :-( > > > > it still can't find __MSBROWSE__, going to run some tests with a PDC > > involved ..... > > > > Also, rpcclient has a similar problem .... > > > > rpcclient -S NT4WKS-1 -SAdministrator%Secret > > > > then, lsaquery ... yields ... > > > socket connect to /tmp/.smb.0/agent failed > > error connecting to 192.168.100.7:445 (Connection refused) > > failed session setup > > cli_net_use_add: connection failed. > > what _Exactly_ are you running???? this works fine. you're not running > smb-agent, are you? :) > From lkcl at samba.org Wed Jan 12 21:57:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: Message-ID: On Thu, 13 Jan 2000, Greg Dickie wrote: > > I believe 445 is the new port number for Win2k and sa,ba is ready for it. It SAMBA_TNG only. From greg at discreet.com Wed Jan 12 22:03:26 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: <02bc01bf5d45$9bd66970$14804ecf@mindq.com> Message-ID: How old is your source? I had that problem but Luke fixed it.... yesterday? Greg On 12-Jan-00 Long Doan wrote: > You are right. After about 1 minute, smbpasswd fails with: > > Unable to join domain ENGINEERING. > Joining Domain as PDC > error connecting to 207.78.128.51:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/12 16:29:35 : change_trust_account_password: Failed to change > password for domain ENGINEERING. > > And "log.ra" contains (\\RA being the Samba box): > > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > domain_client_validate: credentials failed (\\.) > > Long. > > ----- Original Message ----- > From: "Greg Dickie" > To: "Long Doan" > Cc: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 4:28 PM > Subject: Re: Problem with samba domain users. > > > > I believe 445 is the new port number for Win2k and sa,ba is ready for it. It > will try at 445 and default back to 139 (?) so that in itself is not the > problem. I've had problems but there's always been an error message, it > doesn't > just hang... > > Greg > > On 12-Jan-00 Long Doan wrote: >> Well, you got further than I did: >> >>>smbpasswd -j ENGINEERING >> Joining Domain as PDC >> error connecting to :445 (Connection refused) >> >> >> As far as I can tell, there is nothing listening on port 445. What >> additional parameters do I need to add to smb.conf to get this to work? >> > [...] > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Wed Jan 12 22:05:29 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: dificulties to log in domain In-Reply-To: <008301bf5d4f$e8499840$0164a8c0@win981> Message-ID: On Wed, 12 Jan 2000, Mike Harris wrote: > Luke, > > Okay, I'm going to update myself tonight .... what a life eh? > > Um ... I'm running smbd, nmbd, wkssvcd, srvsvcd, lsarpcd, samrd, netlogond, > winregd, spollssd, svcctld ... okay that's basically everything! What's > samba-agent by the way? .... smb-agent is a redirector, it operates like ssh-agent (it started the daemon project!!!!) if you run smb-agent, you can share it between your own processes (e.g, if you are logged in as mike on two unix bash$ shells, you can run smb-agent as a background daemon and then connect from _both_ unix bash$ shells to the same smb-agent. basically, smb-agent operates in _exactly_ the same way that "net use" does on NT and 95. it caches username / domain name / passwords, so that if you don't specify a password when you run rpcclient, smbclient, smbwrapper, smb-agent will supply one for you from its cache. i want people to be able to run graphical pretty-front-end programs, such as xregedit, without having to supply a username / domain name / password, that's handled by smb-agent. btw i haven't written xrededit, yet! From lkcl at samba.org Wed Jan 12 22:05:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: dificulties to log in domain In-Reply-To: <008301bf5d4f$e8499840$0164a8c0@win981> Message-ID: i don't get it because i can run rpcclient absolutely fine. On Thu, 13 Jan 2000, Mike Harris wrote: > Luke, > > Okay, I'm going to update myself tonight .... what a life eh? > > Um ... I'm running smbd, nmbd, wkssvcd, srvsvcd, lsarpcd, samrd, netlogond, > winregd, spollssd, svcctld ... okay that's basically everything! What's > samba-agent by the way? .... > > Cheers, > > Mike. > ----- Original Message ----- > From: Luke Kenneth Casson Leighton > To: Mike Harris > Cc: Multiple recipients of list SAMBA-NTDOM > Sent: Wednesday, January 12, 2000 3:48 PM > Subject: RE: dificulties to log in domain > > > > On Wed, 12 Jan 2000, Mike Harris wrote: > > > > > Luke, > > > > > > I'm not only about 3 hours out of date, surely not much could have > changed > > > since then? > > > > yep! > > > > > Still get the same problem though :-( > > > > > > it still can't find __MSBROWSE__, going to run some tests with a PDC > > > involved ..... > > > > > > Also, rpcclient has a similar problem .... > > > > > > rpcclient -S NT4WKS-1 -SAdministrator%Secret > > > > > > then, lsaquery ... yields ... > > > > > socket connect to /tmp/.smb.0/agent failed > > > error connecting to 192.168.100.7:445 (Connection refused) > > > failed session setup > > > cli_net_use_add: connection failed. > > > > what _Exactly_ are you running???? this works fine. you're not running > > smb-agent, are you? :) > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mgeddes at xavier.sa.edu.au Wed Jan 12 22:17:45 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387CFD89.2146F387@xavier.sa.edu.au> Greg Dickie wrote: > you are both wrong, it's "Nice Try" > > Greg > > On 12-Jan-00 Matthew Geddes wrote: > > Karl Denninger wrote: > > > >> We cannot allow it to occur here. A few thousand copies of *Not Tested* > > > > Really? I honestly thought it stood for "Needs a Terabyte". ;-) > > > > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- But it wasn't. Matt From ed at schernau.com Wed Jan 12 22:15:21 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article References: <0D0BF2D3C30CD3118D4F00805FA70CE803F36244@MUC-MSG-01> Message-ID: <387CFCF9.1F500188@schernau.com> Martin Kuhne wrote: > > Thanks for the feedback. That's the proposed change: > > CAUSE > ===== > > When adding a Samba server configured as Primary Domain Controller to an > existing Windows NT domain, there will be two PDCs in this domain. This is > not allowed in Windows NT. > > RESOLUTION > ========== > > To restore PDC functionality, take the Samba server off the network and > restart the netlogon service on the original Windows NT PDC. > > To resolve this problem, disable the domain controller functionality on the > Samba server. This can be done by changing the following values in the Samba > configuration file (smb.conf): > domain master = no > preferred master = no > domain logons = no > I believe the "preferred master" parameter is analogous to the old MaintainServerList, etc. parameter. That is, if two machines are otherwise equal, and one has this flag set, it will win a browser election. Shouldn't you also mention the "os level" parameter, since it affects how browsing is handled? -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From davisson at emuni.com Wed Jan 12 23:17:03 2000 From: davisson at emuni.com (David M. Davisson) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article - OVER?? References: Message-ID: <387D0B6F.4C28B101@pfp.net> Steve Cody wrote: > As you can see by the response below, it takes serious replies, and serious > emails to the right people to make things happen. A bunch of complaining, > whining, OS bashing doesn't do anything but boost your ego. There has > always been one thing you could tell about Linux lovers... About 90% of > them are fanatics, and the remaining 10% get things accomplished. How many > RAVING Microsoft fanatics are there out there? I myself, use Linux, and > Windows NT on my networks. They both have their appropriate uses. It's > time to come to reality and see that software CAN co-exist. WHAT DO YOU > THINK THE PURPOSE OF SAMBA IS ANYWAY?! Here, here! Only we use Solaris too. The issue is not just one of interoperability. Samba adds stability, reliability, ease of administration and comes at the right price. -- David M. Davisson davisson@pfp.net From Dseven at Dseven.ORG Wed Jan 12 22:18:33 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:56 2003 Subject: TNG / inet_aton Message-ID: <200001122218.WAA10156@mimas.Dseven.ORG> Hi, TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is not always available (eg Solaris 7). I worked around this by ripping inet_aton.c from the gated source and hacking that into LIBSMB_OBJ, and this, combined with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. I can make this code available if required, but imagine that someone will want to implement their own solution. I'm using the 12/12 daemons because roaming profiles seem to be broken in TNG? Is there something obvious that I need to change to make them work ? Otherwise, TNG is looking very cool - keep up the good work :) ~Iain From mgeddes at xavier.sa.edu.au Wed Jan 12 22:39:33 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article - OVER?? References: Message-ID: <387D02A5.891C0B6@xavier.sa.edu.au> Steve Cody wrote: > To EVERYONE who has been whining about this issue all day on this same > thread: > > As you can see by the response below, it takes serious replies, and serious > emails to the right people to make things happen. Yes it does. Assuming that they do actually care about there customers enough (given the Windows NT / Windows 2000 flaws, I'm not sure that they do). > A bunch of complaining, > whining, OS bashing doesn't do anything but boost your ego. There has > always been one thing you could tell about Linux lovers... About 90% of > them are fanatics, and the remaining 10% get things accomplished. Bollocks. I have found that most Linux lovers do so because they actually enjoy using software that works (I have had less than a dozen major Linux crashes, etc. - they were all either massive H/W failure or my fault). There is vast amounts of Unix-bashing that go on in the NT camp (those that know what it is anyway). > How many > RAVING Microsoft fanatics are there out there? Plenty. I have read articles in many magazines that give Linux a "bad review". I have heard things like: Linux doesn't come with any diagnostic / monitoring tools, whereas Windows NT gives you everything you'll ever need for free. Just because you haven't heard it, doesn't mean it don't exist. Personally, I make MANY complaints about some Microsoft products and they way they run their company. Yet it is all still founded. I complain about the design of the System Registry, DLL version conflicts (which are the single biggest cause of Windows dying) and a heap of other things. I don't see this as OS bashing. I make complaints about Sun Microsystems too (although not as many) as well as various Linux vendors. Matt From mparker at myra.com Wed Jan 12 22:42:41 2000 From: mparker at myra.com (Margarita Parker) Date: Tue Dec 2 02:27:56 2003 Subject: samba domain References: Message-ID: <387D0361.F2B41574@myra.com> Nils Ohlmeier wrote: > On Sat, 8 Jan 2000, Margarita Parker wrote: > > > I have installed samba 2.06 on solaris and I have configured it using > > swat. > > I added the workstation_name$ to the etc/passwd file with no password > > I ran smbpasswd -a -m workstation_name > > > > When I try to join the domain with my NT 4.0 workstation it tells me : > > > > "Unable to connect to the domain controller for this domain. Have your > > administrator check your computer account on the domain." > > Did you ran smbpasswd -a -m server_name also? > When i tryed to setup an PDC for first time, i haven't understand that you > also have to add the server to the smbpasswd. > > BTW: Exists any documentation which points that? > > Greetings > Nils Yes I did add the server and that did not make any difference. But now I made a couple of changes in my smb.conf and I can join the domain with an NT machine. I cannot logon though I appears that I have some problems with the roaming profile. I am not sure how to tell it that I do not want any rowming profiles. Thanks for your help Margarita -------------- next part -------------- A non-text attachment was scrubbed... Name: mparker.vcf Type: text/x-vcard Size: 202 bytes Desc: Card for Margarita Parker Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/31a9e6d7/mparker.vcf From lkcl at samba.org Wed Jan 12 22:47:59 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: TNG / inet_aton In-Reply-To: <200001122218.WAA10156@mimas.Dseven.ORG> Message-ID: ian, it _used_ to use inet_aton(), matthew chapman fixed this this morning. profiles are now working, i fixed those this afternoon, it's a hack-job but it's the same hack-job as used for the past eighteen months (grep sam_logon_user */*.c) appreciate your support. i'm curious: why do you like it? i mean, you have to start 12 programs instead of 2, right? [i know _my_ answer to this one, and it's not a logical one, so i'm really curious :) ] On Thu, 13 Jan 2000, Iain MacDonnell wrote: > > Hi, > > TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is not > always available (eg Solaris 7). I worked around this by ripping inet_aton.c > from the gated source and hacking that into LIBSMB_OBJ, and this, combined > with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. I > can make this code available if required, but imagine that someone will want > to implement their own solution. > > I'm using the 12/12 daemons because roaming profiles seem to be broken in > TNG? Is there something obvious that I need to change to make them work ? > > Otherwise, TNG is looking very cool - keep up the good work :) > > ~Iain > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mike at psand.net Thu Jan 13 00:09:47 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:56 2003 Subject: dificulties to log in domain References: Message-ID: <00e501bf5d5a$837e5e40$0164a8c0@win981> Luke, In that case I'm off to sanity check by self and work through it all again from the bottom up, will let you know what happens to me! Mike ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Mike Harris Cc: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 10:05 PM Subject: RE: dificulties to log in domain > i don't get it because i can run rpcclient absolutely fine. > > On Thu, 13 Jan 2000, Mike Harris wrote: > > > Luke, > > > > Okay, I'm going to update myself tonight .... what a life eh? > > > > Um ... I'm running smbd, nmbd, wkssvcd, srvsvcd, lsarpcd, samrd, netlogond, > > winregd, spollssd, svcctld ... okay that's basically everything! What's > > samba-agent by the way? .... > > > > Cheers, > > > > Mike. > > ----- Original Message ----- > > From: Luke Kenneth Casson Leighton > > To: Mike Harris > > Cc: Multiple recipients of list SAMBA-NTDOM > > Sent: Wednesday, January 12, 2000 3:48 PM > > Subject: RE: dificulties to log in domain > > > > > > > On Wed, 12 Jan 2000, Mike Harris wrote: > > > > > > > Luke, > > > > > > > > I'm not only about 3 hours out of date, surely not much could have > > changed > > > > since then? > > > > > > yep! > > > > > > > Still get the same problem though :-( > > > > > > > > it still can't find __MSBROWSE__, going to run some tests with a PDC > > > > involved ..... > > > > > > > > Also, rpcclient has a similar problem .... > > > > > > > > rpcclient -S NT4WKS-1 -SAdministrator%Secret > > > > > > > > then, lsaquery ... yields ... > > > > > > > socket connect to /tmp/.smb.0/agent failed > > > > error connecting to 192.168.100.7:445 (Connection refused) > > > > failed session setup > > > > cli_net_use_add: connection failed. > > > > > > what _Exactly_ are you running???? this works fine. you're not running > > > smb-agent, are you? :) > > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > From lkcl at samba.org Wed Jan 12 23:09:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: [SAMBA-TNG] status Message-ID: things fixed, today: - large PDUs work again. symptoms of problem: USRMGR.EXE not working if you had more than about 16 Domain Groups. there are plenty of other symptoms, such as printing not working. - profiles work again. symptoms of problem: user profile path is not available etc etc. i had to hack this one, for now. - SamrSetInfoUser info level 0x17 works. symptoms of problem: NT5rc3 being added do a samba-tng domain failed to work. there were a couple of others. can't remember. i'm off home: see you all again either from dial-up or tomorrow. thank you everyone for sending in reports, i'm sorry i keep telling some of you to back off a bit, there really are too many of them, but that's my own fault for coding away without access to my nt test network for 10 days. best regards, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 23:14:11 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: <02bc01bf5d45$9bd66970$14804ecf@mindq.com> Message-ID: this does not happen for me. i do this: smbpasswd -a -m myownsambaserver smbpasswd -j MYSAMBADOMAIN and it works absolutely fine. set debug level = 100, see if there;s anything that strikes you as odd. thx! On Thu, 13 Jan 2000, Long Doan wrote: > You are right. After about 1 minute, smbpasswd fails with: > > Unable to join domain ENGINEERING. > Joining Domain as PDC > error connecting to 207.78.128.51:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/12 16:29:35 : change_trust_account_password: Failed to change > password for domain ENGINEERING. > > And "log.ra" contains (\\RA being the Samba box): > > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > domain_client_validate: credentials failed (\\.) > > Long. > > ----- Original Message ----- > From: "Greg Dickie" > To: "Long Doan" > Cc: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 4:28 PM > Subject: Re: Problem with samba domain users. > > > > I believe 445 is the new port number for Win2k and sa,ba is ready for it. It > will try at 445 and default back to 139 (?) so that in itself is not the > problem. I've had problems but there's always been an error message, it > doesn't > just hang... > > Greg > > On 12-Jan-00 Long Doan wrote: > > Well, you got further than I did: > > > >>smbpasswd -j ENGINEERING > > Joining Domain as PDC > > error connecting to :445 (Connection refused) > > > > > > As far as I can tell, there is nothing listening on port 445. What > > additional parameters do I need to add to smb.conf to get this to work? > > > [...] > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From ldoan at knowledgeplanet.com Wed Jan 12 23:17:43 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. References: Message-ID: <002e01bf5d53$3ac6a970$14804ecf@mindq.com> Well, I just did a cvs update (6:15 pm EST) and recompile... still has the same problem. Long. ----- Original Message ----- From: "Greg Dickie" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, January 12, 2000 5:10 PM Subject: Re: Problem with samba domain users. How old is your source? I had that problem but Luke fixed it.... yesterday? Greg On 12-Jan-00 Long Doan wrote: > You are right. After about 1 minute, smbpasswd fails with: > > Unable to join domain ENGINEERING. > Joining Domain as PDC > error connecting to 207.78.128.51:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/12 16:29:35 : change_trust_account_password: Failed to change > password for domain ENGINEERING. > > And "log.ra" contains (\\RA being the Samba box): > > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > domain_client_validate: credentials failed (\\.) > > Long. From ldoan at knowledgeplanet.com Wed Jan 12 23:39:10 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. References: Message-ID: <003c01bf5d56$3979fdd0$14804ecf@mindq.com> At debug level 100, running: >smbpasswd -a -m RA Password changed for user ra$ >smbpasswd -j ENGINEERING produces the following in the log files: ---------------------- log.ra --------------------- ... [000] 00 5C 5C 52 41 5C 49 50 43 24 00 49 50 43 00 .\\RA\IP C$.IPC. switch message SMBtconX (pid 19184) Got device type IPC map_nt_and_unix_username: NT->Unix map DISABLED Allowed connection from ra (207.78.128.51) getpwnam(ipc$) ipc$ not found getpwnam(ipc$) ipc$ not found getpwnam(IPC$) IPC$ not found getpwnam(Ipc$) Ipc$ not found getpwnam(ipc$) ipc$ not found check_domain_security: RA(2) get_any_dc_name: domain ENGINEERING =============================================================== INTERNAL ERROR: Signal 11 in pid 19184 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error ----------------------- log.smb ---------------------- ... Changed root to / open_oplock_ipc: opening loopback UDP socket. bind succeeded on port 0 open_oplock ipc: pid = 19184, global_oplock_port = 34718 priming nmbd sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM Serverzone is 18000 got smb length of 72 Allowed connection from ra (207.78.128.51) got message type 0x81 of len 0x48 Transaction 0 of length 76 NBT message [000] 81 00 00 48 20 46 43 45 42 43 41 43 41 43 41 43 ...H FCE BCACACAC [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC [020] 41 43 41 43 41 00 20 46 43 45 42 43 41 43 41 43 ACACA. F CEBCACAC [030] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC [040] 41 43 41 43 41 41 41 00 ACACAAA. netbios connect: name1=RA name2=RA getpwnam(ra) Building passwd hash table Building passwd hash table for the first time ra not found getpwnam(ra) ra not found getpwnam(RA) RA not found getpwnam(Ra) Ra not found getpwnam(rA) rA not found ----- Original Message ----- From: "Luke Kenneth Casson Leighton" To: "Long Doan" Cc: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, January 12, 2000 6:14 PM Subject: Re: Problem with samba domain users. this does not happen for me. i do this: smbpasswd -a -m myownsambaserver smbpasswd -j MYSAMBADOMAIN and it works absolutely fine. set debug level = 100, see if there;s anything that strikes you as odd. thx! From jeremy at valinux.com Thu Jan 13 01:53:58 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:57 2003 Subject: Win9x speed and Samba. Message-ID: <387D3036.FFC01484@valinux.com> Reading the comp.protocols.smb newsgroup sometimes has its benefits :-). Someone just posted there that they improved the speed of their Win9x systems by a factor of 15 against a Samba server by applying the patch to *all* versions of Win9x (*NOT* NT) described in Microsoft knowledgebase article : Q236926 -found at : http://support.microsoft.com/support/kb/articles/q236/9/26.asp?LNG=ENG&SA=ALLKB Apparently Win9x (all versions) has a bug in the TCP RTT calculations that can cause premature retransmissions of packets. Now the article claims this is only on high delay networks (satellite links etc.) so your millage may vary. There is also a patch for NT4 SP5 and below (the fix was rolled into NT4 SP6). Articls - Q232512 refers to the NT fix (there is a link to this from the web page above). If people on this list having performance problems could try this fix out and report back I'd really appreciate it. If it turns out to be beneficial I'll add a link to the main Samba web page and add it to the Samba docs for the next release. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From greg at discreet.com Thu Jan 13 01:08:54 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:57 2003 Subject: Problem with samba domain users. In-Reply-To: <002e01bf5d53$3ac6a970$14804ecf@mindq.com> Message-ID: Then I'm sorry I cannot help, Luke will be able to. Greg On 12-Jan-00 Long Doan wrote: > Well, I just did a cvs update (6:15 pm EST) and recompile... still has the > same problem. > > Long. > > ----- Original Message ----- > From: "Greg Dickie" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 5:10 PM > Subject: Re: Problem with samba domain users. > > > > How old is your source? I had that problem but Luke fixed it.... yesterday? > > Greg > > On 12-Jan-00 Long Doan wrote: >> You are right. After about 1 minute, smbpasswd fails with: >> >> Unable to join domain ENGINEERING. >> Joining Domain as PDC >> error connecting to 207.78.128.51:445 (Connection refused) >> rpc_check_hdr: error in rpc header >> rpc_pipe_bind failed >> cli_nt_setup_creds: request challenge failed >> 2000/01/12 16:29:35 : change_trust_account_password: Failed to change >> password for domain ENGINEERING. >> >> And "log.ra" contains (\\RA being the Samba box): >> >> map_nt_and_unix_username: NT->Unix map DISABLED >> map_nt_and_unix_username: NT->Unix map DISABLED >> rpc_check_hdr: error in rpc header >> rpc_pipe_bind failed >> cli_nt_setup_creds: request challenge failed >> domain_client_validate: credentials failed (\\.) >> >> Long. > > ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From leisner at rochester.rr.com Thu Jan 13 01:58:33 2000 From: leisner at rochester.rr.com (Marty Leisner) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message from Paul Rogers of "Wed, 12 Jan 2000 20:20:34 +1100." Message-ID: <200001130158.UAA03240@rochester.rr.com> The samba folks are well aware...and disturbed...(having been following the technical details) What is far more interesting is how easy it is to crash NT 4.0 machines which run netbios...I don't think microsoft has a knowledgebase article about that...(I have to see if it was fixed in nt 5) > Erm, do a search for linux on the M$ KB and read some of the articles!! > > Also here's one that is *particularly* relevant to this list: > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > Perhaps someone (like the powers that be) regarding samba could pop a polite > e-mail to M$ explaining the solutions to their problems? Perhaps they might > listen to someone with an e-mail address @samba.org??? > > Paul Rogers, > Development Analyst. > > MIS Corporate Defence Solutions Limited > > Tel: +44 (0)1622 723422 (Direct Line) > +44 (0)1622 723400 (Switchboard) > Fax: +44 (0)1622 728580 > Website: http://www.mis-cds.com > > The information contained in this message or any of its attachments may be > privileged and confidential and intended for the exclusive use of the > addressee. If you are not the addressee any disclosure, reproduction, > distribution or other dissemination or use of this communications is > strictly prohibited. If you have received this transmission in error, > please contact our Security Manager on 44 (0) 1622 723400. From jeremy at valinux.com Thu Jan 13 03:51:41 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:57 2003 Subject: HP doing Samba ? Message-ID: <387D4BCD.B8A5E505@valinux.com> See the Web page on HP's new product, CIFS/9000: http://www.unixsolutions.hp.com/products/cifs.html Then click on the "Questions and Answers" link : http://www.unixsolutions.hp.com/products/cifs_qa.html You'll find the quote : "Q: Is the server side of CIFS/9000 based on Open Source Samba? A: Yes. HP is committed to submitting CIFS/9000 enhancements back to the Open Source community." Hmmm. This is the first we've heard of this (rather good news though, if it's true :-). This is also the *only* mention of Samba on the entire product site, even though it looks like the entire server part of the product is based on Samba :-) :-). It is intended to be shipped as part of every HPUX system from March 2000 onwards. More as I find out more..... Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From tower at oit.pdx.edu Thu Jan 13 02:58:23 2000 From: tower at oit.pdx.edu (Tyson La Tourrette) Date: Tue Dec 2 02:27:57 2003 Subject: can this crap stop? Message-ID: OK, Microsoft isn't the best. OK, Linux users like to bash Microsoft. OK, this isn't the place and I am about to unsubscribe because I don't need my inbox filling with such garbage. Please stop these threads. Tyson From lkcl at samba.org Thu Jan 13 03:03:52 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:57 2003 Subject: Problem with samba domain users. In-Reply-To: <002e01bf5d53$3ac6a970$14804ecf@mindq.com> Message-ID: long, send your smb.conf. restart with a new private/smbpasswd file (save old one). increase log levels to 100. the usual stuff. send exact transscript. i can't repro this myself. thx. On Thu, 13 Jan 2000, Long Doan wrote: > Well, I just did a cvs update (6:15 pm EST) and recompile... still has the > same problem. > > Long. > > ----- Original Message ----- > From: "Greg Dickie" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 5:10 PM > Subject: Re: Problem with samba domain users. > > > > How old is your source? I had that problem but Luke fixed it.... yesterday? > > Greg > > On 12-Jan-00 Long Doan wrote: > > You are right. After about 1 minute, smbpasswd fails with: > > > > Unable to join domain ENGINEERING. > > Joining Domain as PDC > > error connecting to 207.78.128.51:445 (Connection refused) > > rpc_check_hdr: error in rpc header > > rpc_pipe_bind failed > > cli_nt_setup_creds: request challenge failed > > 2000/01/12 16:29:35 : change_trust_account_password: Failed to change > > password for domain ENGINEERING. > > > > And "log.ra" contains (\\RA being the Samba box): > > > > map_nt_and_unix_username: NT->Unix map DISABLED > > map_nt_and_unix_username: NT->Unix map DISABLED > > rpc_check_hdr: error in rpc header > > rpc_pipe_bind failed > > cli_nt_setup_creds: request challenge failed > > domain_client_validate: credentials failed (\\.) > > > > Long. > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 03:05:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:57 2003 Subject: Problem with samba domain users. In-Reply-To: <003c01bf5d56$3979fdd0$14804ecf@mindq.com> Message-ID: yesss, that's what i wanted to know: the INTERNAL error. ok, recompile with ./configure.developer. do a gdb on the coredump and do a "where" command. send in the stack trace. the usual stuff. On Wed, 12 Jan 2000, Long Doan wrote: > At debug level 100, running: > >smbpasswd -a -m RA > Password changed for user ra$ > >smbpasswd -j ENGINEERING > > produces the following in the log files: > > ---------------------- > log.ra > --------------------- > ... > [000] 00 5C 5C 52 41 5C 49 50 43 24 00 49 50 43 00 .\\RA\IP C$.IPC. > switch message SMBtconX (pid 19184) > Got device type IPC > map_nt_and_unix_username: NT->Unix map DISABLED > Allowed connection from ra (207.78.128.51) > getpwnam(ipc$) > ipc$ not found > getpwnam(ipc$) > ipc$ not found > getpwnam(IPC$) > IPC$ not found > getpwnam(Ipc$) > Ipc$ not found > getpwnam(ipc$) > ipc$ not found > check_domain_security: RA(2) > get_any_dc_name: domain ENGINEERING > =============================================================== > INTERNAL ERROR: Signal 11 in pid 19184 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > =============================================================== > PANIC: internal error > > ----------------------- > log.smb > ---------------------- > ... > Changed root to / > open_oplock_ipc: opening loopback UDP socket. > bind succeeded on port 0 > open_oplock ipc: pid = 19184, global_oplock_port = 34718 > priming nmbd > sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM > Serverzone is 18000 > got smb length of 72 > Allowed connection from ra (207.78.128.51) > got message type 0x81 of len 0x48 > Transaction 0 of length 76 > NBT message > [000] 81 00 00 48 20 46 43 45 42 43 41 43 41 43 41 43 ...H FCE BCACACAC > [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC > [020] 41 43 41 43 41 00 20 46 43 45 42 43 41 43 41 43 ACACA. F CEBCACAC > [030] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC > [040] 41 43 41 43 41 41 41 00 ACACAAA. > netbios connect: name1=RA name2=RA > getpwnam(ra) > Building passwd hash table > Building passwd hash table for the first time > ra not found > getpwnam(ra) > ra not found > getpwnam(RA) > RA not found > getpwnam(Ra) > Ra not found > getpwnam(rA) > rA not found > > ----- Original Message ----- > From: "Luke Kenneth Casson Leighton" > To: "Long Doan" > Cc: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 6:14 PM > Subject: Re: Problem with samba domain users. > > > this does not happen for me. > > i do this: > > smbpasswd -a -m myownsambaserver > smbpasswd -j MYSAMBADOMAIN > > and it works absolutely fine. > > set debug level = 100, see if there;s anything that strikes you as odd. > > thx! > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 03:13:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <200001130158.UAA03240@rochester.rr.com> Message-ID: On Thu, 13 Jan 2000, Marty Leisner wrote: > > The samba folks are well aware...and disturbed...(having been following > the technical details) > > What is far more interesting is how easy it is to crash NT 4.0 machines > which run netbios...I don't think microsoft has a knowledgebase article > about that...(I have to see if it was fixed in nt 5) there was a classic one in just _connecting_ to the NetBIOS session layer in SP3 and below. there are some _really_ nasty DCE/RPC ones. i invented a new concept recenty that i'd like to share with you. it's called the BSOD. that's, BSOD - black screen of death. a problem so serious on windows nt that it cannot even report the usual blue screen. From mgeddes at xavier.sa.edu.au Thu Jan 13 04:05:11 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: References: <200001130158.UAA03240@rochester.rr.com> Message-ID: <3.0.5.32.20000113140511.007c5620@mail.xavier.sa.edu.au> At 02:15 PM 01/13/2000 +1100, Luke Kenneth Casson Leighton wrote: >On Thu, 13 Jan 2000, Marty Leisner wrote: > >> >> The samba folks are well aware...and disturbed...(having been following >> the technical details) >> >> What is far more interesting is how easy it is to crash NT 4.0 machines >> which run netbios...I don't think microsoft has a knowledgebase article >> about that...(I have to see if it was fixed in nt 5) > >there was a classic one in just _connecting_ to the NetBIOS session layer >in SP3 and below. > >there are some _really_ nasty DCE/RPC ones. > >i invented a new concept recenty that i'd like to share with you. it's >called the BSOD. > >that's, BSOD - black screen of death. a problem so serious on windows nt >that it cannot even report the usual blue screen. > They don't even tell you about that one in MCSE school. But then again, they do tell you that there are only two reasons for a Blue Screen. As per usual it's only ever third party software (consult the software vendor) and hardware (whatever you have that isn't on the NT HCL). Any idea what causes the Black one? Matt P.S. Is this counted as Just another Linux user bagging Microsoft, even though it's founded? From lkcl at samba.org Thu Jan 13 04:19:23 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <3.0.5.32.20000113140511.007c5620@mail.xavier.sa.edu.au> Message-ID: > >that's, BSOD - black screen of death. a problem so serious on windows nt > >that it cannot even report the usual blue screen. > > > > They don't even tell you about that one in MCSE school. But then again, > they do tell you that there are only two reasons for a Blue Screen. As per > usual it's only ever third party software (consult the software vendor) and > hardware (whatever you have that isn't on the NT HCL). > > Any idea what causes the Black one? i can't telly you, yet. sorry :) From matthias at waechter.wol.at Thu Jan 13 09:20:12 2000 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387921FA@webmail.siphoto.com> Message-ID: On Thu, 13 Jan 2000, Jason Levine wrote: > >domain logons *does have* an affect. It did when installing our Samba > >boxes - please see Luke's earlier posting confirming this when another > >PDC exists on the network! > > If it does have an effect, then the docs need to be changed; the DOMAIN.TXT > file says that it's only relevant in two security settings (the ones that they > are I don't remember, and I don't have access to that file right now). The problem is that "security" is used synonymiously for the distinction "user/share" and for "user/domain/server/share". This is _bad_. To repeat myself: Either one updates the DOCs and make them more or less unreadable by replacing every "security=user" with "security=user, domain or server", or we split off the "security = " smb.conf-parameter into a "security = user/share" and a "authentication by = local (PDC), remoteserver, domainmember" or whatever. Even worse: The MS world only distincts between user and share security. Why does Samba introduce these two new variants as new security settings? Again: This is only to find a _good_ solution, not to find a _compatible_ solution. Some people prefer the latter and seem to like confusion. Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From M.Brendel at net.hcc.nl Thu Jan 13 09:40:58 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:57 2003 Subject: Bug in SAMBA_TNG from 12-1-2000? Message-ID: <3.0.3.32.20000113104058.0091f4d0@pop5.inter.nl.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 3940 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000113/db17b283/attachment.bin From lk at NetUSE.DE Thu Jan 13 11:25:21 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:57 2003 Subject: motivation Message-ID: <387DB621.1D45921@NetUSE.DE> Hello! I'm amazed! Samba TNG works very well today. Especially usermgr shows all users and all groups. And Samba TNG doesn't ignore /etc/groups anymore. I could also change my passwort successfully(from the Windows NT point of view), but after that i was not able to login anymore. Who cares! :-) Now i need to update my webpages. Many thanks to the developers. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From mg at plum.de Thu Jan 13 12:25:38 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:57 2003 Subject: motivation References: <387DB621.1D45921@NetUSE.DE> Message-ID: <387DC442.7E008A4E@plum.de> Lars Kneschke wrote: > > Hello! > > I'm amazed! Samba TNG works very well today. Especially usermgr > shows all users and all groups. And Samba TNG doesn't ignore > /etc/groups anymore. I could also change my passwort > successfully(from the Windows NT point of view), but after that i > was not able to login anymore. Who cares! :-) > Now i need to update my webpages. > Many thanks to the developers. Most did work before the great restructuring :) But .. TNG seems really good now .. and I really like the concept of having the functionality split into different daemons ... You can update most parts of a running PDC server now .. wow :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From Dseven at Dseven.ORG Thu Jan 13 12:42:15 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:57 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Thu, 13 Jan 2000 09:47:59 +1100." Message-ID: <200001131242.MAA10594@mimas.Dseven.ORG> Hi Luke, Thanks for the updates - I'll test tonight! The main thing I like about TNG is that, aside from the inevitable development bugs, it just works... this is the first time that I've been able to do all the things that I want at the same time - domain logons, domain groups, printing, etc - previously, I've only seemed to be able to do a subset with any particular release before. As for the daemon architecture, it seems to make a lot of sense. Aside from being able to take individual services in and out of operation without killing the whole server, not bundling all of those services into one big daemon feels like a good move. Persumably it ought to run more effeciently on larger (MP) servers, too ? ~Iain Luke Kenneth Casson Leighton writes: : ian, it _used_ to use inet_aton(), matthew chapman fixed this this : morning. : : profiles are now working, i fixed those this afternoon, it's a hack-job : but it's the same hack-job as used for the past eighteen months (grep : sam_logon_user */*.c) : : appreciate your support. i'm curious: why do you like it? i mean, you : have to start 12 programs instead of 2, right? [i know _my_ answer to : this one, and it's not a logical one, so i'm really curious :) ] : : : On Thu, 13 Jan 2000, Iain MacDonnell wrote: : : > : > Hi, : > : > TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is no + t : > always available (eg Solaris 7). I worked around this by ripping inet_aton. + c : > from the gated source and hacking that into LIBSMB_OBJ, and this, combined : > with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. + I : > can make this code available if required, but imagine that someone will wan + t : > to implement their own solution. : > : > I'm using the 12/12 daemons because roaming profiles seem to be broken in : > TNG? Is there something obvious that I need to change to make them work ? : > : > Otherwise, TNG is looking very cool - keep up the good work :) : > : > ~Iain : > : > : > : : Luke Kenneth Casson Leighton : Samba and Network Development : Samba Web site : Internet Security Systems, Inc. : Macmillan Technical Publishing : : ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lk at NetUSE.DE Thu Jan 13 13:02:45 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:57 2003 Subject: TNG / inet_aton References: <200001122218.WAA10156@mimas.Dseven.ORG> Message-ID: <387DCCF5.543EEB84@NetUSE.DE> Iain MacDonnell wrote: > > Hi, > > TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is not > always available (eg Solaris 7). I have inet_aton on Solaris 7. It is in libresolv. If you mean this?! > I worked around this by ripping inet_aton.c > from the gated source and hacking that into LIBSMB_OBJ, and this, combined > with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. I > can make this code available if required, but imagine that someone will want > to implement their own solution. > > I'm using the 12/12 daemons because roaming profiles seem to be broken in > TNG? Is there something obvious that I need to change to make them work ? CVS from today works very well for me on Solaris 7. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From nik at freebsd.org Thu Jan 13 13:47:03 2000 From: nik at freebsd.org (Nik Clayton) Date: Tue Dec 2 02:27:57 2003 Subject: "logon path" directive being ignored for roaming profiles w/ 2.0.6 Message-ID: <20000113134703.A52231@catkin.nothing-going-on.org> Hi, I have what I think is a simple setup. At the moment, I have Samba 2.0.6 installed on a FreeBSD 3.4 server, serving files and log on requests to a Windows 98 (Second edition) client. There are no NT machines on this network. Almost everything works fine. Logging in to the Windows machine works, using my Unix username and password. Various shares that I have set up work, I can print from the Windows host to an Epson printer on the FreeBSD host, and so on. All the tests in DIAGNOSIS.txt work. I can go in to the Network Neighbourhood and see the server, I don't need to explicitly type it's name, or anything like that. When logging in, the login dialog contains options for [user, password, domain], and not just [user, password], as expected. The only thing that doesn't work correctly is specifying the location of the profile files. When I log out from Windows, it insists on storing the profile data in the top level of my home directory. For example, /home/nik/Application Data /home/nik/Recent /home/nik/NetHood /home/nik/USER.DAT and so on. This seems to be contrary to the documentation, which suggests that a subdirectory called 'profile' will be used. I've only just noticed this problem. Further investigation shows that I do have a /home/nik/profile directory, with profile data in it. However, it has not been modified in some time -- I suspect it coincides with when I upgraded from 2.0.3 to 2.0.6 about a month or so ago. Nothing I do seems to stop this happening. I tried adding the following to the [global] section logon path = \\%N\%U\profile (as well as the [homes] service, as described in DOMAIN.txt) to no effect. Following some threads on this mailing list, I tried adding [global] ... logon path = \\%L\profiles\%U.pds ... [profiles] comment = User profiles are stored here path = /usr/local/samba/lib/profiles read only = no create mask = 0750 browseable = no locking = no to no effect (although I can see the share from the Windows machine). Obviously, I've created all the directories in these examples, and made sure that I've stopped and restarted Samba each time I make a change. I've been through DOMAIN.txt, and can't see that I'm missing anything. I've trawled through the log files, looking for messages like "Can't create /home/nik/profile" or similar, thinking it might be a permissions problem, but I can't see anything that resembles that, and when I log in to the Windows machine I get full read/write access to my Unix home directory, as expected. Appropriate excerpts from the smb.conf file are [global] workgroup = NGO os level = 34 security = user preferred master = yes dns proxy = no wins support = yes domain logons = yes [homes] comment = Home directories browseable = yes writable = yes [netlogon] comment = Network logon service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no I've ommitted logging options, socket options, and the other shares that I have in that file. I've worked through the mailing list archives and the documentation, but haven't found anything that seems appropriate to this problem. Any suggestions gratefully received. N -- If you want to imagine the future, imagine a tennis shoe stamping on a penguin's face forever. --- with apologies to George Orwell From mkuhne at microsoft.com Thu Jan 13 13:35:31 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article Message-ID: <0D0BF2D3C30CD3118D4F00805FA70CE803F3624B@MUC-MSG-01> Hey Jeremy & Jeremy, thanks for this post. I read this list because I am interested in the technology. The constant hatred and verbal abuse really poisons this - and it's hard not to take it personally. You have restored some of my faith :-) Regards, Martin Microsoft GmbH -----Original Message----- From: Jeremy Allison [mailto:jeremy@valinux.com] Sent: Mittwoch, 12. Januar 2000 19:34 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article Jeremy Jones wrote: > It seems, however, that some on this list have animosity not only towards MS > as a company and NT as an OS, but also towards those of us who administer NT > networks. If you'd like cooperation from NT admins, and are genuinely > interested in the possibility of heterogeneous networking, why would you > work so hard to alienate so many of the people you will more than likeley > need to work with? It is true that some of us--myself included--are not as > technically adept with linux/unix as with NT. These OSs require different > skill sets and training. If an NT admin has not heard of a file called > "krb5.conf" it does not mean that the NT admin is an imbecil. It means the > NT admin is unfamiliar with configuring kerberos v5 on a Unix box. > > At least some NT admins are interested in interoperability. And at least > some of us are not complete morons. Please keep this in mind. *Very* good point. I have been watching this thread degenerate into a "I hate Microsoft" rant (too busy to post anything as I'm trying to get all the pending patches integrated for 2.0.7. I shouldn't be posting this :-). Not very inspiring for anyone working with NT on a daily basis (this includes me !). Remember, Samba is an outreach tool to help NT and UNIX interoperate (at least that's how I'd classify it). It's the glue between UNIX and Windows. I always welcome the chance to talk to Windows administrators because they are usually very interested in improving their skillset and see Samba running on a UNIX system as a good way to move their skills into the higher paid UNIX world. Microsoft Certified Professional magazine even commissioned a front page article on Samba ! Let's help MCSE's to move into the UNIX/Linux world. Remember, people tend to recommend what they know, so spread the knowledge around :-). Let's all just play nice on the same networks, and help everyone to learn how to do the same. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From a8903122 at unet.univie.ac.at Thu Jan 13 02:53:24 2000 From: a8903122 at unet.univie.ac.at (Richard Kail) Date: Tue Dec 2 02:27:57 2003 Subject: Microsoft Knowledgebase article / smb.conf In-Reply-To: <387CC070.288BD757@schernau.com> Message-ID: Hello ! On Thu, 13 Jan 2000, Edward Schernau wrote: > some sort of new notation maybe? like: > > browser.domain.master = no > browser.os.level = NT (with some sort of DOS,Win9x,NT, or NT++ > setting). > since you only need to be > than 1 OS, you dont NEED os level = 20, > you just need a 2, 17 or 33 really. So Samba can either = > DOS, Win9x, or NT, or be 1 level higher if needed. I like the idea to change the names of the configuration parameters in smb.conf into something other. It is very painfull for me to remember exactly what which parameter does and in which part of the several services (netbios, wins, browser, PDC, file sharing ...) it fits. I can't tell you how to name them really to be intuitive, but I know that their current names are not good (maybe there is no better solution - I have no proof for that..) I try to explain this, but don't flame me if you don't agree: For example, if you define a share, you have a parameter "read only" which is inverted equivalent with "writeable" which is equivalent with "write ok". Another example: You can define a share as "printing ok". This looks like "printing ok = yes" or "printable = yes". I think, this conflicts with the way users (and sysadmins are also some special kind of users when thinking about smb.conf) think. They think my samba server should be a PDC | WINS-Srv | Fileserver-Only or Nameservice = Self-wins | Wins-someother(IP=1.2.3.4) | dumb-lmhosts or Printer-share and not share .... this is printable. hm. I hope you get the point.... Sambas smb.conf style is more like tweaking the lower bits of the protocols to get things running - which is total ok for developing the code, but makes problems for sysadmins which are not so familiar with the inner details of M$ protocols. Maybe it would be a good idea to make one or more 'meta parameters' which set the whole range of "domain options", "browse options" and "wins options" to sensible defaults and to name them analog to the M$ terminology, so that sysadmins in trouble see actually what they do. Hm... like this: samba mode = PDC ; sets all defaults so that it looks like a M$ PDC samba mode = fileserver ; plain fileservice samba mode = fileserver domain ; fileservice with domain auth samba mode = fileserver winsserver ; plain fileservice with wins and so on ... have a nice day, Richard -- "Security on the Internet is a community effort." --- CERT Advisory CA-2000-01 From richard.ferris at ncn.ac.uk Thu Jan 13 14:09:07 2000 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B198AF8F@VOYAGER> How reliable is SAMBA running as a WINS server? I set my SGi Origin200 box up as one but netbios resolution seemed to take ages. Anyone else got WINS running and working OK? Richard Ferris - Visions Systems Analyst Visions Project Clarendon City College Stoney Street Nottingham NG1 1NG Tel: 0115 9104 566 Pager: 0766 6843 706 -------------- next part -------------- HTML attachment scrubbed and removed From giulioo at pobox.com Thu Jan 13 14:07:08 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:57 2003 Subject: "logon path" directive being ignored for roaming profiles w/ 2.0.6 In-Reply-To: <20000113134703.A52231@catkin.nothing-going-on.org> References: <20000113134703.A52231@catkin.nothing-going-on.org> Message-ID: <20000113140805.CC64988D4@i3.golden.dom> On Fri, 14 Jan 2000 00:53:26 +1100, hai scritto: >When logging in, the login dialog contains options for [user, password, >domain], and not just [user, password], as expected. If you tell win9x to logon to an nt domain this is normal. >The only thing that doesn't work correctly is specifying the location >of the profile files. This is a known 2.0.6 problem. If the profile location is really important to you and cannot wait for 2.0.7, you can go back to 2.0.5 or apply this to 2.0.6 (reverts to 2.0.5 behavior with profiles working and "net use h: /home" not working): --- source/smbd/ipc.c.orig Sun Nov 14 10:09:40 1999 +++ source/smbd/ipc.c Sun Nov 14 10:10:23 1999 @@ -2478,7 +2478,7 @@ SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ - pstrcpy(p2, lp_logon_home()); + pstrcpy(p2, lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ pstrcpy(p2,""); @@ -2514,7 +2514,7 @@ SSVAL(p,42, conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - pstrcpy(p2,lp_logon_home()); + pstrcpy(p2,lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; -- giulioo@pobox.com From mg at plum.de Thu Jan 13 14:23:29 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF8F@VOYAGER> Message-ID: <387DDFE1.458C848D@plum.de> > Richard Ferris wrote: > > How reliable is SAMBA running as a WINS server? I set my SGi > Origin200 box up as one but netbios resolution seemed to take ages. > Anyone else got WINS running and working OK? > Our Samba WINS server is quite stable here. You REALLY should use an wins server for browsing ! :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From richard.ferris at ncn.ac.uk Thu Jan 13 14:39:19 2000 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B198AF92@VOYAGER> I'm currently using an NT WINS server that exists in another domain at one of our other sites. Problem is this box seems rather unreliable and when my NT clients logon they regularly complain about the SAMBA domain not being available. I thought it would be a good idea to set-up WINS on the SAMBA server but it did slow browsing right down. I have another Origin200 for storing video so I may install SAMBA on it and add it to the existing SAMBA domain as a WINS server to see how it performs. Richard -----Original Message----- From: Michael Glauche [mailto:mg@plum.de] Sent: 13 January 2000 14:20 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: WINS on SAMBA > Richard Ferris wrote: > > How reliable is SAMBA running as a WINS server? I set my SGi > Origin200 box up as one but netbios resolution seemed to take ages. > Anyone else got WINS running and working OK? > Our Samba WINS server is quite stable here. You REALLY should use an wins server for browsing ! :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de -------------- next part -------------- HTML attachment scrubbed and removed From greg at discreet.com Thu Jan 13 14:36:34 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA In-Reply-To: <6114EF4D9AF0D1119ADD00805F9F11B198AF8F@VOYAGER> Message-ID: Rock steady on an Octane for 2 years now. Greg On 13-Jan-00 Richard Ferris wrote: > How reliable is SAMBA running as a WINS server? I set my SGi Origin200 box > up as one but netbios resolution seemed to take ages. Anyone else got WINS > running and working OK? > > > > Richard Ferris - Visions Systems Analyst > Visions Project > Clarendon City College > Stoney Street > Nottingham > NG1 1NG > > Tel: 0115 9104 566 > Pager: 0766 6843 706 > > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Daniel.Sandmeier at HWK-DO.DE Thu Jan 13 14:46:45 2000 From: Daniel.Sandmeier at HWK-DO.DE (Daniel Sandmeier) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF92@VOYAGER> Message-ID: <387DE555.96100C4D@hwk-do.de> But when you do that, than make sure, that you don't get conflicts with the NT WINS Server in the other domain. AFAIK Samba has some problems acting as a WINS Server, when another NT based WINS Server is present. DerSandos187 From mike at psand.net Thu Jan 13 15:47:24 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF8F@VOYAGER> Message-ID: <00d901bf5ddd$850adb20$0164a8c0@win981> WINS on SAMBAFrom my experience, WINS works wonderfully under Samba :-) Check that you're smb.conf file also contains: local master = yes (the default) preferred master = yes domain master = yes os level = 32 (please, someone confirm I'm not telling lies !) In that way the Samba server will win the browser elections to become the Domain Master Browser and can then serve WINS fine. It also means the clients won't be getting confused as to who has control. The long and the short is: Either go for all Samba WINS and DMB etc. or If there is an NT Server, let it be the DMB and WINS. Then all will be fine and dandy. Mike. ----- Original Message ----- From: Richard Ferris To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 2:11 PM Subject: WINS on SAMBA How reliable is SAMBA running as a WINS server? I set my SGi Origin200 box up as one but netbios resolution seemed to take ages. Anyone else got WINS running and working OK? Richard Ferris - Visions Systems Analyst Visions Project Clarendon City College Stoney Street Nottingham NG1 1NG Tel: 0115 9104 566 Pager: 0766 6843 706 -------------- next part -------------- HTML attachment scrubbed and removed From mike at psand.net Thu Jan 13 15:55:55 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF92@VOYAGER> Message-ID: <011301bf5dde$b2e2e3c0$0164a8c0@win981> RE: WINS on SAMBARichard, DON'T DO THIS..... Samba WINS doesn't support WINS replication. You can't have BOTH on any network, even Subnets (as it's routeable over TCP/IP).. Go for one or the other. (apologies for shouting if you haven't got both!! :-)) Mike. ----- Original Message ----- From: Richard Ferris To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 2:39 PM Subject: RE: WINS on SAMBA I'm currently using an NT WINS server that exists in another domain at one of our other sites. Problem is this box seems rather unreliable and when my NT clients logon they regularly complain about the SAMBA domain not being available. I thought it would be a good idea to set-up WINS on the SAMBA server but it did slow browsing right down. I have another Origin200 for storing video so I may install SAMBA on it and add it to the existing SAMBA domain as a WINS server to see how it performs. Richard -----Original Message----- From: Michael Glauche [mailto:mg@plum.de] Sent: 13 January 2000 14:20 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: WINS on SAMBA > Richard Ferris wrote: > > How reliable is SAMBA running as a WINS server? I set my SGi > Origin200 box up as one but netbios resolution seemed to take ages. > Anyone else got WINS running and working OK? > Our Samba WINS server is quite stable here. You REALLY should use an wins server for browsing ! :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de -------------- next part -------------- HTML attachment scrubbed and removed From richard.ferris at ncn.ac.uk Thu Jan 13 14:58:08 2000 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B198AF93@VOYAGER> Thanks for the info Mike, looking at the other posts it seems that the NT servers that are running WINS may have 'caused some conflictions with my SAMBA WINS - unfortunately it looks like I'll have to rely on the NT box as this is the primary WINS server for our MAN. Thanks Richard -----Original Message----- From: Mike Harris [mailto:mike@psand.net] Sent: 13 January 2000 15:47 To: richard.ferris@ncn.ac.uk Cc: Multiple recipients of list SAMBA-NTDOM Subject: RE: WINS on SAMBA >From my experience, WINS works wonderfully under Samba :-) Check that you're smb.conf file also contains: local master = yes (the default) preferred master = yes domain master = yes os level = 32 (please, someone confirm I'm not telling lies !) In that way the Samba server will win the browser elections to become the Domain Master Browser and can then serve WINS fine. It also means the clients won't be getting confused as to who has control. The long and the short is: Either go for all Samba WINS and DMB etc. or If there is an NT Server, let it be the DMB and WINS. Then all will be fine and dandy. Mike. ----- Original Message ----- From: Richard Ferris To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 2:11 PM Subject: WINS on SAMBA How reliable is SAMBA running as a WINS server? I set my SGi Origin200 box up as one but netbios resolution seemed to take ages. Anyone else got WINS running and working OK? Richard Ferris - Visions Systems Analyst Visions Project Clarendon City College Stoney Street Nottingham NG1 1NG Tel: 0115 9104 566 Pager: 0766 6843 706 -------------- next part -------------- HTML attachment scrubbed and removed From ed at schernau.com Thu Jan 13 15:10:00 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:57 2003 Subject: Hate ??? Microsoft Message-ID: <387DEAC8.25DC472D@schernau.com> Lots of us LIKE Microsoft. Heck, 98% of us on here make our living babysitting Windows clients (or why would we be here????) and NT servers. I think the backlash against NT system administrators is this: There are many people who put on a tie, buy a palmpilot, read NT Server for Dummies, and flood the marketplace. Ive actually fielded questions from _NT ADMINS_ who ask "Are you guys running Ethernet or IP?" Or "Dammit, all these floppies are formatted NTFS!". These are the guys who use Disk Administrator to look at the pretty bargraphs to tell HOW MUCH FREE SPACE C: has. These are the guys whose motto is: "If there is not a GUI, it can't be done." Do most of us on here, and even MANY NT Admins fall into this category? Of course not. Do most of us on here, and even many Linux/Unix Admins hate Microsoft, want to kill Bill Gates, and rule the world? Of course not. It just takes a few bad apples to spoil the barrel. -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From mg at plum.de Thu Jan 13 15:12:07 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF92@VOYAGER> <387DE555.96100C4D@hwk-do.de> Message-ID: <387DEB47.EB97D98A@plum.de> Daniel Sandmeier wrote: > > But when you do that, than make sure, that you don't get conflicts with > the NT WINS Server in the other domain. AFAIK Samba has some problems > acting as a WINS Server, when another NT based WINS Server is present. IIRC the orginal poster said, that the NT WINS server is "remote", so that should not be the problem. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From JJones at nwnets.com Thu Jan 13 15:07:17 2000 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA Message-ID: <4128C0428F94D3118F1E00902773CED201B3C4@NNSBOIS1> Can a Samba WINS server not replicate with another Samba WINS server? One of the reasons to implement distributed WINS servers with NT is so that clients on remote subnets will not need to send requests over a WAN link to a remote WINS server. It gets particularly important when VPNs are used between remote sites over, say, 256K lines. I really don't want floods of WINS requests clogging up the links, but I could handle having WINS databases moving over the lines every couple of hours. Could the WINS database from a Samba server be pushed to a remote Samba server by a non-Samba-specific method? Thanks Jeremy Jones, MA, MCSE, CCNA Systems Analyst Northwest Network Services (208) 343-5260 x106 http://www.nwnets.com mailto:jjones@nwnets.com -----Original Message----- From: Mike Harris [mailto:mike@psand.net] Sent: Thursday, January 13, 2000 7:56 AM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: WINS on SAMBA Richard, DON'T DO THIS..... Samba WINS doesn't support WINS replication. You can't have BOTH on any network, even Subnets (as it's routeable over TCP/IP).. Go for one or the other. (apologies for shouting if you haven't got both!! :-)) Mike. ----- Original Message ----- From: Richard Ferris To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 2:39 PM Subject: RE: WINS on SAMBA I'm currently using an NT WINS server that exists in another domain at one of our other sites. Problem is this box seems rather unreliable and when my NT clients logon they regularly complain about the SAMBA domain not being available. I thought it would be a good idea to set-up WINS on the SAMBA server but it did slow browsing right down. I have another Origin200 for storing video so I may install SAMBA on it and add it to the existing SAMBA domain as a WINS server to see how it performs. Richard -----Original Message----- From: Michael Glauche [mailto:mg@plum.de] Sent: 13 January 2000 14:20 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: WINS on SAMBA > Richard Ferris wrote: > > How reliable is SAMBA running as a WINS server? I set my SGi > Origin200 box up as one but netbios resolution seemed to take ages. > Anyone else got WINS running and working OK? > Our Samba WINS server is quite stable here. You REALLY should use an wins server for browsing ! :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From kellermg at potsdam.edu Thu Jan 13 15:34:04 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article - OVER?? References: Message-ID: <387DF06C.A9B7F151@potsdam.edu> Steve Cody wrote: > > To EVERYONE who has been whining about this issue all day on this same > thread: > > As you can see by the response below, it takes serious replies, and serious > emails to the right people to make things happen. A bunch of complaining, > whining, OS bashing doesn't do anything but boost your ego. There has > always been one thing you could tell about Linux lovers... About 90% of > them are fanatics, and the remaining 10% get things accomplished. How many > RAVING Microsoft fanatics are there out there? I myself, use Linux, and > Windows NT on my networks. They both have their appropriate uses. It's > time to come to reality and see that software CAN co-exist. WHAT DO YOU > THINK THE PURPOSE OF SAMBA IS ANYWAY?! You enjoy being flamed, don't you? Normally I stay out of such rubish, but you hit a nerve. First of all, "fanatics" can be found anywhere. There *are* raving MS fanatics. I have a client that runs, NT/98, with MS SQL server for database, Exchange for email serving, Outlook for and email client, Word for word processing, Excel for spreadsheets, etc, etc. etc. NOT because it is the best solution, but because he believes in Bill Gates and Microsoft as a copmany. I have colleagues who won't touch a computer unless it has an Apple logo on it. "Fanatics" are everywhere. There are a lot of "new school" IT professionals that swear by NT/Microsoft... They wear ties, use Internet Explorer, have AOL as an ISP, and believe that UNIX is for geeks and geriatrics. I call them 'zealots', you call them 'fanatics'... Same thing. I think accusing 90% of the Linux community of "not getting things accomplished" is not only off-base, but shows inexperience with Linux users on your part. The fact is that Linux is an increasingly viable alternative to high-priced OS's such as NT, Solaris, etc. Sure, some people go overboard, but it is their right. The vast majority of the hundreds of Linux users I come in contact with every day are very level-headed, stable people. I'm not naive enough to think that everyone feels how I do: That a healthy mix of Solaris, Linux and NT is the optimal solution for mid-to-large scale networks. For some clients I recommend an NT-based server solution, for some I recommend Solaris, some I recommend Linux- It depends on the situation. Truth be known I WISH that NT had the stability/versatility of Linux, or that Linux had the ease-of-management of NT. It's getting there- Both of them. Linux is getting more management-friendly and NT is getting "more UNIX-like". As for your rhetorical quip about the "purpose" of Samba- It is an alternative to NT for serving files, printers, and applications to Windows clients. Windows on the desktop is not going away anytime soon- Nor do I necessarilly think it should. Some businesses/non-profits/educational institutions can't afford the thousands of dollars it costs to license NT. Some can't even "afford" Linux, but at least it is an option. Linux users KNOW that "they both have their appropriate uses" - There are somethings that NT simply does better (at this point). The spirit of Samba and OSS is to provide ALTERNATIVES to proprietary, non-extensible software. I shudder to think of the day when the only server side option is a Microsoft product. Competition spurns evolution and development. If Linux never was "born", would M$ have ANYONE to compete with on the server side? Ok, Sun is a competitor, and Novell is still hanging on. My point is that the "fanatics" or "zealots" of the Linux community HAVE made a difference, and HAVE gotten things done. They have pushed other companies to refocus, and start innovating. I agree that this thread is better served on an advocacy list than on this list- And I'll also admit that your message is the only one I've even read (since the first in the thread) because you changed the subject (slightly). I can see a zeal-war a mile away, and the opener to this thread was begging for it. Zealots have their place in society, and in the OSS community. I think it is healthier to ignore the thread and glean the quality information from this list, then to brand 90% of the Linux community as "fanatics" and unproductive. My humblest of apologies to all whose mailbox this email has cluttered. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From j.c.burton at gats-inc.com Thu Jan 13 15:32:01 2000 From: j.c.burton at gats-inc.com (John Burton) Date: Tue Dec 2 02:27:57 2003 Subject: Hate ??? Microsoft References: <387DEAC8.25DC472D@schernau.com> Message-ID: <387DEFF1.6D63A251@gats-inc.com> Edward Schernau wrote: > > Lots of us LIKE Microsoft. Heck, 98% of us on here make our living > babysitting Windows clients (or why would we be here????) and NT > servers. > > I think the backlash against NT system administrators is this: > There are many people who put on a tie, buy a palmpilot, read > NT Server for Dummies, and flood the marketplace. Ive actually > fielded questions from _NT ADMINS_ who ask "Are you guys running > Ethernet or IP?" Or "Dammit, all these floppies are formatted > NTFS!". These are the guys who use Disk Administrator to look > at the pretty bargraphs to tell HOW MUCH FREE SPACE C: has. > > These are the guys whose motto is: "If there is not a GUI, it > can't be done." > > Do most of us on here, and even MANY NT Admins fall into this > category? Of course not. Do most of us on here, and even many > Linux/Unix Admins hate Microsoft, want to kill Bill Gates, and > rule the world? Of course not. > > It just takes a few bad apples to spoil the barrel. Like Microsoft? no. Have to work with it? yes... I dislike Microsoft for its business practices and producing shoddy products. Windows 95/98/NT machines make up less than 20% of the systems I support, yet require more than 80% of my sys admin resources to support. Linux / UNIX machines make up the other 80%, yet only require 20% of our time and effort. Invariably, when talking to MS Tech support (on *my* dime of course) the solution to my problem is one of the 3 R's (reboot, reformat, reinstall). I've also gotten resumes from people with zero hands on experience and their MSCE ticket expecting to get $50k per year. Its very hard not to laugh in their face. The only reason I tolerate Windows is because my clients have been sold a bill of goods and they've standardized on MS Office 9x/2000 for document interchange. If I want to communicate with them I need to support MS Windows & Office... MS Windows runs okay as long as its a virgin, but once you start f!$&ing with it (i.e. installing hardware or software), then you start having problems. MS is particularly bad about "upgrading" your O/S when you install one of their products. Too bad their upgrade makes the system slightly incompatible with other software packages... Want to kill Bill Gates? no Want to rule the world? no Want Bill Gates to rule the world? NO John -- John Burton, Ph.D. Senior Associate GATS, Inc. j.c.burton@gats-inc.com 11864 Canon Blvd - Suite 101 jcb@visi.net (personal) Newport News, VA 23606 (757) 873-5920 (voice) (757) 873-5924 (fax) From gtm at oracom.com Thu Jan 13 15:40:16 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:57 2003 Subject: Usr Mgr for domains Message-ID: <387DF1E0.A95E542A@oracom.com> Hi all, I just downloaded the latest tng code and recompiled. I now get the following error when tring to run usr mgr. A Remote Procedure Call(RPC) Protocol Error has occured. Could this be becasue I cannot login as Domain Admin anymore. I have a domain group map in my smb.conf file. In the file referenced I have the following domainadmin = "Domain Admins" In my unix passwd file I have one user whose group is domainadmin. That user did have admin privs before this upgrade. Is there something I need to do to make that happen again? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From petersv at psv.nu Thu Jan 13 15:48:11 2000 From: petersv at psv.nu (Peter Svensson) Date: Tue Dec 2 02:27:57 2003 Subject: "logon path" directive being ignored for roaming profiles w/ 2.0.6 In-Reply-To: <20000113140805.CC64988D4@i3.golden.dom> Message-ID: On Fri, 14 Jan 2000, Giulio Orsero wrote: > If the profile location is really important to you and cannot wait for > 2.0.7, you can go back to 2.0.5 or apply this to 2.0.6 (reverts to 2.0.5 > behavior with profiles working and "net use h: /home" not working): Can these two not be made to work simultaneous? It seems to work here from what I can see. Our samba server is from several months back and we have net use h: /home and the profiles are stored in ~/.smbprofile. Peter -- Peter Svensson ! Pgp key available by finger, fingerprint: ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF ! ------------------------------------------------------------------------ Remember, Luke, your source will be with you... always... From ely at txc.com Thu Jan 13 15:50:55 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:27:57 2003 Subject: Usr Mgr for domains References: <387DF1E0.A95E542A@oracom.com> Message-ID: <387DF45E.CCC4673B@txc.com> I have exactly the same problem Glenn MacGregor wrote: > Hi all, > > I just downloaded the latest tng code and recompiled. I now get the > following error when tring to run usr mgr. > A Remote Procedure Call(RPC) Protocol Error has occured. > > Could this be becasue I cannot login as Domain Admin anymore. I have a > domain group map in my smb.conf file. In the file referenced I have the > following > domainadmin = "Domain Admins" > > In my unix passwd file I have one user whose group is domainadmin. That > user did have admin privs before this upgrade. Is there something I > need to do to make that happen again? > > Thanks > > Glenn > > -- > > Glenn MacGregor > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 -------------- next part -------------- A non-text attachment was scrubbed... Name: ely.vcf Type: text/x-vcard Size: 222 bytes Desc: Card for Ely Zavin Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000113/2d4f211b/ely.vcf From giulioo at pobox.com Thu Jan 13 16:08:26 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:57 2003 Subject: "logon path" directive being ignored for roaming profiles w/ 2.0.6 In-Reply-To: References: <20000113140805.CC64988D4@i3.golden.dom> Message-ID: <20000113160716.9C1E188D4@i3.golden.dom> On Thu, 13 Jan 2000 16:48:11 +0100 (CET), hai scritto: >Can these two not be made to work simultaneous? It seems to work here from >what I can see. Our samba server is from several months back and we have >net use h: /home and the profiles are stored in ~/.smbprofile. The problem of "net use h: /home" manifests itself when you use a path outside the homeshare for the profile dir. When you do that and do net use h: /home then h is mapped to the profile share, instead of to the homeshare. If you put the profile in the homeshare this doesn't happen (net use.. works). -- giulioo@pobox.com From mg at plum.de Thu Jan 13 16:18:24 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:57 2003 Subject: Usr Mgr for domains References: <387DF1E0.A95E542A@oracom.com> Message-ID: <387DFAD0.28B1E295@plum.de> Glenn MacGregor wrote: > > Hi all, > > I just downloaded the latest tng code and recompiled. I now get the > following error when tring to run usr mgr. > A Remote Procedure Call(RPC) Protocol Error has occured. > > Could this be becasue I cannot login as Domain Admin anymore. I have a > domain group map in my smb.conf file. In the file referenced I have the > following > domainadmin = "Domain Admins" > > In my unix passwd file I have one user whose group is domainadmin. That > user did have admin privs before this upgrade. Is there something I > need to do to make that happen again? Did you really do a fresh checkout with -r SAMBA_TNG ? cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -R SAMBA_TNG samba regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From lk at NetUSE.DE Thu Jan 13 16:19:16 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:57 2003 Subject: Usr Mgr for domains References: <387DF1E0.A95E542A@oracom.com> Message-ID: <387DFB04.A4669D65@NetUSE.DE> Glenn MacGregor wrote: > > Hi all, > > I just downloaded the latest tng code and recompiled. I now get the > following error when tring to run usr mgr. > A Remote Procedure Call(RPC) Protocol Error has occured. > > Could this be becasue I cannot login as Domain Admin anymore. I have a > domain group map in my smb.conf file. In the file referenced I have the > following > domainadmin = "Domain Admins" > > In my unix passwd file I have one user whose group is domainadmin. That > user did have admin privs before this upgrade. Is there something I > need to do to make that happen again? My usermgr is working with the samba tng cvs from today. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From caesmb at lab2.cc.wmich.edu Thu Jan 13 16:22:31 2000 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:27:57 2003 Subject: Domains and "username map" Message-ID: Hello, We're running a Samba 2.0.4b PDC whose domain we are trying to join some Samba 2.0.6 machines into. All of this is being done w/ Solaris 2.6. Here is where things get tricky. The Win95 machines that connect to the Samba 2.0.6 "NT Workstation's" are primarily in a Novell envirionment. As such they try to connect to the samba boxen as their Novell login name. We want to map novell usernames (for a limited number of accounts) to unix usernames. The idea is for a 95 machine to connect to a samba box, have the novell username be mapped w/ "username map" to a unix name, and then have that unix name be authenticated against the PDC (since the other samba boxes are in the PDC's domain). This seems simple enough, but it doesn't work. We don't want to maintain a smbpasswd file anywhere but the PDC. In fact, the smbpasswd file doesn't even exist on the samba domain members. If I try and connect with a valid username, the authentication passes though fine. If I try and connect with an aliased/mapped username authentication doesn't work. I get errors in the logs about both the unix username and the novell username not existing in the smbpasswd file. I am assuming that this is the smbpasswd file that would contain local account for the domain members. Is it even possible to alias names on a domain member before authentication gets passed to a PDC? Thanks, Kevin Currie From lkcl at samba.org Thu Jan 13 16:31:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Bug in SAMBA_TNG from 12-1-2000? In-Reply-To: <3.0.3.32.20000113104058.0091f4d0@pop5.inter.nl.net> Message-ID: michiel, you need to do a "where" command on the coredump, in gdb. this will give you a stack trace, with line numbers and parameter arguments, which is critical info to tracking these problems. thx! On Thu, 13 Jan 2000, Michiel Brendel wrote: > > > Yesterday I updated the samba-tng ( aroundd 21:00 hours dutch time) > branch after a configure.developer, a make and a make install, I trid the > log on the nt workstation. Which succeeded with a few errors. > > > from the netlogon log file: > > > Found: client$:x:501:501:NT Machine Account > Samba:/dev/null:/bin/false > > iterate: client$ 0x1f5 > > getsmbfilepwent: returning passwd entry for unix user amd233$, unix uid > 500 > > unixuser:amd233$ uid:500 acb:80 > > pwdb_smb_map_names: unix amd233$ nt NULL unix 500 nt-1 > > lookupsmbpwnam: unix user name amd233$ > > getpwnam(amd233$) > > Found: amd233$:x:500:502:NT Machine Account Samba:/dev/null:/bin/false > > lookupsmbpwuid: unix uid 500 > > file_changed: Unable to stat file /usr/local/samba/lib/domainuser.map. > Error was No such file or directory > > uidtoname(500) > > Found: amd233$:x:500:502:NT Machine Account Samba:/dev/null:/bin/false > > found by name: AMD233$ > > endfileent: closed file. > > pwdb_smb_map_names: unix amd233$ nt amd233$ unix 500 nt3000 > > [000] C8 BF F2 57 50 23 AF F1 0A A1 48 B1 9D 87 5F 29 ...WP#.. > .H..._) > > cred_session_key > > clnt_chal: A425D0962A078C1F > > srv_chal : 4C91620991C057D4 > > clnt+srv : F0B632A0BBC7E3F3 > > sess_key : 597D00291FF1C7E3 > > cred_store: > > make_creds_key: dom THUIS wks amd233 > > [000] 74 68 75 69 73 00 61 6D 64 32 33 33 thuis.am d233 > > net_reply_req_chal: 54 > > make_net_r_req_chal: 41 > > 000000 net_io_r_req_chal > > 000000 smb_io_chal > > 0000 data: 4c 91 62 09 91 c0 57 d4 > > 0008 status: 00000000 > > net_reply_req_chal: 62 > > called api_netlog_rpc > > create_noauth_reply: data_start: 0 data_end: 12 max_tsize: 5680 > > alloc_hint: 12 > > hdr flags: 3 > > 000000 smb_io_rpc_hdr rhdr > > 0000 major : 05 > > 0001 minor : 00 > > 0002 pkt_type : 02 > > 0003 flags : 03 > > 0004 pack_type : 00000010 > > 0008 frag_len : 0024 > > 000a auth_len : 0000 > > 000c call_id : 00000023 > > 000010 smb_io_rpc_hdr_resp resp > > 0010 alloc_hint: 0000000c > > 0014 context_id: 0000 > > 0016 cancel_ct : 00 > > 0017 reserved : 00 > > create_rpc_reply: finished sending > > msrpc_send_prs: data: 0x80e4ac8 len 36 > > [000] 05 00 02 03 10 00 00 00 24 00 00 00 23 00 00 00 ........ > $...#... > > [010] 0C 00 00 00 00 00 00 00 4C 91 62 09 91 C0 57 D4 ........ > L.b...W. > > [020] 00 00 00 00 .... > > write_socket(6,36) > > write_socket(6,36) wrote 36 > > =============================================================== > > INTERNAL ERROR: Signal 11 in pid 2958 (2.1.0-prealpha) > > Please read the file BUGS.txt in the distribution > > =============================================================== > > PANIC: internal error > > > > Hello, > > > This is what I got from the core dump: > > > GNU gdb 4.18 > > Copyright 1998 Free Software Foundation, Inc. > > GDB is free software, covered by the GNU General Public License, and you > are > > welcome to change it and/or distribute copies of it under certain > conditions. > > Type "show copying" to see the conditions. > > There is absolutely no warranty for GDB. Type "show warranty" for > details. > > This GDB was configured as "i386-redhat-linux"... > > Core was generated by `/usr/local/samba/bin/netlogond -D'. > > Program terminated with signal 6, Aborted. > > Reading symbols from /usr/lib/libreadline.so.3...done. > > Reading symbols from /lib/libdl.so.2...done. > > Reading symbols from /lib/libcrypt.so.1...done. > > Reading symbols from /lib/libpam.so.0...done. > > Reading symbols from /usr/lib/libncurses.so.4...done. > > Reading symbols from /lib/libc.so.6...done. > > Reading symbols from /lib/libtermcap.so.2...done. > > Reading symbols from /lib/ld-linux.so.2...done. > > Reading symbols from /lib/libnss_files.so.2...done. > > Reading symbols from /lib/libnss_nisplus.so.2...done. > > Reading symbols from /lib/libnsl.so.1...done. > > Reading symbols from /lib/libnss_nis.so.2...done. > > #0 0x400ce4e1 in __kill () from /lib/libc.so.6 > > > I Hope this information will help you. If you need other information feel > free to contact me. > > > > Michiel > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 16:40:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: motivation In-Reply-To: <387DB621.1D45921@NetUSE.DE> Message-ID: On Thu, 13 Jan 2000, Lars Kneschke wrote: > Hello! > > I'm amazed! Samba TNG works very well today. Especially usermgr > shows all users and all groups. And Samba TNG doesn't ignore > /etc/groups anymore. I could also change my passwort > successfully(from the Windows NT point of view), but after that i > was not able to login anymore. Who cares! :-) i do!! > Now i need to update my webpages. > Many thanks to the developers. thx lars. > Cu > > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 16:44:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: motivation In-Reply-To: <387DC442.7E008A4E@plum.de> Message-ID: > > Most did work before the great restructuring :) > *whistle* *innocent* *nonchalant* > But .. TNG seems really good now .. and I really like the concept > of having the functionality split into different daemons ... > You can update most parts of a running PDC server now .. wow :) i know, that _really_ gets me. now, what was that about rebooting? that was so long ago, i had to look it up with man -k. From lkcl at samba.org Thu Jan 13 16:46:23 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: TNG / inet_aton In-Reply-To: <200001131242.MAA10594@mimas.Dseven.ORG> Message-ID: On Thu, 13 Jan 2000, Iain MacDonnell wrote: > > Hi Luke, > > Thanks for the updates - I'll test tonight! > > The main thing I like about TNG is that, aside from the inevitable development > bugs, it just works... this is the first time that I've been able to do all > the things that I want at the same time - domain logons, domain groups, > printing, etc - previously, I've only seemed to be able to do a subset with > any particular release before. WILD! ... you got printing to work? please tell us how, i have someone who couldn't. > As for the daemon architecture, it seems to make a lot of sense. Aside from > being able to take individual services in and out of operation without > killing the whole server, not bundling all of those services into one > big daemon feels like a good move. Persumably it ought to run more effeciently > on larger (MP) servers, too ? i should hope so. From lkcl at samba.org Thu Jan 13 16:51:33 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: [samba-tng] - please help each other out Message-ID: hi, i just wanted to say that i'd really appreciate it if you could all muck in: those people who have SAMBA-TNG (or mixed cvs main smbd/nmbd + SAMBA-TNG msrpc services) working, please help out those people who haven't got some things going yet. also, please remember the bug-reporting guidelines, which i seem to repeat 8 times a day: cvs update ./configure.developer make clean make debug level = 100 if it coredumps: gdb processname core where thx! Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 17:06:21 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: <387DE555.96100C4D@hwk-do.de> Message-ID: On Fri, 14 Jan 2000, Daniel Sandmeier wrote: > But when you do that, than make sure, that you don't get conflicts with > the NT WINS Server in the other domain. AFAIK Samba has some problems > acting as a WINS Server, when another NT based WINS Server is present. it's more that you need _one_ WINS server database per LAN, and if you have two separate ones you are subdividing your LAN into two camps (two network neighbourhoods, effectively). use one, or the other, not both. for now. From lkcl at samba.org Thu Jan 13 17:08:19 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: <4128C0428F94D3118F1E00902773CED201B3C4@NNSBOIS1> Message-ID: On Fri, 14 Jan 2000, Jeremy Jones wrote: > Can a Samba WINS server not replicate with another Samba WINS server? One no. there isn't enough demand to justify 3 months research into the NT WINS repolication system. however, some people from russia did a asamba-samba replication system, where did it go, jeremy? From dejan.ilic at home.se Thu Jan 13 17:10:33 2000 From: dejan.ilic at home.se (Dejan Ilic) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? Message-ID: Hello. I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages to users sitting on WinNT4 machines. The feedback is mostly accounting information like number of pages left that the user can print, or quota status when logging in etc. smbclient can send to a specific (netbiosname) machine but not to a specific user on that machine. You can only supply the senders user, not receiver. This is not a problem today as we have WinNT workstations where only one user at time work, and the messages are usualy directed to that user. But there are two problems with this limitation: *) Ie when printing a lengthy document the user can log out, leave the machine and got to the printer and wait for the printer to finish its job. When the job is done the server will send a message to the computer, but the user has left, and the message will be printed on the loginscreen, or to the next user sitting on by the computer now! This could lead to some confusion and possibly leaking of semi-private information. I would like to avoid that if possible by directing the message to a specific user on that machine. The other users should not be able to see the message. *) The limitation will become unbearable when we start using WinNT Terminal Servers here. Sending a message to a TS could mean that all the users logged in will se the message (?), when only one in realy interested in the result. You could imagine a server with 20-35 users logged in and every time someone prints or logs in everybody get a message that they realy shouldn't receive. Windows NT4 "net send" command has a possibility to send to a specific user. I must admit that I haven't used it, but it indicates that it should work. Is it possible to extend smbclient so that it can send messages to a specific user on a specific machine (or domain), or is it a limitation in Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) Thanks Dejan Sysadmin with 21500 users :-) From lkcl at samba.org Thu Jan 13 17:11:39 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Hate ??? Microsoft In-Reply-To: <387DEFF1.6D63A251@gats-inc.com> Message-ID: ok people. enough. take it off-list. From lkcl at samba.org Thu Jan 13 17:13:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Usr Mgr for domains In-Reply-To: <387DF1E0.A95E542A@oracom.com> Message-ID: glenn, these are difficult to track down, remotely. i have a hard enough time tracking locally. set debug log level = 100, then send me the smb.conf file and the log.samr file. On Thu, 13 Jan 2000, Glenn MacGregor wrote: > Hi all, > > I just downloaded the latest tng code and recompiled. I now get the > following error when tring to run usr mgr. > A Remote Procedure Call(RPC) Protocol Error has occured. > > Could this be becasue I cannot login as Domain Admin anymore. I have a > domain group map in my smb.conf file. In the file referenced I have the > following > domainadmin = "Domain Admins" > > In my unix passwd file I have one user whose group is domainadmin. That > user did have admin privs before this upgrade. Is there something I > need to do to make that happen again? > > Thanks > > Glenn > > -- > > Glenn MacGregor > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 17:18:41 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Problem with samba domain users. In-Reply-To: <014401bf5de5$7301e060$14804ecf@mindq.com> Message-ID: On Thu, 13 Jan 2000, Long Doan wrote: > Well, I don't get a core dump, so I guest I can try and attach gdb to the > process that eventually fork() into the one that produces "log.ra". Which > process should I attach to? smbd? ok, thisx is tricky. yes. however, what you are going to have to do is this: just after the fork(), at line 254 in smbd/server.c, put a sleep(20); this will give you 20 seconds to do this: ps -aux | grep smbd [identify the child smbd process: the one with the highest number] gdb bin/smbd [child-smbd-pid] gdb-prompt> continue now you can run smbpasswd or whatever you do to get the INTERNAL error. then when it exceptions, do a gdb where command. thx long! From mg at plum.de Thu Jan 13 17:36:14 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? References: Message-ID: <387E0D0E.E8FE70CD@plum.de> Dejan Ilic wrote: > Windows NT4 "net send" command has a possibility to send to a specific > user. I must admit that I haven't used it, but it indicates that it should > work. > > Is it possible to extend smbclient so that it can send messages to a > specific user on a specific machine (or domain), or is it a limitation in > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > I thought about this, too. In Windows you can also send a message to a workgroup, which can be very handy in some situations ("server is going down NOW ! :)") I would volunteer to code it, if there is some kind of documentation / information about it. > Sysadmin with 21500 users :-) wow ... hehe .. only 20 here :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From rchatfie at cemrc.org Thu Jan 13 17:37:11 2000 From: rchatfie at cemrc.org (Randy Chatfield) Date: Tue Dec 2 02:27:58 2003 Subject: Microsoft correction: Re: New Microsoft Knowledgebase article In-Reply-To: <387BCF7B.33F9F645@xavier.sa.edu.au> Message-ID: Looks like MS has corrected the original solution of "Turn on the Linux Samba server." Check out: http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP Randy Chatfield Programmer Analyst rchatfie@cemrc.org From saraceno at ccs.neu.edu Thu Jan 13 17:38:50 2000 From: saraceno at ccs.neu.edu (Robert Saraceno, Jr.) Date: Tue Dec 2 02:27:58 2003 Subject: I feel dumb Message-ID: Well, I have been using Samba 2.0.6 for a little bit now, however, I would like to run the latest of TNG on a test network. Where can I get instructions on obtaining this. Having instructions for both CVS and FTP would be very helpful. Thanks in advance, Robert Saraceno, Jr. Network Administrator Boston Steel Erectors, Inc. From zaphod at gmx.net Thu Jan 13 17:38:04 2000 From: zaphod at gmx.net (Zaphod) Date: Tue Dec 2 02:27:58 2003 Subject: Logon-Problem Message-ID: <387E0D7C.B99F74F@gmx.net> Hi there! I've got a big Problem: I've set up an PDC for several NT Workstations... If I set them up for the domain, they say "Welcome to ***** Domain" ( This seems to work...) If I try to login the client says "Anmeldung Erfolgt" but then instead of the desktop the login-window appears again. The profile path is accessible and writable for the clients, and the client should be able to find the logon-script. What can I do, to make my PDC work I'm using NT4 with SP5 and Samba 2.0.5 THX Rainer H. From dejan.ilic at home.se Thu Jan 13 17:40:21 2000 From: dejan.ilic at home.se (Dejan Ilic) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <387E0D0E.E8FE70CD@plum.de> Message-ID: I could help out if there is documentation out there. Dejan On Thu, 13 Jan 2000, Michael Glauche wrote: > Dejan Ilic wrote: > > Windows NT4 "net send" command has a possibility to send to a specific > > user. I must admit that I haven't used it, but it indicates that it should > > work. > > > > Is it possible to extend smbclient so that it can send messages to a > > specific user on a specific machine (or domain), or is it a limitation in > > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > > > > I thought about this, too. > In Windows you can also send a message to a workgroup, which can be > very handy in some situations ("server is going down NOW ! :)") > I would volunteer to code it, if there is some kind of documentation / > information about it. > regards, > Michael From timothy_d_cole at md.northgrum.com Thu Jan 13 17:44:06 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631C7@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Dejan Ilic [SMTP:dejan.ilic@home.se] > Sent: Thursday, January 13, 2000 12:17 > To: Multiple recipients of list SAMBA-NTDOM > Subject: smbclient messages to a specific user ? > > Hello. > I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages > to users sitting on WinNT4 machines. The feedback is mostly accounting > information like number of pages left that the user can print, or quota > status when logging in etc. > > smbclient can send to a specific (netbiosname) machine but not to a > specific user on that machine. You can only supply the senders user, not > receiver. This is not a problem today as we have WinNT workstations where > only one user at time work, and the messages are usualy directed to that > user. > > But there are two problems with this limitation: > *) Ie when printing a lengthy document the user can log out, leave the > machine and got to the printer and wait for the printer to finish its > job. When the job is done the server will send a message to the > computer, but the user has left, and the message will be printed on > the > loginscreen, or to the next user sitting on by the computer now! > > This could lead to some confusion and possibly leaking of semi-private > > information. I would like to avoid that if possible by directing the > message to a specific user on that machine. The other users should not > be able to see the message. > > *) The limitation will become unbearable when we start using WinNT > Terminal Servers here. Sending a message to a TS could mean that all > the users logged in will se the message (?), when only one in realy > interested in the result. You could imagine a server with 20-35 users > logged in and every time someone prints or logs in everybody get a > message that they realy shouldn't receive. > > Windows NT4 "net send" command has a possibility to send to a specific > user. I must admit that I haven't used it, but it indicates that it should > work. > > Is it possible to extend smbclient so that it can send messages to a > specific user on a specific machine (or domain), or is it a limitation in > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > Basically the way it works is that each user that logs in registers a NetBIOS/WINS record: username<03h>, with the IP of the machine they're logged in on. I believe when net send sends to a specific user, it looks up this record, then dispatches the message to the messenger service at that particular IP. I don't think it's any more involved than that, since it's not unheard of to have problems with having two users with the same name in different domains to each randomly get print notifications and other messages intended for the other. I think this is because the domain isn't a component of the 0x03 name, so the most recent user to log in gets all messages for all users with the same name in all domains. This also suggests to me that the actual windows messanging setup is machine-based, rather than user-based. I have really no idea how terminal server copes with that, or if it even does. From Eirik.Thorsnes at student.uib.no Thu Jan 13 18:05:59 2000 From: Eirik.Thorsnes at student.uib.no (Eirik Thorsnes) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: References: <4128C0428F94D3118F1E00902773CED201B3C4@NNSBOIS1> Message-ID: <4.1.20000113190041.00aa28a0@rasmus.uib.no> At least somewhat related: What is the simplest / best solution to make all the clients switch WINS to the Samba server (which they now log into - but samba isn't configured to be WINS - so they use one on another subnet) The clients is a mixture of W95, W98, NT WS. I guess the problem lies in that you can't switch the Samba server to be WINS server before every client has switched to use it. Or am I wrong? Thanks At 04:14 14.01.00 +1100, you wrote: >On Fri, 14 Jan 2000, Jeremy Jones wrote: > >> Can a Samba WINS server not replicate with another Samba WINS server? One > >no. > >there isn't enough demand to justify 3 months research into the NT WINS >repolication system. > >however, some people from russia did a asamba-samba replication system, >where did it go, jeremy? > > From giulioo at pobox.com Thu Jan 13 18:03:59 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <387E0D0E.E8FE70CD@plum.de> References: <387E0D0E.E8FE70CD@plum.de> Message-ID: <20000113180457.6DFD388DD@i3.golden.dom> On Fri, 14 Jan 2000 04:46:03 +1100, hai scritto: >I would volunteer to code it, if there is some kind of documentation / >information about it. == http://front.linuxcare.com.au/tridge/diary/ Marcus dropped by the office to remind me about an email he sent asking how to do bcast WinPopup messages. We looked at how WinXX did it with tcpdump-smb and found it is a mailslot to UDP/138. I hacked up a file with the appropriate data and tested it with netcat, managing to send messages to Win9X and NTws with no problem. I found that the message limit is about 512 bytes - quite a bit larger than the size that the WinPopup GUI can do. If you send larger than that to NT then it rejects the message. Win98 gets a fatal error in WinPopup. Some devious person could probably turn that into a exploit if they wanted to. == -- giulioo@pobox.com From saraceno at ccs.neu.edu Thu Jan 13 18:09:00 2000 From: saraceno at ccs.neu.edu (Robert Saraceno, Jr.) Date: Tue Dec 2 02:27:58 2003 Subject: can this crap stop? In-Reply-To: Message-ID: I'm sorry for this post, however, usually when I see a message like this, it is quickly followed by 20 messages of people agreeing. So if you agree, just take the advice. Thanks. On Thu, 13 Jan 2000, Tyson La Tourrette wrote: > OK, Microsoft isn't the best. > > OK, Linux users like to bash Microsoft. > > OK, this isn't the place and I am about to unsubscribe because > I don't need my inbox filling with such garbage. > > Please stop these threads. > > Tyson > > From ldoan at knowledgeplanet.com Thu Jan 13 18:12:18 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:58 2003 Subject: Problem with samba domain users. References: Message-ID: <016001bf5df1$ba31ca70$14804ecf@mindq.com> Found it... lib/util.c:3292 server_list is NULL at the DEBUG() statement. Long. ----- Original Message ----- From: "Luke Kenneth Casson Leighton" To: "Long Doan" Cc: "Samba NT Domains Mailing List" Sent: Thursday, January 13, 2000 12:18 PM Subject: Re: Problem with samba domain users. On Thu, 13 Jan 2000, Long Doan wrote: > Well, I don't get a core dump, so I guest I can try and attach gdb to the > process that eventually fork() into the one that produces "log.ra". Which > process should I attach to? smbd? ok, thisx is tricky. yes. however, what you are going to have to do is this: just after the fork(), at line 254 in smbd/server.c, put a sleep(20); this will give you 20 seconds to do this: ps -aux | grep smbd [identify the child smbd process: the one with the highest number] gdb bin/smbd [child-smbd-pid] gdb-prompt> continue now you can run smbpasswd or whatever you do to get the INTERNAL error. then when it exceptions, do a gdb where command. thx long! From Jean-Francois.Micouleau at dalalu.fr Thu Jan 13 18:21:22 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: <4.1.20000113190041.00aa28a0@rasmus.uib.no> Message-ID: On Fri, 14 Jan 2000, Eirik Thorsnes wrote: > At least somewhat related: > What is the simplest / best solution to make all the clients switch > WINS to the Samba server (which they now log into - but samba isn't > configured to be WINS - so they use one on another subnet) > The clients is a mixture of W95, W98, NT WS. dhcp > I guess the problem lies in that you can't switch the Samba server > to be WINS server before every client has switched to use it. > Or am I wrong? J.F. From aperrin at demog.Berkeley.EDU Thu Jan 13 18:25:34 2000 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB5631C7@xcgmd008.md.essd.northgrum.com> Message-ID: We handle this problem in a not-very-elegant but nevertheless functional way: - in smb.conf: [homes] ... root preexec = echo %u > /opt/samba/status/%m ; echo %T::%u::%m::login >> /opt/samba/userlog root postexec = rm -f /opt/samba/status/%m ; echo %T::%u::%m::logout >> /opt/samba/userlog I then wrote a script (which I'll put at http://demog.berkeley.edu/~aperrin/tips/src/ntwall.pl.txt for anyone interested) that checks the files in /opt/samba/status and sends popup messages only to those machines from which a homes share is currently open. This, in practical terms, maps to those machines into which someone is currently logged. This solves the problem of having winpopup messages show up on machines when users log in even if the messages were sent days before. If you wanted to be more specific, you could check the contents of the status/* files and only send to specific users. Hope this is of some help. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Fri, 14 Jan 2000, Cole, Timothy D. wrote: > > -----Original Message----- > > From: Dejan Ilic [SMTP:dejan.ilic@home.se] > > Sent: Thursday, January 13, 2000 12:17 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: smbclient messages to a specific user ? > > > > Hello. > > I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages > > to users sitting on WinNT4 machines. The feedback is mostly accounting > > information like number of pages left that the user can print, or quota > > status when logging in etc. > > > > smbclient can send to a specific (netbiosname) machine but not to a > > specific user on that machine. You can only supply the senders user, not > > receiver. This is not a problem today as we have WinNT workstations where > > only one user at time work, and the messages are usualy directed to that > > user. > > > > But there are two problems with this limitation: > > *) Ie when printing a lengthy document the user can log out, leave the > > machine and got to the printer and wait for the printer to finish its > > job. When the job is done the server will send a message to the > > computer, but the user has left, and the message will be printed on > > the > > loginscreen, or to the next user sitting on by the computer now! > > > > This could lead to some confusion and possibly leaking of semi-private > > > > information. I would like to avoid that if possible by directing the > > message to a specific user on that machine. The other users should not > > be able to see the message. > > > > *) The limitation will become unbearable when we start using WinNT > > Terminal Servers here. Sending a message to a TS could mean that all > > the users logged in will se the message (?), when only one in realy > > interested in the result. You could imagine a server with 20-35 users > > logged in and every time someone prints or logs in everybody get a > > message that they realy shouldn't receive. > > > > Windows NT4 "net send" command has a possibility to send to a specific > > user. I must admit that I haven't used it, but it indicates that it should > > work. > > > > Is it possible to extend smbclient so that it can send messages to a > > specific user on a specific machine (or domain), or is it a limitation in > > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > > > Basically the way it works is that each user that logs in registers > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > logged in on. I believe when net send sends to a specific user, it looks up > this record, then dispatches the message to the messenger service at that > particular IP. > > I don't think it's any more involved than that, since it's not > unheard of to have problems with having two users with the same name in > different domains to each randomly get print notifications and other > messages intended for the other. I think this is because the domain isn't a > component of the 0x03 name, so the most recent user to log in gets all > messages for all users with the same name in all domains. > > This also suggests to me that the actual windows messanging setup is > machine-based, rather than user-based. I have really no idea how terminal > server copes with that, or if it even does. > From mg at plum.de Thu Jan 13 18:33:13 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? References: <51FBD4A8EFD9D111BA7300A0C927DADB5631C7@xcgmd008.md.essd.northgrum.com> Message-ID: <387E1A69.777BB17C@plum.de> "Cole, Timothy D." wrote: > Basically the way it works is that each user that logs in registers > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > logged in on. I believe when net send sends to a specific user, it looks up > this record, then dispatches the message to the messenger service at that > particular IP. > > I don't think it's any more involved than that, since it's not > unheard of to have problems with having two users with the same name in > different domains to each randomly get print notifications and other > messages intended for the other. I think this is because the domain isn't a > component of the 0x03 name, so the most recent user to log in gets all > messages for all users with the same name in all domains. > > This also suggests to me that the actual windows messanging setup is > machine-based, rather than user-based. I have really no idea how terminal > server copes with that, or if it even does. Ok .. if I look up the WINS user I get something like "USER#03" 948303330 10.1.3.2 64R So, can I just call a cli_message_start with that IP, and pass the message ? What about sending messages to a workgroup ? How do I get the members of a wg ? TIA, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From mg at plum.de Thu Jan 13 18:52:34 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? References: <387E0D0E.E8FE70CD@plum.de> <20000113180457.6DFD388DD@i3.golden.dom> Message-ID: <387E1EF2.6B8FF015@plum.de> Giulio Orsero wrote: > > On Fri, 14 Jan 2000 04:46:03 +1100, hai scritto: > > >I would volunteer to code it, if there is some kind of documentation / > >information about it. > > == http://front.linuxcare.com.au/tridge/diary/ > Marcus dropped by the office to remind me about an email he sent asking > how to do bcast WinPopup messages. We looked at how WinXX did it with > tcpdump-smb and found it is a mailslot to UDP/138. I hacked up a file > with the appropriate data and tested it with netcat, managing to send > messages to Win9X and NTws with no problem. I found that the message > limit is about 512 bytes - quite a bit larger than the size that the > WinPopup GUI can do. If you send larger than that to NT then it rejects > the message. Win98 gets a fatal error in WinPopup. Some devious person > could probably turn that into a exploit if they wanted to. > == Hmm .. looks interesting .. But its from 5th November, Andrew : is that code aviable ? I would like to hack it into smbclient ... TIA, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From timothy_d_cole at md.northgrum.com Thu Jan 13 18:55:11 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631C9@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Michael Glauche [SMTP:mg@plum.de] > Sent: Thursday, January 13, 2000 13:33 > To: Cole, Timothy D. > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: Re: smbclient messages to a specific user ? > > "Cole, Timothy D." wrote: > > This also suggests to me that the actual windows messanging > setup is > > machine-based, rather than user-based. I have really no idea how > terminal > > server copes with that, or if it even does. > Ok .. > if I look up the WINS user I get something like > "USER#03" 948303330 10.1.3.2 64R > > So, can I just call a cli_message_start with that IP, > and pass the message ? > Yes. Although I suspect in the case of Terminal Server, you should be aware that every user on the box will get the message, beyond just the intended recipient. > What about sending messages to a workgroup ? How do I get the members > of a wg ? > Eh, enumerate them the normal way, and send to each IP, I think. Luke or someone might be better to answer the specifics of this question. From lars at kneschke.de Thu Jan 13 19:16:16 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:58 2003 Subject: I feel dumb References: Message-ID: <387E2480.6E78773B@kneschke.de> "Robert Saraceno, Jr." wrote: > > Well, I have been using Samba 2.0.6 for a little bit now, however, I would > like to run the latest of TNG on a test network. Where can I get > instructions on obtaining this. Having instructions for both CVS and FTP > would be very helpful. > > Thanks in advance, > > Robert Saraceno, Jr. > Network Administrator > Boston Steel Erectors, Inc. I have created a webpage. The url is http://www.kneschke.de/projekte/samba_tng Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From timothy_d_cole at md.northgrum.com Thu Jan 13 19:25:35 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631CB@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Michael Glauche [SMTP:mg@plum.de] > Sent: Thursday, January 13, 2000 13:56 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: smbclient messages to a specific user ? > > Giulio Orsero wrote: > > > > On Fri, 14 Jan 2000 04:46:03 +1100, hai scritto: > > > > >I would volunteer to code it, if there is some kind of documentation / > > >information about it. > > > > == http://front.linuxcare.com.au/tridge/diary/ > > Marcus dropped by the office to remind me about an email he sent asking > > how to do bcast WinPopup messages. We looked at how WinXX did it with > > tcpdump-smb and found it is a mailslot to UDP/138. I hacked up a file > > with the appropriate data and tested it with netcat, managing to send > > messages to Win9X and NTws with no problem. I found that the message > > limit is about 512 bytes - quite a bit larger than the size that the > > WinPopup GUI can do. If you send larger than that to NT then it rejects > > the message. Win98 gets a fatal error in WinPopup. Some devious person > > could probably turn that into a exploit if they wanted to. > > == > > Hmm .. looks interesting .. > But its from 5th November, Andrew : is that code aviable ? > I would like to hack it into smbclient ... > The code for sending WinPopup messages is already present in smbclient (it has been for a long time, actually), and can be used via the -M option to send to the specified hostname/IP address. The only additional thing needed here is the username lookup, which should be relatively trivial. From mike at psand.net Thu Jan 13 20:24:08 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: dificulties to log in domain References: Message-ID: <003301bf5e04$bc423940$0164a8c0@win981> Hmm.... Luke, I still get the same weird problem. I'm running TNG, updated this arbo CET after the major inet_aton updates and still get the same 'agent' errors with nmblookup and rpcclient. I've double-checked everything, rebuilt, rewritten smb.conf and still get them. Thanks for the smb-agent information, but I'm still confused. How do I know if I'm running it? and How do I stop running it? This at all critical for me, I'm just using TNG to test W2K domain controller stuff - just for your info only :-) cheers, Mike. ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Mike Harris Sent: Wednesday, January 12, 2000 11:10 PM Subject: RE: dificulties to log in domain > On Thu, 13 Jan 2000, Mike Harris wrote: > > > Luke, > > > > In that case I'm off to sanity check by self and work through it all again > > from the bottom up, will let you know what happens to me! > > thx mike. remember to do a cvs update, i just commited another critical > fix! > From mike at psand.net Thu Jan 13 20:26:55 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: TNG / inet_aton - W2K RC3 works a treat! References: <200001122218.WAA10156@mimas.Dseven.ORG> Message-ID: <003401bf5e04$c4714160$0164a8c0@win981> You guys are just great! I've successfully and happily created my Samba domain controller and joined a W2K RC3 machine to the domain. Server Manager and User Manager works too! It's made me very happy! :-)) Thanks, Mike :-X ----- Original Message ----- From: Iain MacDonnell To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 10:30 PM Subject: TNG / inet_aton > > Hi, > > TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is not > always available (eg Solaris 7). I worked around this by ripping inet_aton.c > from the gated source and hacking that into LIBSMB_OBJ, and this, combined > with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. I > can make this code available if required, but imagine that someone will want > to implement their own solution. > > I'm using the 12/12 daemons because roaming profiles seem to be broken in > TNG? Is there something obvious that I need to change to make them work ? > > Otherwise, TNG is looking very cool - keep up the good work :) > > ~Iain > > > From mg at plum.de Thu Jan 13 19:36:47 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? References: <51FBD4A8EFD9D111BA7300A0C927DADB5631CB@xcgmd008.md.essd.northgrum.com> Message-ID: <387E294F.98DA9ECB@plum.de> "Cole, Timothy D." wrote: > > > -----Original Message----- > > From: Michael Glauche [SMTP:mg@plum.de] > > Sent: Thursday, January 13, 2000 13:56 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: smbclient messages to a specific user ? > > > > Giulio Orsero wrote: > > > > Hmm .. looks interesting .. > > But its from 5th November, Andrew : is that code aviable ? > > I would like to hack it into smbclient ... > > > The code for sending WinPopup messages is already present in > smbclient (it has been for a long time, actually), and can be used via the > -M option to send to the specified hostname/IP address. The only additional > thing needed here is the username lookup, which should be relatively > trivial. Yes I know that .... I meant Andrew's test code (packet :) for sending broadcasts to Workgroups. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From fredrikf at jmeab.se Thu Jan 13 19:36:40 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:27:58 2003 Subject: Problem!!!!! Message-ID: <000301bf5dfd$844bc350$6e00a8c0@kalve> Hello, I have a big problem with samba pre3.0... Before win2k could found a domain.. And it start asking for user/passwd... But i diden't fix the user/pass problem... So i downloaded a newer version of pre3.0... And after that win2k can't find any domain att all.... But it still works with win98... I have follow the instructions from: http://www.kneschke.de/projekte/samba_tng ... i have try to download it / re installed it like 10 times now... But that dident help me .... So anyone can help me with this problem? From mike at psand.net Thu Jan 13 20:32:22 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: Support: Microsoft vs Samba Team. Message-ID: <005601bf5e07$e44d0ca0$0164a8c0@win981> Just thought I'd let the list and M$ watchers know. >From my experience (as an MCSE (uncertified!) too!), the support that the Samba Team offers is far and away much better than anything I've experienced by paying the small fortune M$ requires just to speak to an engineer about NT - and to top it all, you actually know what you're talking about! :-) I'm still running an NT/IIS server on the Internet featuring a debug version of a DLL that M$ claims is actually a fix !? Somehow, I don't see it that way. There are some lessons to be learned by the corporate big boys here I think. Cheers, Mike Harris, Psand Espa?a. -------------- next part -------------- HTML attachment scrubbed and removed From mike at psand.net Thu Jan 13 20:48:58 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: Hate ??? Microsoft References: <387DEAC8.25DC472D@schernau.com> Message-ID: <005801bf5e07$ea4a8ec0$0164a8c0@win981> Hey Edward, I aggree, I've worked alongside people earning ?45+ pounds an hour who didn't even know how to install NT or even which end of the power cable went where (honest to God) let alone understand what NetBIOS, NetBEUI and the like meant - to top it all off these guys were getting paid more because they're MCSEs. I new an 'analyst' (term loosely used) who was so pleased with his MCSE income, that he paid for his wife (formerly no experience) to do it and she passed and became and MCSE too - one big happy family. Basically there are skill people out there on both sides of the UNIX and NT fence and a lot (like myself) frequently have to jump it and get heterogeonous. But it appears that anyone with ?5000 to spare and a good memory can become an MCSE without possessing any REAL IT skills. These are the people that cause this industry so many problems, badly advise management and cost everybody time and money. The fact that MCSE can be obtained in this fashion (and I've worked with many people who've done this) highlights the failings of this qualification and the failings of IT and Corporate management to recongnise this and costs companies a forture for the extra salaries that it demands and the extra time that 'under-skilled' IT bods spend making bad descisions and mistakes. It's daft to say NT is easier than UNIX to administrate. Try using Network Monitor, try making registry changes to fine tune the server, try using that dreaded command line, diagnose network problems etc. etc. etc. NT looks pretty and is good at some stuff underneath, UNIX can look pretty too if you want to, but its got a pretty damn powerful command line and excellent scripting tools. Ever tried to schedule tasks using AT and a DOS batch file ??? Yuk. Anyhow, you need a skilled administrator to administrate NT just as you need one for UNIX. It's just that NT 'attempts' to hide the real stuff whereas UNIX lays it bare. You can be assured that an experienced UNIX admin *knows* what he or she is doing. All you know with NT is that they can use a GUI - any Windows 98 user can do that!! The problem's not NT per se, it's the industry, the marketing, the corporate bozos and the flash contractors in their Ferraris with their 'Teach your grandad NT in a day' books! 'Zero Administration' - my ar$e! Apologies for offending anyone, not intended, just letting off steam :-) Mike. ----- Original Message ----- From: Edward Schernau To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 3:07 PM Subject: Hate ??? Microsoft > Lots of us LIKE Microsoft. Heck, 98% of us on here make our living > babysitting Windows clients (or why would we be here????) and NT > servers. > > I think the backlash against NT system administrators is this: > There are many people who put on a tie, buy a palmpilot, read > NT Server for Dummies, and flood the marketplace. Ive actually > fielded questions from _NT ADMINS_ who ask "Are you guys running > Ethernet or IP?" Or "Dammit, all these floppies are formatted > NTFS!". These are the guys who use Disk Administrator to look > at the pretty bargraphs to tell HOW MUCH FREE SPACE C: has. > > These are the guys whose motto is: "If there is not a GUI, it > can't be done." > > Do most of us on here, and even MANY NT Admins fall into this > category? Of course not. Do most of us on here, and even many > Linux/Unix Admins hate Microsoft, want to kill Bill Gates, and > rule the world? Of course not. > > It just takes a few bad apples to spoil the barrel. > > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth From gtm at oracom.com Thu Jan 13 19:57:06 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:58 2003 Subject: domain group map Message-ID: <387E2E12.ACD1E2F6@oracom.com> Hi all, I am using a combination of head branch and tng branch which I just got today (tng). I have smbd and nmbd from main (pre-3.0.0) has domain group map been taking out of that? How do I log into a domain and get admin privs? -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From mike at psand.net Thu Jan 13 20:59:15 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA References: Message-ID: <009601bf5e09$0f9801c0$0164a8c0@win981> Or System Policy settings ??? ----- Original Message ----- From: Jean Francois Micouleau To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 6:23 PM Subject: RE: WINS on SAMBA > > > On Fri, 14 Jan 2000, Eirik Thorsnes wrote: > > > At least somewhat related: > > What is the simplest / best solution to make all the clients switch > > WINS to the Samba server (which they now log into - but samba isn't > > configured to be WINS - so they use one on another subnet) > > The clients is a mixture of W95, W98, NT WS. > > dhcp > > > I guess the problem lies in that you can't switch the Samba server > > to be WINS server before every client has switched to use it. > > Or am I wrong? > > > > J.F. > From mike at psand.net Thu Jan 13 21:00:43 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: Problem!!!!! References: <000301bf5dfd$844bc350$6e00a8c0@kalve> Message-ID: <00b201bf5e09$4422a120$0164a8c0@win981> I downloaded TNG this afternoon and it works fine with W2K RC3. I'm NOT using smbd and nmbd from the Samba main, all TNG. Mike. ----- Original Message ----- From: Fredrik Falk To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 7:46 PM Subject: Problem!!!!! > Hello, I have a big problem with samba pre3.0... Before win2k could found a > domain.. And it start asking for user/passwd... But i diden't fix the > user/pass problem... So i downloaded a newer version of pre3.0... And after > that win2k can't find any domain att all.... But it still works with > win98... > I have follow the instructions from: > http://www.kneschke.de/projekte/samba_tng > ... i have try to download it / re installed it like 10 times now... But > that dident help me .... So anyone can help me with this problem? > From lkcl at samba.org Thu Jan 13 20:22:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Microsoft correction: Re: New Microsoft Knowledgebase article In-Reply-To: Message-ID: yaay. we turned a bitching session into something useful. next time, maybe we can do something useful, without the bitching. we don't really want to have to hurt someone just to get something done. On Fri, 14 Jan 2000, Randy Chatfield wrote: > Looks like MS has corrected the original solution of > > "Turn on the Linux Samba server." > > Check out: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP > > Randy Chatfield > Programmer Analyst > rchatfie@cemrc.org > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 20:23:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: <4.1.20000113190041.00aa28a0@rasmus.uib.no> Message-ID: On Fri, 14 Jan 2000, Eirik Thorsnes wrote: > At least somewhat related: > What is the simplest / best solution to make all the clients switch > WINS to the Samba server (which they now log into - but samba isn't > configured to be WINS - so they use one on another subnet) > The clients is a mixture of W95, W98, NT WS. > > I guess the problem lies in that you can't switch the Samba server > to be WINS server before every client has switched to use it. > Or am I wrong? you are correct. it's the same with dns. simplest way to switch a large network over is to use dhcp. From mparker at myra.com Thu Jan 13 20:24:04 2000 From: mparker at myra.com (Margarita Parker) Date: Tue Dec 2 02:27:58 2003 Subject: unsubscribe Message-ID: <387E3464.DBDBE9A4@myra.com> Unsubscribe -------------- next part -------------- A non-text attachment was scrubbed... Name: mparker.vcf Type: text/x-vcard Size: 202 bytes Desc: Card for Margarita Parker Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000113/4130e45c/mparker.vcf From lkcl at samba.org Thu Jan 13 20:24:02 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Problem with samba domain users. In-Reply-To: <016001bf5df1$ba31ca70$14804ecf@mindq.com> Message-ID: On Thu, 13 Jan 2000, Long Doan wrote: > Found it... > > lib/util.c:3292 > server_list is NULL at the DEBUG() statement. yesssss :) From lkcl at samba.org Thu Jan 13 20:25:37 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Problem with samba domain users. In-Reply-To: <016001bf5df1$ba31ca70$14804ecf@mindq.com> Message-ID: On Thu, 13 Jan 2000, Long Doan wrote: > Found it... > > lib/util.c:3292 > server_list is NULL at the DEBUG() statement. thx long. well, _that_ code's pretty broken, now that i look at it! From lharold at mrc.uidaho.edu Thu Jan 13 20:27:38 2000 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:58 2003 Subject: Getting the Samba PDC into the domain Message-ID: <200001132027.MAA04531@hydra.mrc.uidaho.edu> Guys, No matter what I try I can't get my Samba server to join the domain, at least not as it's netbios name. It keeps trying to use it DNS name. I can tell this because smbpasswd -j creates the mac file with dns name (MRCTEST.FARADAY.mac) and the error output says it is looking for FARADAY instead of the netbios name SMBTEST. It does nearly the same thing if I use rpcclient as Luke prefers. I do have "dns proxy = 0" in the smb.conf and a lmhost file that should translate the dns name or ip address to the netbios name. Error output and smb.conf are below. Len error ==================================================== doing parameters ... pm_process() returned Yes lp_servicenumber: couldn't find homes getpwnam(%u) Building passwd hash table Building passwd hash table for the first time %u not found getpwnam(%u) %u not found getpwnam(%U) %U not found getpwnam(%u) %u not found getpwnam(%U) %U not found lp_servicenumber: couldn't find %u codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Added interface ip=129.101.74.140 bcast=129.101.74.255 nmask=255.255.255.0 Joining Domain as PDC trust_account_file_name: /opt/samba/etc/MRCTEST.FARADAY.mac trust_account_file_name: /opt/samba/etc/MRCTEST.FARADAY.mac do_dirrand: ... cli_connection_init: \\FARADAY \PIPE\NETLOGON copy_nt_creds: null creds cli_net_use_add copy_nt_creds: user domain nopw Yes flgs: 0 cli_find: \\FARADAY copy_nt_creds: null creds cli_init_creds: ntlmssp_flgs: 0 copy_nt_creds: user domain nopw Yes flgs: 0 cli_init_creds: ntlmssp_flgs: 0 resolve_srv_name: \\FARADAY resolve_name: Attempting lmhosts lookup for name FARADAY getlmhostsent: lmhost entry: faraday.mrc.uidaho.edu SMBTEST getlmhostsent: lmhost entry: samba.mrc.uidaho.edu SAMBA getlmhostsent: lmhost entry: macdiddy.mrc.uidaho.edu MACDIDDY getlmhostsent: lmhost entry: spica.mrc.uidaho.edu SPICA getlmhostsent: lmhost entry: chara.mrc.uidaho.edu CHARA getlmhostsent: lmhost entry: north.mrc.uidaho.edu NORTH getlmhostsent: lmhost entry: jpc.mrc.uidaho.edu JPC getlmhostsent: lmhost entry: jang.mrc.uidaho.edu JANG getlmhostsent: lmhost entry: vega.mrc.uidaho.edu VEGA getlmhostsent: lmhost entry: talitha.mrc.uidaho.edu TALITHA getlmhostsent: lmhost entry: 129.101.74.140 SMBTEST getlmhostsent: lmhost entry: 129.101.74.127 SAMBA getlmhostsent: lmhost entry: 129.101.74.34 MACDIDDY getlmhostsent: lmhost entry: 129.101.74.63 SPICA getlmhostsent: lmhost entry: 129.101.74.64 CHARA getlmhostsent: lmhost entry: 129.101.74.65 NORTH getlmhostsent: lmhost entry: 129.101.74.69 JPC getlmhostsent: lmhost entry: 129.101.74.70 JANG getlmhostsent: lmhost entry: 129.101.74.73 VEGA getlmhostsent: lmhost entry: 129.101.74.74 TALITHA resolve_name: Attempting host lookup for name FARADAY cli_establish_connection: FARADAY<00> connecting to FARADAY<20> (129.101.74.140) - [] with NTLMv1, nopw: Yes socket open succeeded. file name: /tmp/.smb.0/agent socket connect to /tmp/.smb.0/agent failed redirect FAILED, make direct connection Connecting to 129.101.74.140 at port 445 error connecting to 129.101.74.140:445 (Invalid argument) Connecting to 129.101.74.140 at port 139 error connecting to 129.101.74.140:139 (Invalid argument) cli_establish_connection: failed to connect to FARADAY<00> (129.101.74.140) cli_net_use_add: connection failed cli_net_use_del: \\FARADAY. force close: No cli_nt_setup_creds: request challenge failed 2000/01/13 12:07:44 : change_trust_account_password: Failed to change password for domain MRCTEST. smb.conf ==================================================== [global] os level = 255 announce as = NT Server workgroup = MRCTEST server string = MRC Test Server encrypt passwords = yes domain master = yes domain logons = yes logon script = \\%N\netlogon\logon.bat logon home = \\%N\%U logon path = \\%N\profiles\%U.pds logon drive = H: domain group map = /opt/samba/etc/domaingroup.map local master = yes prefered master = yes wins support = yes dns proxy = no name resolve order = lmhosts host bcast allow hosts = 129.101.74.0/255.255.255.0 interfaces = 129.101.74.140/255.255.255.0 bind interfaces only = true log level = 1 debug level = 100 debug timestamp = No security = user valid users = smbroot,guest writable = no read only = yes public = no guest account = guest guest ok = no directory mode = 0700 create mode = 0600 browseable = yes printing = hpux load printers = yes time server = true auto services = %u mangled map = (*;1 *) lock directory = /opt/samba/var/locks share modes = yes socket options = TCP_NODELAY read prediction = yes ; Domain login [netlogon] comment = Logon Scripts browseable = no guest ok = yes public = yes path = /opt/samba/logon oplocks = false ; Profiles [profiles] comment = User Profiles path = /home/profiles browseable = yes read only = no writeable = yes guest ok = yes ; Home Directories [homes] comment = Home Directories browseable = no read only = no writable = yes preexec = /sbin/cat /etc/motd | /opt/samba/bin/smbclient -M %m -I %I & ; Printers [laser] comment = General Printer path = /var/tmp printable = yes public = yes [facp] comment = Faculty Printer path = /var/tmp printable = yes public = yes valid users = @sys,@mrc,@WWW,smbroot [facp2] comment = Faculty 2 Printer path = /var/tmp printable = yes valid users = @sys,@mrc,@WWW,smbroot [secp] comment = Secretary Printer path = /var/tmp printable = yes valid users = @sys,@mrc,@WWW,smbroot [studp] comment = LACR Printer path = /var/tmp printable = yes public = yes [color] comment = LACR Color Laser path = /var/tmp printable = yes public = yes [facc2] comment = LACR Color Laser 2 path = /var/tmp printable = yes valid users = @sys,@mrc,smbroot [gradp] comment = Printer in Analog Lab path = /var/tmp printable = yes public = yes [djet] comment = Plotter in Test Lab path = /var/tmp printable = yes valid users = @sys,@mrc,smbroot ; Drive exports [Linux] comment = Redhat path = /pc/linux valid users = lenny,smbroot oplocks = false [Web] comment = Web Pages path = /pc/web valid users = lenny,smbroot force group = WWW directory mode = 0775 create mode = 0664 writable = yes ; Temporary file space [Tmp] comment = Temporary file space path = /tmp read only = no writable = yes guest ok = yes public = yes From lkcl at samba.org Thu Jan 13 20:31:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: dificulties to log in domain In-Reply-To: <003301bf5e04$bc423940$0164a8c0@win981> Message-ID: On Thu, 13 Jan 2000, Mike Harris wrote: > Hmm.... > > Luke, I still get the same weird problem. I'm running TNG, updated this > arbo CET after the major inet_aton updates and still get the same 'agent' > errors with nmblookup and rpcclient. it's just a warning, don't worry about it. ah, i know - you're running as root, aren't you? it selects the unix socket to redirect to based on the pid, i forgot about that. long found the problem in lib/util.c, btw > I've double-checked everything, rebuilt, rewritten smb.conf and still get > them. Thanks for the smb-agent information, but I'm still confused. How do > I know if I'm running it? ps aux | grep smb-agent > and How do I stop running it? killall smb-agent From greg at discreet.com Thu Jan 13 20:31:43 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:58 2003 Subject: Microsoft correction: Re: New Microsoft Knowledgebase articl In-Reply-To: Message-ID: Oh come on the bitching is fun, nothing like a good rant now and again. Og course if you take it too seriously... Greg On 13-Jan-00 Luke Kenneth Casson Leighton wrote: > yaay. we turned a bitching session into something useful. next time, > maybe we can do something useful, without the bitching. we don't really > want to have to hurt someone just to get something done. > > On Fri, 14 Jan 2000, Randy Chatfield wrote: > >> Looks like MS has corrected the original solution of >> >> "Turn on the Linux Samba server." >> >> Check out: >> >> http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP >> >> Randy Chatfield >> Programmer Analyst >> rchatfie@cemrc.org >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Thu Jan 13 20:33:22 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB5631CB@xcgmd008.md.essd.northgrum.com> Message-ID: > > Hmm .. looks interesting .. > > But its from 5th November, Andrew : is that code aviable ? > > I would like to hack it into smbclient ... > > > The code for sending WinPopup messages is already present in > smbclient (it has been for a long time, actually), and can be used via the > -M option to send to the specified hostname/IP address. The only additional > thing needed here is the username lookup, which should be relatively > trivial. name_query() takes NetBIOS name plus a type. we have this thing (code) in nmblookup where you can do nmblookup NAME#TYPE. all it would take would be to have the same syntax used in smbclient. From lkcl at samba.org Thu Jan 13 20:35:19 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton - W2K RC3 works a treat! In-Reply-To: <003401bf5e04$c4714160$0164a8c0@win981> Message-ID: On Fri, 14 Jan 2000, Mike Harris wrote: > You guys are just great! > > I've successfully and happily created my Samba domain controller and joined > a W2K RC3 machine to the domain. Server Manager and User Manager works too! > It's made me very happy! :-)) yes, fantastic. by the way, nt5 joining-to-domains is MUCH more secure than nt4, they use a totally random initial trust account password, whereas nt4 use workstation_name_in_lower_case. i'm so pleased with microsoft for doing this, however it's going to be a bit awkward, coding-wise, i hear, to retro-fit the same thing into nt4. From lkcl at samba.org Thu Jan 13 20:40:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: Hate ??? Microsoft In-Reply-To: <005801bf5e07$ea4a8ec0$0164a8c0@win981> Message-ID: > Apologies for offending anyone, not intended, just letting off steam :-) nnnnygh! stop it! go join alt.hate.microsoft then! go away! grr :) From lkcl at samba.org Thu Jan 13 20:42:11 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: Hate ??? Microsoft In-Reply-To: <005801bf5e07$ea4a8ec0$0164a8c0@win981> Message-ID: right. if i see anyone else use this thread over the next few days, i'll unsubscribe them. i won't stop you resubscribing, unless you do it again. From lkcl at samba.org Thu Jan 13 20:44:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: unsubscribe In-Reply-To: <387E3464.DBDBE9A4@myra.com> Message-ID: done. please use http://samba.org/listproc in future. if you come back. On Fri, 14 Jan 2000, Margarita Parker wrote: > Unsubscribe > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lars at kneschke.de Thu Jan 13 20:38:10 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:59 2003 Subject: domain group map References: <387E2E12.ACD1E2F6@oracom.com> Message-ID: <387E37B2.A1EBC5C6@kneschke.de> Glenn MacGregor wrote: > > Hi all, > > I am using a combination of head branch and tng branch which I just > got today (tng). I have smbd and nmbd from main (pre-3.0.0) has domain > group map been taking out of that? How do I log into a domain and get > admin privs? You can find more information at my webpage: http://www.kneschke.de/projekte/samba_tng/administrator.php3 Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From lkcl at samba.org Thu Jan 13 20:48:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: <200001132027.MAA04531@hydra.mrc.uidaho.edu> Message-ID: if it's not broken, smbclient and rpcclient take a -n NETBIOSNAME option. check this out, first, though. On Fri, 14 Jan 2000, Len Harold wrote: > Guys, > > No matter what I try I can't get my Samba server to join the domain, at > least not as it's netbios name. It keeps trying to use it DNS name. I > can tell this because smbpasswd -j creates the mac file with dns name > (MRCTEST.FARADAY.mac) and the error output says it is looking for FARADAY > instead of the netbios name SMBTEST. It does nearly the same thing if I > use rpcclient as Luke prefers. > > I do have "dns proxy = 0" in the smb.conf and a lmhost file that should > translate the dns name or ip address to the netbios name. Error output > and smb.conf are below. > > Len > > error > ==================================================== > > doing parameters ... > pm_process() returned Yes > lp_servicenumber: couldn't find homes > getpwnam(%u) > Building passwd hash table > Building passwd hash table for the first time > %u not found > getpwnam(%u) > %u not found > getpwnam(%U) > %U not found > getpwnam(%u) > %u not found > getpwnam(%U) > %U not found > lp_servicenumber: couldn't find %u > codepage_initialise: client code page = 850 > load_client_codepage: loading codepage 850. > Adding chars 0x85 0xb7 (l->u = True) (u->l = True) > Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) > Adding chars 0x83 0xb6 (l->u = True) (u->l = True) > Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) > Adding chars 0x84 0x8e (l->u = True) (u->l = True) > Adding chars 0x86 0x8f (l->u = True) (u->l = True) > Adding chars 0x91 0x92 (l->u = True) (u->l = True) > Adding chars 0x87 0x80 (l->u = True) (u->l = True) > Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) > Adding chars 0x82 0x90 (l->u = True) (u->l = True) > Adding chars 0x88 0xd2 (l->u = True) (u->l = True) > Adding chars 0x89 0xd3 (l->u = True) (u->l = True) > Adding chars 0x8d 0xde (l->u = True) (u->l = True) > Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) > Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) > Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) > Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) > Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) > Adding chars 0x95 0xe3 (l->u = True) (u->l = True) > Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) > Adding chars 0x93 0xe2 (l->u = True) (u->l = True) > Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) > Adding chars 0x94 0x99 (l->u = True) (u->l = True) > Adding chars 0x9b 0x9d (l->u = True) (u->l = True) > Adding chars 0x97 0xeb (l->u = True) (u->l = True) > Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) > Adding chars 0x96 0xea (l->u = True) (u->l = True) > Adding chars 0x81 0x9a (l->u = True) (u->l = True) > Adding chars 0xec 0xed (l->u = True) (u->l = True) > Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) > Adding chars 0x9c 0x0 (l->u = False) (u->l = False) > Added interface ip=129.101.74.140 bcast=129.101.74.255 nmask=255.255.255.0 > Joining Domain as PDC > trust_account_file_name: /opt/samba/etc/MRCTEST.FARADAY.mac > trust_account_file_name: /opt/samba/etc/MRCTEST.FARADAY.mac > do_dirrand: ... > cli_connection_init: \\FARADAY \PIPE\NETLOGON > copy_nt_creds: null creds > cli_net_use_add > copy_nt_creds: user domain nopw Yes flgs: 0 > cli_find: \\FARADAY > copy_nt_creds: null creds > cli_init_creds: ntlmssp_flgs: 0 > copy_nt_creds: user domain nopw Yes flgs: 0 > cli_init_creds: ntlmssp_flgs: 0 > resolve_srv_name: \\FARADAY > resolve_name: Attempting lmhosts lookup for name FARADAY > getlmhostsent: lmhost entry: faraday.mrc.uidaho.edu SMBTEST > getlmhostsent: lmhost entry: samba.mrc.uidaho.edu SAMBA > getlmhostsent: lmhost entry: macdiddy.mrc.uidaho.edu MACDIDDY > getlmhostsent: lmhost entry: spica.mrc.uidaho.edu SPICA > getlmhostsent: lmhost entry: chara.mrc.uidaho.edu CHARA > getlmhostsent: lmhost entry: north.mrc.uidaho.edu NORTH > getlmhostsent: lmhost entry: jpc.mrc.uidaho.edu JPC > getlmhostsent: lmhost entry: jang.mrc.uidaho.edu JANG > getlmhostsent: lmhost entry: vega.mrc.uidaho.edu VEGA > getlmhostsent: lmhost entry: talitha.mrc.uidaho.edu TALITHA > getlmhostsent: lmhost entry: 129.101.74.140 SMBTEST > getlmhostsent: lmhost entry: 129.101.74.127 SAMBA > getlmhostsent: lmhost entry: 129.101.74.34 MACDIDDY > getlmhostsent: lmhost entry: 129.101.74.63 SPICA > getlmhostsent: lmhost entry: 129.101.74.64 CHARA > getlmhostsent: lmhost entry: 129.101.74.65 NORTH > getlmhostsent: lmhost entry: 129.101.74.69 JPC > getlmhostsent: lmhost entry: 129.101.74.70 JANG > getlmhostsent: lmhost entry: 129.101.74.73 VEGA > getlmhostsent: lmhost entry: 129.101.74.74 TALITHA > resolve_name: Attempting host lookup for name FARADAY > cli_establish_connection: FARADAY<00> connecting to FARADAY<20> (129.101.74.140) - [] with NTLMv1, nopw: Yes > socket open succeeded. file name: /tmp/.smb.0/agent > socket connect to /tmp/.smb.0/agent failed > redirect FAILED, make direct connection > Connecting to 129.101.74.140 at port 445 > error connecting to 129.101.74.140:445 (Invalid argument) > Connecting to 129.101.74.140 at port 139 > error connecting to 129.101.74.140:139 (Invalid argument) > cli_establish_connection: failed to connect to FARADAY<00> (129.101.74.140) > cli_net_use_add: connection failed > cli_net_use_del: \\FARADAY. force close: No > cli_nt_setup_creds: request challenge failed > 2000/01/13 12:07:44 : change_trust_account_password: Failed to change password for domain MRCTEST. > > smb.conf > ==================================================== > [global] > os level = 255 > announce as = NT Server > workgroup = MRCTEST > server string = MRC Test Server > encrypt passwords = yes > domain master = yes > domain logons = yes > logon script = \\%N\netlogon\logon.bat > logon home = \\%N\%U > logon path = \\%N\profiles\%U.pds > logon drive = H: > domain group map = /opt/samba/etc/domaingroup.map > local master = yes > prefered master = yes > wins support = yes > dns proxy = no > name resolve order = lmhosts host bcast > allow hosts = 129.101.74.0/255.255.255.0 > interfaces = 129.101.74.140/255.255.255.0 > bind interfaces only = true > log level = 1 > debug level = 100 > debug timestamp = No > security = user > valid users = smbroot,guest > writable = no > read only = yes > public = no > guest account = guest > guest ok = no > directory mode = 0700 > create mode = 0600 > browseable = yes > printing = hpux > load printers = yes > time server = true > auto services = %u > mangled map = (*;1 *) > lock directory = /opt/samba/var/locks > share modes = yes > socket options = TCP_NODELAY > read prediction = yes > > > ; Domain login > > [netlogon] > comment = Logon Scripts > browseable = no > guest ok = yes > public = yes > path = /opt/samba/logon > oplocks = false > > > ; Profiles > > [profiles] > comment = User Profiles > path = /home/profiles > browseable = yes > read only = no > writeable = yes > guest ok = yes > > > ; Home Directories > > [homes] > comment = Home Directories > browseable = no > read only = no > writable = yes > preexec = /sbin/cat /etc/motd | /opt/samba/bin/smbclient -M %m -I %I & > > > ; Printers > > [laser] > comment = General Printer > path = /var/tmp > printable = yes > public = yes > > [facp] > comment = Faculty Printer > path = /var/tmp > printable = yes > public = yes > valid users = @sys,@mrc,@WWW,smbroot > > [facp2] > comment = Faculty 2 Printer > path = /var/tmp > printable = yes > valid users = @sys,@mrc,@WWW,smbroot > > [secp] > comment = Secretary Printer > path = /var/tmp > printable = yes > valid users = @sys,@mrc,@WWW,smbroot > > [studp] > comment = LACR Printer > path = /var/tmp > printable = yes > public = yes > > [color] > comment = LACR Color Laser > path = /var/tmp > printable = yes > public = yes > > [facc2] > comment = LACR Color Laser 2 > path = /var/tmp > printable = yes > valid users = @sys,@mrc,smbroot > > [gradp] > comment = Printer in Analog Lab > path = /var/tmp > printable = yes > public = yes > > [djet] > comment = Plotter in Test Lab > path = /var/tmp > printable = yes > valid users = @sys,@mrc,smbroot > > > ; Drive exports > > [Linux] > comment = Redhat > path = /pc/linux > valid users = lenny,smbroot > oplocks = false > > [Web] > comment = Web Pages > path = /pc/web > valid users = lenny,smbroot > force group = WWW > directory mode = 0775 > create mode = 0664 > writable = yes > > > ; Temporary file space > > [Tmp] > comment = Temporary file space > path = /tmp > read only = no > writable = yes > guest ok = yes > public = yes > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lharold at mrc.uidaho.edu Thu Jan 13 21:17:35 2000 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: ; from "Luke Kenneth Casson Leighton" at Jan 14, 100 7:48 am Message-ID: <200001132117.NAA04631@hydra.mrc.uidaho.edu> Ok Luke, >if it's not broken, smbclient and rpcclient take a -n NETBIOSNAME option. >check this out, first, though. I tried this: rpcclient -n SMBTEST -S SMBTEST -W MRCTEST -U smbroot It is taking the the netbios name so now I'm guessing that my problem is in the configuration somewhere, not the code. Guys, If someone wants to take a stab at this, the end of lsaquery error message says: cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No socket open succeeded. file name: /tmp/.smb.0/agent socket connect to /tmp/.smb.0/agent failed redirect FAILED, make direct connection Connecting to 129.101.74.140 at port 445 error connecting to 129.101.74.140:445 (Invalid argument) Connecting to 129.101.74.140 at port 139 error connecting to 129.101.74.140:139 (Invalid argument) cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) cli_net_use_add: connection failed cli_net_use_del: \\SMBTEST. force close: No cmd_lsa_query_info: query failed Len From matthias at waechter.wol.at Thu Jan 13 21:15:08 2000 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA In-Reply-To: Message-ID: On Fri, 14 Jan 2000, Luke Kenneth Casson Leighton wrote: > you are correct. it's the same with dns. > > simplest way to switch a large network over is to use dhcp. Simplest way to administer (even a not-so) large network is to use dhcp. The five minutes more setting up some static dhcp host entries in /etc/dhpcd.conf for each client pay back more than twice every time (a) you change some network settings (f.e. routing, wins server, etc.) (b) you setup a new computer and "guess" the appropriate TCP/IP settings. Of course, as long as you don't have dhcp fail safe (f.e. with a second server responding if the first server didn't respond within 10 seconds or so), your network will be completely down if your dhcp server goes down for whatever reason. And you won't notice this until the TTL of the entries time out... And, having the clients ask publicly for their TCP/IP settings, spreads the door wide open for a possible dhcp faker to bring your network down. Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From lars at kneschke.de Thu Jan 13 21:19:10 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain References: <200001132117.NAA04631@hydra.mrc.uidaho.edu> Message-ID: <387E414E.F2714B03@kneschke.de> Len Harold wrote: > cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No > socket open succeeded. file name: /tmp/.smb.0/agent > socket connect to /tmp/.smb.0/agent failed > redirect FAILED, make direct connection > Connecting to 129.101.74.140 at port 445 > error connecting to 129.101.74.140:445 (Invalid argument) > Connecting to 129.101.74.140 at port 139 > error connecting to 129.101.74.140:139 (Invalid argument) Have you started all necessary daemons on the pdc? > cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) > cli_net_use_add: connection failed > cli_net_use_del: \\SMBTEST. force close: No > cmd_lsa_query_info: query failed > > Len Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From lharold at mrc.uidaho.edu Thu Jan 13 21:45:30 2000 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: <387E414E.F2714B03@kneschke.de>; from "Lars Kneschke" at Jan 13, 100 9:19 pm Message-ID: <200001132145.NAA04736@hydra.mrc.uidaho.edu> >> cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No >> socket open succeeded. file name: /tmp/.smb.0/agent >> socket connect to /tmp/.smb.0/agent failed >> redirect FAILED, make direct connection >> Connecting to 129.101.74.140 at port 445 >> error connecting to 129.101.74.140:445 (Invalid argument) >> Connecting to 129.101.74.140 at port 139 >> error connecting to 129.101.74.140:139 (Invalid argument) >> cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) >> cli_net_use_add: connection failed >> cli_net_use_del: \\SMBTEST. force close: No >> cmd_lsa_query_info: query failed > >Have you started all necessary daemons on the pdc? Ahh. With all the new daemons I didn't notice that the smbd is dying when I run the lsaquery. Not much in the log even though the level is at 100. Here is the end of it: Becoming a daemon. fcntl_lock 4 6 0 1 2 Lock call successful bind succeeded on port 139 bind succeeded on port 445 waiting for a connection =============================================================== INTERNAL ERROR: Signal 11 in pid 26269 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error I'll recompile with debugging info and run gdb one I get some time. Len From mgeddes at xavier.sa.edu.au Thu Jan 13 22:05:35 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA References: <4128C0428F94D3118F1E00902773CED201B3C4@NNSBOIS1> Message-ID: <387E4C2F.95E040D5@xavier.sa.edu.au> Jeremy Jones wrote: > Can a Samba WINS server not replicate with another Samba WINS server? One > of the reasons to implement distributed WINS servers with NT is so that > clients on remote subnets will not need to send requests over a WAN link to > a remote WINS server. It gets particularly important when VPNs are used > between remote sites over, say, 256K lines. I really don't want floods of > WINS requests clogging up the links, but I could handle having WINS > databases moving over the lines every couple of hours. > > Could the WINS database from a Samba server be pushed to a remote Samba > server by a non-Samba-specific method? > > Thanks > Jeremy Jones, MA, MCSE, CCNA > Systems Analyst > Northwest Network Services > (208) 343-5260 x106 > http://www.nwnets.com > mailto:jjones@nwnets.com > > -----Original Message----- > From: Mike Harris [mailto:mike@psand.net] > Sent: Thursday, January 13, 2000 7:56 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: WINS on SAMBA > > Richard, > > DON'T DO THIS..... Samba WINS doesn't support WINS replication. You can't > have BOTH on any network, even Subnets (as it's routeable over TCP/IP).. Go > for one or the other. > > (apologies for shouting if you haven't got both!! :-)) > > Mike. > ----- Original Message ----- > From: Richard Ferris > To: Multiple recipients of list SAMBA-NTDOM > Sent: Thursday, January 13, 2000 2:39 PM > Subject: RE: WINS on SAMBA > > I'm currently using an NT WINS server that exists in another domain at one > of our other sites. Problem is this box seems rather unreliable and when my > NT clients logon they regularly complain about the SAMBA domain not being > available. I thought it would be a good idea to set-up WINS on the SAMBA > server but it did slow browsing right down. > I have another Origin200 for storing video so I may install SAMBA on it and > add it to the existing SAMBA domain as a WINS server to see how it performs. > Richard > -----Original Message----- > From: Michael Glauche [mailto:mg@plum.de] > Sent: 13 January 2000 14:20 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: WINS on SAMBA > > > Richard Ferris wrote: > > > > How reliable is SAMBA running as a WINS server? I set my SGi > > Origin200 box up as one but netbios resolution seemed to take ages. > > Anyone else got WINS running and working OK? > > > Our Samba WINS server is quite stable here. You REALLY should > use an wins server for browsing ! :) > regards, > Michael > -- > Samba NT-Domain howto (in german) > http://www.sambahq.de How does Samba WINS work? Does it just grab static mappings from the /etc/lmhosts file and "cache" all WINS registrations? Is WINS replication being worked on currently? (if not I might attempt to watch a bunch of packets and see what I can see). Matt From mgeddes at xavier.sa.edu.au Thu Jan 13 22:14:49 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA References: Message-ID: <387E4E59.318BD607@xavier.sa.edu.au> Jean Francois Micouleau wrote: > On Fri, 14 Jan 2000, Eirik Thorsnes wrote: > > > At least somewhat related: > > What is the simplest / best solution to make all the clients switch > > WINS to the Samba server (which they now log into - but samba isn't > > configured to be WINS - so they use one on another subnet) > > The clients is a mixture of W95, W98, NT WS. > > dhcp > > > I guess the problem lies in that you can't switch the Samba server > > to be WINS server before every client has switched to use it. > > Or am I wrong? > > J.F. Or, if DHCP is not an option, try making up a template for System policies and let Windows change itself (not the most ideal way, i know, but it works). Matt From Jean-Francois.Micouleau at dalalu.fr Thu Jan 13 22:12:25 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA In-Reply-To: <387E4C2F.95E040D5@xavier.sa.edu.au> Message-ID: On Fri, 14 Jan 2000, Matthew Geddes wrote: > How does Samba WINS work? Does it just grab static mappings from the > /etc/lmhosts file and "cache" all WINS registrations? read rfc1001/1002 and a WINS article available in the resource kit or in the MS kb for background info. I don't remember the number. > Is WINS replication being worked on currently? (if not I might attempt > to watch a bunch of packets and see what I can see). replication runs on tcp/42. 2 opcodes. 1st one is an 'information' struct: delta time since last sync, how many entries since last time, highest wins entry id, ... 2nd one is a table containing {netbios names, ip addr, state, ttl, ip addr of wins server which first registered the entry} tuples. J.F. From mgeddes at xavier.sa.edu.au Thu Jan 13 22:28:21 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA References: Message-ID: <387E5185.C17446E5@xavier.sa.edu.au> Jean Francois Micouleau wrote: > On Fri, 14 Jan 2000, Matthew Geddes wrote: > > > How does Samba WINS work? Does it just grab static mappings from the > > /etc/lmhosts file and "cache" all WINS registrations? > > read rfc1001/1002 and a WINS article available in the resource kit or in > the MS kb for background info. I don't remember the number. > > > Is WINS replication being worked on currently? (if not I might attempt > > to watch a bunch of packets and see what I can see). > > replication runs on tcp/42. 2 opcodes. > > 1st one is an 'information' struct: delta time since last sync, how many > entries since last time, highest wins entry id, ... > > 2nd one is a table containing {netbios names, ip addr, state, ttl, ip > addr of wins server which first registered the entry} tuples. > > J.F. Thanks, I have read the Microsoft KB article on WINS (I also have one on TCP/IP, which is OK). What I wanted to know was, how does SAMBA treat WINS and static entries. I figured it would follow the RFC, but given there is no WINS Manager (I'm not complaining though), I was unsure as to how one achieved static WINS entries. Also, if these are stored in a flat file (I guess it's hardly going to be in the registry), is it possible to use the special NetBIOS chars (stuff like <1B>, <1D> and things like that)? Thanks, Matt From Dseven at Dseven.ORG Thu Jan 13 22:37:58 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Fri, 14 Jan 2000 03:46:23 +1100." Message-ID: <200001132237.WAA10989@mimas.Dseven.ORG> Cool - roaming profiles now work, and the code compiles without need for inet_aton! THANKS! Now, printing.. yup, it's not quite right. I can print, but only to a printer that's already been added on the NT desktop. If I browse my server, I don't see the services for my printers, where I did with the 12/12/1999 main-branch smbd. I suspect it may be something to do with this: trust_password_lock: cannot open file /opt/samba-tng/private/DSEVEN.ORG.REDDWARF.mac - Error was No such file or directory. trust_get_passwd: unable to open the trust account password file for trust REDDW (reddwarf is the server, dseven.org is the domain) - I've seen some mention of .mac files on the list recently, but haven't had time to look in detail. One thing I did change in the code, which I *think* fixed a problem with printing ... I noticed errors to the effect of "Running command 'lpstat -o' returned -1". I traced this to the following bit of lib/smbrun.c : if ((pid=fork())) { int status=0; /* the parent just waits for the child to exit */ if (sys_waitpid(pid,&status,0) != pid) { DEBUG(2,("waitpid(%d) : %s\n",pid,strerror(errno))); return -1; } return status; } Bearing in mind that I know nothing about fork()ing, I had a look at this, and waitpid(2), and decided that it was waiting on the wrong process - it should be waiting on *children* of the main process to exit, not children of the *child*. I changed it to: if (sys_waitpid(getpid(),&status,0) != pid) { and the error went away! And I could print! As I say, I'm not familiar with this sort of code, so I could be completely wrong, and just fluked getting the print jobs though :) Anyway, I hope this helps ... the server is Solaris 7, and I'm using SYSV printing with "printcap name = lpstat". :) ~Iain Luke Kenneth Casson Leighton writes: : On Thu, 13 Jan 2000, Iain MacDonnell wrote: : : > : > Hi Luke, : > : > Thanks for the updates - I'll test tonight! : > : > The main thing I like about TNG is that, aside from the inevitable developm + ent : > bugs, it just works... this is the first time that I've been able to do all : > the things that I want at the same time - domain logons, domain groups, : > printing, etc - previously, I've only seemed to be able to do a subset with : > any particular release before. : : WILD! : : ... you got printing to work? please tell us how, i have someone who : couldn't. : : > As for the daemon architecture, it seems to make a lot of sense. Aside from : > being able to take individual services in and out of operation without : > killing the whole server, not bundling all of those services into one : > big daemon feels like a good move. Persumably it ought to run more effecien + tly : > on larger (MP) servers, too ? : : i should hope so. From greg at discreet.com Thu Jan 13 22:41:18 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:59 2003 Subject: I cannot make it work :-( Message-ID: Okay TNG from about 6 hours ago. ./configure.devlopper make make install /etc/init.d/samba start smbpasswd -a -m tahiti # tahiti is this machine - the PDC smbpasswd -j DL_RDTEST # The domain for which I want to be a PDC smbpasswd -a -m edinburgh-nt # my test workstation now I try to join edinburgh-nt to the domain and i get: Unable to connect to the domain controller for this domain. Have your administrator check your computer account on the domain. Don't see anything obviously bad in the logs but there are more of them now (more daemons) so I might be missing it. Any ideas would be most welcome, it's very frustrating as I've had a PDC working since it was possible. THanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Dseven at Dseven.ORG Thu Jan 13 22:50:46 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Fri, 14 Jan 2000 03:46:23 +1100." Message-ID: <200001132250.WAA11000@mimas.Dseven.ORG> Mmmm, forget the .mac file - I (smbpasswd -j)oined the domain, and the printer service still isn't there ... ho hum ... ~Iain From lkcl at samba.org Thu Jan 13 22:54:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: <200001132117.NAA04631@hydra.mrc.uidaho.edu> Message-ID: okie, well does the machine at ip 129.101.74.140 actually _have_ a NetBIOS name SMBTEST registered? use nmblookup (or nbtstat.exe) to find out. On Thu, 13 Jan 2000, Len Harold wrote: > Ok Luke, > > >if it's not broken, smbclient and rpcclient take a -n NETBIOSNAME option. > >check this out, first, though. > > I tried this: > > rpcclient -n SMBTEST -S SMBTEST -W MRCTEST -U smbroot > > It is taking the the netbios name so now I'm guessing that my problem is > in the configuration somewhere, not the code. > > Guys, > > If someone wants to take a stab at this, the end of lsaquery error message > says: > > cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No > socket open succeeded. file name: /tmp/.smb.0/agent > socket connect to /tmp/.smb.0/agent failed > redirect FAILED, make direct connection > Connecting to 129.101.74.140 at port 445 > error connecting to 129.101.74.140:445 (Invalid argument) > Connecting to 129.101.74.140 at port 139 > error connecting to 129.101.74.140:139 (Invalid argument) > cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) > cli_net_use_add: connection failed > cli_net_use_del: \\SMBTEST. force close: No > cmd_lsa_query_info: query failed > > > Len > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 22:57:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA In-Reply-To: <387E5185.C17446E5@xavier.sa.edu.au> Message-ID: manually edit wins.dat. you really need to take nmbd down temporarily to get it not to overwrite this file with its internal cache. we're looking to replace the wins.dat file with tdb or gdb. > > Thanks, > > I have read the Microsoft KB article on WINS (I also have one on TCP/IP, > which is OK). What I wanted to know was, how does SAMBA treat WINS and > static entries. I figured it would follow the RFC, but given there is no > WINS Manager (I'm not complaining though), I was unsure as to how one > achieved static WINS entries. Also, if these are stored in a flat file (I > guess it's hardly going to be in the registry), is it possible to use the > special NetBIOS chars (stuff like <1B>, <1D> and things like that)? > > Thanks, > > Matt > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 23:02:22 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: <200001132237.WAA10989@mimas.Dseven.ORG> Message-ID: can someone evaluate this, i have no idea if it's correct [the fork() bit]. also, iain, give me more info. what is the workstation name. which is the samba server. which log file has the trust account error message? etc. On Thu, 13 Jan 2000, Iain MacDonnell wrote: > > Cool - roaming profiles now work, and the code compiles without need for > inet_aton! THANKS! > > Now, printing.. yup, it's not quite right. I can print, but only to a > printer that's already been added on the NT desktop. If I browse my server, > I don't see the services for my printers, where I did with the 12/12/1999 > main-branch smbd. I suspect it may be something to do with this: > > trust_password_lock: cannot open file /opt/samba-tng/private/DSEVEN.ORG.REDDWARF.mac - Error was No such file or directory. > trust_get_passwd: unable to open the trust account password file for trust REDDW > > (reddwarf is the server, dseven.org is the domain) - I've seen some mention > of .mac files on the list recently, but haven't had time to look in detail. > > One thing I did change in the code, which I *think* fixed a problem with > printing ... I noticed errors to the effect of "Running command > 'lpstat -o' returned -1". I traced this to the following bit of > lib/smbrun.c : > > if ((pid=fork())) { > int status=0; > /* the parent just waits for the child to exit */ > if (sys_waitpid(pid,&status,0) != pid) { > DEBUG(2,("waitpid(%d) : %s\n",pid,strerror(errno))); > return -1; > } > return status; > } > > Bearing in mind that I know nothing about fork()ing, I had a look at this, > and waitpid(2), and decided that it was waiting on the wrong process - it > should be waiting on *children* of the main process to exit, not children > of the *child*. I changed it to: > > if (sys_waitpid(getpid(),&status,0) != pid) { > > and the error went away! And I could print! As I say, I'm not familiar with > this sort of code, so I could be completely wrong, and just fluked getting > the print jobs though :) > > Anyway, I hope this helps ... the server is Solaris 7, and I'm using SYSV > printing with "printcap name = lpstat". > > :) > > ~Iain > > > > > > Luke Kenneth Casson Leighton writes: > : On Thu, 13 Jan 2000, Iain MacDonnell wrote: > : > : > > : > Hi Luke, > : > > : > Thanks for the updates - I'll test tonight! > : > > : > The main thing I like about TNG is that, aside from the inevitable developm > + ent > : > bugs, it just works... this is the first time that I've been able to do all > : > the things that I want at the same time - domain logons, domain groups, > : > printing, etc - previously, I've only seemed to be able to do a subset with > : > any particular release before. > : > : WILD! > : > : ... you got printing to work? please tell us how, i have someone who > : couldn't. > : > : > As for the daemon architecture, it seems to make a lot of sense. Aside from > : > being able to take individual services in and out of operation without > : > killing the whole server, not bundling all of those services into one > : > big daemon feels like a good move. Persumably it ought to run more effecien > + tly > : > on larger (MP) servers, too ? > : > : i should hope so. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lharold at mrc.uidaho.edu Thu Jan 13 23:21:25 2000 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: ; from "Luke Kenneth Casson Leighton" at Jan 14, 100 9:54 am Message-ID: <200001132321.PAA04948@hydra.mrc.uidaho.edu> >From the production Samba server: root> /opt/samba/bin/nmblookup SMBTEST Sending queries to 129.101.74.255 129.101.74.140 SMBTEST<00> 129.101.74.140 SMBTEST<00> Of course nmblookup fails miserably on SMBTEST. Len >okie, well does the machine at ip 129.101.74.140 actually _have_ a NetBIOS >name SMBTEST registered? use nmblookup (or nbtstat.exe) to find out. > > >On Thu, 13 Jan 2000, Len Harold wrote: > >> Ok Luke, >> >> >if it's not broken, smbclient and rpcclient take a -n NETBIOSNAME option. >> >check this out, first, though. >> >> I tried this: >> >> rpcclient -n SMBTEST -S SMBTEST -W MRCTEST -U smbroot >> >> It is taking the the netbios name so now I'm guessing that my problem is >> in the configuration somewhere, not the code. >> >> Guys, >> >> If someone wants to take a stab at this, the end of lsaquery error message >> says: >> >> cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No >> socket open succeeded. file name: /tmp/.smb.0/agent >> socket connect to /tmp/.smb.0/agent failed >> redirect FAILED, make direct connection >> Connecting to 129.101.74.140 at port 445 >> error connecting to 129.101.74.140:445 (Invalid argument) >> Connecting to 129.101.74.140 at port 139 >> error connecting to 129.101.74.140:139 (Invalid argument) >> cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) >> cli_net_use_add: connection failed >> cli_net_use_del: \\SMBTEST. force close: No >> cmd_lsa_query_info: query failed >> >> Len From Dseven at Dseven.ORG Fri Jan 14 00:33:46 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Fri, 14 Jan 2000 10:02:22 +1100." Message-ID: <200001140033.AAA11046@mimas.Dseven.ORG> Luke Kenneth Casson Leighton writes: : can someone evaluate this, i have no idea if it's correct [the fork() : bit]. Forget it - I read the manpage again, and was talking garbage before. I've currently got a nameless printer inside the "Printers" share, but no printer at the level above that (where it usually appears). : also, iain, give me more info. what is the workstation name. which is : the samba server. which log file has the trust account error message? This has gone away since I joined the domain (with the server). Perhaps I ought to have looked at log.spoolss earlier .. I just found the errors below. Background info: domain DSEVEN.ORG server reddwarf client skutter printer kryten user im50766 Let me know if you need anything else... ~Iain [2000/01/14 00:21:13, 1] msrpc/msrpcd.c:msrpc_main(458) spoolssd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1999 doing parameter workgroup = DSEVEN.ORG doing parameter security = user doing parameter browse list = yes doing parameter encrypt passwords = yes doing parameter nis homedir = yes doing parameter domain master = yes doing parameter preferred master = yes doing parameter wins support = yes doing parameter domain logons = yes doing parameter domain group map = /opt/samba-tng/lib/domaingroup.map doing parameter local group map = /opt/samba-tng/lib/localgroup.map doing parameter logon drive = h: doing parameter logon home = \\%N\%U doing parameter logon script = %U.bat doing parameter logon path = \\%N\%U\profile doing parameter preserve case = yes doing parameter case sensitive = no doing parameter guest account = nobody doing parameter printcap name = lpstat doing parameter printing = SYSV [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[homes]" doing parameter writable = yes doing parameter guest ok = no doing parameter read only = no [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[printers]" doing parameter comment = All Printers doing parameter path = /usr/spool/public doing parameter writable = no doing parameter browseable = no doing parameter guest ok = no doing parameter public = yes doing parameter printable = yes [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[netlogon]" doing parameter path = /opt/samba-tng/netlogon doing parameter writeable = no doing parameter guest ok = no doing parameter locking = no doing parameter browseable = yes doing parameter public = no [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[profiles]" doing parameter path = /opt/samba-tng/profiles doing parameter writable = true doing parameter comment = "User Profiles" doing parameter public = yes doing parameter printable = no doing parameter browseable = yes [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[scratch]" doing parameter path = /export/home/scratch doing parameter writable = true doing parameter comment = "Scratch Space" doing parameter public = yes doing parameter printable = no doing parameter browseable = yes [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[misc]" doing parameter path = /export/misc doing parameter writable = true doing parameter comment = "Misc" doing parameter public = yes doing parameter printable = no doing parameter browseable = yes [2000/01/14 00:21:13, 3] param/loadparm.c:lp_load(2695) pm_process() returned Yes [2000/01/14 00:21:13, 3] param/loadparm.c:lp_add_ipc(1592) adding IPC service adding printer service kryten Added interface ip=10.1.1.2 bcast=10.1.1.255 nmask=255.255.255.0 Added interface ip=10.1.2.2 bcast=10.1.2.255 nmask=255.255.255.0 Added interface ip=10.1.3.2 bcast=10.1.3.255 nmask=255.255.255.0 Added interface ip=10.1.4.2 bcast=10.1.4.255 nmask=255.255.255.0 loaded services standard input is not a socket, assuming -D option Becoming a daemon. create_pipe_socket: /opt/samba-tng/var/locks/.msrpc perms=448 /opt/samba-tng/var/locks/.msrpc/spoolss perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /opt/samba-tng/var/locks/.msrpc/spoolss failed waiting for a connection Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_OPENPRINTEREX checking name: \\Reddwarf Setting printer type=\\Reddwarf (pnum=0) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTERDATA freeing memory freeing memory:ok end of file from client Closing connections Server exit (normal exit) Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_RFFPCNEX Whoops, Printer handle not found: Copying 1 notify option info end of file from client Closing connections Server exit (normal exit) Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_RFNPCNEX Whoops, Printer handle not found: Doing \PIPE\spoolss api_rpc_command: SPOOLSS_FCPN Doing \PIPE\spoolss api_rpc_command: SPOOLSS_OPENPRINTEREX checking name: \\Reddwarf Setting printer type=\\Reddwarf (pnum=0) end of file from client Closing connections Server exit (normal exit) Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_RFFPCNEX Whoops, Printer handle not found: Copying 0 notify option info end of file from client Closing connections Server exit (normal exit) Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_ENUMPRINTERS waitpid(11212) : No child processes Running the command `lpstat -okryten' gave -1 Doing \PIPE\spoolss api_rpc_command: SPOOLSS_OPENPRINTEREX checking name: \\Reddwarf\ Setting printer type=\\Reddwarf\ (pnum=0) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTER Using cached lpq output Doing \PIPE\spoolss api_rpc_command: SPOOLSS_OPENPRINTEREX checking name: \\Reddwarf\ Setting printer type=\\Reddwarf\ (pnum=1) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTER Using cached lpq output Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTERDRIVER2 spoolss_reply_get6_] NULL pointer, memory not alloced ? =============================================================== INTERNAL ERROR: Signal 11 in pid 11211 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTER Whoops, Printer handle not found: Error getting printer - take a nap quickly ! waitpid(11216) : No child processes Running the command `lpstat -o' gave -1 cannot open printer file [/opt/samba-tng/lib/NTprinter_] NULL pointer, memory not alloced ? =============================================================== INTERNAL ERROR: Signal 11 in pid 11215 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_CLOSEPRINTER Whoops, Printer handle not found: Error closing printer handle (pnum=ffffffff) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_ENUMPRINTERDRIVERS Doing \PIPE\spoolss api_rpc_command: SPOOLSS_CLOSEPRINTER Whoops, Printer handle not found: Error closing printer handle (pnum=ffffffff) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_FCPN Doing \PIPE\spoolss api_rpc_command: SPOOLSS_CLOSEPRINTER Whoops, Printer handle not found: Error closing printer handle (pnum=ffffffff) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_CLOSEPRINTER Whoops, Printer handle not found: Error closing printer handle (pnum=ffffffff) Closing idle connection Closing connections Server exit (normal exit) From tavis at mahler.econ.columbia.edu Fri Jan 14 01:09:21 2000 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:59 2003 Subject: smbclient messages to a specific user ? In-Reply-To: Message-ID: Could I make another request to the Samba developers, something along these lines for the "It would be nice...." list? It would be great if there were a parameter specifying a file (like /etc/motd) that could be sent out as a WinPopUp message to all machines after a successful login. Right now we do it through root preexec, but it comes up a little more often than we'd like. I suspect it wouldn't be too hard for someone familiar with the Samba code to add in, but I'm not such a person. With much appreciation, Tavis On Fri, 14 Jan 2000, Andrew Perrin - Demography wrote: > We handle this problem in a not-very-elegant but nevertheless functional > way: > > - in smb.conf: > [homes] > ... > root preexec = echo %u > /opt/samba/status/%m ; echo %T::%u::%m::login > >> /opt/samba/userlog > root postexec = rm -f /opt/samba/status/%m ; echo %T::%u::%m::logout >> > /opt/samba/userlog > > I then wrote a script (which I'll put at > http://demog.berkeley.edu/~aperrin/tips/src/ntwall.pl.txt for anyone > interested) that checks the files in /opt/samba/status and sends popup > messages only to those machines from which a homes share is currently > open. This, in practical terms, maps to those machines into which someone > is currently logged. This solves the problem of having winpopup messages > show up on machines when users log in even if the messages were sent days > before. > > If you wanted to be more specific, you could check the contents of the > status/* files and only send to specific users. > > Hope this is of some help. > > ap > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Fri, 14 Jan 2000, Cole, Timothy D. wrote: > > > > -----Original Message----- > > > From: Dejan Ilic [SMTP:dejan.ilic@home.se] > > > Sent: Thursday, January 13, 2000 12:17 > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: smbclient messages to a specific user ? > > > > > > Hello. > > > I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages > > > to users sitting on WinNT4 machines. The feedback is mostly accounting > > > information like number of pages left that the user can print, or quota > > > status when logging in etc. > > > > > > smbclient can send to a specific (netbiosname) machine but not to a > > > specific user on that machine. You can only supply the senders user, not > > > receiver. This is not a problem today as we have WinNT workstations where > > > only one user at time work, and the messages are usualy directed to that > > > user. > > > > > > But there are two problems with this limitation: > > > *) Ie when printing a lengthy document the user can log out, leave the > > > machine and got to the printer and wait for the printer to finish its > > > job. When the job is done the server will send a message to the > > > computer, but the user has left, and the message will be printed on > > > the > > > loginscreen, or to the next user sitting on by the computer now! > > > > > > This could lead to some confusion and possibly leaking of semi-private > > > > > > information. I would like to avoid that if possible by directing the > > > message to a specific user on that machine. The other users should not > > > be able to see the message. > > > > > > *) The limitation will become unbearable when we start using WinNT > > > Terminal Servers here. Sending a message to a TS could mean that all > > > the users logged in will se the message (?), when only one in realy > > > interested in the result. You could imagine a server with 20-35 users > > > logged in and every time someone prints or logs in everybody get a > > > message that they realy shouldn't receive. > > > > > > Windows NT4 "net send" command has a possibility to send to a specific > > > user. I must admit that I haven't used it, but it indicates that it should > > > work. > > > > > > Is it possible to extend smbclient so that it can send messages to a > > > specific user on a specific machine (or domain), or is it a limitation in > > > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > > > > > Basically the way it works is that each user that logs in registers > > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > > logged in on. I believe when net send sends to a specific user, it looks up > > this record, then dispatches the message to the messenger service at that > > particular IP. > > > > I don't think it's any more involved than that, since it's not > > unheard of to have problems with having two users with the same name in > > different domains to each randomly get print notifications and other > > messages intended for the other. I think this is because the domain isn't a > > component of the 0x03 name, so the most recent user to log in gets all > > messages for all users with the same name in all domains. > > > > This also suggests to me that the actual windows messanging setup is > > machine-based, rather than user-based. I have really no idea how terminal > > server copes with that, or if it even does. > > > > From tjtc at MIT.EDU Fri Jan 14 01:33:21 2000 From: tjtc at MIT.EDU (johnny t chang) Date: Tue Dec 2 02:27:59 2003 Subject: roaming profiles not updating Message-ID: <200001140133.UAA17378@ten-thousand-dollar-bill.mit.edu> *** THE PROBLEM i'm running 2.1.0 prealpha ... Linux server w/ NT clients ... for some reason, when users log into the domain from workstations, their profiles are not saved back to the server ... AND/OR their profiles aren't being downloaded from the server. *** SOME OBSERVATIONS i set up a brand new client today. when i log in, then log out, then log in as administrator on the client ... i can see from looking at C:\Winnt\Profiles\johnny (there is no local user named johnny) that the server profile has been downloaded. then, if i log back in on the domain account, and change a setting -- say the wallpaper -- then log back out ... then i log in as local administrator ... i notice that the local NTUSER.DAT file for johnny still has the old time (sometime in December) ... but if i open that registry hive with regedt32.exe, the wallpaper setting has been correctly changed. now, if i look at the server NTUSER.DAT, the wallpaper setting has not been correctly changed. the next thing i did was to manually modify the loaded hive, and then unload it ... this does then change the "Modified" time to today. when i then try to log into the domain, i get a dialog that says the locally cached profile is newer (which is correct), and whether i want to use it ... i say "Yes," but the wallpaper is not the one listed in the local NTUSER.dat ... AND when i log out, the server version doesn't get updated. any ideas? thanks! From lkcl at samba.org Fri Jan 14 01:41:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: roaming profiles not updating In-Reply-To: <200001140133.UAA17378@ten-thousand-dollar-bill.mit.edu> Message-ID: johnny, try using cvs main's smbd and nmbd processes, or have the profile stored on a _different_ NT-compatible server,and post the results to the list. i expect it to work if you use an NT host to store the profile, and i sort-of hope it works if you use cvs main's smbd. thx, luke p.s follow instructions in SAMBA_TNG's source/README. On Fri, 14 Jan 2000, johnny t chang wrote: > > *** THE PROBLEM > > i'm running 2.1.0 prealpha ... Linux server w/ NT clients ... for > some reason, when users log into the domain from workstations, their > profiles are not saved back to the server ... AND/OR their profiles > aren't being downloaded from the server. > > > > *** SOME OBSERVATIONS > > i set up a brand new client today. when i log in, then log out, then > log in as administrator on the client ... i can see from looking at > C:\Winnt\Profiles\johnny (there is no local user named johnny) that the > server profile has been downloaded. > > then, if i log back in on the domain account, and change a setting -- > say the wallpaper -- then log back out ... then i log in as local > administrator ... i notice that the local NTUSER.DAT file for johnny > still has the old time (sometime in December) ... but if i open that > registry hive with regedt32.exe, the wallpaper setting has been > correctly changed. > > now, if i look at the server NTUSER.DAT, the wallpaper setting has not > been correctly changed. > > the next thing i did was to manually modify the loaded hive, and then > unload it ... this does then change the "Modified" time to today. when > i then try to log into the domain, i get a dialog that says the locally > cached profile is newer (which is correct), and whether i want to use it > .. i say "Yes," but the wallpaper is not the one listed in the local > NTUSER.dat ... AND when i log out, the server version doesn't get > updated. > > any ideas? > > thanks! > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Fri Jan 14 01:42:41 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: smbclient messages to a specific user ? In-Reply-To: Message-ID: i'm sure that this can be done without mods to samba source, you admins out there can work it out, or i'm sure one of you already has! On Fri, 14 Jan 2000, Tavis Barr wrote: > > Could I make another request to the Samba developers, something along > these lines for the "It would be nice...." list? It would be great if > there were a parameter specifying a file (like /etc/motd) that could be > sent out as a WinPopUp message to all machines after a successful login. > Right now we do it through root preexec, but it comes up a little more > often than we'd like. I suspect it wouldn't be too hard for someone > familiar with the Samba code to add in, but I'm not such a person. > > With much appreciation, > Tavis > > > On Fri, 14 Jan 2000, Andrew Perrin - Demography wrote: > > > We handle this problem in a not-very-elegant but nevertheless functional > > way: > > > > - in smb.conf: > > [homes] > > ... > > root preexec = echo %u > /opt/samba/status/%m ; echo %T::%u::%m::login > > >> /opt/samba/userlog > > root postexec = rm -f /opt/samba/status/%m ; echo %T::%u::%m::logout >> > > /opt/samba/userlog > > > > I then wrote a script (which I'll put at > > http://demog.berkeley.edu/~aperrin/tips/src/ntwall.pl.txt for anyone > > interested) that checks the files in /opt/samba/status and sends popup > > messages only to those machines from which a homes share is currently > > open. This, in practical terms, maps to those machines into which someone > > is currently logged. This solves the problem of having winpopup messages > > show up on machines when users log in even if the messages were sent days > > before. > > > > If you wanted to be more specific, you could check the contents of the > > status/* files and only send to specific users. > > > > Hope this is of some help. > > > > ap > > > > --------------------------------------------------------------------- > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > Department of Demography - University of California at Berkeley > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > > On Fri, 14 Jan 2000, Cole, Timothy D. wrote: > > > > > > -----Original Message----- > > > > From: Dejan Ilic [SMTP:dejan.ilic@home.se] > > > > Sent: Thursday, January 13, 2000 12:17 > > > > To: Multiple recipients of list SAMBA-NTDOM > > > > Subject: smbclient messages to a specific user ? > > > > > > > > Hello. > > > > I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages > > > > to users sitting on WinNT4 machines. The feedback is mostly accounting > > > > information like number of pages left that the user can print, or quota > > > > status when logging in etc. > > > > > > > > smbclient can send to a specific (netbiosname) machine but not to a > > > > specific user on that machine. You can only supply the senders user, not > > > > receiver. This is not a problem today as we have WinNT workstations where > > > > only one user at time work, and the messages are usualy directed to that > > > > user. > > > > > > > > But there are two problems with this limitation: > > > > *) Ie when printing a lengthy document the user can log out, leave the > > > > machine and got to the printer and wait for the printer to finish its > > > > job. When the job is done the server will send a message to the > > > > computer, but the user has left, and the message will be printed on > > > > the > > > > loginscreen, or to the next user sitting on by the computer now! > > > > > > > > This could lead to some confusion and possibly leaking of semi-private > > > > > > > > information. I would like to avoid that if possible by directing the > > > > message to a specific user on that machine. The other users should not > > > > be able to see the message. > > > > > > > > *) The limitation will become unbearable when we start using WinNT > > > > Terminal Servers here. Sending a message to a TS could mean that all > > > > the users logged in will se the message (?), when only one in realy > > > > interested in the result. You could imagine a server with 20-35 users > > > > logged in and every time someone prints or logs in everybody get a > > > > message that they realy shouldn't receive. > > > > > > > > Windows NT4 "net send" command has a possibility to send to a specific > > > > user. I must admit that I haven't used it, but it indicates that it should > > > > work. > > > > > > > > Is it possible to extend smbclient so that it can send messages to a > > > > specific user on a specific machine (or domain), or is it a limitation in > > > > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > > > > > > > Basically the way it works is that each user that logs in registers > > > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > > > logged in on. I believe when net send sends to a specific user, it looks up > > > this record, then dispatches the message to the messenger service at that > > > particular IP. > > > > > > I don't think it's any more involved than that, since it's not > > > unheard of to have problems with having two users with the same name in > > > different domains to each randomly get print notifications and other > > > messages intended for the other. I think this is because the domain isn't a > > > component of the 0x03 name, so the most recent user to log in gets all > > > messages for all users with the same name in all domains. > > > > > > This also suggests to me that the actual windows messanging setup is > > > machine-based, rather than user-based. I have really no idea how terminal > > > server copes with that, or if it even does. > > > > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From kevinc at grainsystems.com Fri Jan 14 02:00:26 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:59 2003 Subject: smbclient messages to a specific user ? References: Message-ID: <387E833A.D20348DF@grainsystems.com> Tavis Barr wrote: > > Could I make another request to the Samba developers, something along > these lines for the "It would be nice...." list? It would be great if > there were a parameter specifying a file (like /etc/motd) that could be > sent out as a WinPopUp message to all machines after a successful login. How about using the users' logon scripts? - Kevin Colby kevinc@grainsystems.com From mgeddes at xavier.sa.edu.au Fri Jan 14 02:14:22 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:59 2003 Subject: smbclient messages to a specific user ? References: <387E833A.D20348DF@grainsystems.com> Message-ID: <387E867E.7F84668E@xavier.sa.edu.au> Kevin Colby wrote: > Tavis Barr wrote: > > > > Could I make another request to the Samba developers, something along > > these lines for the "It would be nice...." list? It would be great if > > there were a parameter specifying a file (like /etc/motd) that could be > > sent out as a WinPopUp message to all machines after a successful login. > > How about using the users' logon scripts? > > - Kevin Colby > kevinc@grainsystems.com If you had Windows Scripting host on each machine (comes with win98 / NT + IIS 4, available for Win32), you could have a little GUI box pop up for the user. Windows Scripting Host allows you to use VBScript and JScript. There was talk a while back for adding PerlScript support. Highly recommended ;-). Matt From Jean-Francois.Micouleau at dalalu.fr Fri Jan 14 07:27:06 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: <200001140033.AAA11046@mimas.Dseven.ORG> Message-ID: On Fri, 14 Jan 2000, Iain MacDonnell wrote: > I've currently got a nameless printer inside the "Printers" share, but > no printer at the level above that (where it usually appears). what SP are you running on your wks ? > Processing section "[printers]" > doing parameter comment = All Printers > doing parameter path = /usr/spool/public the spoolss code doesn't handle the [printers] section correctly. You have to define each printers as different sections. J.F. From LEYMARIE_Gerard at accor-hotels.com Fri Jan 14 09:10:01 2000 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:27:59 2003 Subject: I feel dumb References: Message-ID: <005801bf5e6f$2318ec80$2300c839@accorhotels.com> I'm in the same configuration, but I would like to know which are the adavntage of the new TNG version? Thks ----- Message d'origine ----- De : "Robert Saraceno, Jr." ? : "Multiple recipients of list SAMBA-NTDOM" Envoy? : jeudi 13 janvier 2000 18:56 Objet : I feel dumb > Well, I have been using Samba 2.0.6 for a little bit now, however, I would > like to run the latest of TNG on a test network. Where can I get > instructions on obtaining this. Having instructions for both CVS and FTP > would be very helpful. > > Thanks in advance, > > Robert Saraceno, Jr. > Network Administrator > Boston Steel Erectors, Inc. From umehlig at uni-bremen.de Fri Jan 14 12:14:28 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:27:59 2003 Subject: still out of domain Message-ID: <200001141214.NAA02390@pandora3.localnet> Hello out there, I think I've sent a mail about not being able to join a domain yesterday, but at least I didn't receive it up to now. Once again: I downloaded yesterday evening's cvs branch SAMBA_TNG, compiled with "./configure.developer", deleted/emptied old stuff in .../private, started all those daemons and let my samba server (intel Linux 2.2.13) join the domain (smbpasswd -a -m pandora3; smbpasswd -j olymp). Afterwards I added the client (vmware: NT 4.0/SP5) to smbpasswd (smbpasswd -m -a pseudo). Unfortunately, the client still won't join the domain, complaining about "connection to domain controller not possible, have to ask your sys admin to check the domain account" (free translation from German NT's message). I'm not a big help in reading the 100' logs, the only thing that's odd to me is this (from log.pseudo): domain_client_validate: unable to validate password for user PSEUDO$ in domain OLYMP to Domain controller \\.. Is it normal, that the DC is abbreviated as "\\.."? If you want, I can send all or parts of the logs and smbpasswd's output as an attachment, maybe with the configuration files. Many thanks for your attention, Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From mike at psand.net Fri Jan 14 13:07:21 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:59 2003 Subject: My smb problem.. References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> Message-ID: <012801bf5e92$68011200$0164a8c0@win981> Fredrik, Attached my smb.conf file, but don't take it as gospel - it's very quickly configured (and there's a few mistakes in it with netlogon and profiles) so I could just get it up and running and test. In my case, I'm using my Samba server as DMB and WINS and connection with W2K Professional. I couldn't get this to work until after the TNG updates yesterday afternoon CET as before smbd crashed when attempting to join the domain. I compiled TNG with no configure options, default make and install. Started all 12 daemons. I've a RedHat 6.x script at http://www.psand.net/scripts/samba/smb-2.1.html that does this. Anyway loosely, here are my set-up steps: 1. Set-up minimal smb.conf: workgroup=DOMAIN security=user encrypt passwords=yes domain logons=yes preferred master=yes domain master=yes wins support=yes announce version=4.2 os level=32 and the homes share. 2. Add the Samba server to domain and join: useradd SAMBASRV$ smbpasswd -a -m SAMBASRV smbpasswd -j DOMAIN 3. Add the W2K machine: useradd W2KPRO1$ smbpasswd -a -m W2KPRO1 4. Set-up W2K machine to support NetBIOS over TCP/IP, WINS points at Samba server. The join the domain. When prompted for admin name enter DOMAIN\root and password. I've added an account 'Administrator' to my UNIX password file and smbpasswd to speed things up. That's all I did! If step 4 fails, I found that re-running smbpasswd on the machine name helped. Server Manager and User Manager work fine for viewing information about the Samba server. Obviously none of the W2K ADS tools work whatsoever or at all!! Hope this helps, Mike Harris, Psand Espa?a. ----- Original Message ----- From: Fredrik Falk To: Mike Harris Sent: Thursday, January 13, 2000 8:20 PM Subject: My smb problem.. > Ok, Please could you tell me all the things that you did... > And if its not to mutch then you could send me your smb.conf :) ... > > Fredrik > ---- > I downloaded TNG this afternoon and it works fine with W2K RC3. > I'm NOT using smbd and nmbd from the Samba main, all TNG. > > Mike. > ----- Original Message ----- > From: Fredrik Falk > To: Multiple recipients of list SAMBA-NTDOM > Sent: Thursday, January 13, 2000 7:46 PM > Subject: Problem!!!!! > > > > Hello, I have a big problem with samba pre3.0... Before win2k could found > a > > domain.. And it start asking for user/passwd... But i diden't fix the > > user/pass problem... So i downloaded a newer version of pre3.0... And > after > > that win2k can't find any domain att all.... But it still works with > > win98... > > I have follow the instructions from: > > http://www.kneschke.de/projekte/samba_tng > > ... i have try to download it / re installed it like 10 times now... But > > that dident help me .... So anyone can help me with this problem? > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 794 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000114/28c8d4dc/smb.obj From ctooley at joslyn.org Fri Jan 14 13:20:53 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:59 2003 Subject: I feel dumb In-Reply-To: <005801bf5e6f$2318ec80$2300c839@accorhotels.com> Message-ID: <006501bf5e92$2f769540$1900a8c0@joslyn.org> Check out Lars Kneschke's Website at http://www.kneschke.de/projekte/samba_tng/index.php3 to get TNG instructions. I found it fairly easy to follow. Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of LEYMARIE Gerard Sent: Friday, January 14, 2000 3:12 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: I feel dumb I'm in the same configuration, but I would like to know which are the adavntage of the new TNG version? Thks ----- Message d'origine ----- De : "Robert Saraceno, Jr." ? : "Multiple recipients of list SAMBA-NTDOM" Envoy? : jeudi 13 janvier 2000 18:56 Objet : I feel dumb > Well, I have been using Samba 2.0.6 for a little bit now, however, I would > like to run the latest of TNG on a test network. Where can I get > instructions on obtaining this. Having instructions for both CVS and FTP > would be very helpful. > > Thanks in advance, > > Robert Saraceno, Jr. > Network Administrator > Boston Steel Erectors, Inc. From gtm at oracom.com Fri Jan 14 15:30:09 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:59 2003 Subject: domain group map References: <387E2E12.ACD1E2F6@oracom.com> <387E37B2.A1EBC5C6@kneschke.de> Message-ID: <387F4101.95BA39C0@oracom.com> Lars Kneschke wrote: > Glenn MacGregor wrote: > > > > Hi all, > > > > I am using a combination of head branch and tng branch which I just > > got today (tng). I have smbd and nmbd from main (pre-3.0.0) has domain > > group map been taking out of that? How do I log into a domain and get > > admin privs? > You can find more information at my webpage: > http://www.kneschke.de/projekte/samba_tng/administrator.php3 > > Cu > > -- > > Do you like Samba? > Do you know KSamba? > Try http://www.ksamba.org!! > Or watch our other projects at http://www.kneschke.de/projekte! I did that, and it seems that I am now a local admin but using usrmgr for domains I still can't add a group or user. Any Clues? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From JJones at nwnets.com Fri Jan 14 14:38:45 2000 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:27:59 2003 Subject: See What You've Done? Message-ID: <4128C0428F94D3118F1E00902773CED201B3CD@NNSBOIS1> I hope you're happy... You've scared Bill Gates, he's quit and he's going home. I want you to go to your room and think about what you've done. Then you're going to call his mom and apologize for being bullies. Maybe make him some cookies, too. :) (Sorry, Luke, couldn't resist. Please don't boot me...) Jeremy Jones, MA, MCSE, CCNA Systems Analyst Northwest Network Services (208) 343-5260 x106 http://www.nwnets.com mailto:jjones@nwnets.com From gtm at oracom.com Fri Jan 14 15:37:32 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:59 2003 Subject: regisrty rights Message-ID: <387F42BB.9C7D2B62@oracom.com> Hi all, I am trying to get profiles working and everything is looking good, except I have office 2000 which on the first startup of each user finishes the install of itself. This is fine if the user is a domain admin but if they are not then it fails saying I don't have right to do this for everyone, try as administrator. Does anyone know a way around this? Also is there a way to be local admin while logging into a domain? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From umehlig at uni-bremen.de Fri Jan 14 15:38:19 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <012801bf5e92$68011200$0164a8c0@win981> (mike@psand.net) References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> Message-ID: <200001141538.QAA12442@pandora3.localnet> O.K., following your advice I managed to join the domain (at least NT said so), but after rebooting, the system says that the domain would be unavaillable, and while a user which existed on the client machine under the 2.0.x "PDC" era can log in with a "locally stored copy of the profile", new domain users aren't allowed to log in. BTW, does there have to be a file "...private/DOMAINNAME.CLIENTNAME.MAC"? On my system, it doesn't exist. Any suggestions? Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From jens.skripczynski at igd.fhg.de Fri Jan 14 15:39:42 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:00 2003 Subject: _Quoting_ _Please_ Message-ID: <20000114163942.B1403@pclinux.igd.fhg.de> Hello everybody, I would like to encourage everybody to a better quoting. Please do only quote things you do reply to. But do _not_ Write 1 line and then quote an E-Mail with 100 lines. Reading the E-Mails today I would estimate 40% of the E-Mails would do this. Please it increases the speed of reading and makes much smaller traffic. (Even if you don't pay for it). Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From andrea at tvtecnologia.it Fri Jan 14 15:41:00 2000 From: andrea at tvtecnologia.it (Andrea Zennaro) Date: Tue Dec 2 02:28:00 2003 Subject: Samba authentication problem in NT Domain Message-ID: <000001bf5ea5$c3228f20$37866397@andrea.tvtecnologia.it> Well, I would like to share the resuorces of my linux Box in an NT Domain. Using the "smbpasswd -j INFOTECH -r NT_PDC" command line I am able to join the domain INFOTECH where the NT_PDC is the PDC running NTServer 4 Sp4. I have add the samba server in the Server Manager and I have set up the the same user account in both the NT Domain and the samba server. At this point starting nmbd and smbd I can find the linux box on the "Network Neighborhood" but when I try to browse it the Windows machine prompt me for username/password. There is no way to be authenticated. If I add the user password in the smbpasswd file everything work BUT why I can be authenticated by the PDC ? [2000/01/14 12:24:53, 1] smbd/server.c:main(643) smbd version 2.0.6 started. Copyright Andrew Tridgell 1992-1998 [2000/01/14 12:24:53, 1] smbd/files.c:file_init(216) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/14 12:25:10, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(249) cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME [2000/01/14 12:25:10, 0] rpc_client/cli_login.c:cli_nt_setup_creds(49) cli_nt_setup_creds: request challenge failed [2000/01/14 12:25:10, 0] smbd/password.c:domain_client_validate(1413) domain_client_validate: unable to setup the PDC credentials to machine 151.99.134.25. Error was : NT_STATUS_INVALID_COMPUTER_NAME. [2000/01/14 12:25:10, 0] passdb/smbpass.c:startsmbfilepwent(50) startsmbfilepwent: unable to open file /etc/samba/smbpasswd [2000/01/14 12:25:10, 0] passdb/passdb.c:iterate_getsmbpwnam(149) unable to open smb password database. [2000/01/14 12:25:10, 1] smbd/password.c:pass_check_smb(505) Couldn't find user 'Administrator' in smb_passwd file. [2000/01/14 12:25:10, 0] passdb/smbpass.c:startsmbfilepwent(50) startsmbfilepwent: unable to open file /etc/samba/smbpasswd [2000/01/14 12:25:10, 0] passdb/passdb.c:iterate_getsmbpwnam(149) unable to open smb password database. [2000/01/14 12:25:10, 1] smbd/password.c:pass_check_smb(505) Couldn't find user 'Administrator' in smb_passwd file. [2000/01/14 12:25:10, 1] smbd/reply.c:reply_sesssetup_and_X(909) Rejecting user 'Administrator': authentication failed From skvidal at phy.duke.edu Fri Jan 14 15:42:49 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:28:00 2003 Subject: regisrty rights In-Reply-To: <387F42BB.9C7D2B62@oracom.com> Message-ID: > I am trying to get profiles working and everything is looking good, > except I have office 2000 which on the first startup of each user > finishes the install of itself. This is fine if the user is a domain > admin but if they are not then it fails saying I don't have right to do > this for everyone, try as administrator. Does anyone know a way around > this? Also is there a way to be local admin while logging into a > domain? That part of the o2k install should be hkcu modifications only and thus modifiable by the user. Do the users have write access to their user registries? -sv From timothy_d_cole at md.northgrum.com Fri Jan 14 15:43:51 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631CD@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Thursday, January 13, 2000 18:08 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: TNG / inet_aton > > can someone evaluate this, i have no idea if it's correct [the fork() > bit]. > The original code was correct. Kind of. The return value of fork() is: 0 - in the child process chlid pid - in the parent process or: -1 - error; no child process forked Normally the way I see this handled is: pid = fork(); switch (pid) { case 0; /* do child things */ break; case -1: /* handle error */ break; default: } > also, iain, give me more info. what is the workstation name. which is > the samba server. which log file has the trust account error message? > > etc. > > On Thu, 13 Jan 2000, Iain MacDonnell wrote: > > > One thing I did change in the code, which I *think* fixed a problem with > > printing ... I noticed errors to the effect of "Running command > > 'lpstat -o' returned -1". I traced this to the following bit of > > lib/smbrun.c : > > > > if ((pid=fork())) { > > int status=0; > > /* the parent just waits for the child to exit */ > > if (sys_waitpid(pid,&status,0) != pid) { > > DEBUG(2,("waitpid(%d) : > %s\n",pid,strerror(errno))); > > return -1; > > } > > return status; > > } > > > > Bearing in mind that I know nothing about fork()ing, I had a look at > this, > > and waitpid(2), and decided that it was waiting on the wrong process - > it > > should be waiting on *children* of the main process to exit, not > children > > of the *child*. I changed it to: > > > > if (sys_waitpid(getpid(),&status,0) != pid) { > Since this code executes in the parent, getpid() will be the pid of the parent process -- probably not quite what you had in mind. This should actually fail, causing sys_waitpid() to return (pid_t)-1, and set errno to ECHILD. I have no idea why it doesn't fail, or why it returns pid. (it may be that under Solaris, waitpid(getpid(), &status, 0) is equivalent to wait(&status), but I seriously doubt that assumption is portable) From gtm at oracom.com Fri Jan 14 16:05:28 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:28:00 2003 Subject: regisrty rights References: Message-ID: <387F4948.3C13BB33@oracom.com> Seth Vidal wrote: > > I am trying to get profiles working and everything is looking good, > > except I have office 2000 which on the first startup of each user > > finishes the install of itself. This is fine if the user is a domain > > admin but if they are not then it fails saying I don't have right to do > > this for everyone, try as administrator. Does anyone know a way around > > this? Also is there a way to be local admin while logging into a > > domain? > > That part of the o2k install should be hkcu modifications only and thus > modifiable by the user. Do the users have write access to their user > registries? > > -sv You would think but when I run word for instance it tries to finish the setup and part way through that I get an error saying: Error 1925. You do not have sufficient privs to complete this installation for all users of the machine. Log on as Administrator and retry this installation. Why is it trying to run the install for all users on the system? Is there any way to change this? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From skvidal at phy.duke.edu Fri Jan 14 16:06:33 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:28:00 2003 Subject: regisrty rights In-Reply-To: <387F4948.3C13BB33@oracom.com> Message-ID: > You would think but when I run word for instance it tries to finish the > setup and part way through that I get an error saying: > > Error 1925. You do not have sufficient privs to complete this > installation for all users of the machine. Log on as Administrator and > retry this installation. > Why is it trying to run the install for all users on the system? Is there > any way to change this? There are (if I remember) 3 stages to the install. There is the "install bins", admin config and user config. are you sure you're not in the admin config section? try doing that part as an admin then login as a user (with a fresh ntuser.dat) and see if it still has a section to run. -sv From lk at NetUSE.DE Fri Jan 14 16:08:14 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <200001141538.QAA12442@pandora3.localnet> Message-ID: <387F49EE.CC798103@NetUSE.DE> Ulf Mehlig wrote: > > O.K., following your advice I managed to join the domain (at least NT > said so), but after rebooting, the system says that the domain would > be unavaillable, and while a user which existed on the client machine > under the 2.0.x "PDC" era can log in with a "locally stored copy of > the profile", new domain users aren't allowed to log in. BTW, does there > have to be a file "...private/DOMAINNAME.CLIENTNAME.MAC"? On my > system, it doesn't exist. Maybe some of your samba-process are crashed. Try to restart them, before you try to login to the domain from your workstation. And, no the file ...private/DOMAINNAME.CLIENTNAME.MAC" must not exist. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From s_colombo at iol.it Fri Jan 14 16:24:15 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:28:00 2003 Subject: Problem with Cadds5 Message-ID: Hi all , I'm still fighting my war with CADDS5. As I posted before I'm having a strange problem with CADDS5 and Samba 2.06. Cadds5 can save and create projects in a network share mounted from an Hpux running samba. Since we upgraded from samba 1.9x a Cadds5 functionality doesn't work anymore. The function which no longer work is the Show Part command . With the samba 1.9 this command reports the list of parts created , with new version it displays an empty table. I tested it with a very basic smb.conf file just to be sure that no particular settings could cause this behaviour. [global] workgroup = CADCSPO encrypt passwords = Yes null passwords = Yes password level = 2 log level = 10 log file = /opt/samba/var/log.%m name resolve order = host wins lmhosts bcast deadtime = 120 ; socket options = SO_KEEPALIVE=1 TCP_NODELAY=1 SO_SNDBUF=8192 SO_RCVBUF=8192 socket options = os level = 65 preferred master = Yes wins support = Yes guest account = nobody force create mode = 0755 force directory mode = 0755 mangle case = Yes read prediction = yes locking = yes strict locking = yes read raw = yes read bmpx = yes write raw = yes deadtime = 0 keepalive = 0 [cadds5] comment = Direttorio disegni Cadds5 server HPUX csp09 (L:) path = /tmp/cadds5 create mask = 0777 force user = cadds5 Hope somebody can help me . Stefano Colombo ( scolombo@cdmtc.it ) System / Network Engineer CDM Tecnoconsulting SPA v. M.L.King 38/2 40132, Bologna Italy tel : +39 051 4132611 fax : +39 051 4132627 WEB : http://www.cdmtc.it -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2624 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000114/5787e586/winmail.bin From andreltr at em.pucrs.br Fri Jan 14 16:34:51 2000 From: andreltr at em.pucrs.br (=?iso-8859-1?Q?Andr=E9?= Luiz Tietbohl Ramos) Date: Tue Dec 2 02:28:00 2003 Subject: Roaming profiles with 95/98 and NT clients Message-ID: <387F502B.ADE86522@em.pucrs.br> Dear all, Does anyone know how to make 95/98 clients to correctly map the home directory? It does not map correctly the home directory under 95/98 but NT works fine. Samba is mapping the profiles share as the home drive for 95/98. This is what I have in smb.conf (relevant sections only): [global] logon script = login.bat logon drive = h: logon path = \\%N\Profiles\%U logon home = \\%N\%U [Profiles] path = /var/profiles browseable = no create mode = 0600 directory mode = 0700 writable = yes [netlogon] comment = Network Logon Service path = /usr/lib/samba/etc/netlogon guest ok = no writable = no share modes = no The login.bat file has the following: net use h: /home Beforehand I used the roaming profiles in the home share with no problems at all. Any solution to this problem? Thanks in advance, -- Andre Luiz Tietbohl Ramos Assistant Professor CIM - CAD/CAM Laboratory Coordinator Mechanical and Mechatronics Engineering Dept. Pontifical Catholic University of Rio Grande do Sul - Brasil PGP public key: http://www.em.pucrs.br/~andreltr/pgp.public From umehlig at uni-bremen.de Fri Jan 14 16:37:38 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <387F49EE.CC798103@NetUSE.DE> (lk@NetUSE.DE) References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <200001141538.QAA12442@pandora3.localnet> <387F49EE.CC798103@NetUSE.DE> Message-ID: <200001141637.RAA12750@pandora3.localnet> Lars Kneschke wrote > Maybe some of your samba-process are crashed. Try to restart > them, before you try to login to the domain from your > workstation. > And, no the file ...private/DOMAINNAME.CLIENTNAME.MAC" must not > exist. I don't think so -- here's a ps ax|grep samba: 12560 ? S 0:00 /usr/local/samba/bin/nmbd -D 12635 ? S 0:00 /usr/local/samba/bin/smbd -D 12649 ? S 0:00 /usr/local/samba/bin/browserd 12658 ? S 0:00 /usr/local/samba/bin/lsarpcd 12667 ? S 0:00 /usr/local/samba/bin/netlogond 12676 ? S 0:00 /usr/local/samba/bin/samrd 12685 ? S 0:00 /usr/local/samba/bin/spoolssd 12694 ? S 0:00 /usr/local/samba/bin/srvsvcd 12703 ? S 0:00 /usr/local/samba/bin/svcctld 12712 ? S 0:00 /usr/local/samba/bin/winregd 12721 ? S 0:00 /usr/local/samba/bin/wkssvcd Isn't that all? smbpasswd is missing -- is it necessary? Ah, and which log files do I have to examine -- I'm still a little bit helpless with all that logging information :-| Viele Grüße & vielen Dank! Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From lk at NetUSE.DE Fri Jan 14 16:43:34 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <200001141538.QAA12442@pandora3.localnet> <387F49EE.CC798103@NetUSE.DE> <200001141637.RAA12750@pandora3.localnet> Message-ID: <387F5236.4E5A4BE4@NetUSE.DE> Ulf Mehlig wrote: > > Lars Kneschke wrote > > > Maybe some of your samba-process are crashed. Try to restart > > them, before you try to login to the domain from your > > workstation. > > And, no the file ...private/DOMAINNAME.CLIENTNAME.MAC" must not > > exist. > > I don't think so -- here's a ps ax|grep samba: > > 12560 ? S 0:00 /usr/local/samba/bin/nmbd -D > 12635 ? S 0:00 /usr/local/samba/bin/smbd -D > 12649 ? S 0:00 /usr/local/samba/bin/browserd > 12658 ? S 0:00 /usr/local/samba/bin/lsarpcd > 12667 ? S 0:00 /usr/local/samba/bin/netlogond > 12676 ? S 0:00 /usr/local/samba/bin/samrd > 12685 ? S 0:00 /usr/local/samba/bin/spoolssd > 12694 ? S 0:00 /usr/local/samba/bin/srvsvcd > 12703 ? S 0:00 /usr/local/samba/bin/svcctld > 12712 ? S 0:00 /usr/local/samba/bin/winregd > 12721 ? S 0:00 /usr/local/samba/bin/wkssvcd Trust me! :-) Restart them all. Something gets wrong if you change the password at the moment. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From umehlig at uni-bremen.de Fri Jan 14 16:49:20 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <387F5236.4E5A4BE4@NetUSE.DE> (lk@NetUSE.DE) References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <200001141538.QAA12442@pandora3.localnet> <387F49EE.CC798103@NetUSE.DE> <200001141637.RAA12750@pandora3.localnet> <387F5236.4E5A4BE4@NetUSE.DE> Message-ID: <200001141649.RAA13238@pandora3.localnet> Lars Kneschke > Trust me! :-) O.K. > Restart them all. Something gets wrong if you change the password > at the moment. didn't help :-( But thank you anyway! -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From giulioo at pobox.com Fri Jan 14 16:51:38 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:28:00 2003 Subject: Roaming profiles with 95/98 and NT clients In-Reply-To: <387F502B.ADE86522@em.pucrs.br> References: <387F502B.ADE86522@em.pucrs.br> Message-ID: <20000114165024.69DC488D4@i3.golden.dom> On Sat, 15 Jan 2000 03:31:51 +1100, hai scritto: >It does not map correctly the home directory under 95/98 but NT works >fine. Samba is mapping the profiles share as the home drive for 95/98. >This is what I have in smb.conf (relevant sections only): > Beforehand I used the roaming profiles in the home share with no >problems at all. >Any solution to this problem? samba < 2.0.6 if you use a "logon path" outside of the home share then "net use h: /home" will incorrectly map to the profile share instead of the home share. samba-2.0.6 "net use h: /home" works perfectly but "logon path" is ignored if you use a path outside of the home share. It's said that samba-2.0.7 will fix both issues. -- giulioo@pobox.com From gtm at oracom.com Fri Jan 14 17:02:11 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:28:00 2003 Subject: regisrty rights References: Message-ID: <387F5693.5B60FD89@oracom.com> Seth Vidal wrote: > > You would think but when I run word for instance it tries to finish the > > setup and part way through that I get an error saying: > > > > Error 1925. You do not have sufficient privs to complete this > > installation for all users of the machine. Log on as Administrator and > > retry this installation. > > Why is it trying to run the install for all users on the system? Is there > > any way to change this? > > There are (if I remember) 3 stages to the install. There is the "install > bins", admin config and user config. > > are you sure you're not in the admin config section? > > try doing that part as an admin then login as a user (with a fresh > ntuser.dat) and see if it still has a section to run. > > -sv I have no idea. I run setup from the cd as an admin user to install o2k. Once that is done reboot. Log in as any user w/ or w/o admin privs and start word. It brings up a dialog box that says installing o2k... If that person has admin privs it works fine, if that person doesn't have admin privs it fails with the error reported in the last mail. This is true for local users and domain users. It has to be a bug because if I do it as local users it fails the same way. I can't find anything on the microsoft web site about it. Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From Dseven at Dseven.ORG Fri Jan 14 17:08:05 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Fri, 14 Jan 2000 08:27:06 +0100." Message-ID: <200001141708.RAA11481@mimas.Dseven.ORG> Jean Francois Micouleau writes: : On Fri, 14 Jan 2000, Iain MacDonnell wrote: : : > I've currently got a nameless printer inside the "Printers" share, but : > no printer at the level above that (where it usually appears). : : what SP are you running on your wks ? SP5 : > Processing section "[printers]" : > doing parameter comment = All Printers : > doing parameter path = /usr/spool/public : : the spoolss code doesn't handle the [printers] section correctly. You have : to define each printers as different sections. Not true, it seems, but it did point me in the right direction - I changed my [printers] section to be browseable, and everything's fine again (ie kryten appears in the toplevel when browsing the server, allowing me to install it, etc). ~Iain From dejan.ilic at home.se Fri Jan 14 17:17:03 2000 From: dejan.ilic at home.se (Dejan Ilic) Date: Tue Dec 2 02:28:00 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB5631C7@xcgmd008.md.essd.north grum.com> Message-ID: I browsed thru WinNT Terminal Server documentation and indeed there is a new command included with it : "msg" ----- Terminal server online documentation excerpt MSG Sends a message to a user or users. SYNTAX msg {username|sessionname|sessionid|@filename|*} [/server:servername] [/time:seconds][/v][/w][message] /server:servername specifies the Terminal Server. Otherwise, the current Terminal server is used. ----- This seems to be an extension to the "net send" command and has the possibility to send messages to a specific user, including specifying another terminal server. It seems that at least TS-servers would be able to send to correct users if we add support to smbclient. Simple tests with sending message on the console shows that the message sent with "msg" looks the same on the screen as "net send". I will have to set up a second TS to see if it realy supports sending to a specific user without disturbing the other users, but everything is pointing in that direction and that Microsoft/Citrix found out the same problem when programing TS. I will try to get a network trace, but it will take a while as it is the first time I'm doing it for Samba needs. Is there a easy howto on network tracing SMB somewhere ? I would be nice to include support for this in smbclient, besides "broadcast messages" and a domain user (without specifying machinename ?) Dejan On Thu, 13 Jan 2000, Cole, Timothy D. wrote: > > -----Original Message----- > > From: Dejan Ilic [SMTP:dejan.ilic@home.se] ... > > smbclient can send to a specific (netbiosname) machine but not to a > > specific user on that machine. You can only supply the senders user, not > > receiver. This is not a problem today as we have WinNT workstations where > > only one user at time work, and the messages are usualy directed to that > > user. > > Basically the way it works is that each user that logs in registers > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > logged in on. I believe when net send sends to a specific user, it looks up > this record, then dispatches the message to the messenger service at that > particular IP. > > I don't think it's any more involved than that, since it's not > unheard of to have problems with having two users with the same name in > different domains to each randomly get print notifications and other > messages intended for the other. I think this is because the domain isn't a > component of the 0x03 name, so the most recent user to log in gets all > messages for all users with the same name in all domains. > > This also suggests to me that the actual windows messanging setup is > machine-based, rather than user-based. I have really no idea how terminal > server copes with that, or if it even does. > -- ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-(0)13-473 01 06 Email: dejan.ilic@home.se Web: http://www.lysator.liu.se/~svedja ===================================================================== From bruce at mergent.com Fri Jan 14 17:25:29 2000 From: bruce at mergent.com (Bruce Reed) Date: Tue Dec 2 02:28:00 2003 Subject: where's "domain group map" in latest CVS source? Message-ID: I've just downloaded the latest CVS source, compiled it, and set up a PDC linux samba server for which most everything is working. Two problems I haven't solved are: 1)When I attempt to add Domain Admins to the local Administrators group they turn into "Account Unknown" ids 2) I can't use the NT Server client admin tools (user manager, server manager, etc.) to administer the domain (access denied on a wkstation logged into the domain.) I saw a posting in the NT Domain Samba mailing list that indicated these sorts of problems may result from a group mapping failure, but it seems the current CVS version no longer supports the "domain group map" feature. Can anyone explain why this was removed and what's the correct way of mapping NT to Unix groups now? This is still documented in the NT Domain FAQ as working. From ctooley at joslyn.org Fri Jan 14 17:38:57 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <387F5236.4E5A4BE4@NetUSE.DE> Message-ID: <000901bf5eb6$3cbde540$1900a8c0@joslyn.org> I'm trying to follow the steps on the website that Lars created (thank you BTW) and am coming up with only smbd and nmbd starting and staying running. When I run the others they run and then go away. Any help? Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Lars Kneschke Sent: Friday, January 14, 2000 10:48 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: My smb problem.. Ulf Mehlig wrote: > > Lars Kneschke wrote > > > Maybe some of your samba-process are crashed. Try to restart > > them, before you try to login to the domain from your > > workstation. > > And, no the file ...private/DOMAINNAME.CLIENTNAME.MAC" must not > > exist. > > I don't think so -- here's a ps ax|grep samba: > > 12560 ? S 0:00 /usr/local/samba/bin/nmbd -D > 12635 ? S 0:00 /usr/local/samba/bin/smbd -D > 12649 ? S 0:00 /usr/local/samba/bin/browserd > 12658 ? S 0:00 /usr/local/samba/bin/lsarpcd > 12667 ? S 0:00 /usr/local/samba/bin/netlogond > 12676 ? S 0:00 /usr/local/samba/bin/samrd > 12685 ? S 0:00 /usr/local/samba/bin/spoolssd > 12694 ? S 0:00 /usr/local/samba/bin/srvsvcd > 12703 ? S 0:00 /usr/local/samba/bin/svcctld > 12712 ? S 0:00 /usr/local/samba/bin/winregd > 12721 ? S 0:00 /usr/local/samba/bin/wkssvcd Trust me! :-) Restart them all. Something gets wrong if you change the password at the moment. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lkcl at samba.org Fri Jan 14 17:54:26 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: still out of domain In-Reply-To: <200001141214.NAA02390@pandora3.localnet> Message-ID: On Fri, 14 Jan 2000, Ulf Mehlig wrote: > Hello out there, > > I think I've sent a mail about not being able to join a domain > yesterday, but at least I didn't receive it up to now. Once again: I > downloaded yesterday evening's cvs branch SAMBA_TNG, compiled with > "./configure.developer", deleted/emptied old stuff in .../private, > started all those daemons and let my samba server (intel Linux 2.2.13) > join the domain (smbpasswd -a -m pandora3; smbpasswd -j > olymp). Afterwards I added the client (vmware: NT 4.0/SP5) to > smbpasswd (smbpasswd -m -a pseudo). > > Unfortunately, the client still won't join the domain, complaining > about "connection to domain controller not possible, have to ask your > sys admin to check the domain account" (free translation from German > NT's message). I'm not a big help in reading the 100' logs, the only > thing that's odd to me is this (from log.pseudo): > > domain_client_validate: unable to validate password for user PSEUDO$ > in domain OLYMP to Domain controller \\.. yes, this is a connection on internal loopback from smbd using netlogond to verify the user PSEUDO$. which tells me that you have the wrong trust account password (smbpasswd -m -a pseudo$ set the wrong password, possibly). ok, can you do a netmon trace, i need to see how far joining gets, and also send an smb.conf file? thx. From lkcl at samba.org Fri Jan 14 18:11:23 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <012801bf5e92$68011200$0164a8c0@win981> Message-ID: On Fri, 14 Jan 2000, Mike Harris wrote: > Fredrik, > > Attached my smb.conf file, but don't take it as gospel - it's very quickly > configured (and there's a few mistakes in it with netlogon and profiles) so > I could just get it up and running and test. In my case, I'm using my Samba > server as DMB and WINS and connection with W2K Professional. I couldn't get > this to work until after the TNG updates yesterday afternoon CET as before > smbd crashed when attempting to join the domain. > > I compiled TNG with no configure options, default make and install. Started > all 12 daemons. I've a RedHat 6.x script at > http://www.psand.net/scripts/samba/smb-2.1.html that does this. > > Anyway loosely, here are my set-up steps: > > 1. Set-up minimal smb.conf: > > workgroup=DOMAIN > security=user > encrypt passwords=yes > domain logons=yes > preferred master=yes > domain master=yes > wins support=yes > announce version=4.2 > os level=32 > > and the homes share. > > 2. Add the Samba server to domain and join: > > useradd SAMBASRV$ > smbpasswd -a -m SAMBASRV > smbpasswd -j DOMAIN > > 3. Add the W2K machine: > > useradd W2KPRO1$ > smbpasswd -a -m W2KPRO1 > > 4. Set-up W2K machine to support NetBIOS over TCP/IP, WINS points at Samba > server. The join the domain. When prompted for admin name enter > DOMAIN\root and password. I've added an account 'Administrator' to my UNIX > password file and smbpasswd to speed things up. > > That's all I did! If step 4 fails, I found that re-running smbpasswd on > the machine name helped. mike, nt5 is intelligent enough to add a workstation trust account password with a random-based password, so you shouldn't have to use smbpasswd -a -m w2kpro1. in fact, if you _do_ this, it's a [minimal] security risk. using smbpasswd to add trust accounts with default, well-known passwords, is _Really_ bad. i let nt5 do the joining, particularly now that you _have_ to type in the admin DOMAIN\user pass in the net-control-pan box, now. -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 794 bytes Desc: Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000115/12c769b5/smb.obj From mdejong at diginexus.com Fri Jan 14 18:17:37 2000 From: mdejong at diginexus.com (Mark de Jong) Date: Tue Dec 2 02:28:00 2003 Subject: Adding NT user accounts Message-ID: <7E290B6FCD7CD311AED000A0C9D6368B05FCCB@leroy.diginexus.com> Is it possible to create NT user accounts using Samba if it is configured as a BDC? Is it still possible to set up Samba as a BDC? Thanks, Mark From lkcl at samba.org Fri Jan 14 18:17:51 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: See What You've Done? In-Reply-To: <4128C0428F94D3118F1E00902773CED201B3CD@NNSBOIS1> Message-ID: On Sat, 15 Jan 2000, Jeremy Jones wrote: > I hope you're happy... > You've scared Bill Gates, he's quit and he's going home. he hasn't quit, he's become technical/soft-eng director. now maybe he'll have some time to talk to me, i have _lots_ to say, as you can imagine :) From lkcl at samba.org Fri Jan 14 18:16:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: domain group map In-Reply-To: <387F4101.95BA39C0@oracom.com> Message-ID: On Sat, 15 Jan 2000, Glenn MacGregor wrote: > Lars Kneschke wrote: > > > Glenn MacGregor wrote: > > > > > > Hi all, > > > > > > I am using a combination of head branch and tng branch which I just > > > got today (tng). I have smbd and nmbd from main (pre-3.0.0) has domain > > > group map been taking out of that? How do I log into a domain and get > > > admin privs? > > You can find more information at my webpage: > > http://www.kneschke.de/projekte/samba_tng/administrator.php3 > > > > Cu > > > > -- > > > > Do you like Samba? > > Do you know KSamba? > > Try http://www.ksamba.org!! > > Or watch our other projects at http://www.kneschke.de/projekte! > > I did that, and it seems that I am now a local admin but using usrmgr for > domains I still can't add a group or user. Any Clues? hmmm... you _should_ be able to change a user's password (existing user). i definitely haven't added support to add groups, as that would require modifying the unix /etc/groups database. adding _users_ should work: it does with rpcclient. maybe i should check this out [again :)] From mg at plum.de Fri Jan 14 18:40:27 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:28:00 2003 Subject: where's "domain group map" in latest CVS source? References: Message-ID: <387F6D9B.B63721F9@plum.de> Bruce Reed wrote: > > I saw a posting in the NT Domain Samba mailing list that indicated these > sorts of problems may result from a group mapping failure, but it seems the > current CVS version no longer > supports the "domain group map" feature. Can anyone explain why this was > removed and what's the correct way of mapping NT to Unix groups now? This is > still documented in the NT Domain FAQ as working. I think you got the wrong CVS Branch ... do a clean checkout of : cvs -z3 -d :pserver:cvs@cvs.samba.org:/cvsroot co -r SAMBA_TNG samba regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From lkcl at samba.org Fri Jan 14 18:35:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: <200001141708.RAA11481@mimas.Dseven.ORG> Message-ID: > : the spoolss code doesn't handle the [printers] section correctly. You have > : to define each printers as different sections. > > Not true, it seems, but it did point me in the right direction - I changed > my [printers] section to be browseable, and everything's fine again (ie > kryten appears in the toplevel when browsing the server, allowing me to > install it, etc). it worked???? you got printing to work with SAMBA_TNG??? From lkcl at samba.org Fri Jan 14 18:49:23 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: where's "domain group map" in latest CVS source? In-Reply-To: Message-ID: On Sat, 15 Jan 2000, Bruce Reed wrote: > 1)When I attempt to add Domain Admins to the local Administrators group they > turn into "Account Unknown" ids > 2) I can't use the NT Server client admin tools (user manager, server > manager, etc.) to administer the domain (access denied on a wkstation logged > into the domain.) > > I saw a posting in the NT Domain Samba mailing list that indicated these > sorts of problems may result from a group mapping failure, but it seems the > current CVS version no longer > supports the "domain group map" feature. yes it does. > Can anyone explain why this was > removed and what's the correct way of mapping NT to Unix groups now? This is > still documented in the NT Domain FAQ as working. kworks for me. lars, please can you add a section on what info is needed to do detailed bug reporting, to your FAQ? including: - recompile with ./configure.developer - log level usage (100) - grep "INTERNAL" log.* - how to use gdb "where" on a coredump. thx! From lkcl at samba.org Fri Jan 14 18:50:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <000901bf5eb6$3cbde540$1900a8c0@joslyn.org> Message-ID: On Sat, 15 Jan 2000, Chris Tooley wrote: > I'm trying to follow the steps on the website that Lars created (thank you > BTW) and am coming up with only smbd and nmbd starting and staying running. > When I run the others they run and then go away. Any help? check the log files, they will report an error and why they exited. From patl at cag.lcs.mit.edu Fri Jan 14 18:50:13 2000 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Tue Dec 2 02:28:00 2003 Subject: Recommendations for production environment? Message-ID: I am looking for some free advice. I have used Samba for years to provide logon service to Win9x clients. Whenever I set up a NT machine, I have made it standalone (workgroup member, not domain), because I was not sure that Samba's Domain Controller support was ready for production use. I am now required to streamline the process of setting up NT workstations and to unify the account database, which means I need a domain. I want very much to avoid running any infrastructure on NT Server... I have read the FAQs and followed this list for some time, so I know I have four options: 1) "Just do it" -- Create machine accounts on our 2.0.6 Samba server and hope the Domain Controller support works well enough. 2) Use CVS HEAD branch, similar configuration. 3) Use CVS SAMBA_TNG branch, same but need to create machine account for Samba server itself and make sure to run the various and sundry daemons. 4) Same as (3), but use smbd and nmbd from HEAD branch for stable file and WINS service. I only have two needs, really. First, basic authentication/logon support. This includes running a logon script (is this correct for NT?) to mount some drives from various places. Users need to be able to change their passwords from their NT boxes (we have this working on Win98 now with encrypted passwords + passwd sync). I can run this authentication/logon service on a machine which does not provide print or file services, as long as I can still have profiles and a logon script. Second, dialup networking authentication. NT's User Manager has this little checkbox for each user labelled "allow dialup access" or somesuch. I want our NT dialup server to think that little box is checked for a set of users of my choosing. Whether I configure this with NT's User Manager or with some manual hack on the Unix side is unimportant. (This is less important than my first need.) Could anyone here compare my four options (pros/cons) or suggest others? Thanks! - Pat From lkcl at samba.org Fri Jan 14 18:52:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: Adding NT user accounts In-Reply-To: <7E290B6FCD7CD311AED000A0C9D6368B05FCCB@leroy.diginexus.com> Message-ID: On Sat, 15 Jan 2000, Mark de Jong wrote: > Is it possible to create NT user accounts using Samba if it is configured as > a BDC? yeeesss... but you want to be creating the accounts on the PDC, not the BDC. > Is it still possible to set up Samba as a BDC? yes, but remember that you need to run rpcclient samsync command as root from a cron job to update, it doesn't happen automatically, yet. From lkcl at samba.org Fri Jan 14 19:11:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: Adding NT user accounts In-Reply-To: <7E290B6FCD7CD311AED000A0C9D6368B05FCCC@leroy.diginexus.com> Message-ID: On Fri, 14 Jan 2000, Mark de Jong wrote: > Luke, thanks for your quick response. The PDC is a Winnt box. right now I'm > setting up user accounts in NT and in Linux individually. I want to > consolidate the process. Since I cannot make linux the PDC, my next thought > was to make it the BDC. It that necessary to create the NT user accounts? If > so, how do I make it the BDC? Where can I get some good documentation on the > process? www.samba.org didn't help much. domain logons = yes domain master = no security = user password server = THEPDCNAME workgroup = THEPDCDOMAINNAME unixrootprompt# rpcclient -S THEPDCNAME -U admin%pass -W THEPDCDOMAINNAME [DOM\admin@PDC$ ] lsaquery [DOM\admin@PDC$ ] createuser YOURSAMBASERVERNAME$ -s -j create trust account: OK join domain: OK. [DOM\admin@PDC$ ] samsync you WILL need to have created unix /etc/passwd entries in advance of doing the sam sync command. From fredrikf at jmeab.se Fri Jan 14 19:16:47 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:28:00 2003 Subject: No subject Message-ID: <001801bf5ec3$e7798e00$6e00a8c0@kalve> Anyone know how to fix this problem?: "The following error occurred attempting to join the domain "REDHAT": A remote procedure call (RPC) protocol error occured." From ctooley at joslyn.org Fri Jan 14 20:34:06 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:28:00 2003 Subject: FW: Message-ID: <000901bf5ece$b40a21a0$1900a8c0@joslyn.org> Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: Fredrik Falk [mailto:fredrikf@jmeab.se] Sent: Friday, January 14, 2000 2:33 PM To: Chris Tooley Subject: Re: Well, i have downloaded samba TNG.. and i have: configure, make, make install ... and my smb.conf is like; [global] debug level=3 security = user workgroup = REDHAT encrypt passwords = yes printcap name = /etc/printcap load printers = yes logon script = %U.bat logon home = "\\%N\%U" logon path = \\%L\Profiles\%U domain logons = yes os level = 33 preferred master = yes domain master = yes wins support = yes time server = yes status = yes [homes] etc... i added: useradd sambaserver\$ smbpasswd -a -m sambaserver smbpasswd -j sambaserver useradd workstation\$ smbpasswd -a -m workstation smbpasswd -a mywindowsloginname ... I have stated all demons in /usr/local/samba/bin/ Then i go to Properties in Network Identification (System Properties) and select Member of domain.. and enter my domain name REDHAT .. after that i get a window.. there i enter my user/pass that i added with smbpasswd ..after that i get that message.. Some info that you don't need i think :) my tcp/ip is like: ip: 192.168.0.110 mask: 255.255.255.0 dns: 192.168.0.1 gateway: 192.168.0.1 wins: 192.168.0.1 hostname: kalve.ml.org my server have an DNS server... and my server ip are 192.168.0.1..... ----- Original Message ----- From: "Chris Tooley" To: Sent: Friday, January 14, 2000 9:10 PM Subject: RE: > You need to give us a little more info about the situation. > > Chris Tooley > Software Specialist > Joslyn Art Museum > 2200 Dodge St > Omaha, NE 68102 > (402)342-3300 ext 247 > (402)342-0091 fax > > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Fredrik Falk > Sent: Friday, January 14, 2000 1:26 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: > > > Anyone know how to fix this problem?: > "The following error occurred attempting to join the domain "REDHAT": A > remote procedure call (RPC) protocol error occured." From lkcl at samba.org Fri Jan 14 20:44:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: FW: In-Reply-To: <000901bf5ece$b40a21a0$1900a8c0@joslyn.org> Message-ID: > i added: > useradd sambaserver\$ > smbpasswd -a -m sambaserver > smbpasswd -j sambaserver > useradd workstation\$ > smbpasswd -a -m workstation > smbpasswd -a mywindowsloginname you also need useradd mywindowsloginname else the smbpasswd -a mywindowsloginnname will fail. From Dseven at Dseven.ORG Fri Jan 14 21:36:05 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Sat, 15 Jan 2000 05:35:48 +1100." Message-ID: <200001142136.VAA11545@mimas.Dseven.ORG> Luke Kenneth Casson Leighton writes: : > : the spoolss code doesn't handle the [printers] section correctly. You hav + e : > : to define each printers as different sections. : > : > Not true, it seems, but it did point me in the right direction - I changed : > my [printers] section to be browseable, and everything's fine again (ie : > kryten appears in the toplevel when browsing the server, allowing me to : > install it, etc). : : it worked???? you got printing to work with SAMBA_TNG??? Yup, printing from NT4 / SP5 works just fine, for a printer that's already "Installed" on the client. There are some quirks with the services under NN, as JF points out - the easiest way to get around this seems to be to define a service for each printer, eg: [kryten] comment = Service for printer kryten path = /usr/spool/public writable = no browseable = yes guest ok = no public = yes printable = yes :) ~Iain From ely at txc.com Fri Jan 14 21:35:26 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:28:00 2003 Subject: User Manager still a problem Message-ID: <387F969E.A0E3AA7D@txc.com> Still can't use User Manager. When I opened it I got the massage: "The RPC server is unavailable." I use the latest combined SAMBA_TNG and main. Downloaded at 4:00pm eastern time (US) Ely Zavin From lkcl at samba.org Fri Jan 14 22:02:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: User Manager still a problem In-Reply-To: <387F969E.A0E3AA7D@txc.com> Message-ID: works fine for me. i have two users and 20 domain groups. i have a "domain group map" file domaingroup.map with one entry in it, "rootgrp="Domain Admins"". On Sat, 15 Jan 2000, Ely Zavin wrote: > Still can't use User Manager. When I opened it I got the massage: > "The RPC server is unavailable." I use the latest combined SAMBA_TNG > and main. Downloaded at 4:00pm eastern time (US) > Ely Zavin > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From osabmt00 at fht-esslingen.de Fri Jan 14 22:58:48 2000 From: osabmt00 at fht-esslingen.de (Osama Abu-Aish) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: References: <200001141708.RAA11481@mimas.Dseven.ORG> Message-ID: <200001142257.XAA02160@rslx01.fht-esslingen.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 15 Jan 00, um 5:39 Uhr schrieb Luke Kenneth Casson Leighton zum Thema Re: TNG / inet_aton : Dazu meine Meinung: > it worked???? you got printing to work with SAMBA_TNG??? works for me also :-) But I can't show / change file-permissions on shares anymore with TNG from yesterday. NT tells me "the parameter is wrong". Same configuration worked two weeks ago (and works with HEAD and 2.0.6). If it helps I'll provide You with logs, config, etc... Greetings Osama -----BEGIN PGP SIGNATURE----- Version: PGP 5.5.5 -- QDPGP 2.12 Comment: Encrypted with PGP 5.5.3i - key available upon request. iQA/AwUBOH+cGAmMXnP+meK2EQKjyQCguYAdEvD83419pYgfovZsMvV6NTMAnAjy vHF4clj7WgLYZBrMjKJUJFHK =Fsv3 -----END PGP SIGNATURE----- From lkcl at samba.org Fri Jan 14 23:03:11 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: NETLOGON "secure channel" Message-ID: i think i might have got it. there is one bit that i'm missing, which is how to deal with more than one request/response, but i have some ideas. this means that samba will be able to interoperate with NT4sp4, even if the "NETLOGON secure channel" is set to "required" in the registry. for info on how to do this, search microsoft's KB database, it's in there. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Fri Jan 14 23:04:14 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: <200001142257.XAA02160@rslx01.fht-esslingen.de> Message-ID: osama, change file permissions is not supported in SAMBA_TNG's smbd, you will need to mix smbd/nmbd from cvs main with SAMBA_TNG msrpc daemons to do that. thx! On Sat, 15 Jan 2000, Osama Abu-Aish wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Am 15 Jan 00, um 5:39 Uhr schrieb Luke Kenneth Casson Leighton zum Thema Re: TNG / inet_aton : > Dazu meine Meinung: > > > it worked???? you got printing to work with SAMBA_TNG??? > works for me also :-) > > But I can't show / change file-permissions on shares anymore with TNG from yesterday. > NT tells me "the parameter is wrong". Same configuration worked two weeks ago (and works with > HEAD and 2.0.6). > > If it helps I'll provide You with logs, config, etc... > > Greetings Osama > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 5.5.5 -- QDPGP 2.12 > Comment: Encrypted with PGP 5.5.3i - key available upon request. > > iQA/AwUBOH+cGAmMXnP+meK2EQKjyQCguYAdEvD83419pYgfovZsMvV6NTMAnAjy > vHF4clj7WgLYZBrMjKJUJFHK > =Fsv3 > -----END PGP SIGNATURE----- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Fri Jan 14 23:19:27 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: <200001142308.AAA02804@rslx01.fht-esslingen.de> Message-ID: > > change file permissions is not supported in SAMBA_TNG's smbd, you will > > need to mix smbd/nmbd from cvs main with SAMBA_TNG msrpc daemons to do > > that. > > hmm, I currently use TNG combined with smbd from main. Is ist necessary to also > use nmbd from main ? If Yes, why #-) ? uhhhh.... argh. you have a point. argh. no, you want nmbd from SAMBA_TNG, as it supports the proper GETDC and SAMLOGON requests (including user unknown SAMLOGONs). lars, could you update the SAMBA_TNG faq to reflect this? thx! From Ghaeini.Mohammad at amstr.com Fri Jan 14 23:42:00 2000 From: Ghaeini.Mohammad at amstr.com ( ("Mohammad X Ghaeini")) Date: Tue Dec 2 02:28:00 2003 Subject: domain groupname Message-ID: I am new to this list. How do I validate a domain group name on Samba 2.0.6, my apologies if this question has been posted before. Thanks in advance. Mohammad From sharpe at ns.aus.com Thu Jan 13 22:29:16 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:00 2003 Subject: smbtorture won't compile anymore ... Message-ID: <3.0.6.32.20000114082916.009bb390@mail.adelaide.on.net> Hi, I am trying to build RPMs of Samba TNG for a couple of platforms, and it works OK, as long as I remove things like smbtorture etc from the build process. In particular, smbtorture will no longer compile because cli_session_setup now has an extra argument, the domain that the caller wants to log into, while smbtorture is not passing that argument. What can/should I set this to? Is there a default? Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lkcl at samba.org Sat Jan 15 05:37:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: smbtorture won't compile anymore ... In-Reply-To: <3.0.6.32.20000114082916.009bb390@mail.adelaide.on.net> Message-ID: On Sat, 15 Jan 2000, Richard Sharpe wrote: > Hi, > > I am trying to build RPMs of Samba TNG for a couple of platforms, and it > works OK, as long as I remove things like smbtorture etc from the build > process. > > In particular, smbtorture will no longer compile because cli_session_setup > now has an extra argument, the domain that the caller wants to log into, > while smbtorture is not passing that argument. > > What can/should I set this to? Is there a default? it's actually an extra 2nd argument: old version: cli_state, char*user, pwd, len, nt_pwd, len, char*domain new version: cli_state, char* usershostname, char*user, pwd, .... typical values for this new 2nd argument are global_myname. From lars at kneschke.de Fri Jan 14 18:32:13 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:00 2003 Subject: where's "domain group map" in latest CVS source? References: Message-ID: <387F6BAD.9FEE3BE7@kneschke.de> Bruce Reed wrote: > I saw a posting in the NT Domain Samba mailing list that indicated these > sorts of problems may result from a group mapping failure, but it seems > the > current CVS version no longer > supports the "domain group map" feature. Can anyone explain why this was > removed and what's the correct way of mapping NT to Unix groups now? This > is > still documented in the NT Domain FAQ as working. It is there, i used i today. You can find more about that on my homepage http://www.kneschke.de/projekte/samba_tng Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From lars at kneschke.de Sat Jan 15 10:56:23 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:00 2003 Subject: Recommendations for production environment? References: Message-ID: <38805257.F9105A39@kneschke.de> "Patrick J. LoPresti" wrote: > I have read the FAQs and followed this list for some time, so I know I > have four options: > > 1) "Just do it" -- Create machine accounts on our 2.0.6 Samba server > and hope the Domain Controller support works well enough. > > 2) Use CVS HEAD branch, similar configuration. > > 3) Use CVS SAMBA_TNG branch, same but need to create machine account > for Samba server itself and make sure to run the various and > sundry daemons. > > 4) Same as (3), but use smbd and nmbd from HEAD branch for stable > file and WINS service. I would use 4. > First, basic authentication/logon support. This includes running a > logon script (is this correct for NT?) to mount some drives from > various places. Users need to be able to change their passwords from > their NT boxes (we have this working on Win98 now with encrypted > passwords + passwd sync). I can run this authentication/logon service > on a machine which does not provide print or file services, as long as > I can still have profiles and a logon script. Password changing doesn't work at the moment. But this gets solved. Logon Scripts and profiles work very well for me. > Second, dialup networking authentication. NT's User Manager has this > little checkbox for each user labelled "allow dialup access" or > somesuch. I want our NT dialup server to think that little box is > checked for a set of users of my choosing. Whether I configure this > with NT's User Manager or with some manual hack on the Unix side is > unimportant. (This is less important than my first need.) Don't that this will work! But i don't know it. -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From lkcl at samba.org Sat Jan 15 15:54:31 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: Recommendations for production environment? In-Reply-To: <38805257.F9105A39@kneschke.de> Message-ID: > Password changing doesn't work at the moment. But this gets solved. oops, i forgot about that. > > Second, dialup networking authentication. NT's User Manager has this > > little checkbox for each user labelled "allow dialup access" or > > somesuch. I want our NT dialup server to think that little box is > > checked for a set of users of my choosing. Whether I configure this > > with NT's User Manager or with some manual hack on the Unix side is > > unimportant. (This is less important than my first need.) i need to distinguish between these cases with netmon traces. it will help me narrow down some of the "unknown" parameters ins SAM_USER_21, SAM_USER_23 and NET_USER_INFO_3 in rpc_samr.h and rpc_netlogon.h From lynn at cis.usouthal.edu Sat Jan 15 19:45:14 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:00 2003 Subject: Groups Message-ID: I have a machine which I want to use as a PDC for three seperate domains. Is it possible to restrict the users which can log into a domain? Thanks. Keith Lynn From mike at psand.net Sat Jan 15 21:08:41 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:28:01 2003 Subject: My smb problem.. References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <000b01bf5ebb$6be49120$6e00a8c0@kalve> <01aa01bf5ec7$92334680$0164a8c0@win981> <000501bf5ec3$506456d0$6e00a8c0@kalve> <002601bf5ecf$f07369c0$0164a8c0@win981> <003401bf5ec5$d5f7d360$6e00a8c0@kalve> Message-ID: <00ac01bf5f9d$632a8b60$0164a8c0@win981> hmmm.... not seen it - I think things changed between RC2 and RC3, may be they've changed again?? Mike. ----- Original Message ----- From: Fredrik Falk To: Mike Harris Sent: Friday, January 14, 2000 7:30 PM Subject: Re: My smb problem.. > Final > ----- Original Message ----- > From: "Mike Harris" > To: "Fredrik Falk" > Sent: Friday, January 14, 2000 9:41 PM > Subject: RE: My smb problem.. > > > Which version of W2K are you using? > ----- Original Message ----- > From: Fredrik Falk > To: Mike Harris > Sent: Friday, January 14, 2000 7:12 PM > Subject: Re: My smb problem.. > > > > That helped me a bit to :) Now i dont get that error message any more... > Now > > i just get this one: > > "The following error occurred attempting to join the domain "REDHAT": > > A remote procedure call (RPC) protocl error occured." > > > > Hmm ? > > ----- Original Message ----- > > From: "Mike Harris" > > To: "Fredrik Falk" > > Sent: Friday, January 14, 2000 8:42 PM > > Subject: RE: My smb problem.. > > > > > > I think it means you're already connected the domain (possibly some > network > > connection). Try to reboot you're W2K machine and then log in locally as > > administrator and try it as the first thing. Check you haven't any > > persistent connections with 'net use'. > > > > Just a thought, > > > > Mike. > > ----- Original Message ----- > > From: Fredrik Falk > > To: Mike Harris > > Sent: Friday, January 14, 2000 6:16 PM > > Subject: Re: My smb problem.. > > > > > > > Tnx, but that dident help me so mutch.. No i get a bit longer then > > > yesterday... When im in the Identification Changes.. (System > Properties) > > > and try to change to member of domain... i get this error: > > > "The following error occured attempting to join the domain "REDHAT": > > > The credentials supplied conflict with an existing set of credentials." > > > Do you know what that is? > > > > > > ----- Original Message ----- > > > From: "Mike Harris" > > > To: "Fredrik Falk" > > > Sent: Friday, January 14, 2000 2:07 PM > > > Subject: RE: My smb problem.. > > > > > > > > > Fredrik, > > > > > > Attached my smb.conf file, but don't take it as gospel - it's very > quickly > > > configured (and there's a few mistakes in it with netlogon and profiles) > > so > > > I could just get it up and running and test. In my case, I'm using my > > Samba > > > server as DMB and WINS and connection with W2K Professional. I couldn't > > get > > > this to work until after the TNG updates yesterday afternoon CET as > before > > > smbd crashed when attempting to join the domain. > > > > > > I compiled TNG with no configure options, default make and install. > > Started > > > all 12 daemons. I've a RedHat 6.x script at > > > http://www.psand.net/scripts/samba/smb-2.1.html that does this. > > > > > > Anyway loosely, here are my set-up steps: > > > > > > 1. Set-up minimal smb.conf: > > > > > > workgroup=DOMAIN > > > security=user > > > encrypt passwords=yes > > > domain logons=yes > > > preferred master=yes > > > domain master=yes > > > wins support=yes > > > announce version=4.2 > > > os level=32 > > > > > > and the homes share. > > > > > > 2. Add the Samba server to domain and join: > > > > > > useradd SAMBASRV$ > > > smbpasswd -a -m SAMBASRV > > > smbpasswd -j DOMAIN > > > > > > 3. Add the W2K machine: > > > > > > useradd W2KPRO1$ > > > smbpasswd -a -m W2KPRO1 > > > > > > 4. Set-up W2K machine to support NetBIOS over TCP/IP, WINS points at > > Samba > > > server. The join the domain. When prompted for admin name enter > > > DOMAIN\root and password. I've added an account 'Administrator' to my > > UNIX > > > password file and smbpasswd to speed things up. > > > > > > That's all I did! If step 4 fails, I found that re-running smbpasswd > on > > > the machine name helped. > > > > > > Server Manager and User Manager work fine for viewing information about > > the > > > Samba server. Obviously none of the W2K ADS tools work whatsoever or at > > > all!! > > > > > > Hope this helps, > > > > > > Mike Harris, > > > Psand Espa?a. > > > ----- Original Message ----- > > > From: Fredrik Falk > > > To: Mike Harris > > > Sent: Thursday, January 13, 2000 8:20 PM > > > Subject: My smb problem.. > > > > > > > > > > Ok, Please could you tell me all the things that you did... > > > > And if its not to mutch then you could send me your smb.conf :) ... > > > > > > > > Fredrik > > > > ---- > > > > I downloaded TNG this afternoon and it works fine with W2K RC3. > > > > I'm NOT using smbd and nmbd from the Samba main, all TNG. > > > > > > > > Mike. > > > > ----- Original Message ----- > > > > From: Fredrik Falk > > > > To: Multiple recipients of list SAMBA-NTDOM > > > > Sent: Thursday, January 13, 2000 7:46 PM > > > > Subject: Problem!!!!! > > > > > > > > > > > > > Hello, I have a big problem with samba pre3.0... Before win2k could > > > found > > > > a > > > > > domain.. And it start asking for user/passwd... But i diden't fix > the > > > > > user/pass problem... So i downloaded a newer version of pre3.0... > And > > > > after > > > > > that win2k can't find any domain att all.... But it still works with > > > > > win98... > > > > > I have follow the instructions from: > > > > > http://www.kneschke.de/projekte/samba_tng > > > > > ... i have try to download it / re installed it like 10 times > now... > > > But > > > > > that dident help me .... So anyone can help me with this problem? > > > > > > > > > > > > > > > > > > > > > > > > From maillist at nudaymedia.com Sun Jan 16 00:02:54 2000 From: maillist at nudaymedia.com (Chavous Camp) Date: Tue Dec 2 02:28:01 2003 Subject: Problem with SAMBA_TNG Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Okay guys, I read the readme, I followed the faq, and I can't get samba to join it's own domain, as the faq says I should. passwd file contains an account for the PDC and one workstation smbpasswd -a -m nudaypdc smbpasswd -a -m nudaywks2 both of those commands complete without a hitch. smbpasswd -j nuday yeilds "Unable to join domain NUDAY" It recognizes that it is supposed to join the domain as a PDC, but it doesn't work! I have a log level 10 debug output attached to this email. Peruse it as you like. Any help would be appreciated, because I"m back to using the RPM from 2.0.6 (the most stable version I've found yet). - ---- Chavous P. Camp cpc@nudaymedia.com NuDay Media, Inc. Columbia, SC -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOIEKrWJw39BzDJ9pEQJbHgCfUOQTXvlIVZIzvqjfebX7XdDThAMAoMII GM9t55ElGsDyQ+Jaqsvkdfor =es6f -----END PGP SIGNATURE----- -------------- next part -------------- Unknown parameter encountered: "restrict anonymous" Ignoring unknown parameter "restrict anonymous" doing parameter debug timestamps = no Unknown parameter encountered: "debug timestamps" Ignoring unknown parameter "debug timestamps" doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 500 doing parameter name resolve order = lmhosts hosts bcast doing parameter time server = Yes doing parameter logon script = global.bat doing parameter domain logons = Yes doing parameter os level = 70 doing parameter preferred master = Yes doing parameter domain master = Yes doing parameter wins support = Yes doing parameter comment = Samba File Server and PDC doing parameter logon path = \\%L\profile\%u pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Derived broadcast address 208.150.171.255 Added interface ip=208.150.171.79 bcast=208.150.171.255 nmask=255.255.255.0 Joining Domain as PDC trust_account_file_name: /etc/private/NUDAY.NUDAYPDC.mac trust_account_file_name: /etc/private/NUDAY.NUDAYPDC.mac do_reseed: got 40 bytes from /dev/urandom. cli_connection_init: \\NUDAYPDC \PIPE\NETLOGON copy_nt_creds: null creds cli_net_use_add copy_nt_creds: user domain nopw Yes flgs: 0 cli_find: \\NUDAYPDC copy_nt_creds: null creds cli_init_creds: ntlmssp_flgs: 0 copy_nt_creds: user domain nopw Yes flgs: 0 cli_init_creds: ntlmssp_flgs: 0 resolve_srv_name: \\NUDAYPDC resolve_name: Attempting lmhosts lookup for name NUDAYPDC getlmhostsent: lmhost entry: 208.150.171.79 NUDAYPDC resolve_name: Attempting host lookup for name NUDAYPDC resolve_name: Attempting broadcast lookup for name NUDAYPDC<0x20> bind succeeded on port 0 nmb packet from 208.150.171.255(137) header: id=28833 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=NUDAYPDC<20> q_type=32 q_class=1 Sending a packet of len 50 to (208.150.171.255) on port 137 read_udp_socket: lastip 208.150.171.79 lastport 137 read: 62 parse_nmb: packet id = 28833 Received a packet of len 62 from (208.150.171.79) port 137 nmb packet from 208.150.171.79(137) header: id=28833 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=NUDAYPDC<20> rr_type=32 rr_class=1 ttl=259058 answers 0 char @....O hex 4000D096AB4F Got a positive name query response from 208.150.171.79 ( 208.150.171.79 ) returning OK cli_establish_connection: NUDAYPDC<00> connecting to NUDAYPDC<20> (208.150.171.79) - [] with NTLMv1, nopw: Yes Connecting to 208.150.171.79 at port 445 error connecting to 208.150.171.79:445 (Connection refused) Connecting to 208.150.171.79 at port 139 [000] 81 00 00 48 20 45 4F 46 46 45 45 45 42 46 4A 46 ...H EOF FEEEBFJF [010] 41 45 45 45 44 43 41 43 41 43 41 43 41 43 41 43 AEEEDCAC ACACACAC [020] 41 43 41 43 41 00 20 45 4F 46 46 45 45 45 42 46 ACACA. E OFFEEEBF [030] 4A 46 41 45 45 45 44 43 41 43 41 43 41 43 41 43 JFAEEEDC ACACACAC [040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. .... write_socket(5,76) write_socket(5,76) wrote 76 Sent session request got smb length of 0 [000] 82 00 00 00 .... size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 size=164 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2021 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=129 [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN [070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12 [080] 00 . write_socket(5,168) write_socket(5,168) wrote 168 got smb length of 89 size=89 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2021 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=58880 (0xE600) smb_vwv[8]=7 (0x7) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=53386 (0xD08A) smb_vwv[13]=44644 (0xAE64) smb_vwv[14]=48991 (0xBF5F) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=20 [000] 8A BE D8 4D EE 4D F2 FC 4E 00 55 00 44 00 41 00 ...M.M.. N.U.D.A. [010] 59 00 00 00 Y... size=89 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2021 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=58880 (0xE600) smb_vwv[8]=7 (0x7) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=53386 (0xD08A) smb_vwv[13]=44644 (0xAE64) smb_vwv[14]=48991 (0xBF5F) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=20 [000] 8A BE D8 4D EE 4D F2 FC 4E 00 55 00 44 00 41 00 ...M.M.. N.U.D.A. [010] 59 00 00 00 Y... server's domain: NUDAY bcc: 20 size=81 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2021 smb_uid=0 smb_mid=1 smt_wct=13 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=17408 (0x4400) smb_vwv[3]=2 (0x2) smb_vwv[4]=2021 (0x7E5) smb_vwv[5]=2022 (0x7E6) smb_vwv[6]=0 (0x0) smb_vwv[7]=1 (0x1) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_bcc=20 [000] 00 00 4E 55 44 41 59 00 55 6E 69 78 00 00 53 61 ..NUDAY. Unix..Sa [010] 6D 62 61 00 mba. write_socket(5,85) write_socket(5,85) wrote 85 got smb length of 71 size=71 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=30 [000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 70 Unix.Sam ba TNG-p [010] 72 65 61 6C 70 68 61 00 4E 55 44 41 59 00 realpha. NUDAY. size=71 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=30 [000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 70 Unix.Sam ba TNG-p [010] 72 65 61 6C 70 68 61 00 4E 55 44 41 59 00 realpha. NUDAY. size=64 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=4 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=1 (0x1) smb_bcc=21 [000] 00 5C 5C 4E 55 44 41 59 50 44 43 5C 49 50 43 24 .\\NUDAY PDC\IPC$ [010] 00 49 50 43 00 .IPC. write_socket(5,68) write_socket(5,68) wrote 68 got smb length of 49 size=49 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=8 [000] 49 50 43 00 49 50 43 00 IPC.IPC. size=49 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=8 [000] 49 50 43 00 49 50 43 00 IPC.IPC. size=80 smb_com=0x2d smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=15 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=66 (0x42) smb_vwv[4]=6 (0x6) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=17 (0x11) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_bcc=15 [000] 5C 50 49 50 45 5C 4E 45 54 4C 4F 47 4F 4E 00 \PIPE\NE TLOGON. write_socket(5,84) write_socket(5,84) wrote 84 got smb length of 65 size=65 smb_com=0x2d smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=15 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=28719 (0x702F) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=2 (0x2) smb_vwv[10]=50944 (0xC700) smb_vwv[11]=1 (0x1) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_bcc=0 size=65 smb_com=0x2d smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=15 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=28719 (0x702F) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=2 (0x2) smb_vwv[10]=50944 (0xC700) smb_vwv[11]=1 (0x1) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_bcc=0 Set Handle state Pipe[702f]: \PIPE\NETLOGON - device state:4300 size=78 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=16 smb_vwv[0]=2 (0x2) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=1024 (0x400) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=2 (0x2) smb_vwv[10]=76 (0x4C) smb_vwv[11]=0 (0x0) smb_vwv[12]=78 (0x4E) smb_vwv[13]=2 (0x2) smb_vwv[14]=1 (0x1) smb_vwv[15]=28719 (0x702F) smb_bcc=11 [000] 5C 50 49 50 45 5C 00 00 00 00 43 \PIPE\.. ..C write_socket(5,82) write_socket(5,82) wrote 82 got smb length of 56 size=56 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=1 [000] 00 . size=56 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=1 [000] 00 . Realloc asked for 0 bytes Realloc asked for 0 bytes Set Handle state: return OK Bind RPC Pipe: \PIPE\NETLOGON Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... create_rpc_noauth_bind_req 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 1630 0002 max_rsize: 1630 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 0010 data : 78 56 34 12 34 12 cd ab ef 00 01 23 45 67 cf fb 0020 version: 00000001 000024 smb_io_rpc_iface 0024 data : 04 5d 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 0034 version: 00000002 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 00 0004 pack_type : 00000010 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 cli_send_and_rcv_pdu_trans: cmd:26 fnum:702f cli_send_and_rcv_pdu_trans: len: 72 cli_send_trans_data: data_len: 72 cmd:26 fnum:702f size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=16 smb_vwv[0]=0 (0x0) smb_vwv[1]=72 (0x48) smb_vwv[2]=0 (0x0) smb_vwv[3]=2048 (0x800) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=76 (0x4C) smb_vwv[11]=72 (0x48) smb_vwv[12]=76 (0x4C) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=28719 (0x702F) smb_bcc=81 [000] 5C 50 49 50 45 5C 00 00 00 05 00 0B 00 10 00 00 \PIPE\.. ........ [010] 00 48 00 00 00 01 00 00 00 30 16 30 16 00 00 00 .H...... .0.0.... [020] 00 01 00 00 00 00 00 01 00 78 56 34 12 34 12 CD ........ .xV4.4.. [030] AB EF 00 01 23 45 67 CF FB 01 00 00 00 04 5D 88 ....#Eg. ......]. [040] 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 00 ........ .+.H`... [050] 00 . write_socket(5,152) write_socket(5,152) wrote 152 got smb length of 60 size=60 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=4 (0x4) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=4 (0x4) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=60 (0x3C) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=5 [000] 00 32 00 00 00 .2... size=60 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=4 (0x4) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=4 (0x4) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=60 (0x3C) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=5 [000] 00 32 00 00 00 .2... Realloc asked for 0 bytes rpc_check_hdr: rdata->data_size: 0 000000 smb_io_rpc_hdr rpc_hdr _prs_uint8 error ps: io Yes align 4 offset 0 err 1 data (nil) len 0 rpc_check_hdr: error in rpc header rpc_pipe_bind failed size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=28719 (0x702F) smb_vwv[1]=65535 (0xFFFF) smb_vwv[2]=65535 (0xFFFF) smb_bcc=0 write_socket(5,45) write_socket(5,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 cli_net_use_del: \\NUDAYPDC. force close: No cli_nt_setup_creds: request challenge failed 2000/01/15 18:15:22 : change_trust_account_password: Failed to change password for domain NUDAY. From lkcl at samba.org Sun Jan 16 00:43:40 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: Problem with SAMBA_TNG In-Reply-To: Message-ID: hi, you're getting 5 bytes back from the NETLOGON Bind Request (and it's not a Bind Response PDU either )when you should be receiving a full Bind Response PDU of about 72 bytes. please therefore send your log.NETLOGON file which should at least contain an acknowledgement of the connection from smbd, and debug level 100 is prefererable. thx! On Sun, 16 Jan 2000, Chavous Camp wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Okay guys, I read the readme, I followed the faq, and I can't get > samba to join it's own domain, as the faq says I should. > > passwd file contains an account for the PDC and one workstation > smbpasswd -a -m nudaypdc > smbpasswd -a -m nudaywks2 > > both of those commands complete without a hitch. > > smbpasswd -j nuday > > yeilds "Unable to join domain NUDAY" > > It recognizes that it is supposed to join the domain as a PDC, but it > doesn't work! > > I have a log level 10 debug output attached to this email. Peruse it > as you like. > Any help would be appreciated, because I"m back to using the RPM from > 2.0.6 (the most stable version I've found yet). > > - ---- > Chavous P. Camp > cpc@nudaymedia.com > NuDay Media, Inc. > Columbia, SC > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > > iQA/AwUBOIEKrWJw39BzDJ9pEQJbHgCfUOQTXvlIVZIzvqjfebX7XdDThAMAoMII > GM9t55ElGsDyQ+Jaqsvkdfor > =es6f > -----END PGP SIGNATURE----- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 16 01:51:12 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: Groups In-Reply-To: Message-ID: yes. use smb passwd file = /usr/local/samba/private/DOMAINNAME.smbpasswd etc. set it up with three separate ip addresses, one per domain. use bind interfaces etc blah, it's been done before, check the archives, last time someone reported this was about three weeks ago. good luck, let us know how you get on. luke On Sun, 16 Jan 2000, Keith Lynn wrote: > I have a machine which I want to use as a PDC for three seperate domains. > Is it possible to restrict the users which can log into a domain? Thanks. > Keith Lynn > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 16 01:52:39 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: My smb problem.. In-Reply-To: <00ac01bf5f9d$632a8b60$0164a8c0@win981> Message-ID: On Sun, 16 Jan 2000, Mike Harris wrote: > hmmm.... not seen it - I think things changed between RC2 and RC3, may be > they've changed again?? i got rc3 to join the domain, no problems. From lynn at cis.usouthal.edu Sun Jan 16 04:28:13 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:01 2003 Subject: Groups In-Reply-To: Message-ID: Thanks for your help. Unfortunately, I am having trouble trying to get Samba to run three seperate domains. I have different physical interfaces and assigned IP addresses to them so that they are in the subnet they should control. However, when I try to check the server with smbclient, I can only connect to the first one I run. These are the configuration files I'm using for two of the subnets. [global] netbios name = FCW23 workgroup = FRESHMEN wins support = yes domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes smb passwd file = /usr/local/samba/private/smbpasswd.fcw23 interfaces = 192.168.103.21/255.255.255.0 bind interfaces only = yes [netlogon] comment = FRESHMEN domain service path = /ili2/labs/fcw23/logon public = no writeable = no browsable = no [share] comment = Share directory for FRESHMEN path = /ili2/labs/freshmen/share read only = no [freshmen] comment = Freshmen directory for EAST21 path = /ili2/labs/freshmen/freshmen read only = no [global] netbios name = FCE19 workgroup = INFOTECH wins support = yes domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.100.100/255.255.255.0 bind interfaces only = yes [netlogon] comment = INFOTECH domain service path = /ili2/labs/fce19/logon public = no writeable = no browsable = no [share] comment = Share directory for INFOTECH path = /ili2/labs/fce19/share read only = no I have Quad Fast Ethernet interfaces on my machine and have attached 192.168.100.100 and 192.168.103.21 to two of the interfaces. Is there something I can do to run Samba simultaneously on these two subnets? Keith Lynn On Sun, 16 Jan 2000, Luke Kenneth Casson Leighton wrote: > yes. use smb passwd file = /usr/local/samba/private/DOMAINNAME.smbpasswd > etc. set it up with three separate ip addresses, one per domain. use > bind interfaces etc blah, it's been done before, check the archives, last > time someone reported this was about three weeks ago. > > good luck, let us know how you get on. > > luke > > > On Sun, 16 Jan 2000, Keith Lynn wrote: > > > I have a machine which I want to use as a PDC for three seperate domains. > > Is it possible to restrict the users which can log into a domain? Thanks. > > Keith Lynn > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > From sharpe at ns.aus.com Sun Jan 16 12:22:38 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: What does this mean Message-ID: <3.0.6.32.20000116222238.008b2ca0@mail.adelaide.on.net> What does this mean ... >Unknown parameter encountered: "min passwd length" >Ignoring unknown parameter "min passwd length" And this ... >trust account wired$ should be in DOMAIN_GROUP_RID_USERS >Unknown parameter encountered: "min passwd length" Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Sun Jan 16 12:37:07 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: What is wrong here ... Message-ID: <3.0.6.32.20000116223707.008bf9b0@mail.adelaide.on.net> >freedom# smbpasswd -j FREEBIE >Unknown parameter encountered: "min passwd length" >Ignoring unknown parameter "min passwd length" >Joining Domain as PDC >socket connect to /tmp/.smb.0/agent failed >error connecting to 216.183.2.2:445 (Connection refused) >cli_nt_setup_creds: auth2 challenge failed. status: c0000022 >2000/01/16 06:30:07 : change_trust_account_password: Failed to change password for domain FREEBIE. >Unable to join domain FREEBIE. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From ingar at c2i.net Sun Jan 16 13:06:36 2000 From: ingar at c2i.net (Ingar Rune Steinsland) Date: Tue Dec 2 02:28:01 2003 Subject: Installing Samba file server in Linux 6.1 References: <6B1A44F25DBCD3119CCF009027C3D3040F263A@CMX_MAIL.Customax.no> Message-ID: <3881C25B.71F0240F@c2i.net> Hi all, I have recently installed a Linux computer in the office with an Apache web server and a Samba (v. 2.0-5a) Windows file server. The installation process was not obvious for a Linux idiot like myself. The RedHat installation program together with "LinuxConf" failed to install Samba properly. Therefore I have prepared a little document to be a "cook book" for myself the next time I will have to do the job. Perhaps some of you other guys could find my documentation of some interest too. My documentation is in plain ascii. Regards, Ingar -- ________________________________________________________________ Ingar Rune Steinsland, Orkim Data AS, Kordahlvn 13, 1591 Sperrebotn,Norway Tlf: 47+64856178/69288577/90055401/88001287 Fax: 47-69288353 email: ingar@c2i.net web: http://www.home.sol.no/~ingar/ ________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: install.doc Type: application/msword Size: 6558 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000116/8144178e/install.doc From jens.skripczynski at igd.fhg.de Sun Jan 16 13:52:22 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:01 2003 Subject: sone weired bugs Message-ID: <20000116145222.A11746@pclinux.igd.fhg.de> Hi, i think I ran over some strange bugs. Setup: SAMBA 3.0 with TNG. PDC: SHADOWLAND Domain: PRIVAT Client: TirNaOrg (NT4 SP4 German) 1) I can connect to my Printer on shadowland by using \\shadowland\lp. But I did not configure a share named "lp" ?! Is this a bug or a feature ? 2) Most of the RPC to shadowland from TirNaOrg fail, some only when logged in as Domain User: \\PRIVAT\Jens: the IPC connect fails. I cannot open "network nei..."->"shadowland" =. The error "Auf \\shadowland kann nicht zugegriffen werden. \n Beim abgesetzten Proceduraufruf (RPC) ist ein Protokollfehler aufgetreten" Meaning something like "Cannot access \\shadowland. \n With the Procedure Call (RPC) a protocoll Error accured". But connecting as \\TIRNAORG\administrator: Everything works fine. I see the anonymous shares the Printers directory and my (configured) Printer "hp4p". -- Where can I trace this error ? 2) The Usermanager fail to work: (Tried to translate) "With the Procedure Call (RPC) a protocoll Error accured. Do you want to select another Domain to administer". 3) netlogond: The Logfile tells me the following: file_changed: Unable to stat file /usr/local/etc/samba/private/domaingroup.map. Error was Permission denied ">sudo ls -la /usr/local/etc/samba/private/" total 9 drwx------ 3 root root 1024 Jan 14 22:57 . drwxr-xr-x 5 root root 1024 Jan 13 22:37 .. -rw------- 1 root root 46 Jan 13 22:37 PRIVAT.SHADOWLAND.mac -rw-r--r-- 1 root root 42 Jan 13 22:33 PRIVAT.SID -rw-r--r-- 1 root root 20 Jan 14 22:40 domaingroup.map -rw-r--r-- 1 root root 19 Jan 14 22:57 domainuser.map -rw-r--r-- 1 root root 29 Jan 13 20:40 localgroup.map drwxr-xr-x 2 root root 1024 Dec 17 16:57 old -rw------- 1 root root 638 Jan 15 17:49 smbpasswd As I run samba as root netlogon should find the file and access it... Also after starting netlogond in the logfile the following line give me a headache: Added interface ip=192.168.0.254 bcast=192.168.0.255 nmask=255.255.255.0 Added interface ip=10.0.0.254 bcast=10.0.0.255 nmask=255.255.255.0 standard input is not a socket, assuming -D option create_pipe_socket: /var/lock/samba/.msrpc perms=448 /var/lock/samba/.msrpc/NETL OGON perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** --> remove on /var/lock/samba/.msrpc/NETLOGON failed <-- waiting for a connection Why does he want to remove his own pipe/socket ? Even he does not fail to operate. What shall this logmessage tell me ? 3) Here is a log of smbd: ftp is my anonymous user. Jens is myself. LP is my Printer ! lib/access.c:check_access(258) Allowed connection from TirNaOrg.sc (10.0.0.3) smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file. smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file. smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [claudia] smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [jens] smbd/password.c:pass_check_smb(504) Couldn't find user 'lp' in smb_passwd file. rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(140) user session key not available (yet). rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(141) password-change operations may fail. a) As user ftp is my anonymous user, why does samba complain about not being in the smbpasswd file ? b) I _did_ use the correct password ! Why does samba tell a invalid password ? Is this a wrong log message ? c) Why does samba suddenly look up a share name as a user ? 4) All the socket daemons give the following error : *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** Isn't there a way to implement something similar to fetchmail or sshd who check at the start for the correct file perms ? as dirmode 0700 root.root and 0600 root.root filemode shouldn't be possibly exploited. 5) The changing of file permissions on samba shares does not work either. Again some RPC error... 6) When i configure the Profiles directory with a sticky bit (mode 1777) The TNG tree automatically makes a Profile directory under the Profile share when the user first logs in. The 3.0/tng combination fails. 7) How good are 3.0 and tng connected together. I mean after what amount of time are changes in the tng subtree avaible in the 3.0 ? Is it instantly because this pipe/socket stuff ? Or are there certain changes in the 3.0 tree to be done for new features to work ? Luke can you (if you have some spare time) maybe make a check list of things working at tng, someone who is responsible for the head branch also. So one could check what works at the combination. Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From lkcl at samba.org Sun Jan 16 15:20:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: Groups In-Reply-To: Message-ID: On Sat, 15 Jan 2000, Keith Lynn wrote: > Thanks for your help. Unfortunately, I am having trouble trying to get > Samba to run three seperate domains. I have different physical interfaces > and assigned IP addresses to them so that they are in the subnet they > should control. However, when I try to check the server with smbclient, I use the -I option. From lkcl at samba.org Sun Jan 16 15:55:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: What does this mean In-Reply-To: <3.0.6.32.20000116222238.008b2ca0@mail.adelaide.on.net> Message-ID: On Sun, 16 Jan 2000, Richard Sharpe wrote: > What does this mean ... > > >Unknown parameter encountered: "min passwd length" > >Ignoring unknown parameter "min passwd length" don't know. > And this ... > > >trust account wired$ should be in DOMAIN_GROUP_RID_USERS NT has all trust accounts (which are actually users) in DOMAIN_GROUP_RID_USERS. if you want this message to go away, do this: domain group map = ..../domaingroup.map domaingroup.map: users="Domain Users" From lkcl at samba.org Sun Jan 16 16:04:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: What is wrong here ... In-Reply-To: <3.0.6.32.20000116223707.008bf9b0@mail.adelaide.on.net> Message-ID: you're running SAMBA_TNG. cool! On Sun, 16 Jan 2000, Richard Sharpe wrote: > >freedom# smbpasswd -j FREEBIE > >Unknown parameter encountered: "min passwd length" > >Ignoring unknown parameter "min passwd length" don't know. > >Joining Domain as PDC > >socket connect to /tmp/.smb.0/agent failed ignore this. > >error connecting to 216.183.2.2:445 (Connection refused) ignore this. > >cli_nt_setup_creds: auth2 challenge failed. status: c0000022 > >2000/01/16 06:30:07 : change_trust_account_password: Failed to change > password for domain FREEBIE. > >Unable to join domain FREEBIE. did you do smbpasswd -a -m yoursambaserver$ beforehand? you probably need to to get the right trust account password [a default well-known value unfortunately, with smbpasswd]. From lkcl at samba.org Sun Jan 16 16:26:38 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: sone weired bugs In-Reply-To: <20000116145222.A11746@pclinux.igd.fhg.de> Message-ID: jens, i didn't realise how long this message was, i just kept going, and going... thanks very much! On Mon, 17 Jan 2000, Jens Skripczynski wrote: > Hi, > > i think I ran over some strange bugs. > Setup: > SAMBA 3.0 with TNG. > PDC: SHADOWLAND > Domain: PRIVAT > Client: TirNaOrg (NT4 SP4 German) > > 1) > I can connect to my Printer on shadowland by using \\shadowland\lp. > But I did not configure a share named "lp" ?! Is this a bug or a feature ? if you have a [printers] section, this is auto-generated from your /etc/printcap file. it's a feature, i hope it's a correct feature, i never use samba for printing! > 2) > Most of the RPC to shadowland from TirNaOrg fail, some only when logged in as > Domain User: > \\PRIVAT\Jens: the IPC connect fails. I cannot open "network > nei..."->"shadowland" =. The error "Auf \\shadowland kann nicht zugegriffen > werden. \n Beim abgesetzten Proceduraufruf (RPC) ist ein Protokollfehler > aufgetreten" Meaning something like "Cannot access \\shadowland. \n With the > Procedure Call (RPC) a protocoll Error accured". damn. ok, can you send me all your configuration files, then? i need to repro your setup. > But connecting as \\TIRNAORG\administrator: > Everything works fine. really???? interesting. > I see the anonymous shares the Printers directory and > my (configured) Printer "hp4p". > > -- Where can I trace this error ? > > 2) The Usermanager fail to work: > (Tried to translate) "With the Procedure Call (RPC) a protocoll Error accured. > Do you want to select another Domain to administer". > > 3) netlogond: > The Logfile tells me the following: > file_changed: Unable to stat file /usr/local/etc/samba/private/domaingroup.map. > Error was Permission denied you need to store domaingroup.map in lib/ and make it world-readable and definitely not writerable by anyone other than root. alternatively, store it in /etc, this seems to be coming quite common... > ">sudo ls -la /usr/local/etc/samba/private/" > total 9 > drwx------ 3 root root 1024 Jan 14 22:57 . > drwxr-xr-x 5 root root 1024 Jan 13 22:37 .. > -rw------- 1 root root 46 Jan 13 22:37 PRIVAT.SHADOWLAND.mac good. > -rw-r--r-- 1 root root 42 Jan 13 22:33 PRIVAT.SID good. err, i think. what is this file doing readable by all? > -rw-r--r-- 1 root root 20 Jan 14 22:40 domaingroup.map > -rw-r--r-- 1 root root 19 Jan 14 22:57 domainuser.map > -rw-r--r-- 1 root root 29 Jan 13 20:40 localgroup.map not good, these need to be in a world-readabl location. this probably explains why you can access things as root (administrator) but not as any of your ordinary users. > drwxr-xr-x 2 root root 1024 Dec 17 16:57 old > -rw------- 1 root root 638 Jan 15 17:49 smbpasswd > > As I run samba as root netlogon should find the file and access it... > > Also after starting netlogond in the logfile the following line give me a > headache: > Added interface ip=192.168.0.254 bcast=192.168.0.255 nmask=255.255.255.0 > Added interface ip=10.0.0.254 bcast=10.0.0.255 nmask=255.255.255.0 > standard input is not a socket, assuming -D option > create_pipe_socket: /var/lock/samba/.msrpc perms=448 > /var/lock/samba/.msrpc/NETL > OGON perms=448 > *** Please someone examine create_pipe_socket and fix it *** > *** if used other than for exclusive root access *** > *** (see perms, which should be 0700 and 0600) *** > *** there is a race condition to be exploited. *** > --> remove on /var/lock/samba/.msrpc/NETLOGON failed <-- > waiting for a connection > > > Why does he want to remove his own pipe/socket ? Even he does not fail to > operate. What shall this logmessage tell me ? it's telling me that someone needs to examine and fix this code. the requirements are: - to be able to kill off a daemon (e.g kill -9 netlogond) and restart it from command-line (bin/netlogond) and have it reopen the unix socket .../.msrpc/NETLOGON i hacked up what i could understand, which ain't much. > 3) > Here is a log of smbd: > ftp is my anonymous user. > Jens is myself. > LP is my Printer ! > > lib/access.c:check_access(258) Allowed connection from TirNaOrg.sc (10.0.0.3) > smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file. > smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file. > smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [claudia] > smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [jens] > smbd/password.c:pass_check_smb(504) Couldn't find user 'lp' in smb_passwd file. > rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(140) user session key not available (yet). > rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(141) password-change operations may fail. > > a) As user ftp is my anonymous user, why does samba complain about not being in > the smbpasswd file ? is the anonymous user in the smbpasswd file? if not, that's the reason for your error!!!! you will need to use "guest ok = yes". actually, what i _should_ do is set up the samba "Guest Account" functionality as NT. > b) I _did_ use the correct password ! Why does samba tell > a invalid password ? Is this a wrong log message ? > c) Why does samba suddenly look up a share name as a user ? > > 4) All the socket daemons give the following error : > *** Please someone examine create_pipe_socket and fix it *** > *** if used other than for exclusive root access *** > *** (see perms, which should be 0700 and 0600) *** > *** there is a race condition to be exploited. *** > > Isn't there a way to implement something similar to fetchmail or sshd > who check at the start for the correct file perms ? > as dirmode 0700 root.root and 0600 root.root filemode shouldn't be possibly > exploited. this code is also used by smb-agent. smb-agent can be run _as_ an ordinary user for the exclusive use _by_ and ordinary user. its purpose is similar to "net use \\server\share /user:" whereby it caches user/pass for that connection, on your behalf. i started out with ssh-agent's code, originally. > 5) The changing of file permissions on samba shares does not work either. > Again some RPC error... there's no means to change file permissions in SAMBA_TNG. that's about 1000 lines of code added by jeremy to 2.0.x. > 6) When i configure the Profiles directory with a sticky bit (mode 1777) > The TNG tree automatically makes a Profile directory under the Profile share > when the user first logs in. The 3.0/tng combination fails. ????! !!!! i don't get it. > 7) How good are 3.0 and tng connected together. I mean after what amount of > time are changes in the tng subtree avaible in the 3.0 ? Is it instantly > because this pipe/socket stuff ? Or are there certain changes in the 3.0 tree > to be done for new features to work ? the domain username map code i disabled in TNG in smbd, as it pulled in far too much other code that i didn't want hanging around in smbd. i still haven't come up with a solution to this. it _does_ mean, however, that using 3.0 and TNG for file sharing will be more consistent, as 3.0 doesn't have domain username map _either_! :) > Luke can you (if you have some spare time) maybe make a check list of things > working at tng, someone who is responsible for the head branch also. > So one could check what works at the combination. i'm going to ask if someone else could volunteer to maintain this, so that even i can use it to tick things off! basically, i'm relying heavily on you people to tell me what's working and what isn't, while i continue to do tests myself. From lkcl at samba.org Sun Jan 16 16:42:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: [SAMBA_TNG] repro case for weird behaviour found Message-ID: hi, do you remember that log file that someone sent in, where it had a bind request but no bind acknowledge? well, it did, but it was 5 bytes of garbage instead of the expected [appx] 72 bytes? well, i have a repro case for it using rpcclient instead of nt, os i should be able to nail it. ok, let me put it this way: i don't know how long, but i _have_ to get it :) luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lynn at cis.usouthal.edu Sun Jan 16 17:18:30 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:01 2003 Subject: Groups In-Reply-To: Message-ID: I use the -I option, but it doesn't work. Keith Lynn On Mon, 17 Jan 2000, Luke Kenneth Casson Leighton wrote: > On Sat, 15 Jan 2000, Keith Lynn wrote: > > > Thanks for your help. Unfortunately, I am having trouble trying to get > > Samba to run three seperate domains. I have different physical interfaces > > and assigned IP addresses to them so that they are in the subnet they > > should control. However, when I try to check the server with smbclient, I > > use the -I option. > > From lkcl at samba.org Sun Jan 16 18:56:44 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: [SAMBA-TNG] status (client-side code) Message-ID: ok, i just did a lot of simple but important fixes. the client-side MSRPC code is used inside the msrpc services, so it fixes things there, too. basically, outstanding client-side connections were not being automatically disconnected when they were done with. if they _did_ work [the disconnects], then there were bugs that would cause core-dumps because the connections were sometimes closed too early, and were still needed! ... oops :) so, as usual, please re-check-out. as usual, please report errors in a verbose and explicit manner. as usual, if you haven't got [pretty much literally] the latest cvs, please do so and_ then_ report any issues. thanks for your support, people. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mike at psand.net Sun Jan 16 21:35:21 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:28:01 2003 Subject: My smb problem.. References: Message-ID: <00ca01bf606b$04905c00$0164a8c0@win981> Me too.... RC3 joins fine, Fredrik has a problem with the production release of W2K, which I haven't had a look at - is it likely somethings changed between RC3 and final??? mike. ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Multiple recipients of list SAMBA-NTDOM Sent: Sunday, January 16, 2000 1:56 AM Subject: RE: My smb problem.. > On Sun, 16 Jan 2000, Mike Harris wrote: > > > hmmm.... not seen it - I think things changed between RC2 and RC3, may be > > they've changed again?? > > i got rc3 to join the domain, no problems. > From lkcl at samba.org Sun Jan 16 20:41:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: My smb problem.. In-Reply-To: <00ca01bf606b$04905c00$0164a8c0@win981> Message-ID: ohh nooo... more than likely! i have access to rtm, so will look at it. On Sun, 16 Jan 2000, Mike Harris wrote: > Me too.... RC3 joins fine, Fredrik has a problem with the production > release of W2K, which I haven't had a look at - is it likely somethings > changed between RC3 and final??? > > mike. > ----- Original Message ----- > From: Luke Kenneth Casson Leighton > To: Multiple recipients of list SAMBA-NTDOM > Sent: Sunday, January 16, 2000 1:56 AM > Subject: RE: My smb problem.. > > > > On Sun, 16 Jan 2000, Mike Harris wrote: > > > > > hmmm.... not seen it - I think things changed between RC2 and RC3, may > be > > > they've changed again?? > > > > i got rc3 to join the domain, no problems. > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From breshear at eoni.com Sat Jan 15 04:36:54 2000 From: breshear at eoni.com (Doug Breshears) Date: Tue Dec 2 02:28:01 2003 Subject: domain groupname Message-ID: <000201bf6065$16d9d040$e8cbe4d8@douglabr> domain groups are mostly un-supported in 2.0.6 at least from the NT side. (Domain Admins are the exception) Use the TNG branch in addition to the main branch for more advanced stuff. -----Original Message----- From: Ghaeini.Mohammad@amstr.com To: Multiple recipients of list SAMBA-NTDOM Date: Friday, January 14, 2000 3:51 PM Subject: domain groupname >I am new to this list. How do I validate a domain group name on Samba 2.0.6, >my apologies if this question has been posted before. > >Thanks in advance. >Mohammad > From sharpe at ns.aus.com Sun Jan 16 16:34:40 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: Is this an old problem. Message-ID: <3.0.6.32.20000117023440.008b1330@mail.adelaide.on.net> That is, should we refresh the source? >freedom# smbpasswd -j FREEDOM >Unknown parameter encountered: "min passwd length" >Ignoring unknown parameter "min passwd length" >Joining Domain as PDC >socket connect to /tmp/.smb.0/agent failed >error connecting to 216.183.2.2:445 (Connection refused) >failed session request >cli_net_use_add: connection failed >cli_nt_setup_creds: request challenge failed >2000/01/16 16:14:21 : change_trust_account_password: Failed to change password for domain FREEDOM. >Unable to join domain FREEDOM. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lkcl at samba.org Sun Jan 16 22:25:54 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: Is this an old problem. In-Reply-To: <3.0.6.32.20000117023440.008b1330@mail.adelaide.on.net> Message-ID: On Mon, 17 Jan 2000, Richard Sharpe wrote: > That is, should we refresh the source? most definitely. certainly every time a cvs commit is done (subscribe to samba-cvs). but importantly, do that smbpasswd -a -m yoursambaserver _before_ doing smbpasswd -j. by they way... freedom is the name of the server, or the name of the domain? smbpasswd -j takes a DOMAINNAME not a servername. > >freedom# smbpasswd -j FREEDOM > >Unknown parameter encountered: "min passwd length" > >Ignoring unknown parameter "min passwd length" > >Joining Domain as PDC > >socket connect to /tmp/.smb.0/agent failed > >error connecting to 216.183.2.2:445 (Connection refused) > >failed session request > >cli_net_use_add: connection failed > >cli_nt_setup_creds: request challenge failed > >2000/01/16 16:14:21 : change_trust_account_password: Failed to change > password for domain FREEDOM. > >Unable to join domain FREEDOM. > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Co-author, SAMS Teach Yourself Samba in 24 Hours > Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 17 05:37:51 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: [SAMBA-TNG] possible memory corruption Message-ID: there may be some memory corruption occurring that andrew noticed evidence of, in TNG. at his suggestion, i put in a mini realloc in parse_prs.c that _always_ moves memory about. the idea is to catch memory corruption ASAP. so, if you get _any_ coredumps (grep INTERNAL log.*) please send in the usual full report [recompile with ./configure.developer; gdb bt full on the core file etc etc]. thx! luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lynn at cis.usouthal.edu Mon Jan 17 05:41:57 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:01 2003 Subject: Different ports Message-ID: I have an HP JetDirect print server which has an IP address and three ports that I can plug printers into. How do I get Samba to recognize the printers? Thanks. Keith Lynn From kellermg at potsdam.edu Mon Jan 17 09:10:44 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:28:01 2003 Subject: Different ports References: Message-ID: <3882DC94.AE0D7C26@potsdam.edu> Keith Lynn wrote: > > I have an HP JetDirect print server which has an IP address and three > ports that I can plug printers into. How do I get Samba to recognize the > printers? Thanks. HPJD boxes all support LPR natively, although I do not know how to distinguish between printers sharing an IP addy over LPR. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From vs at lasp.npi.msu.su Mon Jan 17 08:12:56 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:01 2003 Subject: profile & group map fail Message-ID: <200001170812.LAA02182@lasp.npi.msu.su> Luke, please take care: this two problems ,I've encountered, where reported by others too within at least two last weeks, but solution is still unknown. 1. NT profile neither downloaded from samba PDC at log-on, nor updated after log-off (I have turned on NT feature to remove local profile cache after log-off), but new default profile are created instead every time at log-on. 2. Group and user mapping don't work. This is form my smb.log file: [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) Unknown parameter encountered: "domain group map" [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) Ignoring unknown parameter "domain group map" [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) Unknown parameter encountered: "domain user map" [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) Ignoring unknown parameter "domain user map" [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) Unknown parameter encountered: "local group map" [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) Ignoring unknown parameter "local group map" As a result, it is impossible to log-on as domain admin, but as local administrator only. Log-on to domain as root don't grant the administrative rights. Both of these cases occur at any combinations THG+HEAD, TNG only, HEAD only. I don't updated my cvs tree for a half year and now have got this surprise. Should we wait for a batter times or it can be fixed now? From sharpe at ns.aus.com Mon Jan 17 05:06:36 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: Different ports In-Reply-To: <3882DC94.AE0D7C26@potsdam.edu> References: Message-ID: <3.0.6.32.20000117150636.008e38b0@mail.adelaide.on.net> At 08:06 PM 1/17/00 +1100, Matthew Keller wrote: >Keith Lynn wrote: >> >> I have an HP JetDirect print server which has an IP address and three >> ports that I can plug printers into. How do I get Samba to recognize the >> printers? Thanks. > > HPJD boxes all support LPR natively, although I do not know how to >distinguish between printers sharing an IP addy over LPR. Most such boxes supply a separate queue for each port on the box, although I am sure that some use separate IP addresses ... >-- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia >State University of New York at Potsdam > >Web: http://mattwork.potsdam.edu/ >PGP: http://mattwork.potsdam.edu/crypto/ > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From db at med-in.uni-sb.de Mon Jan 17 10:31:46 2000 From: db at med-in.uni-sb.de (Dr. Dieter Becker) Date: Tue Dec 2 02:28:01 2003 Subject: Different ports In-Reply-To: <3.0.6.32.20000117150636.008e38b0@mail.adelaide.on.net> Message-ID: We use a HP Jetdirect 500. This tool has one IP-Adress, but with the lpr (I use the pd tool rlpr) uses the three different queues: auto1, auto2 and auto3. It is very easy to install. Dieter Dr. med. dipl.-math Dieter Becker Medizinische Universitaets- und Poliklinik Innere Medizin III D - 66421 Homburg / Saar ########################################### Tel.: (0 / +49) 6841 - 16 3046 Fax.: (0 / +49) 6841 - 16 3043 Email: db@med-in.uni-sb.de -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Richard Sharpe Sent: Monday, January 17, 2000 11:16 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Different ports At 08:06 PM 1/17/00 +1100, Matthew Keller wrote: >Keith Lynn wrote: >> >> I have an HP JetDirect print server which has an IP address and three >> ports that I can plug printers into. How do I get Samba to recognize the >> printers? Thanks. > > HPJD boxes all support LPR natively, although I do not know how to >distinguish between printers sharing an IP addy over LPR. Most such boxes supply a separate queue for each port on the box, although I am sure that some use separate IP addresses ... >-- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia >State University of New York at Potsdam > >Web: http://mattwork.potsdam.edu/ >PGP: http://mattwork.potsdam.edu/crypto/ > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lk at NetUSE.DE Mon Jan 17 10:34:43 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:01 2003 Subject: profile & group map fail References: <200001170812.LAA02182@lasp.npi.msu.su> Message-ID: <3882F043.397DC00A@NetUSE.DE> Vladimir Stavrinov wrote: > > Luke, please take care: this two problems ,I've encountered, where reported by > others too within at least two last weeks, but solution is still unknown. > > 1. NT profile neither downloaded from samba PDC at log-on, nor updated after > log-off (I have turned on NT feature to remove local profile cache after > log-off), but new default profile are created instead every time at log-on. My profiles work very well! > 2. Group and user mapping don't work. This is form my smb.log file: > > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "domain group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "domain group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "domain user map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "domain user map" > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "local group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "local group map" And my group mapping are working too. domain group map works like expected(Domain Administrator), only the local group map doesn't work like expexted. I can watch the groups with the usermanager, but i'm not able to change the clock(i'm in the Administrator group). > As a result, it is impossible to log-on as domain admin, but as local administrator only. Log-on to domain as root don't grant the administrative rights. > > Both of these cases occur at any combinations THG+HEAD, TNG only, HEAD only. I use pure Samba TNG. > I don't updated my cvs tree for a half year and now have got this surprise. Should we wait for a batter times or it can be fixed now? Hm, i have it working! Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From cmanz at netscape.net Mon Jan 17 10:40:07 2000 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:28:01 2003 Subject: win95 again Message-ID: <20000117104007.16245.qmail@www0w.netaddress.usa.net> Are there any tools to make WIN95 map a network drive on an alternate port? I've already searched the internet but found nothing useful. thank's roman ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From jens.skripczynski at igd.fhg.de Mon Jan 17 10:55:25 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:01 2003 Subject: profile & group map fail In-Reply-To: <3882F043.397DC00A@NetUSE.DE>; from lk@NetUSE.DE on Mon, Jan 17, 2000 at 09:36:31PM +1100 References: <200001170812.LAA02182@lasp.npi.msu.su> <3882F043.397DC00A@NetUSE.DE> Message-ID: <20000117115524.A32231@pclinux.igd.fhg.de> Lars Kneschke: > Vladimir Stavrinov wrote: [...] > > 2. Group and user mapping don't work. This is form my smb.log file: > > > > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > > Ignoring unknown parameter "local group map" [..] > And my group mapping are working too. domain group map works like > expected(Domain Administrator), only the local group map doesn't > work like expexted. I can watch the groups with the usermanager, > but i'm not able to change the clock(i'm in the Administrator > group). Luke reportet to me that all the maps have to be world readable. (I think before they were put in the privat Directory). So please check if all your files (and dirs above) are world readable. Lars: can you put that in your FAQ ? Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From sharpe at ns.aus.com Mon Jan 17 05:55:07 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: win95 again In-Reply-To: <20000117104007.16245.qmail@www0w.netaddress.usa.net> Message-ID: <3.0.6.32.20000117155507.0089f130@mail.adelaide.on.net> At 09:44 PM 1/17/00 +1100, Roman Manz wrote: >Are there any tools to make WIN95 map a network drive on an alternate port? >I've already searched the internet but found nothing useful. >thank's Say what? What do you mean an alternate port? You mean, 1025 rather than 139? A server can redirect to another port. I don't think Samba generates redirects, otherwise we could check if Win9x can handle them. >roman > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lk at NetUSE.DE Mon Jan 17 11:07:15 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:01 2003 Subject: profile & group map fail References: <200001170812.LAA02182@lasp.npi.msu.su> <3882F043.397DC00A@NetUSE.DE> <20000117115524.A32231@pclinux.igd.fhg.de> Message-ID: <3882F7E3.CFC82249@NetUSE.DE> Jens Skripczynski wrote: > > And my group mapping are working too. domain group map works like > > expected(Domain Administrator), only the local group map doesn't > > work like expexted. I can watch the groups with the usermanager, > > but i'm not able to change the clock(i'm in the Administrator > > group). > Luke reportet to me that all the maps have to be world readable. > (I think before they were put in the privat Directory). > So please check if all your files (and dirs above) are world readable. > > Lars: can you put that in your FAQ ? I did it, just in this moment! I'm so fast!:-) My files are worldreadable. And i can see the groups also as local groups in the usermanager(they have a different icon), but i don't have admin rights(i can't change the clock). Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From cmanz at netscape.net Mon Jan 17 11:41:40 2000 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:28:01 2003 Subject: [Re: win95 again] Message-ID: <20000117114140.20754.qmail@nwcst268.netaddress.usa.net> heck, it seems obviously that I'm a little beginner... The idea behind was to run two different SAMBA daemons listening to two different ports. the default port for the password encrypting NT PCs and another port for our noncrypting Win95 PCs. I've read all the descriptions about Registry entries to make NT use plain passwords and WIN95 to use encrypted one. The problem is that I'm not our PC administrator nor can I decide to change the password handling of the PCs. I just want to share the home directories of the users on our machines and make them accessible to both WIN versions. sorry for bothering roman Richard Sharpe wrote: At 09:44 PM 1/17/00 +1100, Roman Manz wrote: >Are there any tools to make WIN95 map a network drive on an alternate port? >I've already searched the internet but found nothing useful. >thank's Say what? What do you mean an alternate port? You mean, 1025 rather than 139? A server can redirect to another port. I don't think Samba generates redirects, otherwise we could check if Win9x can handle them. >roman > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From sharpe at ns.aus.com Mon Jan 17 06:41:21 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:02 2003 Subject: [Re: win95 again] In-Reply-To: <20000117114140.20754.qmail@nwcst268.netaddress.usa.net> Message-ID: <3.0.6.32.20000117164121.00933b80@mail.adelaide.on.net> Hi, At 10:46 PM 1/17/00 +1100, you wrote: >heck, it seems obviously that I'm a little beginner... >The idea behind was to run two different SAMBA daemons listening to two >different ports. the default port for the password encrypting NT PCs and >another port for our noncrypting Win95 PCs. I've read all the descriptions >about Registry entries to make NT use plain passwords and WIN95 to use >encrypted one. The problem is that I'm not our PC administrator nor can I >decide to change the password handling of the PCs. I just want to share the >home directories of the users on our machines and make them accessible to both >WIN versions. >sorry for bothering No bother at all ... You would not do it with different ports, but with IP aliases on the server, or Virtual servers ... 1. Set up you machine with two IP addresses on the one interface, say: 10.0.0.1 and 10.0.0.2. Set up two smb.conf file, each specifying an interfaces line with an IP address and a bind interfaces only = yes Start up the appropriate daemons and specify their config files on their command lines. 2. Specify a NetBIOS alias in the smb.conf and include files based on the NetBIOS names, giving you virtual servers ... What you describe is perfect for Virtual Servers ... >roman > >Richard Sharpe wrote: >At 09:44 PM 1/17/00 +1100, Roman Manz wrote: >>Are there any tools to make WIN95 map a network drive on an alternate port? >>I've already searched the internet but found nothing useful. >>thank's > >Say what? What do you mean an alternate port? > >You mean, 1025 rather than 139? > >A server can redirect to another port. I don't think Samba generates >redirects, otherwise we could check if Win9x can handle them. > >>roman >> > >Regards >------- >Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), >Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) >Co-author, SAMS Teach Yourself Samba in 24 Hours >Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > > >____________________________________________________________________ >Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From s.striker at striker.nl Mon Jan 17 12:19:08 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:28:02 2003 Subject: [Re: win95 again] In-Reply-To: <20000117114140.20754.qmail@nwcst268.netaddress.usa.net> Message-ID: <000001bf60e5$0d9fffb0$0a00a8c0@office.striker.nl> Hi, > heck, it seems obviously that I'm a little beginner... Everyone has to start somewhere. > The idea behind was to run two different SAMBA daemons listening to two > different ports. the default port for the password encrypting NT PCs and > another port for our noncrypting Win95 PCs. I've read all the descriptions > about Registry entries to make NT use plain passwords and WIN95 to use > encrypted one. The problem is that I'm not our PC administrator nor can I > decide to change the password handling of the PCs. I just want to > share the > home directories of the users on our machines and make them > accessible to both > WIN versions. What you could do is bind the two pairs of smbd/nmbd daemons to different IP addresses. This way, the logon server for 95 has 1 IP and the logon server for NT has the other one. For running domain controller code for NT I would strongly suggest that you run Samba_TNG. Greetings, Sander Striker > sorry for bothering > > roman > > Richard Sharpe wrote: > At 09:44 PM 1/17/00 +1100, Roman Manz wrote: > >Are there any tools to make WIN95 map a network drive on an > alternate port? > >I've already searched the internet but found nothing useful. > >thank's > > Say what? What do you mean an alternate port? > > You mean, 1025 rather than 139? > > A server can redirect to another port. I don't think Samba generates > redirects, otherwise we could check if Win9x can handle them. > > >roman > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Co-author, SAMS Teach Yourself Samba in 24 Hours > Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > > > ____________________________________________________________________ > Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From lk at NetUSE.DE Mon Jan 17 12:47:10 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:02 2003 Subject: the mailinglist archive is still broken Message-ID: <38830F4E.2EBE5BFE@NetUSE.DE> Hello! Who responsible for the mailinglistarchive? It's still not wroking. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From greg at discreet.com Mon Jan 17 12:53:46 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: <3882F7E3.CFC82249@NetUSE.DE> Message-ID: Well this morning I can in and completely zapped everything in the private directory and started again (DON'T DO THIS IF YOU ARE RUNNING A PRODUCTION DOMAIN!!) now TNG seems to be working perfectly? I have admin privilege and can join machines to the domain fine. I have no idea what was wrong before. Good job Luke, Greg On 17-Jan-00 Lars Kneschke wrote: > Jens Skripczynski wrote: >> > And my group mapping are working too. domain group map works like >> > expected(Domain Administrator), only the local group map doesn't >> > work like expexted. I can watch the groups with the usermanager, >> > but i'm not able to change the clock(i'm in the Administrator >> > group). >> Luke reportet to me that all the maps have to be world readable. >> (I think before they were put in the privat Directory). >> So please check if all your files (and dirs above) are world readable. >> >> Lars: can you put that in your FAQ ? > I did it, just in this moment! I'm so fast!:-) > > My files are worldreadable. And i can see the groups also as > local groups in the usermanager(they have a different icon), but > i don't have admin rights(i can't change the clock). > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From joseluis at lsi.upc.es Mon Jan 17 13:03:06 2000 From: joseluis at lsi.upc.es (Jose Luis Montero Saez - Lab. Calculo LSI) Date: Tue Dec 2 02:28:02 2003 Subject: I can't logon with solaris 2.7 Message-ID: <200001171303.OAA01824@lsi.upc.es> Hello. I have running Samba 2.0.6 in Solaris 2.7. I have compiled and installed without problems. My smbd is a domain server. I can attach one NT client to the domain and this client sees all the users from the domain. Ok, but sometimes after (I can't say how much) this client doesn't see the users and says "this is not a valid account" with the same account, of course. It's possible to logon with a local account but not with a domain account. The solution is logon with a local account with privileges, take out the machine from the domain and re-attach the machine to the domain. Then, it sees the domain accounts but only for a few minutes. This happens with all Nt clients, not only one machine. I have the differences in the log, with debug level 6. When I can login the server logs: [2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_uint16(356) 0016 opnum : 0002 [2000/01/17 13:23:15, 3] rpc_server/srv_pipe.c:api_pipe_request(922) Doing \PIPE\NETLOGON [2000/01/17 13:23:15, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) api_rpcTNP: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON [2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_debug(37) 000018 net_io_q_sam_logon [2000/01/17 13:23:15, 6] rpc_parse/parse_prs.c:prs_debug(37) 000018 smb_io_sam_info but when I can't login, it logs: [2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_uint16(356) 0016 opnum : 0004 [2000/01/17 13:03:24, 3] rpc_server/srv_pipe.c:api_pipe_request(922) Doing \PIPE\NETLOGON [2000/01/17 13:03:24, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) api_rpcTNP: api_netlog_rpc op 0x4 - api_rpc_command: NET_REQCHAL [2000/01/17 13:03:24, 5] rpc_server/srv_netlog.c:api_net_req_chal(319) api_net_req_chal(319): vuid 100 [2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_debug(37) 000018 net_io_q_req_chal The difference is "NET_REQCHAL" versus "NET_SAMLOGON". I have the same configuration in another computing lab. with another server but in Solaris *2.6*, and I have no problems. Someone has installed 2.0.6 in Solaris 2.7 without problems? Can you help me? Thanks very much in advance. Jose Luis Montero Computing Laboratory Dept. Software UPC joseluis@lsi.upc.es From sharpe at ns.aus.com Mon Jan 17 07:56:56 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:02 2003 Subject: I can't logon with solaris 2.7 In-Reply-To: <200001171303.OAA01824@lsi.upc.es> Message-ID: <3.0.6.32.20000117175656.008d9430@mail.adelaide.on.net> Hi, At 12:05 AM 1/18/00 +1100, Jose Luis Montero Saez - Lab. Calculo LSI wrote: > >Hello. > >I have running Samba 2.0.6 in Solaris 2.7. I have compiled and >installed without problems. My smbd is a domain server. Repeat after me: 2.0.x is not supported as a domain controller. Upgrade to Samba TNG. >I can attach one NT client to the domain and this client sees all the >users from the domain. Ok, but sometimes after (I can't say how much) >this client doesn't see the users and says "this is not a valid >account" with the same account, of course. It's possible to logon with >a local account but not with a domain account. The solution is logon >with a local account with privileges, take out the machine from the >domain and re-attach the machine to the domain. Then, it sees the >domain accounts but only for a few minutes. > >This happens with all Nt clients, not only one machine. > >I have the differences in the log, with debug level 6. When I can >login the server logs: > >[2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_uint16(356) > 0016 opnum : 0002 >[2000/01/17 13:23:15, 3] rpc_server/srv_pipe.c:api_pipe_request(922) > Doing \PIPE\NETLOGON >[2000/01/17 13:23:15, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) > api_rpcTNP: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON >[2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_debug(37) > 000018 net_io_q_sam_logon >[2000/01/17 13:23:15, 6] rpc_parse/parse_prs.c:prs_debug(37) > 000018 smb_io_sam_info > >but when I can't login, it logs: > >[2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_uint16(356) > 0016 opnum : 0004 >[2000/01/17 13:03:24, 3] rpc_server/srv_pipe.c:api_pipe_request(922) > Doing \PIPE\NETLOGON >[2000/01/17 13:03:24, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) > api_rpcTNP: api_netlog_rpc op 0x4 - api_rpc_command: NET_REQCHAL >[2000/01/17 13:03:24, 5] rpc_server/srv_netlog.c:api_net_req_chal(319) > api_net_req_chal(319): vuid 100 >[2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_debug(37) > 000018 net_io_q_req_chal > >The difference is "NET_REQCHAL" versus "NET_SAMLOGON". > >I have the same configuration in another computing lab. with another >server but in Solaris *2.6*, and I have no problems. > >Someone has installed 2.0.6 in Solaris 2.7 without problems? Can you >help me? > >Thanks very much in advance. > > Jose Luis Montero > Computing Laboratory Dept. Software UPC > joseluis@lsi.upc.es > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lynn at cis.usouthal.edu Mon Jan 17 13:59:25 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:02 2003 Subject: Banner Page Message-ID: I am using Samba on RedHat Linux 6.0. When a page is printed, a seperate page comes with information about the server, sort of a banner page. Is there a way to turn this off? Thanks. Keith Lynn From greg at discreet.com Mon Jan 17 14:08:05 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:02 2003 Subject: samba-tng: Cannot create trust account as admin. Message-ID: Hi, Apologies if this is a known bug but I finally managed to get TNG working for me by zapping all the "private" files and recreating them. I seem to have domain admin. privileges and profiles are fine BUT if I want to join a workstation to the domain without using smbpasswd first (ie: just the NT dialog), it does not seem to work (it did in the old 2.1 code). It tells me my account does not have privilege. Any pointers to where I could start looking to debug this? Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Ulf.Noren at ind.mh.se Mon Jan 17 14:27:07 2000 From: Ulf.Noren at ind.mh.se (Ulf Noren) Date: Tue Dec 2 02:28:02 2003 Subject: Samba-combined and LDAP Message-ID: <200001171427.PAA16375@boromir.ind.mh.se> I am trying out the combined way of using samba-main anda samba-tng. I'm am authenticating agains an LDAP-server. This doesnt work if I use smbd from samba-main because it doesnt have LDAP-support... But should'nt samba-tng take care of authentication with this setup? Haven't looked in the code yet but is it possible to fix this at all? /Ulf From lkcl at samba.org Mon Jan 17 15:11:22 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: <200001170812.LAA02182@lasp.npi.msu.su> Message-ID: hi vladimir, thx for your report. domain and local group map are only relevant to TNG. i _do_ have profiles successfully set up with both NT5rc3 and NT4sp...6 i think. so, please follow the debug repotrying procedures outlinesd in earlier postings, so that we can track this down. thx, luke On Mon, 17 Jan 2000, Vladimir Stavrinov wrote: > > Luke, please take care: this two problems ,I've encountered, where reported by > others too within at least two last weeks, but solution is still unknown. > > 1. NT profile neither downloaded from samba PDC at log-on, nor updated after > log-off (I have turned on NT feature to remove local profile cache after > log-off), but new default profile are created instead every time at log-on. > > 2. Group and user mapping don't work. This is form my smb.log file: > > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "domain group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "domain group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "domain user map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "domain user map" > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "local group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "local group map" > > As a result, it is impossible to log-on as domain admin, but as local administrator only. Log-on to domain as root don't grant the administrative rights. > > Both of these cases occur at any combinations THG+HEAD, TNG only, HEAD only. > > I don't updated my cvs tree for a half year and now have got this surprise. Should we wait for a batter times or it can be fixed now? > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From jens.skripczynski at igd.fhg.de Mon Jan 17 15:18:45 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: ; from lkcl@samba.org on Tue, Jan 18, 2000 at 02:12:09AM +1100 References: <200001170812.LAA02182@lasp.npi.msu.su> Message-ID: <20000117161845.A1558@pclinux.igd.fhg.de> Luke Kenneth Casson Leighton: > hi vladimir, thx for your report. > > domain and local group map are only relevant to TNG. > > i _do_ have profiles successfully set up with both NT5rc3 and NT4sp...6 i > think. > > so, please follow the debug repotrying procedures outlinesd in earlier > postings, so that we can track this down. Luke and the others there is a Web Site avaible: http://www.kneschke.de/projekte/samba_tng/index.php3 Where Lars Kneschke puts up the frequently asked Questions. There are common problems outlined like: - How to configure/install 3.0 with tng. - Tng alone. And - How to make good bugreports. Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From lkcl at samba.org Mon Jan 17 15:31:23 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: <20000117115524.A32231@pclinux.igd.fhg.de> Message-ID: On Mon, 17 Jan 2000, Jens Skripczynski wrote: > Lars Kneschke: > > Vladimir Stavrinov wrote: > [...] > > > 2. Group and user mapping don't work. This is form my smb.log file: > > > > > > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > > > Ignoring unknown parameter "local group map" > [..] > > And my group mapping are working too. domain group map works like > > expected(Domain Administrator), only the local group map doesn't > > work like expexted. I can watch the groups with the usermanager, > > but i'm not able to change the clock(i'm in the Administrator > > group). > Luke reportet to me that all the maps have to be world readable. > (I think before they were put in the privat Directory). > So please check if all your files (and dirs above) are world readable. > > Lars: can you put that in your FAQ ? also mention that they should _not_ be put in the private/ directory, as this is automatically modified to be -rwx------ every time samba access it, which will lock out any world-readable files in it. From lkcl at samba.org Mon Jan 17 15:32:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: [Re: win95 again] In-Reply-To: <20000117114140.20754.qmail@nwcst268.netaddress.usa.net> Message-ID: no version of windows can be requested to use ports other than 137, 138 and 139, end of story. ... without hex-dump hacking the binaries, of course. On Mon, 17 Jan 2000, Roman Manz wrote: > heck, it seems obviously that I'm a little beginner... > The idea behind was to run two different SAMBA daemons listening to two > different ports. the default port for the password encrypting NT PCs and > another port for our noncrypting Win95 PCs. I've read all the descriptions > about Registry entries to make NT use plain passwords and WIN95 to use > encrypted one. The problem is that I'm not our PC administrator nor can I > decide to change the password handling of the PCs. I just want to share the > home directories of the users on our machines and make them accessible to both > WIN versions. > sorry for bothering > > roman > > Richard Sharpe wrote: > At 09:44 PM 1/17/00 +1100, Roman Manz wrote: > >Are there any tools to make WIN95 map a network drive on an alternate port? > >I've already searched the internet but found nothing useful. > >thank's > > Say what? What do you mean an alternate port? > > You mean, 1025 rather than 139? > > A server can redirect to another port. I don't think Samba generates > redirects, otherwise we could check if Win9x can handle them. > > >roman > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Co-author, SAMS Teach Yourself Samba in 24 Hours > Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > > > ____________________________________________________________________ > Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From Loo at littongcs.com Mon Jan 17 15:35:56 2000 From: Loo at littongcs.com (Loo, Joseph) Date: Tue Dec 2 02:28:02 2003 Subject: Different ports Message-ID: <9DD60A65AD75D211816700A0C9E93F910278FDBE@whntmail1.littongcs.com> If you can get HP Jet admin tool, you can add the printers to your UNIX station, then samba can recognize the printer. You can now export them to the NT domain world. Joseph Loo Litton Guidance & Control 5500 Canoga Ave Woodland Hills, CA 91367-6698 Phone #: (818) 715-2961 Fax #: (818) 715-2752 -----Original Message----- From: Matthew Keller [mailto:kellermg@potsdam.edu] Sent: Monday, January 17, 2000 1:06 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Different ports Keith Lynn wrote: > > I have an HP JetDirect print server which has an IP address and three > ports that I can plug printers into. How do I get Samba to recognize the > printers? Thanks. HPJD boxes all support LPR natively, although I do not know how to distinguish between printers sharing an IP addy over LPR. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From jens.skripczynski at igd.fhg.de Mon Jan 17 15:38:15 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: ; from lkcl@samba.org on Tue, Jan 18, 2000 at 02:32:30AM +1100 References: <20000117115524.A32231@pclinux.igd.fhg.de> Message-ID: <20000117163815.A1765@pclinux.igd.fhg.de> Luke Kenneth Casson Leighton: > > Luke reportet to me that all the maps have to be world readable. > > (I think before they were put in the privat Directory). > > So please check if all your files (and dirs above) are world readable. > > > > Lars: can you put that in your FAQ ? > > also mention that they should _not_ be put in the private/ directory, as > this is automatically modified to be -rwx------ every time samba access > it, which will lock out any world-readable files in it. Hm. Sorry. This was what i meant. But if Samba put the dirmod in 0700, the you could put the socket/pipe section in there. Because the dirmod while preveal any other user from accessing the sockets. So they would be save ? Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From lkcl at samba.org Mon Jan 17 15:47:21 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: the mailinglist archive is still broken In-Reply-To: <38830F4E.2EBE5BFE@NetUSE.DE> Message-ID: wot, i do this: http://samba.org/listproc then select, say, samba-ntdom, and it jumps me to us.samba.org and i'm there. andrew is, btw. On Mon, 17 Jan 2000, Lars Kneschke wrote: > Hello! > > Who responsible for the mailinglistarchive? It's still not > wroking. > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lk at NetUSE.DE Mon Jan 17 15:47:49 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:02 2003 Subject: Banner Page References: Message-ID: <388339A5.4848847@NetUSE.DE> Keith Lynn wrote: > > I am using Samba on RedHat Linux 6.0. When a page is printed, a > seperate page comes with information about the server, sort of a banner > page. Is there a way to turn this off? Thanks. This comes from your /etc/printcap file. Don't know which parameter it is, but if your read the RedHat book or the man pages, you will find this. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From mg at plum.de Mon Jan 17 15:57:08 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:28:02 2003 Subject: Banner Page References: Message-ID: <38833BD4.41A2758@plum.de> Keith Lynn wrote: > > I am using Samba on RedHat Linux 6.0. When a page is printed, a > seperate page comes with information about the server, sort of a banner > page. Is there a way to turn this off? Thanks. > Keith Lynn That is a problem of your printing system. If you are using lpr, try adding a :sh: in your /etc/printcap. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From lk at NetUSE.DE Mon Jan 17 15:58:43 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:02 2003 Subject: the mailinglist archive is still broken References: Message-ID: <38833C33.DDCE6F18@NetUSE.DE> Luke Kenneth Casson Leighton wrote: > > wot, i do this: > > http://samba.org/listproc > then select, say, samba-ntdom, and it jumps me to us.samba.org > > and i'm there. > > andrew is, btw. Ah, this works. But if you try to follow the link on the sambahomepage(archives) and trys to search, you will get the resultpage. And these links are all broken. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lkcl at samba.org Mon Jan 17 16:00:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: Message-ID: On Mon, 17 Jan 2000, Greg Dickie wrote: > > > Well this morning I can in and completely zapped everything in the private > directory and started again (DON'T DO THIS IF YOU ARE RUNNING A PRODUCTION > DOMAIN!!) now TNG seems to be working perfectly? I have admin privilege and can > join machines to the domain fine. I have no idea what was wrong before. totally cool. someone reported that there is a problem with only having LM passwords, i will see if i can catch this. From lkcl at samba.org Mon Jan 17 16:07:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: I can't logon with solaris 2.7 In-Reply-To: <200001171303.OAA01824@lsi.upc.es> Message-ID: jose, this is probably due to issues with mapping of SIDs to uids and mapping uids back to different SIDs - an issue i've been trying to make clear to a few people that it _really_ needs to be sorted out. please do not use samba 2.0.x as a PDC, you will only make life difficult for yourself and for me because you will be considered to be one of the "legacy" people that might need to be "backwards-compatible-supported", which is the last thing on earth i want to happen with the stupid, broken and brain-dead PDC code i abandoned eighteen months ago that is still in 2.0.x. if you need a PDC, check the archives http://samba.org/listproc/samba-ntdom for the discussions around how to use SAMBA_TNG (and cvs main, if you need better file serving). thx much! luke On Tue, 18 Jan 2000, Jose Luis Montero Saez - Lab. Calculo LSI wrote: > > Hello. > > I have running Samba 2.0.6 in Solaris 2.7. I have compiled and > installed without problems. My smbd is a domain server. > > I can attach one NT client to the domain and this client sees all the > users from the domain. Ok, but sometimes after (I can't say how much) > this client doesn't see the users and says "this is not a valid > account" with the same account, of course. It's possible to logon with > a local account but not with a domain account. The solution is logon > with a local account with privileges, take out the machine from the > domain and re-attach the machine to the domain. Then, it sees the > domain accounts but only for a few minutes. > > This happens with all Nt clients, not only one machine. > > I have the differences in the log, with debug level 6. When I can > login the server logs: > > [2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_uint16(356) > 0016 opnum : 0002 > [2000/01/17 13:23:15, 3] rpc_server/srv_pipe.c:api_pipe_request(922) > Doing \PIPE\NETLOGON > [2000/01/17 13:23:15, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) > api_rpcTNP: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON > [2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_debug(37) > 000018 net_io_q_sam_logon > [2000/01/17 13:23:15, 6] rpc_parse/parse_prs.c:prs_debug(37) > 000018 smb_io_sam_info > > but when I can't login, it logs: > > [2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_uint16(356) > 0016 opnum : 0004 > [2000/01/17 13:03:24, 3] rpc_server/srv_pipe.c:api_pipe_request(922) > Doing \PIPE\NETLOGON > [2000/01/17 13:03:24, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) > api_rpcTNP: api_netlog_rpc op 0x4 - api_rpc_command: NET_REQCHAL > [2000/01/17 13:03:24, 5] rpc_server/srv_netlog.c:api_net_req_chal(319) > api_net_req_chal(319): vuid 100 > [2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_debug(37) > 000018 net_io_q_req_chal > > The difference is "NET_REQCHAL" versus "NET_SAMLOGON". > > I have the same configuration in another computing lab. with another > server but in Solaris *2.6*, and I have no problems. > > Someone has installed 2.0.6 in Solaris 2.7 without problems? Can you > help me? > > Thanks very much in advance. > > Jose Luis Montero > Computing Laboratory Dept. Software UPC > joseluis@lsi.upc.es > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 17 16:08:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: I can't logon with solaris 2.7 In-Reply-To: <3.0.6.32.20000117175656.008d9430@mail.adelaide.on.net> Message-ID: On Tue, 18 Jan 2000, Richard Sharpe wrote: > Hi, > > At 12:05 AM 1/18/00 +1100, Jose Luis Montero Saez - Lab. Calculo LSI wrote: > > > >Hello. > > > >I have running Samba 2.0.6 in Solaris 2.7. I have compiled and > >installed without problems. My smbd is a domain server. > > Repeat after me: 2.0.x is not supported as a domain controller. 20.x is not supported as a dc. 2.0.x is not supported as a dc. > Upgrade to Samba TNG. okie, richard: i will. From prophecy at hts-nightvision.com Mon Jan 17 16:11:27 2000 From: prophecy at hts-nightvision.com (Justace Clutter) Date: Tue Dec 2 02:28:02 2003 Subject: TNG???? In-Reply-To: <200001142136.VAA11545@mimas.Dseven.ORG> Message-ID: Hello all, I have been reading this list for a bit now. Filtering through all my weekend mails from it and I keep seeing a bunch of stuff from a samba dist called TNG. I have looked and am trying to figure out what the TNG stands for and where to get it. I checked the CVS tree for it and did not see it. Can anybody tell me where I can find information out about this product. I am trying to get the NT Doamin stuff working right and it looks like this is the prefered way to get it working. Right now all I have is 2.0.6. Thanks in advance. Justace From lkcl at samba.org Mon Jan 17 16:17:26 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: hmmm..... that shouldn't be the case. you're using "admin/pass" in the dialog box? try removing the workstation trust account from private/smbpasswd. check if it gets added, what the "flags" are set to. it if says "[DW ]", let me know, i think i may still have a bug, there. On Tue, 18 Jan 2000, Greg Dickie wrote: > > Hi, > > Apologies if this is a known bug but I finally managed to get TNG working for > me by zapping all the "private" files and recreating them. I seem to have > domain admin. privileges and profiles are fine BUT if I want to join a > workstation to the domain without using smbpasswd first (ie: just the NT > dialog), it does not seem to work (it did in the old 2.1 code). It tells me my > account does not have privilege. Any pointers to where I could start looking to > debug this? > > Greg > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 17 16:20:50 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: Samba-combined and LDAP In-Reply-To: <200001171427.PAA16375@boromir.ind.mh.se> Message-ID: argh, of course. smbd tries to authenticate against the password database API, which of course will only be private/smbpasswdd on your system. i patched smbd in SAMBA_TNG so that it always asks netlogond, it never accesses the private/smbpasswd or LDAP database directly. however, i need to come up with a scheme that can do _both_ these things, so that by default, samba will acccess the private/smbpasswd or auth-db API and if MSRPC services are enabled it will ask netlogond. sorry, there's not much that can be done about that right now. for now, i suggest that you set up _two_ samba servers: one as a PDC [SAMBA_TNG], and the other one , samba-main, as your file-server, as a _member_ of the SAMBA_TNG domain. On Tue, 18 Jan 2000, Ulf Noren wrote: > I am trying out the combined way of using samba-main anda samba-tng. > I'm am authenticating agains an LDAP-server. This doesnt work > if I use smbd from samba-main because it doesnt have LDAP-support... > But should'nt samba-tng take care of authentication with this > setup? > > Haven't looked in the code yet but is it possible to fix this at all? > > /Ulf > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 17 16:22:26 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: <20000117163815.A1765@pclinux.igd.fhg.de> Message-ID: On Mon, 17 Jan 2000, Jens Skripczynski wrote: > Luke Kenneth Casson Leighton: > > > Luke reportet to me that all the maps have to be world readable. > > > (I think before they were put in the privat Directory). > > > So please check if all your files (and dirs above) are world readable. > > > > > > Lars: can you put that in your FAQ ? > > > > also mention that they should _not_ be put in the private/ directory, as > > this is automatically modified to be -rwx------ every time samba access > > it, which will lock out any world-readable files in it. > Hm. Sorry. This was what i meant. > > But if Samba put the dirmod in 0700, the you could put the socket/pipe section > in there. Because the dirmod while preveal any other user from accessing the > sockets. > So they would be save ? i have the socket/pipe connection using var/locks. yes, we need to lock this directory, too, dirmod to 0700. From Dseven at Dseven.ORG Mon Jan 17 16:22:15 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:28:02 2003 Subject: TNG???? In-Reply-To: Your message of "Mon, 17 Jan 2000 10:11:27 CST." Message-ID: <200001171622.QAA13312@mimas.Dseven.ORG> Hi Justace, The homepage is: http://www.kneschke.de/projekte/samba_tng/index.php3 Happy hacking :) ~Iain Justace Clutter writes: : Hello all, : : I have been reading this list for a bit now. Filtering through all my : weekend mails from it and I keep seeing a bunch of stuff from a samba dist : called TNG. I have looked and am trying to figure out what the TNG stands : for and where to get it. I checked the CVS tree for it and did not see : it. Can anybody tell me where I can find information out about this : product. I am trying to get the NT Doamin stuff working right and it : looks like this is the prefered way to get it working. Right now all I : have is 2.0.6. Thanks in advance. : : Justace : : From lkcl at samba.org Mon Jan 17 16:27:49 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: Message-ID: On Tue, 18 Jan 2000, Luke Kenneth Casson Leighton wrote: > On Mon, 17 Jan 2000, Greg Dickie wrote: > > > > > > > Well this morning I can in and completely zapped everything in the private > > directory and started again (DON'T DO THIS IF YOU ARE RUNNING A PRODUCTION > > DOMAIN!!) now TNG seems to be working perfectly? I have admin privilege and can > > join machines to the domain fine. I have no idea what was wrong before. > > totally cool. > > someone reported that there is a problem with only having LM passwords, i > will see if i can catch this. kgot it, it was a debug reporting at level 100 thing. From lk at NetUSE.DE Mon Jan 17 16:32:30 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:02 2003 Subject: TNG???? References: Message-ID: <3883441E.B9C4AB77@NetUSE.DE> Justace Clutter wrote: > > Hello all, > > I have been reading this list for a bit now. Filtering through all my > weekend mails from it and I keep seeing a bunch of stuff from a samba dist > called TNG. I have looked and am trying to figure out what the TNG stands > for and where to get it. I checked the CVS tree for it and did not see > it. Can anybody tell me where I can find information out about this > product. I am trying to get the NT Doamin stuff working right and it > looks like this is the prefered way to get it working. Right now all I > have is 2.0.6. Thanks in advance. You can have a look at my homepage. http://www.kneschke.de/projekte/samba_tng Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From greg at discreet.com Mon Jan 17 17:01:13 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:02 2003 Subject: the mailinglist archive is still broken In-Reply-To: Message-ID: Until you stry to access an old article, then the links are busted. Greg On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > wot, i do this: > > > http://samba.org/listproc > then select, say, samba-ntdom, and it jumps me to us.samba.org > > and i'm there. > > andrew is, btw. > > On Mon, 17 Jan 2000, Lars Kneschke wrote: > >> Hello! >> >> Who responsible for the mailinglistarchive? It's still not >> wroking. >> >> Cu >> -- >> Lars Kneschke >> NetUSE Kommunikationstechnologie GmbH >> Siemenswall, D-24107 Kiel, Germany >> Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Mon Jan 17 17:11:13 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:02 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: Nope, it's worse if I remove it from smbpasswd: I get "The machine account for this computer either does not exist or is inaccessible" which is true except that I clicked the "create computer account" thingy and have put my username & password which is domain admin AND "admin user" on the PDC. I'll see if I can see anything in the logs, I assume netmon wouldn't be too useful in this case... Greg On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > hmmm..... that shouldn't be the case. > > you're using "admin/pass" in the dialog box? > > try removing the workstation trust account from private/smbpasswd. > > check if it gets added, what the "flags" are set to. it if says "[DW > ]", let me know, i think i may still have a bug, there. > > On Tue, 18 Jan 2000, Greg Dickie wrote: > >> >> Hi, >> >> Apologies if this is a known bug but I finally managed to get TNG working >> for >> me by zapping all the "private" files and recreating them. I seem to have >> domain admin. privileges and profiles are fine BUT if I want to join a >> workstation to the domain without using smbpasswd first (ie: just the NT >> dialog), it does not seem to work (it did in the old 2.1 code). It tells me >> my >> account does not have privilege. Any pointers to where I could start looking >> to >> debug this? >> >> Greg >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet (the logic is gone) >> Montreal >> (514) 954-7171 >> greg@discreet.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Mon Jan 17 17:13:59 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: the mailinglist archive is still broken In-Reply-To: Message-ID: yep. they will be. they got moved about. probably automatically, by listproc. On Mon, 17 Jan 2000, Greg Dickie wrote: > > Until you stry to access an old article, then the links are busted. > > Greg > > On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > > wot, i do this: > > > > > > http://samba.org/listproc > > then select, say, samba-ntdom, and it jumps me to us.samba.org > > > > and i'm there. > > > > andrew is, btw. > > > > On Mon, 17 Jan 2000, Lars Kneschke wrote: > > > >> Hello! > >> > >> Who responsible for the mailinglistarchive? It's still not > >> wroking. > >> > >> Cu > >> -- > >> Lars Kneschke > >> NetUSE Kommunikationstechnologie GmbH > >> Siemenswall, D-24107 Kiel, Germany > >> Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > >> > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 17 17:15:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: you still need the samba-server's trust account, and you still need to do smbpasswd -j SAMBA_DOMAINNAME. smbd et al will use this trust account to contact netlogond to verify any users, that's why. On Mon, 17 Jan 2000, Greg Dickie wrote: > > Nope, it's worse if I remove it from smbpasswd: I get "The machine account for > this computer either does not exist or is inaccessible" which is true except > that I clicked the "create computer account" thingy and have put my username & > password which is domain admin AND "admin user" on the PDC. I'll see if I can > see anything in the logs, I assume netmon wouldn't be too useful in this > case... > > > Greg > > On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > > hmmm..... that shouldn't be the case. > > > > you're using "admin/pass" in the dialog box? > > > > try removing the workstation trust account from private/smbpasswd. > > > > check if it gets added, what the "flags" are set to. it if says "[DW > > ]", let me know, i think i may still have a bug, there. > > > > On Tue, 18 Jan 2000, Greg Dickie wrote: > > > >> > >> Hi, > >> > >> Apologies if this is a known bug but I finally managed to get TNG working > >> for > >> me by zapping all the "private" files and recreating them. I seem to have > >> domain admin. privileges and profiles are fine BUT if I want to join a > >> workstation to the domain without using smbpasswd first (ie: just the NT > >> dialog), it does not seem to work (it did in the old 2.1 code). It tells me > >> my > >> account does not have privilege. Any pointers to where I could start looking > >> to > >> debug this? > >> > >> Greg > >> > >> --------------------------------------------------------------------- > >> Greg Dickie > >> Just A Guy* > >> *from discreet (the logic is gone) > >> Montreal > >> (514) 954-7171 > >> greg@discreet.com > >> > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From greg at discreet.com Mon Jan 17 17:21:19 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:02 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: For sure, I only removed that workstation. If I smbpasswd -a -m it and join its fine (same with Win2K RC3 BTW) but it doesn't like the admin account to modify it. What daemon it that done in? One problem with the new architecture is finding stuff, Does anyone have an LXR site set up? Greg On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > you still need the samba-server's trust account, and you still need to do > smbpasswd -j SAMBA_DOMAINNAME. > > smbd et al will use this trust account to contact netlogond to verify any > users, that's why. > > On Mon, 17 Jan 2000, Greg Dickie wrote: > >> >> Nope, it's worse if I remove it from smbpasswd: I get "The machine account >> for >> this computer either does not exist or is inaccessible" which is true except >> that I clicked the "create computer account" thingy and have put my username >> & >> password which is domain admin AND "admin user" on the PDC. I'll see if I >> can >> see anything in the logs, I assume netmon wouldn't be too useful in this >> case... >> >> >> Greg >> >> On 17-Jan-00 Luke Kenneth Casson Leighton wrote: >> > hmmm..... that shouldn't be the case. >> > >> > you're using "admin/pass" in the dialog box? >> > >> > try removing the workstation trust account from private/smbpasswd. >> > >> > check if it gets added, what the "flags" are set to. it if says "[DW >> > ]", let me know, i think i may still have a bug, there. >> > >> > On Tue, 18 Jan 2000, Greg Dickie wrote: >> > >> >> >> >> Hi, >> >> >> >> Apologies if this is a known bug but I finally managed to get TNG >> >> working >> >> for >> >> me by zapping all the "private" files and recreating them. I seem to have >> >> domain admin. privileges and profiles are fine BUT if I want to join a >> >> workstation to the domain without using smbpasswd first (ie: just the NT >> >> dialog), it does not seem to work (it did in the old 2.1 code). It tells >> >> me >> >> my >> >> account does not have privilege. Any pointers to where I could start >> >> looking >> >> to >> >> debug this? >> >> >> >> Greg >> >> >> >> --------------------------------------------------------------------- >> >> Greg Dickie >> >> Just A Guy* >> >> *from discreet (the logic is gone) >> >> Montreal >> >> (514) 954-7171 >> >> greg@discreet.com >> >> >> > >> > Luke Kenneth Casson Leighton >> > Samba and Network Development >> > Samba Web site >> > Internet Security Systems, Inc. >> > Macmillan Technical Publishing >> > >> > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet (the logic is gone) >> Montreal >> (514) 954-7171 >> greg@discreet.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Mon Jan 17 17:25:30 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:02 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: Hmmm. This doesn't look right from log.samr nitialising map getpwnam(EDINBURGH-NT$) EDINBURGH-NT$ not found getpwnam(edinburgh-nt$) Found: edinburgh-nt$:*:4261:510:Samba machine trust account:/dev/null:/dev/null search by uid: 10a5 startfileent: opening file /usr/local/samba/private/smbpasswd startfileent: unable to open file /usr/local/samba/private/smbpasswd unable to open sam password database. pwdb_sam_map_names: NULL getpwnam(EDINBURGH-NT$) EDINBURGH-NT$ not found I had similar stuff when domain_map was in the private directory but I'm assuming smbpasswd still needs to be protected. Let me know if I'mon the right track ;-) Greg On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > hmmm..... that shouldn't be the case. > > you're using "admin/pass" in the dialog box? > > try removing the workstation trust account from private/smbpasswd. > > check if it gets added, what the "flags" are set to. it if says "[DW > ]", let me know, i think i may still have a bug, there. > > On Tue, 18 Jan 2000, Greg Dickie wrote: > >> >> Hi, >> >> Apologies if this is a known bug but I finally managed to get TNG working >> for >> me by zapping all the "private" files and recreating them. I seem to have >> domain admin. privileges and profiles are fine BUT if I want to join a >> workstation to the domain without using smbpasswd first (ie: just the NT >> dialog), it does not seem to work (it did in the old 2.1 code). It tells me >> my >> account does not have privilege. Any pointers to where I could start looking >> to >> debug this? >> >> Greg >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet (the logic is gone) >> Montreal >> (514) 954-7171 >> greg@discreet.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From pburch at oralis.com Mon Jan 17 17:28:16 2000 From: pburch at oralis.com (Phil Burch) Date: Tue Dec 2 02:28:02 2003 Subject: Different ports Message-ID: <118529BE5569D31189910060089A3E72149020@MAIL> Port 9100 is used for printing. Port numbers 9101 and 9102 are for parallel ports 2 and 3 on the three-port HP JetDirect external print servers. (from HP tech support, I knew I'd done this before) Phil Burch Network Administrator Oralis.com - The online supplier to oral healthcare professionals. We are hiring the best and brightest. Please see our job openings at: http://www.oralis.com -----Original Message----- From: Keith Lynn [mailto:lynn@cis.usouthal.edu] Sent: Sunday, January 16, 2000 9:45 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Different ports I have an HP JetDirect print server which has an IP address and three ports that I can plug printers into. How do I get Samba to recognize the printers? Thanks. Keith Lynn From prophecy at hts-nightvision.com Mon Jan 17 17:41:33 2000 From: prophecy at hts-nightvision.com (Justace Clutter) Date: Tue Dec 2 02:28:02 2003 Subject: Same Machine In-Reply-To: Message-ID: Hello all (again), Thank you for the responces on the earlier email. I have seen that a lot prefer to run 2.0.x as the file server and make the TNG version the PDC. I am assuming that you have to have two machines to do that. Is there a way that this could work on one machine? Justace From jens.skripczynski at igd.fhg.de Mon Jan 17 17:45:59 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:02 2003 Subject: Samba RPC 3.0/TNG Problem Message-ID: <20000117184559.A2299@pclinux.igd.fhg.de> Hi, Today i veryfied my configuration against TNG only environment and got the following differnces: works in tng but not int tng/3.0: (all the Errors are reportet by NT as RPC Errors (doesn't this error Message help !? :()) - The NT Domain Usermanager It is not possible to browse the Userdatabase from an NT Client using the 3.0/TNG combination. Using TNG only everything works. Luke: Give me a hint how and where to trace this. (Which logfile or what keyword (it does not segfault)) - Browsing the (Linux PDC) by the network window Using "networkneighbourhood"->"shadowland"(my PDC) fails. I cannot browse the shares. But I can connect to them. (e.g. net use ....) works in 3.0 but not in tng/3.0 - The File Permission button (Right click on a file "properties" ->"?" "File Permissions" gives an RPC...) Kann someone off the HEAD Branch maybe try to solve this. Ok general approach is to send in logfiles. But i dont want to send Megs of Logs saying nothing. At most times it works for one part but the intersection part has errors. Childish Question: Is it really so hard to merge them ? Wouldn't it be possible now with the deamon Stuff just to merge 3.0 and tng into one tree ? Or will they stay seperate for - a max of one month - min. a year - forever ? I (and i think others too) do need the advanced file serving of the 3.0 Branch but do as well need the PDC funktionality of TNG... P.S.: Has any reciptient enough knowledge of the rpcclient ? I would like to read some How to / abstract of what it is capable/usefull with some examples (I know X-Mas is over But Easter is next)... Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From lkcl at samba.org Mon Jan 17 18:42:54 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: On Mon, 17 Jan 2000, Greg Dickie wrote: > > For sure, I only removed that workstation. If I smbpasswd -a -m it and join its > fine (same with Win2K RC3 BTW) but it doesn't like the admin account to modify > it. What daemon it that done in? samrd because you are adding a SAM account. the connection is authenticated as administrator. > One problem with the new architecture is > finding stuff, Does anyone have an LXR site set up? yeah, i know :-) :-) From lkcl at samba.org Mon Jan 17 18:45:29 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: ok, this fails [deliberately] because uid 10a5 is not root. you cannot just have any ordinary unix user modifying private/smbpasswd. the admin account you type in to the join-domain dialog *must* be mapped to root on the target box. to guarantee this, what i tend to do is add an account root to private/smbpasswd, and not mess about with Administrator or domain user map files. On Mon, 17 Jan 2000, Greg Dickie wrote: > > > Hmmm. > > This doesn't look right > > from log.samr > > > nitialising map > getpwnam(EDINBURGH-NT$) > EDINBURGH-NT$ not found > getpwnam(edinburgh-nt$) > Found: edinburgh-nt$:*:4261:510:Samba machine trust account:/dev/null:/dev/null > search by uid: 10a5 > startfileent: opening file /usr/local/samba/private/smbpasswd > startfileent: unable to open file /usr/local/samba/private/smbpasswd > unable to open sam password database. > pwdb_sam_map_names: NULL > getpwnam(EDINBURGH-NT$) > EDINBURGH-NT$ not found > > > I had similar stuff when domain_map was in the private directory but I'm > assuming smbpasswd still needs to be protected. Let me know if I'mon the right > track ;-) > > Greg > > > > On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > > hmmm..... that shouldn't be the case. > > > > you're using "admin/pass" in the dialog box? > > > > try removing the workstation trust account from private/smbpasswd. > > > > check if it gets added, what the "flags" are set to. it if says "[DW > > ]", let me know, i think i may still have a bug, there. > > > > On Tue, 18 Jan 2000, Greg Dickie wrote: > > > >> > >> Hi, > >> > >> Apologies if this is a known bug but I finally managed to get TNG working > >> for > >> me by zapping all the "private" files and recreating them. I seem to have > >> domain admin. privileges and profiles are fine BUT if I want to join a > >> workstation to the domain without using smbpasswd first (ie: just the NT > >> dialog), it does not seem to work (it did in the old 2.1 code). It tells me > >> my > >> account does not have privilege. Any pointers to where I could start looking > >> to > >> debug this? > >> > >> Greg > >> > >> --------------------------------------------------------------------- > >> Greg Dickie > >> Just A Guy* > >> *from discreet (the logic is gone) > >> Montreal > >> (514) 954-7171 > >> greg@discreet.com > >> > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 17 18:48:47 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: Samba RPC 3.0/TNG Problem In-Reply-To: <20000117184559.A2299@pclinux.igd.fhg.de> Message-ID: On Mon, 17 Jan 2000, Jens Skripczynski wrote: > Hi, > > Today i veryfied my configuration against TNG only environment and > got the following differnces: > > works in tng but not int tng/3.0: > (all the Errors are reportet by NT as RPC Errors (doesn't this error > Message help !? :()) > - The NT Domain Usermanager > It is not possible to browse the Userdatabase from an NT Client using > the 3.0/TNG combination. Using TNG only everything works. > Luke: Give me a hint how and where to trace this. > (Which logfile or what keyword (it does not segfault)) grep NT_ACCESS log.* first. check log.smb that it's able to connect to /usr/local/samba/var/locks/.msrpc/PIPENAME From lkcl at samba.org Mon Jan 17 18:52:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: Samba RPC 3.0/TNG Problem In-Reply-To: <20000117184559.A2299@pclinux.igd.fhg.de> Message-ID: > Childish Question: > Is it really so hard to merge them ? Wouldn't it be possible now with the > deamon Stuff just to merge 3.0 and tng into one tree ? you people need to keep on testing it for me. when the bug reports stop and just turn into "i can't set it up" reports, then i stop answering every single email on samba-ntdom again and turn it over to jeremy and andrew for a code review. i would _like_ the code review to be taken in stages, so that modules can be added one at a time, so i'm coding to make that easier. > P.S.: Has any reciptient enough knowledge of the rpcclient ? there _is_ a man page :) > I would like to read some How to / abstract of what > it is capable/usefull with some examples (I know X-Mas is over > But Easter is next)... what do you need to know? it's pretty comprehensive / powerful, and it's not even complete! From greg at discreet.com Mon Jan 17 19:01:40 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:03 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: Ok..... but if I am listed in "admin users" then that is supposed to equate to root on the samba server no? Hmmm that's kind of a pain but if it works then I'm good. so far so good.... Thanks alot, Greg On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > ok, this fails [deliberately] because uid 10a5 is not root. > > you cannot just have any ordinary unix user modifying private/smbpasswd. > > the admin account you type in to the join-domain dialog *must* be mapped > to root on the target box. > > to guarantee this, what i tend to do is add an account root to > private/smbpasswd, and not mess about with Administrator or domain user > map files. > > On Mon, 17 Jan 2000, Greg Dickie wrote: > >> >> >> Hmmm. >> >> This doesn't look right >> >> from log.samr >> >> >> nitialising map >> getpwnam(EDINBURGH-NT$) >> EDINBURGH-NT$ not found >> getpwnam(edinburgh-nt$) >> Found: edinburgh-nt$:*:4261:510:Samba machine trust >> account:/dev/null:/dev/null >> search by uid: 10a5 >> startfileent: opening file /usr/local/samba/private/smbpasswd >> startfileent: unable to open file /usr/local/samba/private/smbpasswd >> unable to open sam password database. >> pwdb_sam_map_names: NULL >> getpwnam(EDINBURGH-NT$) >> EDINBURGH-NT$ not found >> >> >> I had similar stuff when domain_map was in the private directory but I'm >> assuming smbpasswd still needs to be protected. Let me know if I'mon the >> right >> track ;-) >> >> Greg >> >> >> >> On 17-Jan-00 Luke Kenneth Casson Leighton wrote: >> > hmmm..... that shouldn't be the case. >> > >> > you're using "admin/pass" in the dialog box? >> > >> > try removing the workstation trust account from private/smbpasswd. >> > >> > check if it gets added, what the "flags" are set to. it if says "[DW >> > ]", let me know, i think i may still have a bug, there. >> > >> > On Tue, 18 Jan 2000, Greg Dickie wrote: >> > >> >> >> >> Hi, >> >> >> >> Apologies if this is a known bug but I finally managed to get TNG >> >> working >> >> for >> >> me by zapping all the "private" files and recreating them. I seem to have >> >> domain admin. privileges and profiles are fine BUT if I want to join a >> >> workstation to the domain without using smbpasswd first (ie: just the NT >> >> dialog), it does not seem to work (it did in the old 2.1 code). It tells >> >> me >> >> my >> >> account does not have privilege. Any pointers to where I could start >> >> looking >> >> to >> >> debug this? >> >> >> >> Greg >> >> >> >> --------------------------------------------------------------------- >> >> Greg Dickie >> >> Just A Guy* >> >> *from discreet (the logic is gone) >> >> Montreal >> >> (514) 954-7171 >> >> greg@discreet.com >> >> >> > >> > Luke Kenneth Casson Leighton >> > Samba and Network Development >> > Samba Web site >> > Internet Security Systems, Inc. >> > Macmillan Technical Publishing >> > >> > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet (the logic is gone) >> Montreal >> (514) 954-7171 >> greg@discreet.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Mon Jan 17 19:04:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: On Mon, 17 Jan 2000, Greg Dickie wrote: > > > Ok..... but if I am listed in "admin users" then that is supposed to equate to > root on the samba server no? what is "admin users"? From greg at discreet.com Mon Jan 17 19:08:03 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:03 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: EXPLANATION OF EACH PARAMETER admin users (S) This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root). You should use this option very carefully, as any user in this list will be able to do anything they like on the share, irrespective of file permissions. Default: no admin users 23 Oct 1998 35 smb\&.conf (5) Unix Programmer's Manual smb\&.conf (5) On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > what is "admin users"? --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Mon Jan 17 19:18:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: oops. well, it looks like it's only relevant to shares. and msrpc isn't shares, it's pipes :) that's my excuse, anyway :) it says file operations, and that doesn't include private/smbpasswd. honest! you'll need to set up an account that maps to the root user, greg. On Mon, 17 Jan 2000, Greg Dickie wrote: > > > > > EXPLANATION OF EACH PARAMETER > > admin users (S) > > This is a list of users who will be granted > administrative privileges on the share. This means that > they will do all file operations as the super-user > (root). > > You should use this option very carefully, as any user > in this list will be able to do anything they like on > the share, irrespective of file permissions. > > Default: > no admin users > > 23 Oct 1998 35 > > smb\&.conf (5) Unix Programmer's Manual smb\&.conf (5) > > > On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > > what is "admin users"? > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From greg at discreet.com Mon Jan 17 19:27:16 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:03 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: but smbpasswd is a file ;-) . No sweat but for the record it used to work, I'm not crazy honest...... daisy daisy.... errrr Thanks, Greg On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > oops. well, it looks like it's only relevant to shares. and msrpc isn't > shares, it's pipes :) > > that's my excuse, anyway :) > > it says file operations, and that doesn't include private/smbpasswd. > honest! > > you'll need to set up an account that maps to the root user, greg. > > On Mon, 17 Jan 2000, Greg Dickie wrote: > >> >> >> >> >> EXPLANATION OF EACH PARAMETER >> >> admin users (S) >> >> This is a list of users who will be granted >> administrative privileges on the share. This means that >> they will do all file operations as the super-user >> (root). >> >> You should use this option very carefully, as any user >> in this list will be able to do anything they like on >> the share, irrespective of file permissions. >> >> Default: >> no admin users >> >> 23 Oct 1998 35 >> >> smb\&.conf (5) Unix Programmer's Manual smb\&.conf (5) >> >> >> On 17-Jan-00 Luke Kenneth Casson Leighton wrote: >> > what is "admin users"? >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet (the logic is gone) >> Montreal >> (514) 954-7171 >> greg@discreet.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Mon Jan 17 19:29:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: On Mon, 17 Jan 2000, Greg Dickie wrote: > > but smbpasswd is a file ;-) . No sweat but for the record it used to work, I'm > not crazy honest...... daisy daisy.... errrr it probably did. i know how.... yeah, you made a connection to IPC$, which _is_ a share. therefore, you would be set to root [argh]. and of course, smbpasswd access would then be made as root, so it would succeed. is this acceptable behaviour? do you want me to see if i can sort it out? From bilbo at raadioring.ee Mon Jan 17 19:43:22 2000 From: bilbo at raadioring.ee (tanel niine) Date: Tue Dec 2 02:28:03 2003 Subject: changing password on NT Message-ID: hello, i use samba-tng and smbd,nmbd on samba-main. samba is PDC. everything works fine except changing password on nt worksation, the error message is 'unable to change password on this account [C00000BE], please consult your system administrator', must i change some permissions somewhere? and one other thing, i followed the instrucion how to become a domain administrator but i can't get it work tnx ___ tanel niine From greg at discreet.com Mon Jan 17 19:42:52 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:03 2003 Subject: samba-tng: Cannot create trust account as admin. In-Reply-To: Message-ID: REALLY not a big deal, I was just buggin ya, I'm sure there are better/more important things to do. I'm happy as long as there is a way to do it and there is... I'm happy! Now usrmgr.exe... Greg On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > On Mon, 17 Jan 2000, Greg Dickie wrote: > >> >> but smbpasswd is a file ;-) . No sweat but for the record it used to work, >> I'm >> not crazy honest...... daisy daisy.... errrr > > it probably did. i know how.... yeah, you made a connection to IPC$, > which _is_ a share. therefore, you would be set to root [argh]. and of > course, smbpasswd access would then be made as root, so it would succeed. > > is this acceptable behaviour? do you want me to see if i can sort it out? > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Mon Jan 17 19:44:44 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: mapping from NT users to Unix users. question. Message-ID: hi, i have a slight issue to consider. when giving out home directories, a user logs in as "NTuser" and gets mapped to "unixuser", i wonder if it's better to return \\server\unixuser as the home directory instead of \\server\ntuser. the reason is that it will make life a _lot_ simpler when it comes to accessing smbd. i won't have to do _any_ nt to unix mapping to create the [homes] section. ... but i _will_ still get an authentication request based on NTusername, but that's ok in SAMBA_TNG because that's handed off to netlogond to deal with, which can do the NTuser to unix user translation (which it just did exactly as above when the user logged in!) plus, i will get exactly the same user profile back, so i can grab the home directory from that, and set up the [homes] share. so it all works. now. my question is, is this acceptable? do you, the administrators, mind if a user logs in as NTusername but actually gets told that their home directory is Unixusername? or, do you really want user logs in as NTusername and accesses their [homes] share as \\server\NTusername? which would _you_ prefer? luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From greg at discreet.com Mon Jan 17 20:05:35 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:03 2003 Subject: mapping from NT users to Unix users. question. In-Reply-To: Message-ID: My first thought is that this would be fine, of course all my usernames are synchronised, it might look funny from the NT point of view if they weren't. Greg On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > hi, > > i have a slight issue to consider. when giving out home directories, a > user logs in as "NTuser" and gets mapped to "unixuser", i wonder if it's > better to return \\server\unixuser as the home directory instead of > \\server\ntuser. > > the reason is that it will make life a _lot_ simpler when it comes to > accessing smbd. i won't have to do _any_ nt to unix mapping to create the > [homes] section. > > .. but i _will_ still get an authentication request based on NTusername, > but that's ok in SAMBA_TNG because that's handed off to netlogond to deal > with, which can do the NTuser to unix user translation (which it just did > exactly as above when the user logged in!) > > plus, i will get exactly the same user profile back, so i can grab the > home directory from that, and set up the [homes] share. > > so it all works. > > now. > > my question is, is this acceptable? do you, the administrators, mind if a > user logs in as NTusername but actually gets told that their home > directory is Unixusername? > > or, do you really want user logs in as NTusername and accesses their > [homes] share as \\server\NTusername? > > which would _you_ prefer? > > luke > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From kevinc at grainsystems.com Mon Jan 17 20:18:24 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:28:03 2003 Subject: mapping from NT users to Unix users. question. References: Message-ID: <38837910.3CECB9B2@grainsystems.com> Luke Kenneth Casson Leighton wrote: > > or, do you really want user logs in as NTusername and accesses > their [homes] share as \\server\NTusername? As Greg said, since I would typically be trying to sync names both ways, I wouldn't notice. However, if anyone ever didn't/couldn't have the same names, Unix names would be horrible. The users may try and connect to the share, but not even know their unix account. Why would they? Then you're back to providing NT->unix mapping [homes] as an option. I say, if you're going to talk the talk, you need to walk the walk. Use the NT names. - Kevin Colby kevinc@grainsystems.com From lars at kneschke.de Mon Jan 17 19:07:08 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:03 2003 Subject: Same Machine References: Message-ID: <3883685C.EFE577@kneschke.de> Justace Clutter wrote: > > Hello all (again), > > Thank you for the responces on the earlier email. I have seen that a > lot prefer to run 2.0.x as the file server and make the TNG version the > PDC. I am assuming that you have to have two machines to do that. Is > there a way that this could work on one machine? Please watch my homepage(http://www.kneschke.de/projekte/samba_tng) and watch the section about Samba TNG and Samba Main. Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From paul.rogers at mis-cds.com Mon Jan 17 20:02:17 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:28:03 2003 Subject: mapping from NT users to Unix users. question. Message-ID: I personally wouldn't mind which way [homes] is implemented, but I could see some advantages from a Tech Support / Managers point-of-view that they would like \\server\ntuser to be the home directory because of *those* internal support calls saying that my home-directory is called something other than my nt user name. Also I think it depends upon who you (samba.org) are aiming Samba TNG at - just the peeps on this list, or are you planning to capture other linux admins or Windows -> Linux migrators that may not be on this list. It would *lessen* the confusion for the newbies, users and even some experienced samba admins (possibly not). Then again, it would be extra work for you to do Luke - and it would be longer before it would be working properly. Hmmmmm... I think it IS acceptable not to map the usernames, but if we take the fluffyness factor into consideration - the mapping between NT and UNIX usernames would be good! HTH, Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Monday, January 17, 2000 7:50 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: mapping from NT users to Unix users. question. > > > hi, > > i have a slight issue to consider. when giving out home > directories, a > user logs in as "NTuser" and gets mapped to "unixuser", i > wonder if it's > better to return \\server\unixuser as the home directory instead of > \\server\ntuser. > > the reason is that it will make life a _lot_ simpler when it comes to > accessing smbd. i won't have to do _any_ nt to unix mapping > to create the > [homes] section. > > .. but i _will_ still get an authentication request based on > NTusername, > but that's ok in SAMBA_TNG because that's handed off to > netlogond to deal > with, which can do the NTuser to unix user translation (which > it just did > exactly as above when the user logged in!) > > plus, i will get exactly the same user profile back, so i can grab the > home directory from that, and set up the [homes] share. > > so it all works. > > now. > > my question is, is this acceptable? do you, the > administrators, mind if a > user logs in as NTusername but actually gets told that their home > directory is Unixusername? > > or, do you really want user logs in as NTusername and accesses their > [homes] share as \\server\NTusername? > > which would _you_ prefer? > > luke > > Luke Kenneth Casson > Leighton > Samba and Network > Development > Samba Web site > > Internet Security > Systems, Inc. > Macmillan Technical > Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain > Internals > From lkcl at samba.org Mon Jan 17 20:38:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: mapping from NT users to Unix users. question. In-Reply-To: Message-ID: > admins or Windows -> Linux migrators that may not be on this list. It would > *lessen* the confusion for the newbies, users and even some experienced > samba admins (possibly not). good enough for me. doesn't really bother me, much, either way. From lars at kneschke.de Mon Jan 17 20:48:42 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:03 2003 Subject: mapping from NT users to Unix users. question. References: Message-ID: <3883802A.343BB@kneschke.de> Luke Kenneth Casson Leighton wrote: > my question is, is this acceptable? do you, the administrators, mind if a > user logs in as NTusername but actually gets told that their home > directory is Unixusername? > > or, do you really want user logs in as NTusername and accesses their > [homes] share as \\server\NTusername? > > which would _you_ prefer? It's an alias. I would prefer, that when you login with NTusername not equal Unixusername, that you will see \\server\Unixname. This makes administration a lot easier. Just my 2 Euros! :-) Cu -- Do you like Samba? Do you know KSamba? Try http://www.kneschke.de/projekte/ksamba!! Or watch our other projects at http://www.kneschke.de/projekte! From Jennifer_Arbogast at digi.com Mon Jan 17 21:14:00 2000 From: Jennifer_Arbogast at digi.com (Jennifer Arbogast) Date: Tue Dec 2 02:28:03 2003 Subject: which version of samba should I use? Message-ID: <415A9F6DCFA0D211B78D0008C7A42FB3021F1487@gopostal.digi.com> Hello. I've been working on a problem here and have been trying to figure it out using this mailing list and also documentation, I am confused. I am still learning about samba, and hope I am not asking a stupid question!!! Okay...I have samba running on a UNIX server and need to be able to connect to more than one domain. Do I need to get the TNG code? thanks! Jennifer From vs at lasp.npi.msu.su Mon Jan 17 21:52:34 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:03 2003 Subject: compile TNG error Message-ID: <200001172152.AAA08642@lasp.npi.msu.su> What's the news: Compiling smbd/server.c In file included from /usr/include/sys/resource.h:25, from include/includes.h:72, from smbd/server.c:22: /usr/include/bits/resource.h:24: asm/resource.h: No such file or directory In file included from /usr/include/netinet/in.h:26, from include/includes.h:82, from smbd/server.c:22: /usr/include/bits/socket.h:252: asm/socket.h: No such file or directory In file included from /usr/include/sys/param.h:25, from /usr/include/rpc/types.h:64, from /usr/include/rpc/rpc.h:41, from include/includes.h:84, from smbd/server.c:22: /usr/include/linux/param.h:4: asm/param.h: No such file or directory In file included from include/includes.h:104, from smbd/server.c:22: /usr/include/sys/syscall.h:25: asm/unistd.h: No such file or directory In file included from /usr/include/sys/ioctl.h:27, from include/includes.h:144, from smbd/server.c:22: /usr/include/bits/ioctls.h:24: asm/ioctls.h: No such file or directory In file included from /usr/include/sys/ioctl.h:30, from include/includes.h:144, from smbd/server.c:22: /usr/include/bits/ioctl-types.h:25: asm/ioctls.h: No such file or directory In file included from /usr/include/signal.h:294, from include/includes.h:151, from smbd/server.c:22: /usr/include/bits/sigcontext.h:28: asm/sigcontext.h: No such file or directory In file included from /usr/include/bits/errno.h:25, from /usr/include/errno.h:36, from include/includes.h:166, from smbd/server.c:22: /usr/include/linux/errno.h:4: asm/errno.h: No such file or directory make: *** [smbd/server.o] Error 1 ? All these asm/*.h not found files are in /usr/i386-glibc20-linux/include/asm/ Can I make links, or TNG source should be fixed? From kevinc at grainsystems.com Mon Jan 17 21:56:18 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:28:03 2003 Subject: mapping from NT users to Unix users. question. References: <3883802A.343BB@kneschke.de> Message-ID: <38839002.D861A665@grainsystems.com> Lars Kneschke wrote: > > I would prefer, that when you login with NTusername not > equal Unixusername, that you will see \\server\Unixname. > This makes administration a lot easier. ...from the Unix point of view, sure. >From the NT point of view, this could be very confusing, since the Unix username may not even be known to the user. Sorry, I know I just said that. I'll shut up now. - Kevin Colby kevinc@grainsystems.com From mgeddes at xavier.sa.edu.au Mon Jan 17 22:17:46 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:03 2003 Subject: TNG????/Homepage References: <3883441E.B9C4AB77@NetUSE.DE> Message-ID: <3883950A.F8337286@xavier.sa.edu.au> > > You can have a look at my homepage. > > http://www.kneschke.de/projekte/samba_tng > > Hi, Does your E-Mail client automatically generate this reply, or do you need to cut and paste each one? ;-) I didn't see any links to this page on samba.org (the 2nd Australian Mirror anyway). Perhaps there should be a link in big pretty letters? Matt P.S. It is a good source of info. From vs at lasp.npi.msu.su Mon Jan 17 22:28:07 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:03 2003 Subject: compile TNG error In-Reply-To: Your message of "Tue, 18 Jan 2000 09:02:39 +1100." <200001172152.AAA08642@lasp.npi.msu.su> Message-ID: <200001172228.BAA11721@lasp.npi.msu.su> On Tue, 18 Jan 2000 09:02:39 +1100 Vladimir Stavrinov wrote: -------- Sorry, I have already fixed this. From pgmtekn-micke at algonet.se Mon Jan 17 23:16:46 2000 From: pgmtekn-micke at algonet.se (Michael Stockman) Date: Tue Dec 2 02:28:03 2003 Subject: NT Aliases Message-ID: <010f01bf6140$ef4a7a20$0300a8c0@emil.pgmt> Hello, Could someone who knows NT please tell me what an alias is? I have tried to find some information on the internet, but so far with only modest luck. My theories: 1. An alias is just another name for a user or group. It has got the same SID. 2. An alias is another name for a user or group. It has a different SID, but the user settings are shared. 3. An alias is a completely independent user or group. It has both different SID and different user settings. This would be consistent with someplace where I read that a alias is a local user on a domain server. Does anyone know on which kind of NT machines aliases can be created (domain servers, stand alone servers, workstations etc.)? Are aliases considered to belong to the same domain/server/SAM as the original user? TIA Michael Stockman pgmtekn-micke@algonet.se From lkcl at samba.org Mon Jan 17 23:27:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: changing password on NT In-Reply-To: Message-ID: RIGHT, grr :) i spent this afternoon fixing password changing. i _don't_ have LANMAN-style password changes working, yet, i have to fix that. On Tue, 18 Jan 2000, tanel niine wrote: > hello, > > i use samba-tng and smbd,nmbd on samba-main. samba is PDC. everything > works fine except changing password on nt worksation, the error message is > 'unable to change password on this account [C00000BE], please consult > your system administrator', must i change some permissions somewhere? > > and one other thing, > i followed the instrucion how to become a domain administrator but i can't > get it work > > tnx > ___ > tanel niine > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From vs at lasp.npi.msu.su Mon Jan 17 23:22:54 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:03 2003 Subject: compile TNG error In-Reply-To: Your message of "Tue, 18 Jan 2000 09:31:05 +1100." <200001172228.BAA11721@lasp.npi.msu.su> Message-ID: <200001172322.CAA13537@lasp.npi.msu.su> On Tue, 18 Jan 2000 09:31:05 +1100 Vladimir Stavrinov wrote: -------- > On Tue, 18 Jan 2000 09:02:39 +1100 Vladimir Stavrinov wrote: > -------- > > Sorry, I have already fixed this. > But there are one more...: Compiling client/smbmount.c client/smbmount.c: In function `close_our_files': client/smbmount.c:242: `NR_OPEN' undeclared (first use in this function) client/smbmount.c:242: (Each undeclared identifier is reported only once client/smbmount.c:242: for each function it appears in.) make: *** [client/smbmount.o] Error 1 From lkcl at samba.org Mon Jan 17 23:36:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: NT Aliases In-Reply-To: <010f01bf6140$ef4a7a20$0300a8c0@emil.pgmt> Message-ID: On Tue, 18 Jan 2000, Michael Stockman wrote: > Hello, > > Could someone who knows NT please tell me what an alias is? I have > tried to find some information on the internet, but so far with only > modest luck. understanding aliases is critical to understanding how to set up an NT domain, michael! users: users can be added to domain groups of their own domain and domain aliases of any domain. groups: groups can ONLY have user RIDs added to them, and by definition therefore they can only contain users of their own domain aliases: aliases can have ABSOLUTELY any SIDs added to them. the SIDs could in fact be total garbage, should you so choose. garbage SIDs, however, will have no meaning and are in fact a security risk in case someone finds a way to create the garbage SID, so don't do it! to make it really clear, aliases can contain User, Group or other Alias SIDs from ABSOLUTELY any domain. a user's groups can only be RID components. you can make a user be a member of domain group RIDs AND alias group RIDs, mixed. you can NOT make a user a member of a foriegn SID. select the 'Group Memberships' box on a user profile in USRMGR.EXE have fun! From D.Bannon at latrobe.edu.au Tue Jan 18 00:32:49 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:28:03 2003 Subject: Different ports In-Reply-To: Message-ID: <3.0.6.32.20000118113249.00919290@bioserve.latrobe.edu.au> At 04:45 PM 17/01/2000 +1100, Keith Lynn wrote: >I have an HP JetDirect print server which has an IP address and three >ports that I can plug printers into. How do I get Samba to recognize the >printers? Thanks. > Keith Lynn > Keith, thats more of an unix question, get it printing via printcap then they'll appear under printers in samba. Your printcap would include something like this : :rm=131.172.140.99:\ :rp=lp0:\ The ports are lp0, lp1 and lp2 ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Tue Jan 18 00:38:45 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:28:03 2003 Subject: Banner Page In-Reply-To: Message-ID: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> At 12:58 AM 18/01/2000 +1100, Keith Lynn wrote: > I am using Samba on RedHat Linux 6.0. When a page is printed, a >seperate page comes with information about the server, sort of a banner >page. Is there a way to turn this off? Thanks. > Keith Lynn > man printcap sh bool false suppress printing of burst page header ie sh: in printcap entry david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From nazard at dragoninc.on.ca Tue Jan 18 00:43:13 2000 From: nazard at dragoninc.on.ca (nazard@dragoninc.on.ca) Date: Tue Dec 2 02:28:03 2003 Subject: compile TNG error In-Reply-To: <200001172322.CAA13537@lasp.npi.msu.su> Message-ID: <20000118004038Z13183290-11511+40229@samba.anu.edu.au> On 18 Jan, Vladimir Stavrinov wrote: > But there are one more...: > > Compiling client/smbmount.c > client/smbmount.c: In function `close_our_files': > client/smbmount.c:242: `NR_OPEN' undeclared (first use in this function) > client/smbmount.c:242: (Each undeclared identifier is reported only once > client/smbmount.c:242: for each function it appears in.) > make: *** [client/smbmount.o] Error 1 Here is the patch I wrote to handle this. Index: samba/source/client/smbmount.c =================================================================== RCS file: /cvsroot/samba/source/client/smbmount.c,v retrieving revision 1.27 diff -u -r1.27 smbmount.c --- smbmount.c 1999/12/01 02:15:10 1.27 +++ smbmount.c 2000/01/18 00:38:25 @@ -239,7 +239,20 @@ close_our_files(void) { int i; - for (i = 0; i < NR_OPEN; i++) { + int fileLimit = 1024; /* set a reasonable default size */ +#ifdef NR_OPEN + fileLimit = NR_OPEN; +#endif +#ifdef HAVE_GETRLIMIT + { + struct rlimit openFilesLimit; + if (getrlimit(RLIMIT_NOFILE, &openFilesLimit) == 0) + { + fileLimit = openFilesLimit.rlim_cur; + } + } +#endif + for (i = 0; i < fileLimit; i++) { if (i == Client) { continue; } From jscipio at rochester.rr.com Tue Jan 18 02:51:10 2000 From: jscipio at rochester.rr.com (John F. Scipione) Date: Tue Dec 2 02:28:03 2003 Subject: can't see computers in net neighborhood Message-ID: <000701bf615e$e04e2120$0400a8c0@Ophelia> I have a linux computer running samba 2.06 stable, hosting as a roaming profile server, file server, and a PDC for several win98 machines and a win2k machine(minus domain). Roaming profiles work and I can connect to the computer if I type the address in maunally '\\hildegarde', but I cannot see any computers in my network neighborhood. If I turn samba off I can once again see the computers, but, of course, loose all of my PDC functionality. Here is my smb.conf file for reference: # Samba config file # Created by John F. Scipione # Date: 1999/11/29 23:21:41 # Global parameters [globals] workgroup = workgroup netbios name = Hildegarde server string = SMB PDC using Samba %v security = user password level = 4 os level = 65 encrypt passwords = Yes smb passwd file = /usr/local/samba/private/smbpasswd domain logons = Yes logon script = logon.bat logon home = \\%N\%U logon drive = H: logon path = \\%N\profile\%U log file = /var/log/log.%m local master = Yes domain master = Yes # uncomment if you want Hildegarde to resolve netbios names preferred master = Yes case sensitive = No default case = lower preserve case = Yes short preserve case = No guest account = guest wins support = No # uncomment if you want the use lmhosts as main name resolve file. # name resolve order = lmhosts hosts [homes] comment = Home Directories, limit of 1 GB path = /home/%U read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon locking = No guest ok = No browseable = Yes writeable = No [Profile] comment = Directory to hold Windows User Profiles path = /home/profile browseable = Yes writeable = Yes create mode = 0600 directory mode = 0770 [tape] comment = only 150MB may be stored in this share path = /usr/tape read only = No guest ok = Yes available = Yes browseable = Yes [tmp] comment = Temporary file space path = /tmp read only = No hosts allow = 192.168.0.4 thank you for all your help, everything volded is info I think could pertain to my problem. John F. Scipione random samba guy jscipio@rochester.rr.com -------------- next part -------------- HTML attachment scrubbed and removed From mgeddes at xavier.sa.edu.au Tue Jan 18 03:29:29 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:03 2003 Subject: can't see computers in net neighborhood References: <000701bf615e$e04e2120$0400a8c0@Ophelia> Message-ID: <3883DE19.CD025F7F@xavier.sa.edu.au> I had this problem with a number of different Samba installations. In my case, it was Windows 95 not participating in the browser elections properly (ie, not at all). What I did to fix it was go around to each Windows 9x client and view the properties of 'File and Printer Sharing' and turn the browse master option off. I found that even when Linux has a high OS level, Windows still won't participate properly in the elections. I have also found the same problem when F & P sharing is not installed. I may be wrong in your case, if so, I'm sure someone will point it out. Thanks, Matt From lkcl at samba.org Tue Jan 18 05:01:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: can't see computers in net neighborhood In-Reply-To: <000701bf615e$e04e2120$0400a8c0@Ophelia> Message-ID: he he. please be gentle with john, remember that 2.0.x is still valid as a "pdc" to win9x :) hi john, welcome to samba-ntdom. On Tue, 18 Jan 2000, John F. Scipione wrote: > I have a linux computer running samba 2.06 stable, hosting as a > roaming profile server, file server, and a PDC for several win98 > machines and a win2k machine(minus domain). Roaming profiles work and > I can connect to the computer if I type the address in maunally > '\\hildegarde', but I cannot see any computers in my network > neighborhood. If I turn samba off I can once again see the computers, > but, of course, loose all of my PDC functionality. Here is my > smb.conf file for reference: From lkcl at samba.org Tue Jan 18 05:06:19 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: can't see computers in net neighborhood In-Reply-To: <000701bf615e$e04e2120$0400a8c0@Ophelia> Message-ID: john, it doesn't look like you're using a wins server, is this on a LAN or a single subnet? also, remove everything but TCP/IP on all win9x hosts, if you use "i wanna run netbios over stupid-ipx" or "i wanna do netbeui" then you will a) slow your network down b) pollute your network c) slow down access from win9x hosts to other computers d) all of the previous. > [globals] > workgroup = workgroup > netbios name = Hildegarde > server string = SMB PDC using Samba %v > security = user > password level = 4 > os level = 65 > encrypt passwords = Yes > smb passwd file = /usr/local/samba/private/smbpasswd > domain logons = Yes > logon script = logon.bat > logon home = \\%N\%U > logon drive = H: > logon path = \\%N\profile\%U > log file = /var/log/log.%m > local master = Yes > domain master = Yes > # uncomment if you want Hildegarde to resolve netbios names > preferred master = Yes > case sensitive = No > default case = lower > preserve case = Yes > short preserve case = No > guest account = guest > wins support = No > # uncomment if you want the use lmhosts as main name resolve file. > # name resolve order = lmhosts hosts > > [homes] > comment = Home Directories, limit of 1 GB > path = /home/%U > read only = No > browseable = No > > [netlogon] > comment = Network Logon Service > path = /home/netlogon > locking = No > guest ok = No > browseable = Yes > writeable = No > > [Profile] > comment = Directory to hold Windows User Profiles > path = /home/profile > browseable = Yes > writeable = Yes > create mode = 0600 > directory mode = 0770 > > [tape] > comment = only 150MB may be stored in this share > path = /usr/tape > read only = No > guest ok = Yes > available = Yes > browseable = Yes > > [tmp] > comment = Temporary file space > path = /tmp > read only = No > hosts allow = 192.168.0.4 > > thank you for all your help, everything volded is info I think could pertain to my problem. > > John F. Scipione > random samba guy > jscipio@rochester.rr.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mgeddes at xavier.sa.edu.au Tue Jan 18 05:15:13 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:03 2003 Subject: Not *completely* relevant Message-ID: <3883F6E0.40C8AC80@xavier.sa.edu.au> Hi guys, I'm looking at having a single login/password for our users to access mail, logging into the NT domain, proxy authentication and others. What I'm after is your opinion on whether using something like PAM_SMB to authenticate the unix accounts is a good idea. The PDC is Linux with Samba-TNG as are all other servers bar one (NT). The load shouldn't be enough to break it. So, do you trust the NT Authentication method over the Unix one? I realise that it will mean an increase in network traffic around my servers, but how much? Does this sound like a *really* stupid idea for some reason I have quite obviously overlooked? Thanks heaps, Matt From sam at topic.com.au Tue Jan 18 06:01:52 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:28:03 2003 Subject: Not *completely* relevant In-Reply-To: <3883F6E0.40C8AC80@xavier.sa.edu.au>; from mgeddes@xavier.sa.edu.au on Tue, Jan 18, 2000 at 04:10:52PM +1100 References: <3883F6E0.40C8AC80@xavier.sa.edu.au> Message-ID: <20000118060152.F27163@mailhost.topic.com.au> Matthew Geddes wrote: > > So, do you trust the NT Authentication method over the Unix one? We use pam_smb to authenticate a few Linux boxes against our Solaris/samba PDC. It works pretty well overall. Note that I have a certain level of trust in my users - I trust that those who don't have root already aren't smart enough to exploit most security holes. Unfortunately, you still need entries in /etc/passwd (* in the password field) for the users to exist on the machine. This annoys me no end, as only passwords are kept synchronised, nothing else. The other annoyance is that Solaris PAM is incomplete, so I can't use pam_smb on the Solaris box. > I realise that it will mean an increase in network traffic around my > servers, but how much? I haven't noticed any difference at all, but we're mounting home directories over NFS, so the traffic would be insignificant compared to NFS traffic. ;) > Does this sound like a *really* stupid idea for some reason I have quite > obviously overlooked? I hope if there is some stupid reason that someone will tell me also. -- Sam Couter sam@topic.com.au Internet Engineer tSA Consulting From D.Bannon at latrobe.edu.au Tue Jan 18 06:03:56 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:28:03 2003 Subject: Not *completely* relevant In-Reply-To: <3883F6E0.40C8AC80@xavier.sa.edu.au> Message-ID: <3.0.6.32.20000118170356.00890a80@bioserve.latrobe.edu.au> At 04:10 PM 18/01/2000 +1100, Matthew Geddes wrote: >using something like PAM_SMB to >authenticate the unix accounts is a good idea. I have some 200 users sharing about 90 computers working like this. Seems no difference from my other branch that does a more conventional login. >So, do you trust the NT Authentication method over the Unix one? How can you tell ?? >I realise that it will mean an increase in network traffic around my >servers, but how much? Certainly 'not much'. Make sure nameservers are capable, that can be a bottle neck. >Does this sound like a *really* stupid idea for some reason I have quite >obviously overlooked? If you have, so have I ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sharpe at ns.aus.com Mon Jan 17 12:17:55 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:03 2003 Subject: Not *completely* relevant In-Reply-To: <3883F6E0.40C8AC80@xavier.sa.edu.au> Message-ID: <3.0.6.32.20000117221755.00951d00@mail.adelaide.on.net> At 04:10 PM 1/18/00 +1100, Matthew Geddes wrote: >Hi guys, > >I'm looking at having a single login/password for our users to access >mail, logging into the NT domain, proxy authentication and others. What >I'm after is your opinion on whether using something like PAM_SMB to >authenticate the unix accounts is a good idea. The PDC is Linux with >Samba-TNG as are all other servers bar one (NT). The load shouldn't be >enough to break it. > >So, do you trust the NT Authentication method over the Unix one? The UNIX Crypt function has a salt, which means that two users who use the same password are unlikely to end up with the same password hash. It seems that this cannot be said for the NT MD4 or MD5 hash. However, the biggest problem with PAM_SMB is that it uses my SMBlib, which has some buffer overflows in it that I have never got around to fixing and it does not implement encrypted passwords. I have implemented the encrypted stuff but never folded it back, so Dave Airlie never got it into PAM_SMB. You should probably use PAM_NTDOM, but that requires you run Samba as a PDC, or have a PDC of some sort. >I realise that it will mean an increase in network traffic around my >servers, but how much? > >Does this sound like a *really* stupid idea for some reason I have quite >obviously overlooked? > >Thanks heaps, > >Matt Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sam at topic.com.au Tue Jan 18 06:55:33 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:28:03 2003 Subject: Not *completely* relevant In-Reply-To: <3.0.6.32.20000117221755.00951d00@mail.adelaide.on.net>; from sharpe@ns.aus.com on Tue, Jan 18, 2000 at 05:22:52PM +1100 References: <3.0.6.32.20000117221755.00951d00@mail.adelaide.on.net> Message-ID: <20000118065533.G27163@mailhost.topic.com.au> Richard Sharpe wrote: > > You should probably use PAM_NTDOM, but that requires you run Samba as a > PDC, or have a PDC of some sort. I had a decent attempt at trying to get pam_ntdom to work, but failed miserably. pam_smb works though. I'll have another go at pam_ntdom one day... -- Sam Couter sam@topic.com.au Internet Engineer tSA Consulting From lkcl at samba.org Tue Jan 18 07:02:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:03 2003 Subject: Not *completely* relevant In-Reply-To: <20000118065533.G27163@mailhost.topic.com.au> Message-ID: try again. 0.24. http://cb1.com/~lkcl/pam_ntdom. redhat 6 stuffed things a bit. On Tue, 18 Jan 2000, Sam Couter wrote: > Richard Sharpe wrote: > > > > You should probably use PAM_NTDOM, but that requires you run Samba as a > > PDC, or have a PDC of some sort. > > I had a decent attempt at trying to get pam_ntdom to work, but failed > miserably. pam_smb works though. > > I'll have another go at pam_ntdom one day... > -- > Sam Couter sam@topic.com.au > Internet Engineer > tSA Consulting > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From christof.hellweg at uni-oldenburg.de Tue Jan 18 07:50:05 2000 From: christof.hellweg at uni-oldenburg.de (Christof Hellweg) Date: Tue Dec 2 02:28:03 2003 Subject: Banner Page References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> Message-ID: <38841B2D.34FCA650@uni-oldenburg.de> Hi! I have the same problem with SuSE 6.3. And I have sh in my printcap. What is the problem now? Christof Hellweg David Bannon schrieb: > > At 12:58 AM 18/01/2000 +1100, Keith Lynn wrote: > > I am using Samba on RedHat Linux 6.0. When a page is printed, a > >seperate page comes with information about the server, sort of a banner > >page. Is there a way to turn this off? Thanks. > > Keith Lynn > > > > man printcap > sh bool false suppress printing of burst > page header > > ie sh: in printcap entry > > david > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! From sharpe at ns.aus.com Mon Jan 17 13:57:29 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page In-Reply-To: <38841B2D.34FCA650@uni-oldenburg.de> References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> At 06:50 PM 1/18/00 +1100, Christof Hellweg wrote: >Hi! >I have the same problem with SuSE 6.3. >And I have sh in my printcap. What is the problem now? >Christof Hellweg What do these banner pages look like? Do they come out after the print job, and consist of a few lines on the top of the page? If so, I have seen them on a RH6.0 system, but do not know what causes them. >David Bannon schrieb: >> >> At 12:58 AM 18/01/2000 +1100, Keith Lynn wrote: >> > I am using Samba on RedHat Linux 6.0. When a page is printed, a >> >seperate page comes with information about the server, sort of a banner >> >page. Is there a way to turn this off? Thanks. >> > Keith Lynn >> > >> >> man printcap >> sh bool false suppress printing of burst >> page header >> >> ie sh: in printcap entry >> >> david >> ------------------------------------------------------------ >> David Bannon D.Bannon@latrobe.edu.au >> School of Biochemistry Phone 61 03 9479 2197 >> La Trobe University, Plenty Rd, Fax 61 03 9479 2467 >> Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au >> ------------------------------------------------------------ >> .... Humpty Dumpty was pushed ! > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From christof.hellweg at uni-oldenburg.de Tue Jan 18 08:25:10 2000 From: christof.hellweg at uni-oldenburg.de (Christof Hellweg) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> Message-ID: <38842366.E825F95C@uni-oldenburg.de> The Banner Page come out after the printjob but the page is blank! My printcap: hp4si|lp7|PS_600dpi-a4-raw|PS_600dpi a4 raw:\ :lp=/dev/lp0:\ :sd=/var/spool/lpd/hp4si:\ :lf=/var/spool/lpd/hp4si/log:\ :af=/var/spool/lpd/hp4si/acct:\ :if=/var/lib/apsfilter/bin/PS_600dpi-a4-raw:\ :la@:mx#0:\ :tr=:cl:sh:sf: Richard Sharpe schrieb: > > At 06:50 PM 1/18/00 +1100, Christof Hellweg wrote: > >Hi! > >I have the same problem with SuSE 6.3. > >And I have sh in my printcap. What is the problem now? > >Christof Hellweg > > What do these banner pages look like? Do they come out after the print > job, and consist of a few lines on the top of the page? > > If so, I have seen them on a RH6.0 system, but do not know what causes them. > From gisler at ntb.ch Tue Jan 18 10:29:28 2000 From: gisler at ntb.ch (HpG) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> <38842366.E825F95C@uni-oldenburg.de> Message-ID: <38844088.73E16E8A@ntb.ch> Hi all Same behaviour with my Laserjet 4MPlus As far as I know, on the newer HP-ps-printers, it is possible to turn this info page off. It is a thing which does the printer by itself. All you have to do, is to telnet to your printer and turn this option off. My version is an older one (unfortunately), so I can't do it. Hanspeter Christof Hellweg wrote: > > The Banner Page come out after the printjob but the page is blank! > My printcap: > hp4si|lp7|PS_600dpi-a4-raw|PS_600dpi a4 raw:\ > :lp=/dev/lp0:\ > :sd=/var/spool/lpd/hp4si:\ > :lf=/var/spool/lpd/hp4si/log:\ > :af=/var/spool/lpd/hp4si/acct:\ > :if=/var/lib/apsfilter/bin/PS_600dpi-a4-raw:\ > :la@:mx#0:\ > :tr=:cl:sh:sf: > > Richard Sharpe schrieb: > > > > At 06:50 PM 1/18/00 +1100, Christof Hellweg wrote: > > >Hi! > > >I have the same problem with SuSE 6.3. > > >And I have sh in my printcap. What is the problem now? > > >Christof Hellweg > > > > What do these banner pages look like? Do they come out after the print > > job, and consist of a few lines on the top of the page? > > > > If so, I have seen them on a RH6.0 system, but do not know what causes them. > > From Eirik.Thorsnes at student.uib.no Tue Jan 18 09:07:05 2000 From: Eirik.Thorsnes at student.uib.no (Eirik Thorsnes) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page In-Reply-To: <38842366.E825F95C@uni-oldenburg.de> References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> Message-ID: <4.1.20000118100028.00a366f0@rasmus.uib.no> At 19:26 18.01.00 +1100, you wrote: >The Banner Page come out after the printjob but the page is blank! RedHat has an option about sending EOF after each job - can this be causing it? Alternatively you can try adding the option -h to the line describing the print command in smb.conf lpr -h -P%p %s Another option is to use telnet to the printer and turn it off, or HPwebjet admin (comes for both NT and Linux download from HP) Eirik From lonnie at borntreger.com Tue Jan 18 09:09:25 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:28:04 2003 Subject: Latest snapshot report Message-ID: <002301bf6193$b7e22080$0500000a@borntreger.com> Configuration: - PDC: gto - Server OS: Solaris 7 - Client OS: Win95 (sorry Luke :) - Absolute latest TNG - THINGS FIXED - + core dump in netlogond when "smbpasswd -j domain". Can trust self again. - STILL PROBLEMS - I attached my configuration files in case I just screwed up. Let me know if my config looks OK, and I'll turn up my logging. Just seems suspicious that others have this running with no problems, but I can't get very far. - WEIRD - * I saw Luke's mail about the locks directory should be set to 0700. Did that and the network neighborhood disappears. Reset it to 0755, and the NN reappears. * Occasionally, if I let samba run too long I get endless spawning of samrd and netlogond until they take up my entire processor make my disk sound like it's going to burn out. - NOT WEIRD - *** log.netlogon *** trust account pocket0$ should be in DOMAIN_GROUP_RID_USERS trust account gto$ should be in DOMAIN_GROUP_RID_USERS +++ I thought the following takes care of this +++ *** /etc/passwd *** gto$:x:801:1:GTO:/:/bin/false pocket0$:x:800:1:Pocket0:/:/bin/false *** /etc/group *** other::1:67goat,donnab,pocket0$,gto$ *** .../lib/domaingroup.map *** other="Domain Users" - ALSO - appears occasionally in log.netlogon ERROR: become root depth is non zero ERROR: unbecome root depth is 0 - ALSO - (when attempting to connect from w95 - is this related to the problems Luke mentioned with LM passwords?) Can't connect to, or browse, any shares. All accounts say (whomever is whatever actual account is used): domain_client_validate: unable to validate password for user in domain WHNET to Domain controller \\.. SMB LM/NT Password did not match! +++ Must be the LM password thing, because connecting locally....... gto-> smbclient -U 67goat -L gto Added interface ip=10.0.0.7 bcast=10.0.0.255 nmask=255.255.255.0 Password: session setup ok Domain=[WHNET] OS=[Unix] Server=[Samba TNG-prealpha] Sharename Type Comment --------- ---- ------- homes Disk netlogon Disk home Disk Home Directory UsrLocal Disk /usr/local Top Disk Root of server www Disk WWW Directory IPC$ IPC IPC Service (Borntreger PDC (TNG-prealpha,gto)) 67goat Disk Home directory of 67goat Server Comment --------- ------- Workgroup Master --------- ------- gto-> smbclient //gto/home -U 67goat Added interface ip=10.0.0.7 bcast=10.0.0.255 nmask=255.255.255.0 Password: session setup ok Domain=[WHNET] OS=[Unix] Server=[Samba TNG-prealpha] smb: \> dir lost+found D 0 Wed Jul 28 22:09:11 1999 donnab D 0 Wed Jul 28 06:19:04 1999 67goat D 0 Mon Jan 17 01:14:09 2000 www D 0 Sun Jan 16 02:09:25 2000 netscape D 0 Wed Jul 28 06:19:38 1999 keona D 0 Sun Dec 12 01:55:51 1999 rje D 0 Tue Jan 11 12:02:39 2000 57234 blocks of size 32768. 28589 blocks available smb: \> exit TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: domaingroup.map Type: application/octet-stream Size: 63 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000118/ebea9900/domaingroup.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 1508 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000118/ebea9900/smb.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: smbpasswd Type: application/octet-stream Size: 265 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000118/ebea9900/smbpasswd.obj From lk at NetUSE.DE Tue Jan 18 10:27:20 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:04 2003 Subject: TNG????/Homepage References: <3883441E.B9C4AB77@NetUSE.DE> <3883950A.F8337286@xavier.sa.edu.au> Message-ID: <38844008.86704EDC@NetUSE.DE> Matthew Geddes wrote: > > > > > You can have a look at my homepage. > > > > http://www.kneschke.de/projekte/samba_tng > > > > > > Hi, > > Does your E-Mail client automatically generate this reply, or do you need to > cut and paste each one? ;-) No, i have 20 students that monitor my email! :-) > I didn't see any links to this page on samba.org (the 2nd Australian Mirror > anyway). Perhaps there should be a link in big pretty letters? Seems to be a good idea! Maybe someone who knows the webmaster, can give him a hint. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From s_colombo at iol.it Tue Jan 18 10:40:29 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:28:04 2003 Subject: R: can't see computers in net neighborhood In-Reply-To: <000701bf615e$e04e2120$0400a8c0@Ophelia> Message-ID: It seems to me that you miss to configure a Wins server in your lan I would suggest inserting Wins support = yes os level = 30 in your smb.conf and configure the wins parameter in win9.x box to your Samba's IP address HTH stefano -----Messaggio originale----- Da: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]Per conto di John F. Scipione Inviato: marted? 18 gennaio 2000 3.52 A: Multiple recipients of list SAMBA-NTDOM Oggetto: can't see computers in net neighborhood I have a linux computer running samba 2.06 stable, hosting as a roaming profile server, file server, and a PDC for several win98 machines and a win2k machine(minus domain). Roaming profiles work and I can connect to the computer if I type the address in maunally '\\hildegarde', but I cannot see any computers in my network neighborhood. If I turn samba off I can once again see the computers, but, of course, loose all of my PDC functionality. Here is my smb.conf file for reference: # Samba config file # Created by John F. Scipione # Date: 1999/11/29 23:21:41 # Global parameters [globals] workgroup = workgroup netbios name = Hildegarde server string = SMB PDC using Samba %v security = user password level = 4 os level = 65 encrypt passwords = Yes smb passwd file = /usr/local/samba/private/smbpasswd domain logons = Yes logon script = logon.bat logon home = \\%N\%U logon drive = H: logon path = \\%N\profile\%U log file = /var/log/log.%m local master = Yes domain master = Yes # uncomment if you want Hildegarde to resolve netbios names preferred master = Yes case sensitive = No default case = lower preserve case = Yes short preserve case = No guest account = guest wins support = No # uncomment if you want the use lmhosts as main name resolve file. # name resolve order = lmhosts hosts [homes] comment = Home Directories, limit of 1 GB path = /home/%U read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon locking = No guest ok = No browseable = Yes writeable = No [Profile] comment = Directory to hold Windows User Profiles path = /home/profile browseable = Yes writeable = Yes create mode = 0600 directory mode = 0770 [tape] comment = only 150MB may be stored in this share path = /usr/tape read only = No guest ok = Yes available = Yes browseable = Yes [tmp] comment = Temporary file space path = /tmp read only = No hosts allow = 192.168.0.4 thank you for all your help, everything volded is info I think could pertain to my problem. John F. Scipione random samba guy jscipio@rochester.rr.com -------------- next part -------------- HTML attachment scrubbed and removed From christof.hellweg at uni-oldenburg.de Tue Jan 18 11:19:52 2000 From: christof.hellweg at uni-oldenburg.de (Christof Hellweg) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> <38842366.E825F95C@uni-oldenburg.de> <38844088.73E16E8A@ntb.ch> Message-ID: <38844C58.294365C0@uni-oldenburg.de> > > Hi all > Same behaviour with my Laserjet 4MPlus > > As far as I know, on the newer HP-ps-printers, > it is possible to turn this info page off. > It is a thing which does the printer by itself. > > All you have to do, is to telnet to your printer > and turn this option off. > > My version is an older one (unfortunately), so > I can't do it. We also have an older Version of the HP 4Si, but i think it's not a problem of the printer because it happens only with Windows. If i print direct with Linux this blank page don't exist. Christof From mg at plum.de Tue Jan 18 11:31:19 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> <38842366.E825F95C@uni-oldenburg.de> <38844088.73E16E8A@ntb.ch> <38844C58.294365C0@uni-oldenburg.de> Message-ID: <38844F07.31A83CFB@plum.de> Christof Hellweg wrote: > > > > > Hi all > > Same behaviour with my Laserjet 4MPlus > > > > As far as I know, on the newer HP-ps-printers, > > it is possible to turn this info page off. > > It is a thing which does the printer by itself. > > > > All you have to do, is to telnet to your printer > > and turn this option off. > > > > My version is an older one (unfortunately), so > > I can't do it. > > We also have an older Version of the HP 4Si, but i think it's not a > problem of the printer because it happens only with Windows. If i print > direct with Linux this blank page don't exist. I think there is some option in the windows printer control-panel, which is about sending ctrl-d (?) at the end of job. I think this is the reason for the extra page when printing with windows. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From lk at NetUSE.DE Tue Jan 18 12:35:46 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:04 2003 Subject: Today's samba tng doesn't work properly Message-ID: <38845E22.56F53A44@NetUSE.DE> Hello! lsarpc and samrd are crashing, when i try to watch the shares in the network nei...(Netzwerkumgebung). The lasrpc and samrc got a signal 11 and somehow they get started new. This takes all the memory of the machine. I'll try to investigate it more. But today i was able to let a sambaserver join a samba controlled domain. Fine! Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at NetUSE.DE Tue Jan 18 12:39:55 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:04 2003 Subject: Today's samba tng doesn't work properly References: <38845E22.56F53A44@NetUSE.DE> Message-ID: <38845F1B.D6D2DA79@NetUSE.DE> Lars Kneschke wrote: > > Hello! > > lsarpc and samrd are crashing, when i try to watch the shares in > the network nei...(Netzwerkumgebung). The lasrpc and samrc got a > signal 11 and somehow they get started new. This takes all the > memory of the machine. I'll try to investigate it more. Taking the yesterday's version as server works well. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From ba2k at virginia.edu Tue Jan 18 13:06:02 2000 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page In-Reply-To: <38844088.73E16E8A@ntb.ch> References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> <38842366.E825F95C@uni-oldenburg.de> Message-ID: <3.0.6.32.20000118080602.0095e9f0@127.0.0.1> Hi: It's been my experience HP printers, as far back as the LJ 4 (I cannot vouch for LJ 3s), have a setting that can modified via a telent connection in case your UNIX host sends a banner; something like banner: 0|1 after you make the telnet connect. -ba- At 07:50 PM 1/18/2000 +1100, HpG wrote: >Hi all >Same behaviour with my Laserjet 4MPlus > >As far as I know, on the newer HP-ps-printers, >it is possible to turn this info page off. >It is a thing which does the printer by itself. > >All you have to do, is to telnet to your printer >and turn this option off. > >My version is an older one (unfortunately), so >I can't do it. > >Hanspeter > > >Christof Hellweg wrote: >> >> The Banner Page come out after the printjob but the page is blank! >> My printcap: >> hp4si|lp7|PS_600dpi-a4-raw|PS_600dpi a4 raw:\ >> :lp=/dev/lp0:\ >> :sd=/var/spool/lpd/hp4si:\ >> :lf=/var/spool/lpd/hp4si/log:\ >> :af=/var/spool/lpd/hp4si/acct:\ >> :if=/var/lib/apsfilter/bin/PS_600dpi-a4-raw:\ >> :la@:mx#0:\ >> :tr=:cl:sh:sf: >> >> Richard Sharpe schrieb: >> > >> > At 06:50 PM 1/18/00 +1100, Christof Hellweg wrote: >> > >Hi! >> > >I have the same problem with SuSE 6.3. >> > >And I have sh in my printcap. What is the problem now? >> > >Christof Hellweg >> > >> > What do these banner pages look like? Do they come out after the print >> > job, and consist of a few lines on the top of the page? >> > >> > If so, I have seen them on a RH6.0 system, but do not know what causes them. >> > > > Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-8065 (w) 804-245-5813 (h) From mikel at amberelectric.com Tue Jan 18 13:27:36 2000 From: mikel at amberelectric.com (Mike Ledford) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page In-Reply-To: <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> Message-ID: <000c01bf61b7$ca13fc00$1464a8c0@host20.amberelectric.com> I removed these by modifying the print command in smb.conf to print command = lpr -r -P%p -h %s -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Richard Sharpe Sent: Tuesday, January 18, 2000 3:04 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Banner Page At 06:50 PM 1/18/00 +1100, Christof Hellweg wrote: >Hi! >I have the same problem with SuSE 6.3. >And I have sh in my printcap. What is the problem now? >Christof Hellweg What do these banner pages look like? Do they come out after the print job, and consist of a few lines on the top of the page? If so, I have seen them on a RH6.0 system, but do not know what causes them. >David Bannon schrieb: >> >> At 12:58 AM 18/01/2000 +1100, Keith Lynn wrote: >> > I am using Samba on RedHat Linux 6.0. When a page is printed, a >> >seperate page comes with information about the server, sort of a banner >> >page. Is there a way to turn this off? Thanks. >> > Keith Lynn >> > >> >> man printcap >> sh bool false suppress printing of burst >> page header >> >> ie sh: in printcap entry >> >> david >> ------------------------------------------------------------ >> David Bannon D.Bannon@latrobe.edu.au >> School of Biochemistry Phone 61 03 9479 2197 >> La Trobe University, Plenty Rd, Fax 61 03 9479 2467 >> Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au >> ------------------------------------------------------------ >> .... Humpty Dumpty was pushed ! > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From j.c.burton at gats-inc.com Tue Jan 18 14:24:35 2000 From: j.c.burton at gats-inc.com (John Burton) Date: Tue Dec 2 02:28:04 2003 Subject: Different ports References: <9DD60A65AD75D211816700A0C9E93F910278FDBE@whntmail1.littongcs.com> Message-ID: <388477A3.A34CD188@gats-inc.com> "Loo, Joseph" wrote: > > If you can get HP Jet admin tool, you can add the printers to your UNIX > station, then samba can recognize the printer. You can now export them to > the NT domain world. > > Joseph Loo > Litton Guidance & Control > 5500 Canoga Ave > Woodland Hills, CA 91367-6698 > Phone #: (818) 715-2961 > Fax #: (818) 715-2752 > > -----Original Message----- > From: Matthew Keller [mailto:kellermg@potsdam.edu] > Sent: Monday, January 17, 2000 1:06 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Different ports > > Keith Lynn wrote: > > > > I have an HP JetDirect print server which has an IP address and three > > ports that I can plug printers into. How do I get Samba to recognize the > > printers? Thanks. > > HPJD boxes all support LPR natively, although I do not know how to > distinguish between printers sharing an IP addy over LPR. > -- The printers are on different queues, same as with a regular UNIX machine.... when setting up LPR to print to a remote machine, you specify "remote machine" and "remote queue"... John From Daniel.Sandmeier at HWK-DO.DE Tue Jan 18 14:43:52 2000 From: Daniel.Sandmeier at HWK-DO.DE (Daniel Sandmeier) Date: Tue Dec 2 02:28:04 2003 Subject: Samba 2.06 and Squid Nameresolving problems? Message-ID: <38847C28.CE8E03F5@hwk-do.de> Hi, we've got a slight problem, since I set up a Samba 2.06 (for using HylaFax) We use the LinuxBox as an Internet Proxy using Squid. Since we installed Samba and HylaFax we often have problems, that the Squid can't resolve the IPAdresses from the hostnames. We then have to restart Squid, so that it rebuilds it's chache. Than it works again for about a day, but the error occurs again. Does anyone have had a similar problem using Samba+HylaFax and Squid? Perhaps something is wrong with our smb.conf? We are quite new with Linux and Samba and all this stuff.............(don't hurt me, we got a preconfigured LinuxBox).......so we are not quite sure in wich logfiles to look, to find evidence for either squid or Samba+Hylafax are guilty. P.S.: Please excuse my bad accent........English isn't my native language! Yours Sandos187 # Samba config file created using SWAT # from LINUX-SERVER.HWK-DO.DE (192.168.0.228) # Date: 2000/01/18 15:27:24 # Global parameters [global] workgroup = HWK netbios name = LINUX-SERVER server string = HWK FAX-Server interfaces = 192.168.0.228/24 security = DOMAIN encrypt passwords = Yes update encrypted = Yes hosts equiv = /etc/hosts.equiv map to guest = Bad Password null passwords = Yes password server = HWK01 HWK02 SMSSRV password level = 4 username level = 4 log level = 3 syslog = 0 log file = /var/log/samba/log.%m keepalive = 0 socket options = TCP_NODELAY add user script = /usr/sbin/useradd %u -g users delete user script = /usr/sbin/userdel %u logon path = logon home = domain logons = Yes local master = No dns proxy = No wins server = 192.168.0.221 kernel oplocks = No remote announce = 192.168.0.221 socket address = 192.168.0.228 force user = cu read only = No security mask = 0744 force security mode = 00 force directory security mode = 00 guest ok = Yes [fax] comment = Fax path = /var/spool/samba/fax print ok = Yes postscript = Yes print command = ( /usr/bin/printfax.pl %I %s %U %m; rm %s ) & printer driver = HP LaserJet 4ML PostScript [faxsoftware] comment = Test path = /var/spool/fax/winsoft From mg at plum.de Tue Jan 18 15:34:54 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:28:04 2003 Subject: Samba 2.06 and Squid Nameresolving problems? References: <38847C28.CE8E03F5@hwk-do.de> Message-ID: <3884881E.56000A60@plum.de> Daniel Sandmeier wrote: > > Hi, we've got a slight problem, since I set up a Samba 2.06 (for using > HylaFax) > We use the LinuxBox as an Internet Proxy using Squid. Since we installed > Samba and HylaFax we often have problems, that the Squid can't resolve > the IPAdresses from the hostnames. We then have to restart Squid, so > that it rebuilds it's chache. Than it works again for about a day, but > the error occurs again. > > Does anyone have had a similar problem using Samba+HylaFax and Squid? > > Perhaps something is wrong with our smb.conf? > > We are quite new with Linux and Samba and all this > stuff.............(don't hurt me, we got a preconfigured > LinuxBox).......so we are not quite sure in wich logfiles to look, to > find evidence for either squid or Samba+Hylafax are guilty. > > P.S.: Please excuse my bad accent........English isn't my native > language! Samba should not be the reason for this ! If Squid can't resolve hostnames, then something is broken with your DNS (bind) Which hostnames can't be resolved (inter or intranet ?) Which Version of squid do you use ? (the latest doesn't have a seperate dnsserver process anymore) If not the latest, check (whith ps -aux | grep dns) if the dnsservers are still running. regards, Michael p.s. you can mail me in german if you have further questions ... -- Samba NT-Domain howto (in german) http://www.sambahq.de From kellermg at potsdam.edu Tue Jan 18 15:48:59 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:28:04 2003 Subject: Not *completely* relevant References: <3883F6E0.40C8AC80@xavier.sa.edu.au> Message-ID: <38848B6B.5F22BB24@potsdam.edu> Matthew Geddes wrote: > > Hi guys, > > I'm looking at having a single login/password for our users to access > mail, logging into the NT domain, proxy authentication and others. What > I'm after is your opinion on whether using something like PAM_SMB to > authenticate the unix accounts is a good idea. The PDC is Linux with > Samba-TNG as are all other servers bar one (NT). The load shouldn't be > enough to break it. > > So, do you trust the NT Authentication method over the Unix one? > > I realise that it will mean an increase in network traffic around my > servers, but how much? > > Does this sound like a *really* stupid idea for some reason I have quite > obviously overlooked? I have many many servers with over 5000 active users authenticating over pam_smb. Works very nice (NO shell access except for admins- just file/print sharing over Netatalk (Mac services) Samba and NFS. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From EZEANNC at texaco.com Tue Jan 18 15:40:51 2000 From: EZEANNC at texaco.com (Olusanya, Olukunle O) Date: Tue Dec 2 02:28:04 2003 Subject: Problem connecting to samba shares Message-ID: <516C3C70A104D211B15300805F9F52BF90A1D6@MSX41000> Hi all, I have installed samba on my IRIX 6.5 system and configured the smb.conf file but I get the following error each time I try to make a connection to the samba share: "You must supply a password to make this connection, Resource: \\topcondb\ipc$". I have added the Samba server to the NT domain and I have also created a user account that is common to the NT domain and the Topcondb server. I have also used smbpasswd to add the topcondb server to the NT domain and have created an entry for the user account in the smbpasswd file. I have listed below, my smb.conf file: ; ============================================================================ ; For the format of this file and comprehensive descriptions of all the ; configuration option, please refer to the man page for smb.conf(5). ; This is a sample configuration for IRIX 6.x systems ; ; The following configuration should suit most systems for basic usage and ; initial testing. It gives all clients access to their home directories and ; /usr/tmp and allows access to all printers returned by lpstat. ; [global] protocol = NT1 comment = Samba %v workgroup = NIGNT01 printing = sysv null passwords = true security = domain password server = NIGNTDC1 NIGNTDC2 ; ; The default for printcap name is lpstat which will export all printers. ; If you want to limit the printers that are visible to clients, you can ; use a printcap file. The script mkprintcap.sh will create a printcap ; file that contains all your printers. Edit this file to only contain the ; printers that you wish to be visible. Names longer than 15 characters ; in the printcap file will not be visible to clients. ; ; printcap name = /usr/samba/printcap printcap name = lpstat ; ; If you are using Impressario 1.x then you'll want to use the ; sambalp script provided with this package. It works around ; a problem in the PostScript generated by the standard Windows ; drivers--there is a check to verify sufficient virtual memory ; is available in the printer to print the job, but this fails ; under Impressario because of a bug in Impressario 1.x. The sambalp ; script strips out the vmstatus check. BTW, when using this ; setup to print be sure to configure a Windows printer driver ; that generates PostScript--QMS-PS 810 is one that should work ; with the sambalp script. This version of sambalp (if installed ; as a setuid script - see the comments at the beginning of the ; script) will setuid to the username if valid on the system. This ; makes the banner pages print the proper username. You can disable ; the PostScript fixes by changing a variable in sambalp. ; print command = /usr/samba/bin/sambalp %p %s %U %m ; print command = /usr/bin/lp -c -d%p -t"%U on machine %m" %s ; rm %s load printers = yes guest account = geoqusl browseable = yes ; this tells Samba to use a separate log file for each machine ; that connects - default is single file named /usr/samba/var/log.smb log file = /usr/samba/var/log.smb ; Set a max size for log files in Kb max log size = 50 ; You will need a world readable lock directory and "share modes=yes" ; if you want to support the file sharing modes for multiple users ; of the same files locking = yes lock directory = /usr/samba/var/locks share modes = yes ; security = user ; You need to test to see if this makes a difference on your system socket options = TCP_NODELAY ; Set the os level to > 32 if there is no NT server for your workgroup os level = 0 preferred master = no domain master = no local master = no wins support = yes ; wins server = preserve case = yes short preserve case = yes ; These are the settings required for IRIX password sync passwd program = /usr/bin/passwd %u passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n ; Uncomment the following if you wish to use encrypted passwords. ; encrypt passwords = yes ; Uncomment the following if you wish to sync unix and smbpasswd unix password sync = yes [homes] comment = Home Directories browseable = no writable = yes ; To allow Win95 clients to automatically load printer drivers, uncomment ; the following section (and the lines in the printers section below). ; Run the make_printerdef command to create the /usr/samba/lib/printers.def ; file (see the PRINTER_DRIVER.txt file in the docs directory for info). ; Copy all the required files to the /usr/samba/printer directory ; ;[printer$] ; comment = printer driver directory ; path=/usr/samba/printer ; public=yes ; writable=no ;[printers] ; comment = All Printers ; path = /usr/tmp ; browseable = no ; printable = yes ; public = yes ; writable = no ; create mask = 0700 ; ; this specifies the location of the share containing the printer driver ; files - see the printer$ section above ; ; printer driver location = \\%h\printer$ ; ; the following line will make all printers default to the QMS-PS 810 Turbo ; driver - which works quite well for Impressario. If you need a diferent ; driver for a specific printer, create a section for that printer and ; specify the correct printer driver. ; ; printer driver = QMS-PS 810 Turbo [tmp] comment = Market Place path = /usr/people/geoqusl browsable = yes available = yes read only = no printable = no create mask = 0777 public = yes <<...>> Does anyone know what is likely to be the cause of this problem? Thanks for your help Regards, Kunle Olusanya From lkcl at samba.org Tue Jan 18 15:47:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:04 2003 Subject: Today's samba tng doesn't work properly In-Reply-To: <38845E22.56F53A44@NetUSE.DE> Message-ID: On Tue, 18 Jan 2000, Lars Kneschke wrote: > Hello! > > lsarpc and samrd are crashing, when i try to watch the shares in > the network nei...(Netzwerkumgebung). The lasrpc and samrc got a > signal 11 and somehow they get started new. This takes all the > memory of the machine. I'll try to investigate it more. please. usual procedure. > But today i was able to let a sambaserver join a samba controlled > domain. hooray. From lkcl at samba.org Tue Jan 18 15:57:28 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:04 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc Message-ID: i have a question for you all. is it ok if i create a dynamic library, libsmb.so and libmsrpc.so? if i do, could someone please submit mods to be able to create a libsmb.a and libmsrpc.a (static libraries), first examining cvs main's configure.in and Makefile.in? luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Tue Jan 18 16:33:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:04 2003 Subject: Latest snapshot report In-Reply-To: <002301bf6193$b7e22080$0500000a@borntreger.com> Message-ID: On Tue, 18 Jan 2000, Lonnie J. Borntreger wrote: > Configuration: > - PDC: gto > - Server OS: Solaris 7 > - Client OS: Win95 (sorry Luke :) > - Absolute latest TNG > > - THINGS FIXED - > + core dump in netlogond when "smbpasswd -j domain". Can trust self again. > > - STILL PROBLEMS - > I attached my configuration files in case I just screwed up. Let me know if > my config looks OK, and I'll turn up my logging. Just seems suspicious that > others have this running with no problems, but I can't get very far. > > - WEIRD - > * I saw Luke's mail about the locks directory should be set to 0700. Did > that and the network neighborhood disappears. Reset it to 0755, and the NN > reappears. interesting. that means that i missed some become_root() calls around setting up msrpc loop-back connections. which shouldn't be happening. From Volker.Lendecke at SerNet.DE Tue Jan 18 16:48:30 2000 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:28:04 2003 Subject: Problem connecting to samba shares In-Reply-To: <516C3C70A104D211B15300805F9F52BF90A1D6@MSX41000> (EZEANNC@texaco.com) References: <516C3C70A104D211B15300805F9F52BF90A1D6@MSX41000> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > security = domain Did you correctly join the domain? If you did, you do not need any smbpasswd entries. Look at DOMAIN_MEMBER.txt. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBOISZXD/9BWnmOc5FAQFByQP8C+IYUkIq3Nj7Abq4hltfGLbxApDUl7IU Kgvxsw9v2fQqCkt0TKVEvWbbn7Pfj17vE90DrhcNaf31BWSAA8WFlaYDQYVWKVTR DvVowGthMzzUcyhqDc3ZVT/OdGloFjAP9kxI4OGJKhhPhsJgHfX1Vmk7TGTGDN3/ gWCZooU1Rmo= =qRSw -----END PGP SIGNATURE----- From Elrond at Wunder-Nett.org Tue Jan 18 16:49:20 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:04 2003 Subject: Latest snapshot report In-Reply-To: ; from Luke Kenneth Casson Leighton on Wed, Jan 19, 2000 at 03:36:03AM +1100 References: <002301bf6193$b7e22080$0500000a@borntreger.com> Message-ID: <20000118174920.A15180@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi, On Wed, Jan 19, 2000 at 03:36:03AM +1100, Luke Kenneth Casson Leighton wrote: > On Tue, 18 Jan 2000, Lonnie J. Borntreger wrote: [...] > > - WEIRD - > > * I saw Luke's mail about the locks directory should be set to 0700. Did > > that and the network neighborhood disappears. Reset it to 0755, and the NN > > reappears. I guess, you've mixed something up here. If your samba is in /usr/local/samba, then /usr/local/samba/var/locks may be +rx for everyone. (and I think, it should.) But this directory contains another directory ".msrpc", which in turn should be 0700. Elrond From tadams at pbl.ca Tue Jan 18 17:03:16 2000 From: tadams at pbl.ca (Tim Adams) Date: Tue Dec 2 02:28:04 2003 Subject: Problem adding a client to the domain with samba-tng Message-ID: <000001bf61d5$e9aadac0$3cc809c0@wis.pbl.ca> Setting the machine up as a pdc seems to have worked, but I can not add a client machine to the domain. Here is a copy of setting the server and domain, and adding the password for the client machine. [root@wis74 bin]# smbpasswd -j TESTDOMAIN Joining Domain as PDC socket connect to /tmp/.smb.0/agent failed error connecting to 192.9.200.74:445 (Connection refused) 2000/01/18 11:03:16 : change_trust_account_password: Changed password for domain TESTDOMAIN. Joined domain TESTDOMAIN. [root@wis74 bin]# smbpasswd -a -m wis60 Password changed for user wis60$ Here is a listing of the messages from log.smb when I try to add the client machine. map_nt_and_unix_username: NT->Unix map DISABLED map_nt_and_unix_username: NT->Unix map DISABLED map_nt_and_unix_username: NT->Unix map DISABLED map_nt_and_unix_username: NT->Unix map DISABLED error connecting to 192.168.2.74:445 (Connection refused) map_nt_and_unix_username: NT->Unix map DISABLED map_nt_and_unix_username: NT->Unix map DISABLED socket connect to /tmp/.smb.0/agent failed error connecting to 192.168.2.74:445 (Connection refused) map_nt_and_unix_username: NT->Unix map DISABLED map_nt_and_unix_username: NT->Unix map DISABLED domain_client_validate: unable to validate password for user WIS60$ in domain TESTDOMAIN to Domain controller \\WIS74. Here is a summary of my smb.conf file. [global] workgroup = TESTDOMAIN encrypt passwords = yes password server = WIS74 wins server = 192.168.1.2 time server = yes name resolve order = wins hosts lmhosts bcast dns proxy = no security = user os level = 64 domain logons = Yes domain master = Yes preferred master = Yes local master = Yes invalid users = root -------------- next part -------------- HTML attachment scrubbed and removed From umehlig at uni-bremen.de Tue Jan 18 16:53:31 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:28:04 2003 Subject: still out of domain In-Reply-To: (lkcl@samba.org) References: Message-ID: <200001181653.RAA13687@pandora3.localnet> Luke Kenneth Casson Leighton wrote: > ok, can you do a netmon trace, i need to see how far joining gets, > and also send an smb.conf file? thx. ... prepared everything to do a netmon trace etc., but with today's CVS I suddenly was able to join the domain :) The only problem I still encountered was not a very serious one: a user who had an old profile from my 2.0.x PDC experiments was not able to log in ("no PDC available" or something like that). After deleting the "account unknown" (or whatever) profiles under "System/User Profiles", everything worked well! (so far ;-) BTW, I heard some time ago that there would exists a version of the "user manager for domains" for "normal" NT 4.0. If this is the truth, could somebody who knows send me a hint where MS has hidden it on its server? Many thanks, Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From thomas.heiligenmann at t-online.de Tue Jan 18 17:53:23 2000 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> <38842366.E825F95C@uni-oldenburg.de> Message-ID: <3884A893.2A1D89C4@heiligenmann.de> Christof Hellweg wrote: > > The Banner Page come out after the printjob but the page is blank! > My printcap: > hp4si|lp7|PS_600dpi-a4-raw|PS_600dpi a4 raw:\ > :lp=/dev/lp0:\ > :sd=/var/spool/lpd/hp4si:\ > :lf=/var/spool/lpd/hp4si/log:\ > :af=/var/spool/lpd/hp4si/acct:\ > :if=/var/lib/apsfilter/bin/PS_600dpi-a4-raw:\ > :la@:mx#0:\ > :tr=:cl:sh:sf: > your printcap looks ok and things should work fine on unix side... since the empty page comes out _after_ the print job it looks like a ff or burst page problem that appears on SuSE 6.x . try adding [global] print command = lpr -r -h -P%p %s in your smb.conf (the -h does the trick) works for me on my SuSE 6.1 system :) -- Thomas From lk at NetUSE.DE Tue Jan 18 18:20:58 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:04 2003 Subject: Today's samba tng doesn't work properly References: <38845E22.56F53A44@NetUSE.DE> <20000118154410.A12488@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <3884AF0A.F62106A1@NetUSE.DE> Elrond wrote: > > Hi, > > On Tue, Jan 18, 2000 at 11:37:14PM +1100, Lars Kneschke wrote: > > Hello! > > > > lsarpc and samrd are crashing, when i try to watch the shares in > > the network nei...(Netzwerkumgebung). The lasrpc and samrc got a > > signal 11 and somehow they get started new. This takes all the > > memory of the machine. I'll try to investigate it more. > Could you please check, whether you have got a "domain > group map" oder "local group map" that has got any > non-special entries? > > With special entry I mean "Domain Admins" or "Domain Users" > or "Domain Guests" or "Power Users" ? I have locadmin = "Administrators" in the "local group map"-file. With that samrd goes crazy! :-) If i have a empty "local group map"-file all is fine. I have also entry in the "domain group map"-file. But these make no problems. > and second, disable all maps ? If i disable all, nothing starnge happens. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at NetUSE.DE Tue Jan 18 18:27:19 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:04 2003 Subject: Today's samba tng doesn't work properly References: <38845E22.56F53A44@NetUSE.DE> <20000118154410.A12488@baerbel.mug.maschinenbau.tu-darmstadt.de> <3884AF0A.F62106A1@NetUSE.DE> Message-ID: <3884B087.DB3D6352@NetUSE.DE> Lars Kneschke wrote: > > Elrond wrote: > > > > Hi, > > > > On Tue, Jan 18, 2000 at 11:37:14PM +1100, Lars Kneschke wrote: > > > Hello! > > > > > > lsarpc and samrd are crashing, when i try to watch the shares in > > > the network nei...(Netzwerkumgebung). The lasrpc and samrc got a > > > signal 11 and somehow they get started new. This takes all the > > > memory of the machine. I'll try to investigate it more. > > Could you please check, whether you have got a "domain > > group map" oder "local group map" that has got any > > non-special entries? > > > > With special entry I mean "Domain Admins" or "Domain Users" > > or "Domain Guests" or "Power Users" ? > I have locadmin = "Administrators" in the "local group map"-file. > With that samrd goes crazy! :-) > If i have a empty "local group map"-file all is fine. I have also > entry in the "domain group map"-file. But these make no problems. > > > and second, disable all maps ? > If i disable all, nothing starnge happens. Ah, and the entrys from the "domain group map"-file get's ingnored. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From ed at schernau.com Tue Jan 18 18:52:17 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:28:04 2003 Subject: pam_ntdom, pam_smb Message-ID: <3884B661.973C8C6@schernau.com> If you use these, and set security=user, isn't that like setting up security=domain and specifying the server name? Which is less problematic? -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From kevinc at grainsystems.com Tue Jan 18 19:15:49 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:28:04 2003 Subject: pam_ntdom, pam_smb References: <3884B661.973C8C6@schernau.com> Message-ID: <3884BBE5.9E139E5@grainsystems.com> Edward Schernau wrote: > > If you use these, and set security=user, isn't that like > setting up security=domain and specifying the server name? Yes, if you never use anything on that machine but Samba. If you expect other Unix services to authenticate, these are quite different. - Kevin Colby kevinc@grainsystems.com From greg at discreet.com Tue Jan 18 19:30:22 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:04 2003 Subject: Today's samba tng doesn't work properly In-Reply-To: <3884AF0A.F62106A1@NetUSE.DE> Message-ID: In my case I get all kinds of lsarpcd and samrd processes until the process table is completely full and I need to reboot the machine. This happens trying to join a machine to the domain. Not really sure how to diagnose this one... Greg On 18-Jan-00 Lars Kneschke wrote: > Elrond wrote: >> >> Hi, >> >> On Tue, Jan 18, 2000 at 11:37:14PM +1100, Lars Kneschke wrote: >> > Hello! >> > >> > lsarpc and samrd are crashing, when i try to watch the shares in >> > the network nei...(Netzwerkumgebung). The lasrpc and samrc got a >> > signal 11 and somehow they get started new. This takes all the >> > memory of the machine. I'll try to investigate it more. >> Could you please check, whether you have got a "domain >> group map" oder "local group map" that has got any >> non-special entries? >> >> With special entry I mean "Domain Admins" or "Domain Users" >> or "Domain Guests" or "Power Users" ? > I have locadmin = "Administrators" in the "local group map"-file. > With that samrd goes crazy! :-) > If i have a empty "local group map"-file all is fine. I have also > entry in the "domain group map"-file. But these make no problems. > >> and second, disable all maps ? > If i disable all, nothing starnge happens. > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Elrond at Wunder-Nett.org Tue Jan 18 19:32:37 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:04 2003 Subject: Today's samba tng doesn't work properly In-Reply-To: <3884B087.DB3D6352@NetUSE.DE>; from Lars Kneschke on Wed, Jan 19, 2000 at 05:33:41AM +1100 References: <38845E22.56F53A44@NetUSE.DE> <20000118154410.A12488@baerbel.mug.maschinenbau.tu-darmstadt.de> <3884AF0A.F62106A1@NetUSE.DE> <3884B087.DB3D6352@NetUSE.DE> Message-ID: <20000118203236.A15264@baerbel.mug.maschinenbau.tu-darmstadt.de> On Wed, Jan 19, 2000 at 05:33:41AM +1100, Lars Kneschke wrote: > Lars Kneschke wrote: > > > > Elrond wrote: > > > > > > Hi, > > > > > > On Tue, Jan 18, 2000 at 11:37:14PM +1100, Lars Kneschke wrote: > > > > Hello! > > > > > > > > lsarpc and samrd are crashing, when i try to watch the shares in > > > > the network nei...(Netzwerkumgebung). The lasrpc and samrc got a > > > > signal 11 and somehow they get started new. This takes all the > > > > memory of the machine. I'll try to investigate it more. > > > Could you please check, whether you have got a "domain > > > group map" oder "local group map" that has got any > > > non-special entries? > > > > > > With special entry I mean "Domain Admins" or "Domain Users" > > > or "Domain Guests" or "Power Users" ? > > I have locadmin = "Administrators" in the "local group map"-file. > > With that samrd goes crazy! :-) > > If i have a empty "local group map"-file all is fine. I have also > > entry in the "domain group map"-file. But these make no problems. > > > > > and second, disable all maps ? > > If i disable all, nothing starnge happens. > Ah, and the entrys from the "domain group map"-file get's > ingnored. [...] Okay, that all sounds like the problem, that Luke is currently investigating. It's a "possible loop" between samrd and lsarpcd. Don't know, how far he got, I haven't seen anything on samba-cvs yet. Elrond From almric at home.com Tue Jan 18 19:44:23 2000 From: almric at home.com (Richard) Date: Tue Dec 2 02:28:04 2003 Subject: Samba as domain controller w/ ppp Message-ID: <3884C296.519402BA@home.com> I have a RH 6.1 server setup as the domain controller of a small network. I am currently using Samba 2.0.6. The server is sharing files and client machines are able to logon to the domain and have the logon script run just as it should. The problem that arises is whenever I try to start any kind of ppp connection. I want the server to do dial on demand and have configured it so the client machines will be able to access the web at any time. After configuring both and making sure that both functions work fine independently of each other I try and use them together. The result, if a ppp connection is up, whether it's actually connected to the ISP or waiting for someone to request a connection, the Samba clients can no longer find the server as a domain controller. I don't get the message that the domain controller could not be found, I instead get the message that the domain password was incorrect or login to domain server is not allowed. As soon as I take the ppp connection down, I am able to login to the domain with no problems. If I then bring the ppp connection back up, computers already logged on to the domain are fine, but no one else can login to the domain. I'm completely stumped and have no idea where to go from here. All help is greatly appreciated. Richard From maru at xpr.com Tue Jan 18 23:10:04 2000 From: maru at xpr.com (Tracey Maru) Date: Tue Dec 2 02:28:04 2003 Subject: Problems with accessing win98 clients from Winnt4 clients when logged into samba PDC Message-ID: This is a pretty odd problem. I have 4 machines, two running WindowsNT server (these are configured to be members of the linux/samba PDC), a win98 machine, and the linux/samba PDC. Both the NT machines and 98 machine can log on to the domain and access shares on the PDC. The NT machines can also access shares on the other NT machines but not the win98 box. The win98 box can access shares on both the PDC and the NT machines. If I log into either of the NT boxes as Administrator of the local machine instead of choosing the domain in the drop sown box, then I can see all shares on the PDC and win 98. but when I login to the domain as a domain user, no go for the 98 shares? Any ideas? From almric at home.com Tue Jan 18 20:28:52 2000 From: almric at home.com (Richard) Date: Tue Dec 2 02:28:04 2003 Subject: Samba as domain controller w/ ppp References: <3884C296.519402BA@home.com> Message-ID: <3884CD04.6E11E403@home.com> Sorry, forgot to include my smb.conf file. Well here it is. Thanks Richard # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2000/01/07 10:25:29 # Global parameters [global] workgroup = OurGroup server string = Server interfaces = 192.168.1.1/24 127.0.0.1/24 bind interfaces only = Yes encrypt passwords = Yes name resolve order = wins lmhosts hosts bcast time server = Yes logon script = winlogon.bat logon home = \\home\%U domain logons = Yes os level = 34 preferred master = Yes domain master = Yes local master = Yes wins support = Yes create mask = 0664 directory mask = 0775 hosts deny = ALL EXCEPT 192.168.1. 127. [homes] comment = Home Directories read only = No browseable = No volume = %Us Home Directory [Data] comment = Data Files path = /home/samba/data valid users = @smb read only = No [Download] comment = Downloaded Files path = /home/samba/downloads valid users = @smb read only = No [Apps] comment = Applications path = /home/samba/apps valid users = @smb read only = No [netlogon] comment = The domain logon service path = /home/samba/logon valid users = @smb read only = No browseable = No From mgeddes at xavier.sa.edu.au Tue Jan 18 21:58:26 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> <3.0.6.32.20000117235729.009ab170@mail.adelaide.on.net> <38842366.E825F95C@uni-oldenburg.de> <38844088.73E16E8A@ntb.ch> Message-ID: <3884E202.157274CC@xavier.sa.edu.au> HpG wrote: > Hi all > Same behaviour with my Laserjet 4MPlus > > As far as I know, on the newer HP-ps-printers, > it is possible to turn this info page off. > It is a thing which does the printer by itself. > > All you have to do, is to telnet to your printer > and turn this option off. > > My version is an older one (unfortunately), so > I can't do it. > > Hanspeter > > Christof Hellweg wrote: > > > > The Banner Page come out after the printjob but the page is blank! > > My printcap: > > hp4si|lp7|PS_600dpi-a4-raw|PS_600dpi a4 raw:\ > > :lp=/dev/lp0:\ > > :sd=/var/spool/lpd/hp4si:\ > > :lf=/var/spool/lpd/hp4si/log:\ > > :af=/var/spool/lpd/hp4si/acct:\ > > :if=/var/lib/apsfilter/bin/PS_600dpi-a4-raw:\ > > :la@:mx#0:\ > > :tr=:cl:sh:sf: > > > > Richard Sharpe schrieb: > > > > > > At 06:50 PM 1/18/00 +1100, Christof Hellweg wrote: > > > >Hi! > > > >I have the same problem with SuSE 6.3. > > > >And I have sh in my printcap. What is the problem now? > > > >Christof Hellweg > > > > > > What do these banner pages look like? Do they come out after the print > > > job, and consist of a few lines on the top of the page? > > > > > > If so, I have seen them on a RH6.0 system, but do not know what causes them. > > > My RH 6 box does the same. It's printing through a HP Jet Direct box. The Jet Direct Box does have the Banner Page option turned off. The opnly option I have turned on (using printtool) is the 'fix stair-stepping text' option. Matt From D.Bannon at latrobe.edu.au Tue Jan 18 21:58:37 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:28:04 2003 Subject: Banner Page In-Reply-To: <38841B2D.34FCA650@uni-oldenburg.de> References: <3.0.6.32.20000118113845.008fecf0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20000119085837.008a4780@bioserve.latrobe.edu.au> At 06:51 PM 18/01/2000 +1100, Christof Hellweg wrote: >Hi! >I have the same problem with SuSE 6.3. >And I have sh in my printcap. What is the problem now? >Christof Hellweg > >> > I am using Samba on RedHat Linux 6.0. When a page is printed, a >> >seperate page comes with information about the server, sort of a banner The -h option to lpr in the smb.conf 'print command' may help but I think you need to find out what is really happening. (Following suggestions assume you are printing to 'lp'). Are you are sure that it does not happen when printing from unix command line (try 'lpr /etc/printcap') ? If that's OK have a look at a print file. In smb.conf remove the -r option from 'print command' and then from a windows machine print the simplest possible page. This will leave a printfile in your spool area, try printing it manually (lpr /var/spool/lpd/lp/AAAZZZ), maybe examine the post script of the file for two formfeeds. >> >page. Is there a way to turn this off? Thanks. >> > Keith Lynn >> > >> >> man printcap >> sh bool false suppress printing of burst >> page header >> >> ie sh: in printcap entry >> >> david >> ------------------------------------------------------------ >> David Bannon D.Bannon@latrobe.edu.au >> School of Biochemistry Phone 61 03 9479 2197 >> La Trobe University, Plenty Rd, Fax 61 03 9479 2467 >> Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au >> ------------------------------------------------------------ >> .... Humpty Dumpty was pushed ! > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Tue Jan 18 22:15:09 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:04 2003 Subject: Problems with accessing win98 clients from Winnt4 clients when logged into samba PDC References: Message-ID: <3884E5ED.E5BDFC8@xavier.sa.edu.au> Tracey Maru wrote: > This is a pretty odd problem. > > I have 4 machines, two running WindowsNT server (these are configured to be > members of the linux/samba PDC), a win98 machine, and the linux/samba PDC. > > Both the NT machines and 98 machine can log on to the domain and access > shares on the PDC. The NT machines can also access shares on the other NT > machines but not the win98 box. The win98 box can access shares on both the > PDC and the NT machines. > > If I log into either of the NT boxes as Administrator of the local machine > instead of choosing the domain in the drop sown box, then I can see all > shares on the PDC and win 98. but when I login to the domain as a domain > user, no go for the 98 shares? > > Any ideas? Are you trying to browse thourgh network neighbourhood or map the drive? You could try just adding some temporary lines to lmhosts on the clients and see if that works. Do you have a WINS server configured? Matt From igor at skyportal.com Tue Jan 18 22:12:38 2000 From: igor at skyportal.com (Igor) Date: Tue Dec 2 02:28:04 2003 Subject: Smbmount compile errors Message-ID: <008401bf6201$229d80a0$83aed8c3@skyportal.com> Hi, latest SAMBA_TNG when compiling: -------------------------------------------- Linking bin/smbmount libsmb/clientgen.o: In function `cli_init_creds': libsmb/clientgen.o(.text+0x4b71): undefined reference to `copy_nt_creds' libsmb/clientgen.o: In function `cli_init_redirect': libsmb/clientgen.o(.text+0x53f5): undefined reference to `create_ntuser_creds' libsmb/clientgen.o(.text+0x5450): undefined reference to `prs_data' libsmb/clientgen.o: In function `cli_establish_connection': libsmb/clientgen.o(.text+0x5a36): undefined reference to `prs_init' libsmb/clientgen.o(.text+0x5b64): undefined reference to `prs_link' libsmb/clientgen.o(.text+0x5bec): undefined reference to `prs_buf_len' libsmb/clientgen.o(.text+0x5bfc): undefined reference to `prs_buf_copy' libsmb/clientgen.o(.text+0x5c02): undefined reference to `prs_free_data' libsmb/smbencrypt.o: In function `create_ntlmssp_resp': libsmb/smbencrypt.o(.text+0x9fb): undefined reference to `make_rpc_auth_ntlmssp_resp' libsmb/smbencrypt.o(.text+0xa0f): undefined reference to `smb_io_rpc_auth_ntlmssp_resp' libsmb/smbencrypt.o(.text+0xa1c): undefined reference to `prs_realloc_data' make: *** [bin/smbmount] Error 1 -------------------------------------------- Slack 7, kernel 2.2.13. Thank you, Igor. From lkcl at samba.org Tue Jan 18 22:16:32 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:04 2003 Subject: [SAMBA-TNG] recursive lookup problem in lib/domain_namemap.c Message-ID: i added a call to lookup_lsa_names() in lib/domain_namemap.c. this is used in samrd, so you can imagine what happens. consequences: you quickly run out of processes. be warned: don't use SAMBA_TNG until i fix this. i may put in an interim fix (roll-back) and a proper fix is going to have to use a SURS table. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Tue Jan 18 22:23:25 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:04 2003 Subject: Latest snapshot report In-Reply-To: <20000118174920.A15180@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: actually, elrond, we were thinking of locking down var/locks so that it is no longer world-readable, because it is being used to contain various databases that should not be accessed by anyone other than root / samba. *click* of course: browse.dat is stored in var/locks, and that is accessed by smbd as anonymous user. so for now, var/locks should be +rx for everyone. On Wed, 19 Jan 2000, Elrond wrote: > > Hi, > > On Wed, Jan 19, 2000 at 03:36:03AM +1100, Luke Kenneth Casson Leighton wrote: > > On Tue, 18 Jan 2000, Lonnie J. Borntreger wrote: > [...] > > > - WEIRD - > > > * I saw Luke's mail about the locks directory should be set to 0700. Did > > > that and the network neighborhood disappears. Reset it to 0755, and the NN > > > reappears. > > I guess, you've mixed something up here. > > If your samba is in /usr/local/samba, then > /usr/local/samba/var/locks may be +rx for everyone. (and I > think, it should.) > > But this directory contains another directory ".msrpc", > which in turn should be 0700. > > > Elrond > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Tue Jan 18 22:27:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:04 2003 Subject: Problem adding a client to the domain with samba-tng In-Reply-To: <000001bf61d5$e9aadac0$3cc809c0@wis.pbl.ca> Message-ID: > [root@wis74 bin]# smbpasswd -j TESTDOMAIN > Joining Domain as PDC > socket connect to /tmp/.smb.0/agent failed > error connecting to 192.9.200.74:445 (Connection refused) > 2000/01/18 11:03:16 : change_trust_account_password: Changed password for > domain TESTDOMAIN. > Joined domain TESTDOMAIN. > [root@wis74 bin]# smbpasswd -a -m wis60 > Password changed for user wis60$ > > Here is a listing of the messages from log.smb when I try to add the client > machine. > > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > error connecting to 192.168.2.74:445 (Connection refused) > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > socket connect to /tmp/.smb.0/agent failed > error connecting to 192.168.2.74:445 (Connection refused) > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > domain_client_validate: unable to validate password for user WIS60$ in > domain TESTDOMAIN to Domain controller \\WIS74. > > Here is a summary of my smb.conf file. > > [global] > workgroup = TESTDOMAIN > encrypt passwords = yes > password server = WIS74 > wins server = 192.168.1.2 > time server = yes > name resolve order = wins hosts lmhosts bcast > dns proxy = no > security = user > os level = 64 > domain logons = Yes > domain master = Yes > preferred master = Yes > local master = Yes > invalid users = root try removing "invalid users = root". you also have samba set up as a BDC, because you have "dm=y", "dl=y", password server = WIS74 and security = user. this is probably not what you want. From David.Bear at asu.edu Tue Jan 18 22:31:32 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:28:04 2003 Subject: smbd running as Message-ID: My question is two fold. I noticed that smbd is running as user nobody. At least untill someone make a connection. Then it looks as though smbd forks and the child runs as the user making the connection. Correct? So, my question is, is it possible to have the initial smbd start under a different uid? The second part is, does it matter? David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From lkcl at samba.org Tue Jan 18 22:35:16 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: pam_ntdom, pam_smb In-Reply-To: <3884B661.973C8C6@schernau.com> Message-ID: if you use security = domain, pam_ntdom uses exactly the same code. pam_ntdom and security = domain will _both_ therefore contact the same PDC in exactly the same way to verify a user. pam_smb does an SMBsesssetupX against an SMB server. On Wed, 19 Jan 2000, Edward Schernau wrote: > If you use these, and set security=user, isn't that like > setting up security=domain and specifying the server name? > > Which is less problematic? > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From swaters at amicus.com Tue Jan 18 22:35:07 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:28:05 2003 Subject: the mailinglist archive is still broken References: Message-ID: <3884EA9B.424AC4A4@amicus.com> will this ever be fixed? -s Luke Kenneth Casson Leighton wrote: > > yep. they will be. they got moved about. probably automatically, by > listproc. > > On Mon, 17 Jan 2000, Greg Dickie wrote: > > > > > Until you stry to access an old article, then the links are busted. > > > > Greg > > > > On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > > > wot, i do this: > > > > > > > > > http://samba.org/listproc > > > then select, say, samba-ntdom, and it jumps me to us.samba.org > > > > > > and i'm there. > > > > > > andrew is, btw. > > > > > > On Mon, 17 Jan 2000, Lars Kneschke wrote: > > > > > >> Hello! > > >> > > >> Who responsible for the mailinglistarchive? It's still not > > >> wroking. > > >> > > >> Cu > > >> -- > > >> Lars Kneschke > > >> NetUSE Kommunikationstechnologie GmbH > > >> Siemenswall, D-24107 Kiel, Germany > > >> Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > > >> > > > > > > Luke Kenneth Casson Leighton > > > Samba and Network Development > > > Samba Web site > > > Internet Security Systems, Inc. > > > Macmillan Technical Publishing > > > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > --------------------------------------------------------------------- > > Greg Dickie > > Just A Guy* > > *from discreet (the logic is gone) > > Montreal > > (514) 954-7171 > > greg@discreet.com > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Tue Jan 18 22:40:37 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: Today's samba tng doesn't work properly In-Reply-To: <20000118203236.A15264@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > Okay, that all sounds like the problem, that Luke is > currently investigating. It's a "possible loop" between > samrd and lsarpcd. it's an actual loop, not a possible loop. > Don't know, how far he got, I haven't seen anything on > samba-cvs yet. i got a new [second-hand] car 6 days ago. yesterday lunch time it decided to only work on 7 cylinders instead of 8: the other one makes a nice knocking sound. so i sat in the dealership most of today wondering if the third party americare company was going to pay the rental car when they hadn;t even got an account set up for me yet, cos it was only opened 6 days ago. luckily i took the portable with me, so i have a little bit to show for a wasted day in south atlanta. p.s when it runs it's an incredible car. From lkcl at samba.org Tue Jan 18 22:45:38 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: Smbmount compile errors In-Reply-To: <008401bf6201$229d80a0$83aed8c3@skyportal.com> Message-ID: igor, sorry about that. use cvs main smbmount, it's been updated in the last 18 months, and SAMBA_TNG smbmount hasn't. On Wed, 19 Jan 2000, Igor wrote: > Hi, > > latest SAMBA_TNG when compiling: > -------------------------------------------- > Linking bin/smbmount > libsmb/clientgen.o: In function `cli_init_creds': > libsmb/clientgen.o(.text+0x4b71): undefined reference to `copy_nt_creds' > libsmb/clientgen.o: In function `cli_init_redirect': > libsmb/clientgen.o(.text+0x53f5): undefined reference to `create_ntuser_creds' > libsmb/clientgen.o(.text+0x5450): undefined reference to `prs_data' > libsmb/clientgen.o: In function `cli_establish_connection': > libsmb/clientgen.o(.text+0x5a36): undefined reference to `prs_init' > libsmb/clientgen.o(.text+0x5b64): undefined reference to `prs_link' > libsmb/clientgen.o(.text+0x5bec): undefined reference to `prs_buf_len' > libsmb/clientgen.o(.text+0x5bfc): undefined reference to `prs_buf_copy' > libsmb/clientgen.o(.text+0x5c02): undefined reference to `prs_free_data' > libsmb/smbencrypt.o: In function `create_ntlmssp_resp': > libsmb/smbencrypt.o(.text+0x9fb): undefined reference to `make_rpc_auth_ntlmssp_resp' > libsmb/smbencrypt.o(.text+0xa0f): undefined reference to `smb_io_rpc_auth_ntlmssp_resp' > libsmb/smbencrypt.o(.text+0xa1c): undefined reference to `prs_realloc_data' > make: *** [bin/smbmount] Error 1 > -------------------------------------------- > Slack 7, kernel 2.2.13. > > Thank you, > Igor. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Tue Jan 18 22:47:07 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: the mailinglist archive is still broken In-Reply-To: <3884EA9B.424AC4A4@amicus.com> Message-ID: any links created automatically _by_ the archives _to_ the archives? probably not, unless someone wants to write an automated system to run on every single message looking for broken auto-generated links, replacing them with the correct one. On Tue, 18 Jan 2000, Stephen Waters wrote: > will this ever be fixed? > > -s > > Luke Kenneth Casson Leighton wrote: > > > > yep. they will be. they got moved about. probably automatically, by > > listproc. > > > > On Mon, 17 Jan 2000, Greg Dickie wrote: > > > > > > > > Until you stry to access an old article, then the links are busted. > > > > > > Greg > > > > > > On 17-Jan-00 Luke Kenneth Casson Leighton wrote: > > > > wot, i do this: > > > > > > > > > > > > http://samba.org/listproc > > > > then select, say, samba-ntdom, and it jumps me to us.samba.org > > > > > > > > and i'm there. > > > > > > > > andrew is, btw. > > > > > > > > On Mon, 17 Jan 2000, Lars Kneschke wrote: > > > > > > > >> Hello! > > > >> > > > >> Who responsible for the mailinglistarchive? It's still not > > > >> wroking. > > > >> > > > >> Cu > > > >> -- > > > >> Lars Kneschke > > > >> NetUSE Kommunikationstechnologie GmbH > > > >> Siemenswall, D-24107 Kiel, Germany > > > >> Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > > > >> > > > > > > > > Luke Kenneth Casson Leighton > > > > Samba and Network Development > > > > Samba Web site > > > > Internet Security Systems, Inc. > > > > Macmillan Technical Publishing > > > > > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > > > --------------------------------------------------------------------- > > > Greg Dickie > > > Just A Guy* > > > *from discreet (the logic is gone) > > > Montreal > > > (514) 954-7171 > > > greg@discreet.com > > > > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From nazard at dragoninc.on.ca Tue Jan 18 23:14:35 2000 From: nazard at dragoninc.on.ca (nazard@dragoninc.on.ca) Date: Tue Dec 2 02:28:05 2003 Subject: Smbmount compile errors In-Reply-To: <008401bf6201$229d80a0$83aed8c3@skyportal.com> Message-ID: <20000118231137Z12880014-23442+40055@samba.anu.edu.au> On 19 Jan, Igor wrote: > Hi, > > latest SAMBA_TNG when compiling: > -------------------------------------------- > Linking bin/smbmount > libsmb/clientgen.o: In function `cli_init_creds': > libsmb/clientgen.o(.text+0x4b71): undefined reference to `copy_nt_creds' > libsmb/clientgen.o: In function `cli_init_redirect': > libsmb/clientgen.o(.text+0x53f5): undefined reference to `create_ntuser_creds' > libsmb/clientgen.o(.text+0x5450): undefined reference to `prs_data' > libsmb/clientgen.o: In function `cli_establish_connection': > libsmb/clientgen.o(.text+0x5a36): undefined reference to `prs_init' > libsmb/clientgen.o(.text+0x5b64): undefined reference to `prs_link' > libsmb/clientgen.o(.text+0x5bec): undefined reference to `prs_buf_len' > libsmb/clientgen.o(.text+0x5bfc): undefined reference to `prs_buf_copy' > libsmb/clientgen.o(.text+0x5c02): undefined reference to `prs_free_data' > libsmb/smbencrypt.o: In function `create_ntlmssp_resp': > libsmb/smbencrypt.o(.text+0x9fb): undefined reference to `make_rpc_auth_ntlmssp_resp' > libsmb/smbencrypt.o(.text+0xa0f): undefined reference to `smb_io_rpc_auth_ntlmssp_resp' > libsmb/smbencrypt.o(.text+0xa1c): undefined reference to `prs_realloc_data' > make: *** [bin/smbmount] Error 1 > -------------------------------------------- > Slack 7, kernel 2.2.13. The problem is that smbmount, smbmnt and smbunmount need RPC_PARSE_OBJ2 which is not in the makefile. Here is that patch I use --- Makefile.in.orig Sat Jan 15 21:49:25 2000 +++ Makefile.in Sat Jan 15 22:04:35 2000 @@ -446,13 +446,13 @@ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ2) MOUNT_OBJ = client/smbmount.o client/clientutil.o \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ2) MNT_OBJ = client/smbmnt.o \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ2) UMOUNT_OBJ = client/smbumount.o \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ2) NMB_AGENT_OBJ = utils/nmb-agent.o $(PARAM_OBJ) $(UBIQX_OBJ) \ $(LIBSMB_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ2) @@ -642,15 +642,15 @@ bin/smbmount: $(MOUNT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(LDFLAGS) $(LIBS) bin/smbmnt: $(MNT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(MNT_OBJ) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(MNT_OBJ) $(LDFLAGS) $(LIBS) bin/smbumount: $(UMOUNT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(UMOUNT_OBJ) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(UMOUNT_OBJ) $(LDFLAGS) $(LIBS) bin/testparm: $(TESTPARM_OBJ) bin/.dummy @echo Linking $@ @@ -731,7 +731,7 @@ @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(BINDIR) $(LIBDIR) $(VARDIR) $(PROGS) installscripts: installdirs - @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(BINDIR) $(SCRIPTS) + @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(BINDIR) $(patsubst %,$(srcdir)/%,$(SCRIPTS)) installcp: installdirs @$(SHELL) $(srcdir)/script/installcp.sh $(srcdir) $(LIBDIR) $(CODEPAGEDIR) $(BINDIR) $(CODEPAGELIST) From lkcl at samba.org Tue Jan 18 23:25:55 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: Smbmount compile errors In-Reply-To: <20000118231137Z12880014-23442+40055@samba.anu.edu.au> Message-ID: thx 4 patch! Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From gaurav at carroll.com Wed Jan 19 00:10:46 2000 From: gaurav at carroll.com (G. Naik) Date: Tue Dec 2 02:28:05 2003 Subject: Authentication Questions Message-ID: I currently have SAMBA_TNG, functioning as a PDC for a few of my NT workstations. I am using smbd and nmbd from MAIN, and the rest of the daemons from SAMBA_TNG. Currently, SAMBA is using standard /etc/passwd authentication for my users. However, I would like to use alternative authentication schemes. In our network , we currently use Kerberos5 for all unix authentication. I did some investigating...and I see the configure script for SAMBA_MAIN, allows you to add options such as --with-krb5 and --with-pam. However, the SAMBA_TNG tree's configure script does that even have these options available. Does or Will Samba support authenticating against kerberos5 or pam? Also, where can I find some documentation on the ways Samba supports PAM. I do not need any "Account Management" features, such as being able to view my users of USRMGR.EXE. Thanks in Advance... btw...SAMBA_TNG is working great for me...keep up the good work :) --- Gaurav Naik ("g") | C A R R O L L - N E T, Inc. 201-488-1332 | www.carroll.com From lkcl at samba.org Wed Jan 19 00:21:03 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: Authentication Questions In-Reply-To: Message-ID: hi, gaurav, SAMBA_TNG is only really relevant to people running with "encrypt passwords = yes". the pam support is only relevant to when "encrypt passwords = no", which sounds like it's suitable for what you want and need. regards, luke On Wed, 19 Jan 2000, G. Naik wrote: > I currently have SAMBA_TNG, functioning as a PDC for a few of my NT > workstations. I am using smbd and nmbd from MAIN, and the rest of the > daemons from SAMBA_TNG. Currently, SAMBA is using standard /etc/passwd > authentication for my users. However, I would like to use alternative > authentication schemes. In our network , we currently use Kerberos5 for > all unix authentication. > > I did some investigating...and I see the configure script for SAMBA_MAIN, > allows you to add options such as --with-krb5 and --with-pam. However, > the SAMBA_TNG tree's configure script does that even have these options > available. Does or Will Samba support authenticating against kerberos5 or > pam? Also, where can I find some documentation on the ways Samba supports > PAM. > > I do not need any "Account Management" features, such as being able to > view my users of USRMGR.EXE. > > > Thanks in Advance... > > btw...SAMBA_TNG is working great for me...keep up the good work :) > > > --- > Gaurav Naik ("g") | C A R R O L L - N E T, Inc. > 201-488-1332 | www.carroll.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 19 00:26:10 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: [SAMBA-TNG] recursive lookup problem in lib/domain_namemap.c In-Reply-To: Message-ID: On Wed, 19 Jan 2000, Luke Kenneth Casson Leighton wrote: > i added a call to lookup_lsa_names() in lib/domain_namemap.c. this is > used in samrd, so you can imagine what happens. > > consequences: you quickly run out of processes. > > be warned: don't use SAMBA_TNG until i fix this. i may put in an interim > fix (roll-back) and a proper fix is going to have to use a SURS table. ok, i fixed it. From lkcl at samba.org Wed Jan 19 00:28:01 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc In-Reply-To: Message-ID: ok, i decided to go ahead with this. if you can't compile and you _can_ program, please have a look at adding autoconf support for .a, using cvs main's autoconf as a base for ideas. thx! On Wed, 19 Jan 2000, Luke Kenneth Casson Leighton wrote: > i have a question for you all. > > is it ok if i create a dynamic library, libsmb.so and libmsrpc.so? > > if i do, could someone please submit mods to be able to create a libsmb.a > and libmsrpc.a (static libraries), first examining cvs main's configure.in > and Makefile.in? From gaurav at carroll.com Wed Jan 19 00:44:32 2000 From: gaurav at carroll.com (G. Naik) Date: Tue Dec 2 02:28:05 2003 Subject: Authentication Questions In-Reply-To: Message-ID: I understand that tradeoff. I will apply the plain-text password reg files to my NT workstations. However, I need to use either PAM or KRB5 for authentication. What my question is, whether SAMBA_TNG, does support those authentication mechanisms, while functioning as a PDC. And...where can I find some documentation on how to configure SAMBA_TNG to use PAM or KRB5. Thanks for your help. --- Gaurav Naik ("g") | C A R R O L L - N E T, Inc. 201-488-1332 | www.carroll.com On Wed, 19 Jan 2000, Luke Kenneth Casson Leighton wrote: > hi, gaurav, > > SAMBA_TNG is only really relevant to people running with "encrypt > passwords = yes". > > the pam support is only relevant to when "encrypt passwords = no", which > sounds like it's suitable for what you want and need. > > regards, > > luke > > On Wed, 19 Jan 2000, G. Naik wrote: > > > I currently have SAMBA_TNG, functioning as a PDC for a few of my NT > > workstations. I am using smbd and nmbd from MAIN, and the rest of the > > daemons from SAMBA_TNG. Currently, SAMBA is using standard /etc/passwd > > authentication for my users. However, I would like to use alternative > > authentication schemes. In our network , we currently use Kerberos5 for > > all unix authentication. > > > > I did some investigating...and I see the configure script for SAMBA_MAIN, > > allows you to add options such as --with-krb5 and --with-pam. However, > > the SAMBA_TNG tree's configure script does that even have these options > > available. Does or Will Samba support authenticating against kerberos5 or > > pam? Also, where can I find some documentation on the ways Samba supports > > PAM. > > > > I do not need any "Account Management" features, such as being able to > > view my users of USRMGR.EXE. > > > > > > Thanks in Advance... > > > > btw...SAMBA_TNG is working great for me...keep up the good work :) > > > > > > --- > > Gaurav Naik ("g") | C A R R O L L - N E T, Inc. > > 201-488-1332 | www.carroll.com > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > From lkcl at samba.org Wed Jan 19 00:49:21 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: Authentication Questions In-Reply-To: Message-ID: On Tue, 18 Jan 2000, G. Naik wrote: > I understand that tradeoff. I will apply the plain-text password > reg files to my NT workstations. > > However, I need to use either PAM or > KRB5 > for authentication. What my question is, whether SAMBA_TNG, does support > those authentication mechanisms, yes > while functioning as a PDC. no. once you switch over to "encrypt passwords = no", you are effectively disabling samba as a PDC. this is due to protocol limitations at the SMB level, so _no_ version of samba can be a PDC with "ep=no". > And...where > can I find some documentation on how to configure SAMBA_TNG to use PAM or > KRB5. absolutely no idea, it should be the same as 1.9.18 or maybe 2.0.0, that's the last time some of that code was updated. luke From lonnie at borntreger.com Wed Jan 19 07:43:59 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:28:05 2003 Subject: Makefile problems with new libs Message-ID: <003101bf6250$f34d5320$0500000a@borntreger.com> 1 - Solaris requires the use of -fPIC (due to the number of objects) not -fpic which is selected during the configure for some reason. (I have no solution since I'm not familiar with the configure tool, I just fix it in my file.) 2 - libs are not installed (FIX INCLUDED) 3 - Doing this in the makefile (FIX INCLUDED) SMBLIB = bin/libsmb.so RPCLIB = bin/libmsrpc.so bin/lsarpcd: $(SMBLIB) $(RPCLIB) $(LSARPCD_OBJ) bin/.dummy @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(LSARPCD_OBJ) $(LDFLAGS) $(LIBS) will result in: gto-> ldd lsarpcd bin/libsmb.so => (file not found) bin/libmsrpc.so => (file not found) libsec.so.1 => /usr/lib/libsec.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libpam.so.1 => /usr/lib/libpam.so.1 libcurses.so.1 => /usr/lib/libcurses.so.1 libc.so.1 => /usr/lib/libc.so.1 libmp.so.2 => /usr/lib/libmp.so.2 Don't think that's what is wanted since it means that /usr/local/samba must be in the LD_LIBRARY_PATH for the binaries to run. ***SOLUTION FOR ISSUE 3: Could do this in Makefile.in (the -L will make sure that the new libraries are used, not the old installed ones -- need to change all binaries not just lsarpcd): SMBLIB = bin/libsmb.so RPCLIB = bin/libmsrpc.so SMBLIBS = -L $(srcdir)/bin -lsmb -L $(srcdir)/bin -lmsrpc FLAGS += -R $(LIBDIR) bin/lsarpcd: $(SMBLIB) $(RPCLIB) $(LSARPCD_OBJ) bin/.dummy @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(LSARPCD_OBJ) $(LDFLAGS) $(LIBS) -- Then install libsmb.so and libmsrpc.so into $(LIBDIR). This will make it all run along without anybody having to change system rc scripts to find the libs when starting samba during a system boot. ***FIX FOR ISSUE 2 & 3: I attached a diff -u for Makefile.in. I used installscripts.sh since it had the functionality necessary to install the libs. I also added to the revert so the libs could be rolled back also. I know the fix will work for Solaris and other SVR4 compatible UNIXes. Don't know about IRIX. TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ ============== DIFF ==================== --- Makefile.in.old Wed Jan 19 01:20:15 2000 +++ Makefile.in Wed Jan 19 01:37:05 2000 @@ -111,6 +111,8 @@ SMBLIB = bin/libsmb.so @LIBSMB32@ RPCLIB = bin/libmsrpc.so @LIBMSRPC32@ +SMBLIBS=-L $(srcdir)/bin -lsmb -L $(srcdir)/bin -lmsrpc +CFLAGS += -R $(LIBDIR) LIBSTATUS_OBJ = lib/util_status.o @@ -286,7 +288,7 @@ $(LOCKING_OBJ) \ $(SIDDB_OBJ) \ $(LIBSTATUS_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) - + SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) $(PARAM_OBJ) \ $(UBIQX_OBJ) \ @@ -589,44 +591,44 @@ bin/smbd: $(SMBLIB) $(RPCLIB) $(SMBD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SMBD_OBJ) \ + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SMBD_OBJ) \ $(LDFLAGS) $(LIBS) bin/svcctld: $(SMBLIB) $(RPCLIB) $(SVCCTLD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SVCCTLD_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SVCCTLD_OBJ) $(LDFLAGS) $(LIBS) bin/lsarpcd: $(SMBLIB) $(RPCLIB) $(LSARPCD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(LSARPCD_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(LSARPCD_OBJ) $(LDFLAGS) $(LIBS) bin/spoolssd: $(SMBLIB) $(RPCLIB) $(SPOOLSSD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SPOOLSSD_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SPOOLSSD_OBJ) $(LDFLAGS) $(LIBS) bin/srvsvcd: $(SMBLIB) $(RPCLIB) $(SRVSVCD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SRVSVCD_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SRVSVCD_OBJ) $(LDFLAGS) $(LIBS) bin/wkssvcd: $(SMBLIB) $(RPCLIB) $(WKSSVCD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(WKSSVCD_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(WKSSVCD_OBJ) $(LDFLAGS) $(LIBS) bin/browserd: $(SMBLIB) $(RPCLIB) $(BROWSERD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(BROWSERD_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(BROWSERD_OBJ) $(LDFLAGS) $(LIBS) bin/winregd: $(SMBLIB) $(RPCLIB) $(WINREGD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(WINREGD_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(WINREGD_OBJ) $(LDFLAGS) $(LIBS) bin/netlogond: $(SMBLIB) $(RPCLIB) $(NETLOGOND_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(NETLOGOND_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(NETLOGOND_OBJ) $(LDFLAGS) $(LIBS) bin/samrd: $(SMBLIB) $(RPCLIB) $(SAMRD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) bin/nmbd: $(SMBLIB) $(NMBD_OBJ) bin/.dummy @echo Linking $@ @@ -634,7 +636,7 @@ bin/swat: $(SMBLIB) $(RPCLIB) $(SWAT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SWAT_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SWAT_OBJ) $(LDFLAGS) $(LIBS) bin/smbrun: $(SMBRUN_OBJ) bin/.dummy @echo Linking $@ @@ -642,7 +644,7 @@ bin/rpcclient: $(SMBLIB) $(RPCLIB) $(RPCCLIENT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(RPCCLIENT_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(RPCCLIENT_OBJ) $(LDFLAGS) $(LIBS) bin/smbclient: $(SMBLIB) $(CLIENT_OBJ) bin/.dummy @echo Linking $@ @@ -650,15 +652,15 @@ bin/smbmount: $(SMBLIB) $(RPCLIB) $(MOUNT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(MOUNT_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(MOUNT_OBJ) $(LDFLAGS) $(LIBS) bin/smbmnt: $(SMBLIB) $(RPCLIB) $(MNT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(MNT_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(MNT_OBJ) $(LDFLAGS) $(LIBS) bin/smbumount: $(SMBLIB) $(RPCLIB) $(UMOUNT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(UMOUNT_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(UMOUNT_OBJ) $(LDFLAGS) $(LIBS) bin/testparm: $(TESTPARM_OBJ) bin/.dummy @echo Linking $@ @@ -674,7 +676,7 @@ bin/smbpasswd: $(SMBLIB) $(RPCLIB) $(SMBPASSWD_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SMBPASSWD_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SMBPASSWD_OBJ) $(LDFLAGS) $(LIBS) bin/make_smbcodepage: $(MAKE_SMBCODEPAGE_OBJ) bin/.dummy @echo Linking $@ @@ -690,11 +692,11 @@ bin/smbtorture: $(SMBLIB) $(RPCLIB) $(SMBTORTURE_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SMBTORTURE_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SMBTORTURE_OBJ) $(LDFLAGS) $(LIBS) bin/rpctorture: $(SMBLIB) $(RPCLIB) $(RPCTORTURE_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(RPCTORTURE_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(RPCTORTURE_OBJ) $(LDFLAGS) $(LIBS) bin/smb-client: $(SMB_CLIENT_OBJ) bin/.dummy @echo Linking $@ @@ -706,11 +708,11 @@ bin/smb-agent: $(SMBLIB) $(RPCLIB) $(SMB_AGENT_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SMB_AGENT_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SMB_AGENT_OBJ) $(LDFLAGS) $(LIBS) bin/smbfilter: $(SMBLIB) $(RPCLIB) $(SMBFILTER_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) bin/debug2html: $(DEBUG2HTML_OBJ) bin/.dummy @echo Linking $@ @@ -726,9 +728,9 @@ bin/smbsh: $(SMBLIB) $(RPCLIB) $(SMBSH_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBLIB) $(RPCLIB) $(SMBSH_OBJ) $(LDFLAGS) $(LIBS) + @$(CC) $(FLAGS) -o $@ $(SMBLIBS) $(SMBSH_OBJ) $(LDFLAGS) $(LIBS) -install: installbin installman installscripts installcp installswat +install: installbin installlib installman installscripts installcp installswat installdirs: $(SHELL) $(srcdir)/install-sh -d -m $(INSTALLPERMS) \ @@ -738,6 +740,9 @@ @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS) @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(BINDIR) $(LIBDIR) $(VARDIR) $(PROGS) +installlib: all installdirs + @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(LIBDIR) $(SMBLIB) $(RPCLIB) + installscripts: installdirs @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(BINDIR) $(patsubst %,$(srcdir)/%,$(SCRIPTS)) @@ -751,6 +756,7 @@ revert: @$(SHELL) $(srcdir)/script/revert.sh $(SBINDIR) $(SPROGS) @$(SHELL) $(srcdir)/script/revert.sh $(BINDIR) $(PROGS) $(SCRIPTS) + @$(SHELL) $(srcdir)/script/revert.sh $(LIBDIR) $(SMBLIB) $(RPCLIB) installman: @$(SHELL) $(srcdir)/script/installman.sh $(MANDIR) $(srcdir) "@ROFF@" From paul.rogers6 at virgin.net Wed Jan 19 08:09:50 2000 From: paul.rogers6 at virgin.net (Paul Rogers) Date: Tue Dec 2 02:28:05 2003 Subject: Domain Groups & Logins/Mappings Message-ID: <3885714E.4DF09842@virgin.net> Dear All Ihave a samba server running as a PDC serving W95 clients. I need to map drives depending on groups belonged to. There are about 10 groups and individuals belong to different combinations of these groups. I'm trying to use kixtart to check membership of each group and map any relevent groups. However it always reports that Individual X is not a member (either local or domain) of group Y. I have added the groups to the /etc/group file and added the relevent individuals to each group. It appears that when the client interrogates the samba server it always replies that X is not a member of Y. How can I make samba do this properly? I've read the smb.conf man page and this indicates that, as PDC, samab should do this. The domain group map option no longer seems to work. Samba also doesn't seem to return the full name of an individual. Is it possible to fix this? How can I fix this? Is there a better way to do it. I thought of using prexec to dynamically create a logon.bat each time the user logs in. Has any one tried this?? Any help would be gratefully received. Paul From greg at orgasmicwines.com Wed Jan 19 11:01:13 2000 From: greg at orgasmicwines.com (Greg Cope) Date: Tue Dec 2 02:28:05 2003 Subject: newbia help needed with SAMBA_TNG cvs access Message-ID: <38859979.AF9E6266@orgasmicwines.com> Dear All I have been asked to set up a samba PDC for a small NT4.0 client LAN - the reason being that the roving profiles / single logon is wanted by the boss. As I under stand I need to get SAMBA_TNG cvs and make etc ... How do I do this / what are the commands - all the instructions suggest I need to grab a copy of the SAMBA_TNG CVS - but sadly I am a CVS newbie and have no idea of the commands - any points to a good / basic CVS guide would be appreciated. I also understand that I need to in stall the smbd and nmbd from main cvs - which I have. Thanks Greg Cope From lk at NetUSE.DE Wed Jan 19 11:15:01 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:05 2003 Subject: newbia help needed with SAMBA_TNG cvs access References: <38859979.AF9E6266@orgasmicwines.com> Message-ID: <38859CB5.CA489EA6@NetUSE.DE> Greg Cope wrote: > > Dear All > > I have been asked to set up a samba PDC for a small NT4.0 client LAN - > the reason being that the roving profiles / single logon is wanted by > the boss. > > As I under stand I need to get SAMBA_TNG cvs and make etc ... How do I > do this / what are the commands - all the instructions suggest I need to > grab a copy of the SAMBA_TNG CVS - but sadly I am a CVS newbie and have > no idea of the commands - any points to a good / basic CVS guide would > be appreciated. > > I also understand that I need to in stall the smbd and nmbd from main > cvs - which I have. Please watch http://www.kneschke.de/projekte/samba_tng. These pages will answer your questions. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From vs at lasp.npi.msu.su Wed Jan 19 11:38:31 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:05 2003 Subject: smbmount compile error Message-ID: <200001191138.OAA11220@lasp.npi.msu.su> Again, smbmount as usual, can't be compiled despite all posted patches: Compiling client/smbmount.c client/smbmount.c:149: warning: declaration of `fprintf' shadows global declaration client/smbmount.c: In function `chkpath': client/smbmount.c:150: warning: declaration of `fprintf' shadows global declaration client/smbmount.c:163: warning: implicit declaration of function `cli_setup_pkt' client/smbmount.c: In function `close_our_files': client/smbmount.c:242: `NR_OPEN' undeclared (first use in this function) client/smbmount.c:242: (Each undeclared identifier is reported only once client/smbmount.c:242: for each function it appears in.) client/smbmount.c: In function `mount_send_login': client/smbmount.c:263: warning: implicit declaration of function `cli_send_login' client/smbmount.c: In function `send_fs_socket': client/smbmount.c:439: warning: implicit declaration of function `cli_open_sockets' client/smbmount.c: At top level: client/smbmount.c:527: warning: function declaration isn't a prototype client/smbmount.c: In function `process': client/smbmount.c:727: warning: implicit declaration of function `cli_send_logout' client/smbmount.c:634: warning: unused variable `dbf' make: *** [client/smbmount.o] Error 1 From vs at lasp.npi.msu.su Wed Jan 19 12:16:33 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:05 2003 Subject: domain map group fail Message-ID: <200001191216.PAA18271@lasp.npi.msu.su> I can't login as domain admin, but only as ordinary user, due to domain group map still don't work. See the attached logs. These are result of smbclient //lasp/pc -U admin -------------- next part -------------- [2000/01/19 15:11:04, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:04, 5] smbd/connection.c:claim_connection(85) claiming 100000 [2000/01/19 15:11:04, 5] smbd/reply.c:reply_special(149) init msg_type=0x81 msg_flags=0x0 [2000/01/19 15:11:04, 6] lib/util_sock.c:write_socket(557) write_socket(4,4) [2000/01/19 15:11:04, 6] lib/util_sock.c:write_socket(560) write_socket(4,4) wrote 4 [2000/01/19 15:11:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(599) got smb length of 164 [2000/01/19 15:11:04, 6] smbd/process.c:process_smb(618) got message type 0x0 of len 0xa4 [2000/01/19 15:11:04, 3] smbd/process.c:process_smb(619) Transaction 1 of length 168 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(472) size=164 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(478) smb_tid=0 smb_pid=17882 smb_uid=0 smb_mid=1 smt_wct=0 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(488) smb_bcc=129 [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3026) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12 [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [080] 00 . [2000/01/19 15:11:04, 3] smbd/process.c:switch_message(448) switch message SMBnegprot (pid 17902) [2000/01/19 15:11:04, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [PC NETWORK PROGRAM 1.0] [2000/01/19 15:11:04, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [MICROSOFT NETWORKS 1.03] [2000/01/19 15:11:04, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [MICROSOFT NETWORKS 3.0] [2000/01/19 15:11:04, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [LANMAN1.0] [2000/01/19 15:11:04, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [LM1.2X002] [2000/01/19 15:11:04, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [Samba] [2000/01/19 15:11:04, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:04, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:04, 3] smbd/negprot.c:reply_negprot(421) Selected protocol NT LANMAN 1.0 [2000/01/19 15:11:04, 5] smbd/negprot.c:reply_negprot(428) negprot index=6 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(472) size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(478) smb_tid=0 smb_pid=17882 smb_uid=0 smb_mid=1 smt_wct=17 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[0]=6 (0x6) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[1]=12803 (0x3203) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[2]=256 (0x100) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[3]=65280 (0xFF00) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[4]=255 (0xFF) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[5]=0 (0x0) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[6]=256 (0x100) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[7]=60928 (0xEE00) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[8]=69 (0x45) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[9]=12544 (0x3100) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[10]=3 (0x3) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[11]=0 (0x0) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[12]=55292 (0xD7FC) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[13]=30273 (0x7641) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[14]=48994 (0xBF62) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[15]=19457 (0x4C01) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[16]=2303 (0x8FF) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(488) smb_bcc=16 [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3026) [000] E4 FE BB 5A 98 C4 24 3F 4C 2E 41 2E 53 2E 50 00 ...Z..$? L.A.S.P. [2000/01/19 15:11:04, 6] lib/util_sock.c:write_socket(557) write_socket(4,89) [2000/01/19 15:11:04, 6] lib/util_sock.c:write_socket(560) write_socket(4,89) wrote 89 [2000/01/19 15:11:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(599) got smb length of 135 [2000/01/19 15:11:04, 6] smbd/process.c:process_smb(618) got message type 0x0 of len 0x87 [2000/01/19 15:11:04, 3] smbd/process.c:process_smb(619) Transaction 2 of length 139 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(472) size=135 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(478) smb_tid=0 smb_pid=17882 smb_uid=0 smb_mid=1 smt_wct=13 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[0]=255 (0xFF) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[1]=0 (0x0) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[2]=17408 (0x4400) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[3]=2 (0x2) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[4]=17882 (0x45DA) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[5]=17902 (0x45EE) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[6]=0 (0x0) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[7]=24 (0x18) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[8]=24 (0x18) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[9]=0 (0x0) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[10]=0 (0x0) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[11]=0 (0x0) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(483) smb_vwv[12]=0 (0x0) [2000/01/19 15:11:04, 5] lib/util.c:show_msg(488) smb_bcc=74 [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3026) [000] 13 EC 4A 58 AD 5D 32 0C C3 58 EF 02 D2 EF 13 D2 ..JX.]2. .X...... [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [010] E4 98 6C 53 B1 3E 01 53 2A 1E 21 82 1D D0 EC 32 ..lS.>.S *.!....2 [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [020] AA 91 8D 89 73 9F D3 D1 09 7F DD 35 1B 6F 1E 12 ....s... ...5.o.. [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [030] 41 44 4D 49 4E 00 4C 2E 41 2E 53 2E 50 00 55 6E ADMIN.L. A.S.P.Un [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3034) [040] 69 78 00 00 53 61 6D 62 61 00 ix..Samb a. [2000/01/19 15:11:04, 3] smbd/process.c:switch_message(448) switch message SMBsesssetupX (pid 17902) [2000/01/19 15:11:04, 3] smbd/reply.c:reply_sesssetup_and_X(803) Domain=[L.A.S.P] NativeOS=[Unix] NativeLanMan=[] [2000/01/19 15:11:04, 3] smbd/reply.c:reply_sesssetup_and_X(807) sesssetupX:name=[ADMIN] [2000/01/19 15:11:04, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:04, 1] smbd/password.c:pass_check_smb(496) Couldn't find user 'admin' in UNIX password database. [2000/01/19 15:11:04, 2] smbd/reply.c:reply_sesssetup_and_X(912) NT Password did not match for user 'admin' ! Defaulting to Lanman [2000/01/19 15:11:04, 1] smbd/password.c:pass_check_smb(496) Couldn't find user 'admin' in UNIX password database. [2000/01/19 15:11:04, 1] smbd/reply.c:reply_sesssetup_and_X(923) Rejecting user 'admin': authentication failed [2000/01/19 15:11:04, 3] smbd/error.c:error_packet(138) error packet at line 641 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [2000/01/19 15:11:04, 3] smbd/error.c:error_packet(143) error string = No such file or directory [2000/01/19 15:11:04, 5] lib/util.c:show_msg(472) size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(478) smb_tid=0 smb_pid=17882 smb_uid=0 smb_mid=1 smt_wct=0 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(488) smb_bcc=0 [2000/01/19 15:11:04, 6] lib/util_sock.c:write_socket(557) write_socket(4,39) [2000/01/19 15:11:04, 6] lib/util_sock.c:write_socket(560) write_socket(4,39) wrote 39 [2000/01/19 15:11:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(599) got smb length of 72 [2000/01/19 15:11:04, 6] smbd/process.c:process_smb(618) got message type 0x81 of len 0x48 [2000/01/19 15:11:04, 3] smbd/process.c:process_smb(619) Transaction 3 of length 76 [2000/01/19 15:11:04, 2] smbd/reply.c:reply_special(97) netbios connect: name1=*SMBSERVER name2=LASP [2000/01/19 15:11:04, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:04, 5] smbd/connection.c:claim_connection(85) claiming 100000 [2000/01/19 15:11:04, 5] smbd/reply.c:reply_special(149) init msg_type=0x81 msg_flags=0x0 [2000/01/19 15:11:04, 6] lib/util_sock.c:write_socket(557) write_socket(4,4) [2000/01/19 15:11:04, 6] lib/util_sock.c:write_socket(560) write_socket(4,4) wrote 4 [2000/01/19 15:11:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(599) got smb length of 164 [2000/01/19 15:11:04, 6] smbd/process.c:process_smb(618) got message type 0x0 of len 0xa4 [2000/01/19 15:11:04, 3] smbd/process.c:process_smb(619) Transaction 4 of length 168 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(472) size=164 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(478) smb_tid=0 smb_pid=17882 smb_uid=0 smb_mid=1 smt_wct=0 [2000/01/19 15:11:04, 5] lib/util.c:show_msg(488) smb_bcc=129 [2000/01/19 15:11:04, 10] lib/util.c:dump_data(3026) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12 [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [080] 00 . [2000/01/19 15:11:05, 3] smbd/process.c:switch_message(448) switch message SMBnegprot (pid 17902) [2000/01/19 15:11:05, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [PC NETWORK PROGRAM 1.0] [2000/01/19 15:11:05, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [MICROSOFT NETWORKS 1.03] [2000/01/19 15:11:05, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [MICROSOFT NETWORKS 3.0] [2000/01/19 15:11:05, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [LANMAN1.0] [2000/01/19 15:11:05, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [LM1.2X002] [2000/01/19 15:11:05, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [Samba] [2000/01/19 15:11:05, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:05, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:05, 3] smbd/negprot.c:reply_negprot(421) Selected protocol NT LANMAN 1.0 [2000/01/19 15:11:05, 5] smbd/negprot.c:reply_negprot(428) negprot index=6 [2000/01/19 15:11:05, 5] lib/util.c:show_msg(472) size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [2000/01/19 15:11:05, 5] lib/util.c:show_msg(478) smb_tid=0 smb_pid=17882 smb_uid=0 smb_mid=1 smt_wct=17 [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[0]=6 (0x6) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[1]=12803 (0x3203) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[2]=256 (0x100) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[3]=65280 (0xFF00) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[4]=255 (0xFF) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[5]=0 (0x0) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[6]=256 (0x100) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[7]=60928 (0xEE00) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[8]=69 (0x45) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[9]=12544 (0x3100) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[10]=3 (0x3) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[11]=32768 (0x8000) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[12]=28818 (0x7092) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[13]=30274 (0x7642) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[14]=48994 (0xBF62) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[15]=19457 (0x4C01) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[16]=2303 (0x8FF) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(488) smb_bcc=16 [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3026) [000] 14 5D C9 23 C8 56 9A 71 4C 2E 41 2E 53 2E 50 00 .].#.V.q L.A.S.P. [2000/01/19 15:11:05, 6] lib/util_sock.c:write_socket(557) write_socket(4,89) [2000/01/19 15:11:05, 6] lib/util_sock.c:write_socket(560) write_socket(4,89) wrote 89 [2000/01/19 15:11:05, 10] lib/util_sock.c:read_smb_length_return_keepalive(599) got smb length of 135 [2000/01/19 15:11:05, 6] smbd/process.c:process_smb(618) got message type 0x0 of len 0x87 [2000/01/19 15:11:05, 3] smbd/process.c:process_smb(619) Transaction 5 of length 139 [2000/01/19 15:11:05, 5] lib/util.c:show_msg(472) size=135 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 [2000/01/19 15:11:05, 5] lib/util.c:show_msg(478) smb_tid=0 smb_pid=17882 smb_uid=0 smb_mid=1 smt_wct=13 [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[0]=255 (0xFF) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[1]=0 (0x0) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[2]=17408 (0x4400) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[3]=2 (0x2) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[4]=17882 (0x45DA) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[5]=17902 (0x45EE) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[6]=0 (0x0) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[7]=24 (0x18) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[8]=24 (0x18) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[9]=0 (0x0) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[10]=0 (0x0) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[11]=0 (0x0) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(483) smb_vwv[12]=0 (0x0) [2000/01/19 15:11:05, 5] lib/util.c:show_msg(488) smb_bcc=74 [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3026) [000] B5 90 2E 3B FC FD E6 0C 32 5B F6 5F F5 AD E0 49 ...;.... 2[._...I [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [010] DA 68 F6 A4 DE 92 E1 FE 11 2A 60 FA 0D 29 9D F0 .h...... .*`..).. [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [020] 8D AD EB F6 4F 20 4F DA D5 38 8D B9 B9 B8 3E D2 ....O O. .8....>. [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [030] 41 44 4D 49 4E 00 4C 2E 41 2E 53 2E 50 00 55 6E ADMIN.L. A.S.P.Un [2000/01/19 15:11:05, 10] lib/util.c:dump_data(3034) [040] 69 78 00 00 53 61 6D 62 61 00 ix..Samb a. [2000/01/19 15:11:05, 3] smbd/process.c:switch_message(448) switch message SMBsesssetupX (pid 17902) [2000/01/19 15:11:05, 3] smbd/reply.c:reply_sesssetup_and_X(803) Domain=[L.A.S.P] NativeOS=[Unix] NativeLanMan=[] [2000/01/19 15:11:05, 3] smbd/reply.c:reply_sesssetup_and_X(807) sesssetupX:name=[ADMIN] [2000/01/19 15:11:05, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:05, 1] smbd/password.c:pass_check_smb(496) Couldn't find user 'admin' in UNIX password database. [2000/01/19 15:11:05, 2] smbd/reply.c:reply_sesssetup_and_X(912) NT Password did not match for user 'admin' ! Defaulting to Lanman [2000/01/19 15:11:05, 1] smbd/password.c:pass_check_smb(496) Couldn't find user 'admin' in UNIX password database. [2000/01/19 15:11:05, 1] smbd/reply.c:reply_sesssetup_and_X(923) Rejecting user 'admin': authentication failed [2000/01/19 15:11:05, 3] smbd/error.c:error_packet(138) error packet at line 641 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [2000/01/19 15:11:05, 3] smbd/error.c:error_packet(143) error string = No such file or directory [2000/01/19 15:11:05, 5] lib/util.c:show_msg(472) size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 [2000/01/19 15:11:05, 5] lib/util.c:show_msg(478) smb_tid=0 smb_pid=17882 smb_uid=0 smb_mid=1 smt_wct=0 [2000/01/19 15:11:05, 5] lib/util.c:show_msg(488) smb_bcc=0 [2000/01/19 15:11:05, 6] lib/util_sock.c:write_socket(557) write_socket(4,39) [2000/01/19 15:11:05, 6] lib/util_sock.c:write_socket(560) write_socket(4,39) wrote 39 [2000/01/19 15:11:05, 10] lib/util_sock.c:read_socket_data(468) read_socket_data: recv of 4 returned 0. Error = Success [2000/01/19 15:11:05, 10] lib/util_sock.c:receive_smb(651) receive_smb: length < 0! [2000/01/19 15:11:05, 3] smbd/process.c:timeout_processing(858) end of file from client [2000/01/19 15:11:05, 2] smbd/server.c:exit_server(407) Closing connections [2000/01/19 15:11:05, 3] smbd/server.c:exit_server(434) Server exit (normal exit) -------------- next part -------------- [2000/01/19 15:11:04, 1] smbd/server.c:main(642) smbd version pre-3.0.0 started. Copyright Andrew Tridgell 1992-1998 doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter name resolve order = lmhosts bcast wins host doing parameter socket options = TCP_NODELAY doing parameter write list = root doing parameter create mask = 0644 doing parameter domain group map = /etc/domaingroup.map [2000/01/19 15:11:04, 0] param/loadparm.c:map_parameter(1672) Unknown parameter encountered: "domain group map" [2000/01/19 15:11:04, 0] param/loadparm.c:lp_do_parameter(2066) Ignoring unknown parameter "domain group map" doing parameter domain user map = /etc/domainuser.map [2000/01/19 15:11:04, 0] param/loadparm.c:map_parameter(1672) Unknown parameter encountered: "domain user map" [2000/01/19 15:11:04, 0] param/loadparm.c:lp_do_parameter(2066) Ignoring unknown parameter "domain user map" doing parameter local group map = /etc/localgroup.map [2000/01/19 15:11:04, 0] param/loadparm.c:map_parameter(1672) Unknown parameter encountered: "local group map" [2000/01/19 15:11:04, 0] param/loadparm.c:lp_do_parameter(2066) Ignoring unknown parameter "local group map" doing parameter logon path = \\%L\%U\profile doing parameter logon script = startup.bat doing parameter logon home = \\%L\%U doing parameter domain logons = Yes doing parameter os level = 165 doing parameter preferred master = Yes doing parameter local master = Yes doing parameter domain master = Yes doing parameter dns proxy = No doing parameter wins support = Yes doing parameter character set = koi8-r [2000/01/19 15:11:04, 5] lib/util_unistr.c:load_unicode_map(410) load_unicode_map: loading unicode map for codepage KOI8-R. [2000/01/19 15:11:04, 0] lib/util_unistr.c:load_unicode_map(427) load_unicode_map: filename /etc/codepages/unicode_map.KOI8-R does not exist. doing parameter client code page = 866 [2000/01/19 15:11:04, 5] lib/util_unistr.c:load_unicode_map(410) load_unicode_map: loading unicode map for codepage KOI8-R. [2000/01/19 15:11:04, 0] lib/util_unistr.c:load_unicode_map(427) load_unicode_map: filename /etc/codepages/unicode_map.KOI8-R does not exist. doing parameter message command = less %s ; rm %s & doing parameter printing = bsd doing parameter printer driver = no doing parameter print command = lpr -r -P%p %s doing parameter lpq command = lpq -P%p doing parameter lprm command = lprm -P%p %j doing parameter printcap name = /etc/printcap [2000/01/19 15:11:04, 2] param/loadparm.c:do_section(2319) Processing section "[homes]" doing parameter read only = No doing parameter browseable = No [2000/01/19 15:11:04, 2] param/loadparm.c:do_section(2319) Processing section "[printers]" doing parameter path = /var/spool/samba doing parameter print ok = Yes doing parameter browseable = No [2000/01/19 15:11:04, 2] param/loadparm.c:do_section(2319) Processing section "[netlogon]" doing parameter path = /home/netlogon doing parameter browseable = No [2000/01/19 15:11:04, 2] param/loadparm.c:do_section(2319) Processing section "[Home]" doing parameter path = /home/share doing parameter write list = @ours [2000/01/19 15:11:04, 2] param/loadparm.c:do_section(2319) Processing section "[PC]" doing parameter path = /usr/pc doing parameter read only = No [2000/01/19 15:11:04, 2] param/loadparm.c:do_section(2319) Processing section "[MOptic]" doing parameter path = /mnt/moptic [2000/01/19 15:11:04, 3] param/loadparm.c:lp_load(2641) pm_process() returned Yes [2000/01/19 15:11:04, 3] param/loadparm.c:lp_add_ipc(1585) adding IPC service [2000/01/19 15:11:04, 7] param/loadparm.c:lp_servicenumber(2733) lp_servicenumber: couldn't find lp [2000/01/19 15:11:04, 3] param/loadparm.c:lp_add_printer(1620) adding printer service lp [2000/01/19 15:11:04, 7] param/loadparm.c:lp_servicenumber(2733) lp_servicenumber: couldn't find fax [2000/01/19 15:11:04, 3] param/loadparm.c:lp_add_printer(1620) adding printer service fax [2000/01/19 15:11:04, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:04, 2] lib/interface.c:add_interface(83) added interface ip=158.250.20.217 bcast=158.250.20.223 nmask=255.255.255.248 [2000/01/19 15:11:04, 2] lib/interface.c:add_interface(83) added interface ip=158.250.9.9 bcast=158.250.9.255 nmask=255.255.255.0 [2000/01/19 15:11:04, 1] smbd/files.c:file_init(216) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/19 15:11:04, 6] lib/charset.c:codepage_initialise(339) codepage_initialise: client code page = 866 [2000/01/19 15:11:04, 5] lib/charset.c:load_client_codepage(196) load_client_codepage: loading codepage 866. Adding chars 0x61 0x41 (l->u = True) (u->l = True) Adding chars 0x62 0x42 (l->u = True) (u->l = True) Adding chars 0x63 0x43 (l->u = True) (u->l = True) Adding chars 0x64 0x44 (l->u = True) (u->l = True) Adding chars 0x65 0x45 (l->u = True) (u->l = True) Adding chars 0x66 0x46 (l->u = True) (u->l = True) Adding chars 0x67 0x47 (l->u = True) (u->l = True) Adding chars 0x68 0x48 (l->u = True) (u->l = True) Adding chars 0x69 0x49 (l->u = True) (u->l = True) Adding chars 0x6a 0x4a (l->u = True) (u->l = True) Adding chars 0x6b 0x4b (l->u = True) (u->l = True) Adding chars 0x6c 0x4c (l->u = True) (u->l = True) Adding chars 0x6d 0x4d (l->u = True) (u->l = True) Adding chars 0x6e 0x4e (l->u = True) (u->l = True) Adding chars 0x6f 0x4f (l->u = True) (u->l = True) Adding chars 0x70 0x50 (l->u = True) (u->l = True) Adding chars 0x71 0x51 (l->u = True) (u->l = True) Adding chars 0x72 0x52 (l->u = True) (u->l = True) Adding chars 0x73 0x53 (l->u = True) (u->l = True) Adding chars 0x74 0x54 (l->u = True) (u->l = True) Adding chars 0x75 0x55 (l->u = True) (u->l = True) Adding chars 0x76 0x56 (l->u = True) (u->l = True) Adding chars 0x77 0x57 (l->u = True) (u->l = True) Adding chars 0x78 0x58 (l->u = True) (u->l = True) Adding chars 0x79 0x59 (l->u = True) (u->l = True) Adding chars 0x7a 0x5a (l->u = True) (u->l = True) Adding chars 0xa0 0x80 (l->u = True) (u->l = True) Adding chars 0xa1 0x81 (l->u = True) (u->l = True) Adding chars 0xa2 0x82 (l->u = True) (u->l = True) Adding chars 0xa3 0x83 (l->u = True) (u->l = True) Adding chars 0xa4 0x84 (l->u = True) (u->l = True) Adding chars 0xa5 0x85 (l->u = True) (u->l = True) Adding chars 0xa6 0x86 (l->u = True) (u->l = True) Adding chars 0xa7 0x87 (l->u = True) (u->l = True) Adding chars 0xa8 0x88 (l->u = True) (u->l = True) Adding chars 0xa9 0x89 (l->u = True) (u->l = True) Adding chars 0xaa 0x8a (l->u = True) (u->l = True) Adding chars 0xab 0x8b (l->u = True) (u->l = True) Adding chars 0xac 0x8c (l->u = True) (u->l = True) Adding chars 0xad 0x8d (l->u = True) (u->l = True) Adding chars 0xae 0x8e (l->u = True) (u->l = True) Adding chars 0xaf 0x8f (l->u = True) (u->l = True) Adding chars 0xe0 0x90 (l->u = True) (u->l = True) Adding chars 0xe1 0x91 (l->u = True) (u->l = True) Adding chars 0xe2 0x92 (l->u = True) (u->l = True) Adding chars 0xe3 0x93 (l->u = True) (u->l = True) Adding chars 0xe4 0x94 (l->u = True) (u->l = True) Adding chars 0xe5 0x95 (l->u = True) (u->l = True) Adding chars 0xe6 0x96 (l->u = True) (u->l = True) Adding chars 0xe7 0x97 (l->u = True) (u->l = True) Adding chars 0xe8 0x98 (l->u = True) (u->l = True) Adding chars 0xe9 0x99 (l->u = True) (u->l = True) Adding chars 0xea 0x9a (l->u = True) (u->l = True) Adding chars 0xeb 0x9b (l->u = True) (u->l = True) Adding chars 0xec 0x9c (l->u = True) (u->l = True) Adding chars 0xed 0x9d (l->u = True) (u->l = True) Adding chars 0xee 0x9e (l->u = True) (u->l = True) Adding chars 0xef 0x9f (l->u = True) (u->l = True) Adding chars 0xf1 0xf0 (l->u = True) (u->l = True) Adding chars 0xf3 0xf2 (l->u = True) (u->l = True) Adding chars 0xf5 0xf4 (l->u = True) (u->l = True) Adding chars 0xf7 0xf6 (l->u = True) (u->l = True) Adding chars 0x21 0x0 (l->u = False) (u->l = False) Adding chars 0x23 0x0 (l->u = False) (u->l = False) Adding chars 0x24 0x0 (l->u = False) (u->l = False) Adding chars 0x25 0x0 (l->u = False) (u->l = False) Adding chars 0x26 0x0 (l->u = False) (u->l = False) Adding chars 0x27 0x0 (l->u = False) (u->l = False) Adding chars 0x28 0x0 (l->u = False) (u->l = False) Adding chars 0x29 0x0 (l->u = False) (u->l = False) Adding chars 0x2d 0x0 (l->u = False) (u->l = False) Adding chars 0x30 0x0 (l->u = False) (u->l = False) Adding chars 0x31 0x0 (l->u = False) (u->l = False) Adding chars 0x32 0x0 (l->u = False) (u->l = False) Adding chars 0x33 0x0 (l->u = False) (u->l = False) Adding chars 0x34 0x0 (l->u = False) (u->l = False) Adding chars 0x35 0x0 (l->u = False) (u->l = False) Adding chars 0x36 0x0 (l->u = False) (u->l = False) Adding chars 0x37 0x0 (l->u = False) (u->l = False) Adding chars 0x38 0x0 (l->u = False) (u->l = False) Adding chars 0x39 0x0 (l->u = False) (u->l = False) Adding chars 0x40 0x0 (l->u = False) (u->l = False) Adding chars 0x5e 0x0 (l->u = False) (u->l = False) Adding chars 0x5f 0x0 (l->u = False) (u->l = False) Adding chars 0x60 0x0 (l->u = False) (u->l = False) Adding chars 0x7b 0x0 (l->u = False) (u->l = False) Adding chars 0x7d 0x0 (l->u = False) (u->l = False) Adding chars 0x7e 0x0 (l->u = False) (u->l = False) Adding chars 0x7f 0x0 (l->u = False) (u->l = False) Adding chars 0xb0 0x0 (l->u = False) (u->l = False) Adding chars 0xb1 0x0 (l->u = False) (u->l = False) Adding chars 0xb2 0x0 (l->u = False) (u->l = False) Adding chars 0xb3 0x0 (l->u = False) (u->l = False) Adding chars 0xb4 0x0 (l->u = False) (u->l = False) Adding chars 0xb5 0x0 (l->u = False) (u->l = False) Adding chars 0xb6 0x0 (l->u = False) (u->l = False) Adding chars 0xb7 0x0 (l->u = False) (u->l = False) Adding chars 0xb8 0x0 (l->u = False) (u->l = False) Adding chars 0xb9 0x0 (l->u = False) (u->l = False) Adding chars 0xba 0x0 (l->u = False) (u->l = False) Adding chars 0xbb 0x0 (l->u = False) (u->l = False) Adding chars 0xbc 0x0 (l->u = False) (u->l = False) Adding chars 0xbd 0x0 (l->u = False) (u->l = False) Adding chars 0xbe 0x0 (l->u = False) (u->l = False) Adding chars 0xbf 0x0 (l->u = False) (u->l = False) Adding chars 0xc0 0x0 (l->u = False) (u->l = False) Adding chars 0xc1 0x0 (l->u = False) (u->l = False) Adding chars 0xc2 0x0 (l->u = False) (u->l = False) Adding chars 0xc3 0x0 (l->u = False) (u->l = False) Adding chars 0xc4 0x0 (l->u = False) (u->l = False) Adding chars 0xc5 0x0 (l->u = False) (u->l = False) Adding chars 0xc6 0x0 (l->u = False) (u->l = False) Adding chars 0xc7 0x0 (l->u = False) (u->l = False) Adding chars 0xc8 0x0 (l->u = False) (u->l = False) Adding chars 0xc9 0x0 (l->u = False) (u->l = False) Adding chars 0xca 0x0 (l->u = False) (u->l = False) Adding chars 0xcb 0x0 (l->u = False) (u->l = False) Adding chars 0xcc 0x0 (l->u = False) (u->l = False) Adding chars 0xcd 0x0 (l->u = False) (u->l = False) Adding chars 0xce 0x0 (l->u = False) (u->l = False) Adding chars 0xcf 0x0 (l->u = False) (u->l = False) Adding chars 0xd0 0x0 (l->u = False) (u->l = False) Adding chars 0xd1 0x0 (l->u = False) (u->l = False) Adding chars 0xd2 0x0 (l->u = False) (u->l = False) Adding chars 0xd3 0x0 (l->u = False) (u->l = False) Adding chars 0xd4 0x0 (l->u = False) (u->l = False) Adding chars 0xd5 0x0 (l->u = False) (u->l = False) Adding chars 0xd6 0x0 (l->u = False) (u->l = False) Adding chars 0xd7 0x0 (l->u = False) (u->l = False) Adding chars 0xd8 0x0 (l->u = False) (u->l = False) Adding chars 0xd9 0x0 (l->u = False) (u->l = False) Adding chars 0xda 0x0 (l->u = False) (u->l = False) Adding chars 0xdb 0x0 (l->u = False) (u->l = False) Adding chars 0xdc 0x0 (l->u = False) (u->l = False) Adding chars 0xdd 0x0 (l->u = False) (u->l = False) Adding chars 0xde 0x0 (l->u = False) (u->l = False) Adding chars 0xdf 0x0 (l->u = False) (u->l = False) Adding chars 0xf8 0x0 (l->u = False) (u->l = False) Adding chars 0xf9 0x0 (l->u = False) (u->l = False) Adding chars 0xfa 0x0 (l->u = False) (u->l = False) Adding chars 0xfb 0x0 (l->u = False) (u->l = False) Adding chars 0xfc 0x0 (l->u = False) (u->l = False) Adding chars 0xfd 0x0 (l->u = False) (u->l = False) Adding chars 0xfe 0x0 (l->u = False) (u->l = False) Adding chars 0xff 0x0 (l->u = False) (u->l = False) [2000/01/19 15:11:04, 5] lib/util_unistr.c:load_unicode_map(410) load_unicode_map: loading unicode map for codepage 866. [2000/01/19 15:11:04, 0] lib/util_unistr.c:load_unicode_map(427) load_unicode_map: filename /etc/codepages/unicode_map.866 does not exist. [2000/01/19 15:11:04, 3] smbd/server.c:main(698) loaded services [2000/01/19 15:11:04, 6] param/loadparm.c:lp_file_list_changed(1874) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Wed Jan 19 14:56:59 2000 [2000/01/19 15:11:04, 10] lib/util_sid.c:read_sid(471) read_sid: Domain: L.A.S.P [2000/01/19 15:11:04, 7] lib/util_sid.c:string_to_sid(302) string_to_sid: converted SID S-1-5-21-3528327861-1831579209-895851024 ok [2000/01/19 15:11:04, 7] lib/util_sid.c:sid_to_string(244) sid_to_string returning S-1-5-21-3528327861-1831579209-895851024 [2000/01/19 15:11:04, 5] lib/util_sid.c:read_sid_from_file(452) read_sid_from_file: sid S-1-5-21-3528327861-1831579209-895851024 [2000/01/19 15:11:04, 2] smbd/server.c:main(756) Changed root to / [2000/01/19 15:11:04, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2000/01/19 15:11:04, 3] lib/util_sock.c:open_socket_in(865) bind succeeded on port 0 [2000/01/19 15:11:04, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 17902, global_oplock_port = 1220 [2000/01/19 15:11:04, 4] lib/time.c:TimeInit(110) Serverzone is -10800 [2000/01/19 15:11:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(599) got smb length of 72 [2000/01/19 15:11:04, 6] smbd/process.c:process_smb(618) got message type 0x81 of len 0x48 [2000/01/19 15:11:04, 3] smbd/process.c:process_smb(619) Transaction 0 of length 76 [2000/01/19 15:11:04, 2] smbd/reply.c:reply_special(97) netbios connect: name1=LASP name2=LASP From giulioo at pobox.com Wed Jan 19 12:45:30 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:28:05 2003 Subject: smbmount compile error In-Reply-To: <200001191138.OAA11220@lasp.npi.msu.su> References: <200001191138.OAA11220@lasp.npi.msu.su> Message-ID: <20000119124651.BE2E188E1@i3.golden.dom> On Wed, 19 Jan 2000 22:41:07 +1100, hai scritto: >Again, smbmount as usual, can't be compiled despite all posted patches: which patches? >Compiling client/smbmount.c samba version? kernel version (assuming linux)? -- giulioo@pobox.com From vs at lasp.npi.msu.su Wed Jan 19 13:20:59 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:05 2003 Subject: smbmount compile error In-Reply-To: Your message of "Wed, 19 Jan 2000 23:50:08 +1100." <20000119124651.BE2E188E1@i3.golden.dom> Message-ID: <200001191320.QAA26241@lasp.npi.msu.su> On Wed, 19 Jan 2000 23:50:08 +1100 Giulio Orsero wrote: -------- > On Wed, 19 Jan 2000 22:41:07 +1100, hai scritto: > > >Again, smbmount as usual, can't be compiled despite all posted patches: > which patches? from nazard@dragoninc.on.ca: one for Makefile.in another - for client/smbmount.c > >Compiling client/smbmount.c > samba version? latest TNG > kernel version (assuming linux)? linux-2.2.12 From greg at orgasmicwines.com Wed Jan 19 13:33:45 2000 From: greg at orgasmicwines.com (Greg Cope) Date: Tue Dec 2 02:28:05 2003 Subject: newbia help needed with SAMBA_TNG cvs access References: <38859979.AF9E6266@orgasmicwines.com> <38859CB5.CA489EA6@NetUSE.DE> Message-ID: <3885BD39.32364D7@orgasmicwines.com> Lars Kneschke wrote: > > Greg Cope wrote: > > > > Dear All > > > > I have been asked to set up a samba PDC for a small NT4.0 client LAN - > > the reason being that the roving profiles / single logon is wanted by > > the boss. > > > > As I under stand I need to get SAMBA_TNG cvs and make etc ... How do I > > do this / what are the commands - all the instructions suggest I need to > > grab a copy of the SAMBA_TNG CVS - but sadly I am a CVS newbie and have > > no idea of the commands - any points to a good / basic CVS guide would > > be appreciated. > > > > I also understand that I need to in stall the smbd and nmbd from main > > cvs - which I have. > Please watch http://www.kneschke.de/projekte/samba_tng. These > pages will answer your questions. Thanks for: 1) such a fast response 2) Greate information these are just the page I need - excellent Can these pages have links to them from the samba.org web-pages in the samba pdc section as they are excellent instructions ? Thank you again Greg Cope > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From cynthia at email.webgalaxy.com Wed Jan 19 14:25:46 2000 From: cynthia at email.webgalaxy.com (Cynthia LaPier) Date: Tue Dec 2 02:28:05 2003 Subject: Basic LDAP Samba question Message-ID: When I do ./configure --with-ldap I get this error: checking whether to use PAM password database... no checking whether to use LDAP password database... yes configure: error: LDAP password database not supported in this version. LDAPFLAGS = -I/usr/local/etc/openldap/include -L/usr/local/etc/openldap/lib FLAGS1 = $(CFLAGS) $(LDAPFLAGS) -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper $(CPPFLAGS) -DSMBLOGFILE=\"$(SMBLOGFILE)\" -DNMBLOGFILE=\"$(NMBLOGFILE)\" Anyone know why I am this is happening? Thank you, Cynthia P.S. Extraneous info - two weeks ago at the Barnes & Noble in NYC on Union Square, there were great quantities of Samba books, yesterday there was one left - is this a movement? (As Arlo Guthrie might put it). Cynthia LaPier IT Development Web Galaxy, Inc. 1001 West Seneca Street, Suite 100 Ithaca, New York 14850 Phone: 607.256.5150 Fax: 607.256.2967 From lk at NetUSE.DE Wed Jan 19 14:57:14 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:05 2003 Subject: newbia help needed with SAMBA_TNG cvs access References: <38859979.AF9E6266@orgasmicwines.com> <38859CB5.CA489EA6@NetUSE.DE> <3885BD39.32364D7@orgasmicwines.com> Message-ID: <3885D0CA.8494A090@NetUSE.DE> Greg Cope wrote: > Lars Kneschke wrote: > > Greg Cope wrote: > > > As I under stand I need to get SAMBA_TNG cvs and make etc ... How do I > > > do this / what are the commands - all the instructions suggest I need to > > > grab a copy of the SAMBA_TNG CVS - but sadly I am a CVS newbie and have > > > no idea of the commands - any points to a good / basic CVS guide would > > > be appreciated. > > > > > > I also understand that I need to in stall the smbd and nmbd from main > > > cvs - which I have. > > Please watch http://www.kneschke.de/projekte/samba_tng. These > > pages will answer your questions. > Can these pages have links to them from the samba.org web-pages in the > samba pdc section as they are excellent instructions ? They can! :-) Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From icoupeau at unav.es Wed Jan 19 15:07:46 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:28:05 2003 Subject: Basic LDAP Samba question References: Message-ID: <3885D342.80E882A6@unav.es> Cynthia LaPier wrote: > > When I do ./configure --with-ldap > I get this error: > checking whether to use PAM password database... no > checking whether to use LDAP password database... yes > configure: error: LDAP password database not supported in this version. Perhaps you need the TNG branch ... look at: http://www.unav.es/cti/ldap-smb-howto.html please, read the source/README before start the smbd. Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From Elrond at Wunder-Nett.org Wed Jan 19 15:24:08 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:05 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc In-Reply-To: ; from Luke Kenneth Casson Leighton on Wed, Jan 19, 2000 at 11:31:18AM +1100 References: Message-ID: <20000119162408.A24266@baerbel.mug.maschinenbau.tu-darmstadt.de> Okay, at first I thought, this might be a good idea, but I hope, you (and the users) see the side-effects: If any internal working in the library is changed (and I'm planing to take a deep look at the memory-handling in rpc_parse/*.c), you have to update all your binaries in your installation. And I for example like to have a more older, but known to work, version on my production machines, but a recent rpcclient too. If people tend to do that without knowing about shared libs, they can get quite messy errors. Of course, "it's all their fault." On Wed, Jan 19, 2000 at 11:31:18AM +1100, Luke Kenneth Casson Leighton wrote: > ok, i decided to go ahead with this. if you can't compile and you _can_ > program, please have a look at adding autoconf support for .a, using cvs > main's autoconf as a base for ideas. > > thx! Maybe I'm going to look at libtool. > On Wed, 19 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > i have a question for you all. > > > > is it ok if i create a dynamic library, libsmb.so and libmsrpc.so? > > > > if i do, could someone please submit mods to be able to create a libsmb.a > > and libmsrpc.a (static libraries), first examining cvs main's configure.in > > and Makefile.in? Elrond From cmanz at netscape.net Wed Jan 19 15:56:23 2000 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:28:05 2003 Subject: [Re: [Re: win95 again]] Message-ID: <20000119155624.27855.qmail@www0j.netaddress.usa.net> heck, me again; I tried as you described below. Two things happened: 1. I got an error message in the log files: >2000/01/19 16:45:59 netbios nameserver version 1.9.18p10 started >Copyright Andrew Tridgell 1994-1997 >Unknown parameter encountered: "bind interface only" >Ignoring unknown parameter "bind interface only" --> the WHATSNEW file says that the bind interface only is supported with that version as you told me 2. When I start another daemon with the second smb.conf file I get a bind failed - I think it'll try to bind to the same port as the one already running ..... hm, just give me a "forget it" and I'll give up - but would be nice to achieve. thank's roman Richard Sharpe wrote: Hi, At 10:46 PM 1/17/00 +1100, you wrote: >heck, it seems obviously that I'm a little beginner... >The idea behind was to run two different SAMBA daemons listening to two >different ports. the default port for the password encrypting NT PCs and >another port for our noncrypting Win95 PCs. I've read all the descriptions >about Registry entries to make NT use plain passwords and WIN95 to use >encrypted one. The problem is that I'm not our PC administrator nor can I >decide to change the password handling of the PCs. I just want to share the >home directories of the users on our machines and make them accessible to both >WIN versions. >sorry for bothering No bother at all ... You would not do it with different ports, but with IP aliases on the server, or Virtual servers ... 1. Set up you machine with two IP addresses on the one interface, say: 10.0.0.1 and 10.0.0.2. Set up two smb.conf file, each specifying an interfaces line with an IP address and a bind interfaces only = yes Start up the appropriate daemons and specify their config files on their command lines. 2. Specify a NetBIOS alias in the smb.conf and include files based on the NetBIOS names, giving you virtual servers ... What you describe is perfect for Virtual Servers ... >roman > >Richard Sharpe wrote: >At 09:44 PM 1/17/00 +1100, Roman Manz wrote: >>Are there any tools to make WIN95 map a network drive on an alternate port? >>I've already searched the internet but found nothing useful. >>thank's > >Say what? What do you mean an alternate port? > >You mean, 1025 rather than 139? > >A server can redirect to another port. I don't think Samba generates >redirects, otherwise we could check if Win9x can handle them. > >>roman >> > >Regards >------- >Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), >Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) >Co-author, SAMS Teach Yourself Samba in 24 Hours >Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > > >____________________________________________________________________ >Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From p.mayers at ic.ac.uk Wed Jan 19 15:57:14 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:28:05 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812E1@icex1.cc.ic.ac.uk> > If any internal working in the library is changed (and I'm > planing to take a deep look at the memory-handling in > rpc_parse/*.c), you have to update all your binaries in > your installation. If you linked statically, yes. > And I for example like to have a more older, but known to > work, version on my production machines, but a recent > rpcclient too. So link rpcclient statically... What's the problem here? In any case, I think it's a good idea. Cheers, Phil From Steven.Gordon at motorola.com Wed Jan 19 16:25:38 2000 From: Steven.Gordon at motorola.com (Gordon Steven-QSG001) Date: Tue Dec 2 02:28:05 2003 Subject: unencrypted passwords and Windows2000 Message-ID: <2608E16E82ACD3118DEF0008C7CF80453373C5@tx14exm01.fwrdc.rtsg.mot.com> Does anyone know the registry hack for sending unencrypted passwords for a Windows 2000 workstation? It's not in the same place as in Windows98 or WindowsNT. Regards, Steve ------------------------------------------------------------------------ __/ / _ __ | /_ / /__ / /__ /__ / | MOTOROLA _/ ____/ _/ _/ ___/ _/ _/ | | Steve Gordon | Cellular Infrastructure Group (817) 245-6811 | Information Technology Services qsg001@email.mot.com | ------------------------------------------------------------------------ From Elrond at Wunder-Nett.org Wed Jan 19 16:36:42 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:05 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F812E1@icex1.cc.ic.ac.uk>; from Mayers, P J on Thu, Jan 20, 2000 at 03:01:19AM +1100 References: <0846B011B9A4D111A1EE006097DA4FCE02F812E1@icex1.cc.ic.ac.uk> Message-ID: <20000119173641.B24266@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Jan 20, 2000 at 03:01:19AM +1100, Mayers, P J wrote: > > > If any internal working in the library is changed (and I'm > > planing to take a deep look at the memory-handling in > > rpc_parse/*.c), you have to update all your binaries in > > your installation. > > If you linked statically, yes. No. If inner workings in the library change, the programs must also change, and you can't have half of the programs depend on the old working and half on the new. If you've ever read docs on shared-lib-versioning, you know, what I mean. > > And I for example like to have a more older, but known to > > work, version on my production machines, but a recent > > rpcclient too. > > So link rpcclient statically... What's the problem here? _I_ don't have a problem here, cause I know how to handle shared libraries. I'm just seeing possible problems out there. Maybe I'm seeing probs, where are none. > In any case, I think it's a good idea. Yes, it makes some things easier and saves some memory. > Cheers, > Phil Elrond From p.mayers at ic.ac.uk Wed Jan 19 16:50:32 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:28:05 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812E3@icex1.cc.ic.ac.uk> Well, I'm kind of assuming that if Luke makes changes to libmsrpc, he's not going to change the application level interface (I hope), or he's going to use some kind of interface versioning (struct dwSize members for example). Cheers, Phil -----Original Message----- From: Elrond To: Mayers, P J Cc: Multiple recipients of list SAMBA-NTDOM Sent: 19/01/00 16:36 Subject: Re: [SAMBA-TNG] using and createing libsmb and libmsrpc On Thu, Jan 20, 2000 at 03:01:19AM +1100, Mayers, P J wrote: > > > If any internal working in the library is changed (and I'm > > planing to take a deep look at the memory-handling in > > rpc_parse/*.c), you have to update all your binaries in > > your installation. > > If you linked statically, yes. No. If inner workings in the library change, the programs must also change, and you can't have half of the programs depend on the old working and half on the new. If you've ever read docs on shared-lib-versioning, you know, what I mean. > > And I for example like to have a more older, but known to > > work, version on my production machines, but a recent > > rpcclient too. > > So link rpcclient statically... What's the problem here? _I_ don't have a problem here, cause I know how to handle shared libraries. I'm just seeing possible problems out there. Maybe I'm seeing probs, where are none. > In any case, I think it's a good idea. Yes, it makes some things easier and saves some memory. > Cheers, > Phil Elrond From greg at orgasmicwines.com Wed Jan 19 16:54:10 2000 From: greg at orgasmicwines.com (Greg Cope) Date: Tue Dec 2 02:28:05 2003 Subject: problems / warnings compling MAIN and SAMBA_TNG Message-ID: <3885EC32.368E8F04@orgasmicwines.com> Dear All I have had a few problems / warnings today compling cvs snapshots and did a "cvs update -d -P" in each directory so these CVS sanpshots are current as of 14.10 GMT I not bieng a C programmer I cannot help! regards Greg Cope Here they are: Within "main" I get the following errors during "make": Compiling lib/msrpc_use.c lib/msrpc_use.c: In function `msrpc_find': lib/msrpc_use.c:150: warning: passing arg 1 of `pwd_compare' discards `const' from pointer target type Compiling rpc_parse/parse_creds.c rpc_parse/parse_creds.c: In function `create_user_creds': rpc_parse/parse_creds.c:591: warning: assignment discards `const' from pointer target type Compiling smbd/process.c Everthing else goes ok. Within "SAMBA TNG" I get the following errors during "make": Compiling rpc_parse/parse_creds.c with -fpic rpc_parse/parse_creds.c: In function `create_user_creds': rpc_parse/parse_creds.c:591: warning: assignment discards `const' from pointer target type Compiling rpc_parse/parse_ntlmssp.c with -fpic Compiling lib/domain_namemap.c lib/domain_namemap.c: In function `lookup_remote_ntname': lib/domain_namemap.c:895: warning: assignment discards `const' from pointer target type Compiling lib/util_pwdb.c Compiling lib/util.c lib/util.c: In function `nametouid': lib/util.c:2535: warning: passing arg 1 of `Get_Pwnam' discards `const' from pointer target type Compiling lib/genrand.c Compiling rpc_server/srv_pipe_ntlmssp.c rpc_server/srv_pipe_ntlmssp.c: In function `api_ntlmssp_verify': rpc_server/srv_pipe_ntlmssp.c:305: warning: assignment makes pointer from integer without a cast Compiling rpc_server/srv_samr.c Compiling smbd/chgpasswd.c smbd/chgpasswd.c: In function `findpty': smbd/chgpasswd.c:72: warning: assignment makes pointer from integer without a cast Compiling passdb/sampassdb.c Compiling web/cgi.c web/cgi.c: In function `cgi_handle_authorization': web/cgi.c:364: warning: assignment discards `const' from pointer target type Compiling web/diagnose.c From Elrond at Wunder-Nett.org Wed Jan 19 17:03:40 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:05 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F812E3@icex1.cc.ic.ac.uk>; from Mayers, P J on Thu, Jan 20, 2000 at 03:52:32AM +1100 References: <0846B011B9A4D111A1EE006097DA4FCE02F812E3@icex1.cc.ic.ac.uk> Message-ID: <20000119180340.A24274@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Jan 20, 2000 at 03:52:32AM +1100, Mayers, P J wrote: > Well, I'm kind of assuming that if Luke makes changes to libmsrpc, he's not > going to change the application level interface (I hope), or he's going to > use some kind of interface versioning (struct dwSize members for example). > > > Cheers, > Phil Well, programmers try do that, but this is currently not that easy. There's a reason, why it was called "prealpha". And currently the memory-handling in the rpc-code is fat from unified. It's fine, that it seems to work, but there's still a lot of work here. And versioning for single functions isn't realy nice in the current state. If you _realy_ would do it, you would end up with >20 versions for some functions. Elrond From lkcl at samba.org Wed Jan 19 17:04:40 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: Makefile problems with new libs In-Reply-To: <003101bf6250$f34d5320$0500000a@borntreger.com> Message-ID: apparently, the way to sort this is to use libtools. does anyone have experience using libtools? From lkcl at samba.org Wed Jan 19 17:10:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: smbmount compile error In-Reply-To: <200001191138.OAA11220@lasp.npi.msu.su> Message-ID: vladimir, please use smbmount from cvs main. smbmount from SAMBA_TNG has NOT been updated for over 18 months, and i really don't want to spend time and effort fixing it unnecessarily. thx, luke On Wed, 19 Jan 2000, Vladimir Stavrinov wrote: > > Again, smbmount as usual, can't be compiled despite all posted patches: > > Compiling client/smbmount.c > client/smbmount.c:149: warning: declaration of `fprintf' shadows global declaration > client/smbmount.c: In function `chkpath': > client/smbmount.c:150: warning: declaration of `fprintf' shadows global declaration > client/smbmount.c:163: warning: implicit declaration of function `cli_setup_pkt' > client/smbmount.c: In function `close_our_files': > client/smbmount.c:242: `NR_OPEN' undeclared (first use in this function) > client/smbmount.c:242: (Each undeclared identifier is reported only once > client/smbmount.c:242: for each function it appears in.) > client/smbmount.c: In function `mount_send_login': > client/smbmount.c:263: warning: implicit declaration of function `cli_send_login' > client/smbmount.c: In function `send_fs_socket': > client/smbmount.c:439: warning: implicit declaration of function `cli_open_sockets' > client/smbmount.c: At top level: > client/smbmount.c:527: warning: function declaration isn't a prototype > client/smbmount.c: In function `process': > client/smbmount.c:727: warning: implicit declaration of function `cli_send_logout' > client/smbmount.c:634: warning: unused variable `dbf' > make: *** [client/smbmount.o] Error 1 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 19 17:20:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: smbmount compile error In-Reply-To: <200001191320.QAA26241@lasp.npi.msu.su> Message-ID: On Thu, 20 Jan 2000, Vladimir Stavrinov wrote: > On Wed, 19 Jan 2000 23:50:08 +1100 Giulio Orsero wrote: > -------- > > > On Wed, 19 Jan 2000 22:41:07 +1100, hai scritto: > > > > >Again, smbmount as usual, can't be compiled despite all posted patches: > > which patches? > > from nazard@dragoninc.on.ca: one for Makefile.in another - for > client/smbmount.c i put those in, yesterday, didn't i? From lkcl at samba.org Wed Jan 19 17:27:43 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: Basic LDAP Samba question In-Reply-To: Message-ID: > P.S. Extraneous info - two weeks ago at the Barnes & Noble in NYC on Union > Square, there were great quantities of Samba books, yesterday there was one > left - is this a movement? (As Arlo Guthrie might put it). tell them to get mine! :) ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 19 17:30:26 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: Problem adding a client to the domain with samba-tng In-Reply-To: <000101bf6293$b56b35c0$3cc809c0@wis.pbl.ca> Message-ID: On Wed, 19 Jan 2000, Tim Adams wrote: > According to the howtos on http://www.kneschke.de/projekte/samba_tng/, the > difference between a PDC and BDC is "domain master = yes" for PDC and > "domain master = no" for BDC. lars, please update FAQ to say "password server = THEPDC". thx! From lkcl at samba.org Wed Jan 19 17:41:51 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:05 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F812E3@icex1.cc.ic.ac.uk> Message-ID: On Thu, 20 Jan 2000, Mayers, P J wrote: > Well, I'm kind of assuming that if Luke makes changes to libmsrpc, he's not > going to change the application level interface (I hope), or he's going to > use some kind of interface versioning (struct dwSize members for example). hey guys, you'll have to clue me in here, i have no idea what you're talking about! is ./ in the lib path? because that's what i expect, for now: libraries to be loaded from the cwd, at least until the libraries stabilise. btw, _yes_ i intend to to a total replacement of the libsmrpc code, with function parameter arguments EXACTLY the same as the MSDN. this will be about.........hmmm.... four to six weeks' work. From simsa at acu.edu Wed Jan 19 17:54:59 2000 From: simsa at acu.edu (April Sims) Date: Tue Dec 2 02:28:06 2003 Subject: Need info on Samba with mod_perl Message-ID: <4.2.0.58.20000119114841.00adbb90@nicanor.acu.edu> Trying to authenticate NT users to access an Apache web server on Solaris 7 . I have installed the mod_perl, AuthenSmb, Smb modules, recompiled Apache. Just need some help in configuring the startup.pl , changing the httpd.conf and writing the perl script (s) to Authenticate to the NT domain and not use a local /etc/passwd file. Have looked extensively in CPAN, SAMBA, APACHE sites for a clearer description of this process but have not found what I needed. Is there any other sites or resources available to help me? Thanks. Just a Perl Newbie. >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< April Sims MCSE, CNE Abilene Christian University Systems Administrator ACU Box 29005 Information Technology Abilene, TX 79699 simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< From vs at lasp.npi.msu.su Wed Jan 19 17:59:41 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:06 2003 Subject: smbmount compile error In-Reply-To: Your message of "Thu, 20 Jan 2000 04:17:39 +1100." Message-ID: <200001191759.UAA27793@lasp.npi.msu.su> On Thu, 20 Jan 2000 04:17:39 +1100 Luke Kenneth Casson Leighton wrote: -------- > vladimir, > > please use smbmount from cvs main. smbmount from SAMBA_TNG has NOT been > updated for over 18 months, and i really don't want to spend time and > effort fixing it unnecessarily. OK. This way I went usually before From vs at lasp.npi.msu.su Wed Jan 19 17:52:16 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:06 2003 Subject: domain map group fail In-Reply-To: Your message of "Thu, 20 Jan 2000 04:12:16 +1100." Message-ID: <200001191752.UAA27767@lasp.npi.msu.su> On Thu, 20 Jan 2000 04:12:16 +1100 Luke Kenneth Casson Leighton wrote: -------- > vladimir, please identify the version of samba you are using, plus send > your smb.conf file along with the log files as well, to the list. that > way people can review it. > > thanks! SAMBA_TNG + HEAD of Jan 18 near 06 AM -03 GMT *.log files - in previous message (top of this thread) and smb.conf - here: -------------- next part -------------- workgroup = L.A.S.P server string = Samba Domain Controller # interfaces = 158.250.20.234/27 158.250.20.217/29 158.250.9.9/24 interfaces = 158.250.20.217/29 158.250.9.9/24 remote announce = 158.250.20.255 158.250.20.254 remote browse sync = 158.250.20.255 158.250.20.254 # interfaces = 158.250.20.234/27 bind interfaces only = Yes encrypt passwords = Yes unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* # passwd chat = *New*password* %n\n *Retype*password* %n\n *updated*successfully* # username map = /etc/smbusers log level = 0 log file = /var/log/samba/log.%m max log size = 50 name resolve order = lmhosts bcast wins host socket options = TCP_NODELAY write list = root create mask = 0644 domain group map = /etc/domaingroup.map domain user map = /etc/domainuser.map local group map = /etc/localgroup.map logon path = \\%L\%U\profile logon script = startup.bat logon home = \\%L\%U domain logons = Yes os level = 165 preferred master = Yes local master = Yes domain master = Yes dns proxy = No wins support = Yes character set = koi8-r client code page = 866 message command = less %s ; rm %s & printing = bsd printer driver = no print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j printcap name = /etc/printcap [homes] read only = No browseable = No [printers] path = /var/spool/samba print ok = Yes browseable = No # create mode = 0700 [netlogon] path = /home/netlogon browseable = No [Home] path = /home/share write list = @ours [PC] path = /usr/pc read only = No [MOptic] path = /mnt/moptic From vs at lasp.npi.msu.su Wed Jan 19 17:55:33 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:06 2003 Subject: smbmount compile error In-Reply-To: Your message of "Thu, 20 Jan 2000 04:27:02 +1100." Message-ID: <200001191755.UAA27778@lasp.npi.msu.su> On Thu, 20 Jan 2000 04:27:02 +1100 Luke Kenneth Casson Leighton wrote: -------- > On Thu, 20 Jan 2000, Vladimir Stavrinov wrote: > > > On Wed, 19 Jan 2000 23:50:08 +1100 Giulio Orsero wrote: > > -------- > > > > > On Wed, 19 Jan 2000 22:41:07 +1100, hai scritto: > > > > > > >Again, smbmount as usual, can't be compiled despite all posted patches: > > > which patches? > > > > from nazard@dragoninc.on.ca: one for Makefile.in another - for > > client/smbmount.c > > i put those in, yesterday, didn't i? Yes You did, but result You've seen ... From timothy_d_cole at md.northgrum.com Wed Jan 19 18:23:29 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:28:06 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631DB@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Wednesday, January 19, 2000 12:55 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: [SAMBA-TNG] using and createing libsmb and libmsrpc > > On Thu, 20 Jan 2000, Mayers, P J wrote: > > > Well, I'm kind of assuming that if Luke makes changes to libmsrpc, he's > not > > going to change the application level interface (I hope), or he's going > to > > use some kind of interface versioning (struct dwSize members for > example). > > hey guys, you'll have to clue me in here, i have no idea what you're > talking about! > Basically he's talking about different ways of handling binary compatibility across library versions. Among them, either keeping a consistent API, or using opaque structures, and passing the size/desired size to all functions that work with them. > is ./ in the lib path? because that's what i expect, for now: libraries > to be loaded from the cwd, at least until the libraries stabilise. > This is dependent on the system configuration, but the library search path (much like the executable search path) should not normally include ./, for security reasons. The LD_LIBRARY_PATH environment variable (on amost all POSIX systems I'm aware of) specifies the shared library search path -- appending the installation directory to it from a wrapper shell script is the normal way of dealing with this. (c.f. Mozilla, et al) > btw, _yes_ i intend to to a total replacement of the libsmrpc code, with > function parameter arguments EXACTLY the same as the MSDN. this will be > about.........hmmm.... four to six weeks' work. > What specific benefits are there to duplicating that hideous interface? I mean, seriously? From bruce at mergent.com Wed Jan 19 18:24:00 2000 From: bruce at mergent.com (Bruce Reed) Date: Tue Dec 2 02:28:06 2003 Subject: Some questions on PDC support in TNG Message-ID: I have TNG running as a PDC for a domain of 6 workstations and the samba (linux) server. Most everything is working, but I have a few questions: o Group mapping doesn't seem to work correctly or perhaps I don't understand the mechanics. I have a file named DomainGroupMap (registered in smb.conf) with an entry like: domainadmins="Domain Admins" I thought I should see "Domain Admins" listed as one of the groups in the User Manager, but it's not there. Should it be? In fact, I don't even see domainadmins! o Is there any way to limit the group list to a set of mapped groups? Don't want to see sys, wheel, daemon, etc. o I can't manipulate users in the User Manager for Domains. Changing passwords produces "Access Denied" messages and attempting to add a new user produces the rather bizarre message "The filename, directory name, or volume label syntax is incorrect." o Has anyone created Unix'en init scripts for TNG? There are a lot of daemons and starting/stopping by hand is tedious. Realize I can easily do this, but if someone's already done this . . . Otherwise this version works great as a PDC! Thanks for all of your efforts. From lkcl at samba.org Wed Jan 19 18:27:50 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB5631DB@xcgmd008.md.essd.northgrum.com> Message-ID: hey, this library stuff is so COOL! binary size of winregd: 66k! smbrun? 3628 BYTES! smbd? 284k. libsamba.so? 204k. btw if you're wondering _why_ i'm doing this, it's because i'm so fed up with doing an update of pam_ntdom that takes THREE days a shot every damn time. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 19 18:31:43 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB5631DB@xcgmd008.md.essd.northgrum.com> Message-ID: > This is dependent on the system configuration, but the library > search path (much like the executable search path) should not normally > include ./, for security reasons. ooh.. then why does smbd run fine, even though i don't ahve a LD_LIBRARY_PATH? > > btw, _yes_ i intend to to a total replacement of the libsmrpc code, with > > function parameter arguments EXACTLY the same as the MSDN. this will be > > about.........hmmm.... four to six weeks' work. > > > What specific benefits are there to duplicating that hideous > interface? I mean, seriously? LOTS! porting NT applications back to Unix, for a start! and actually, i quite _like_ the hideous interface, i've been having to work "behind-the-scenes" for the last two years, and i quite like it! ok, i've seen better, but if you understanda that it's _all_, and i do _mean_ all, based on DCE/RPC, then you kinda get used to its quirks. From lkcl at samba.org Wed Jan 19 18:45:32 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: Some questions on PDC support in TNG In-Reply-To: Message-ID: On Thu, 20 Jan 2000, Bruce Reed wrote: > I have TNG running as a PDC for a domain of 6 workstations and the samba > (linux) server. Most everything is working, but I have a few questions: excellent! > o Group mapping doesn't seem to work correctly or perhaps I don't understand > the mechanics. I have a file named DomainGroupMap (registered in smb.conf) > with an entry like: > domainadmins="Domain Admins" > I thought I should see "Domain Admins" listed as one of the groups in the > User Manager, but it's not there. Should it be? In fact, I don't even see > domainadmins! you have a unix group domainadmins? From bruce at mergent.com Wed Jan 19 19:03:24 2000 From: bruce at mergent.com (Bruce Reed) Date: Tue Dec 2 02:28:06 2003 Subject: Some questions on PDC support in TNG In-Reply-To: Message-ID: > From: Luke Leighton [mailto:lkcl@samba.anu.edu.au]On Behalf Of Luke . . . > > you have a unix group domainadmins? Yes, "domainadmins" is in /etc/group: domainadmins::805:breed I also have a mapping in DomainGroupMap for eng="Engineering" and I fail to see the Engineering group as well. Unlike domainadmins however, "eng" is coming from NIS. There's a "+" at the end of /etc/group. From lk at NetUSE.DE Wed Jan 19 19:06:21 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:06 2003 Subject: Problem adding a client to the domain with samba-tng References: Message-ID: <38860B2D.CEFAEEA1@NetUSE.DE> Luke Kenneth Casson Leighton wrote: > > On Wed, 19 Jan 2000, Tim Adams wrote: > > > According to the howtos on http://www.kneschke.de/projekte/samba_tng/, the > > difference between a PDC and BDC is "domain master = yes" for PDC and > > "domain master = no" for BDC. > > lars, please update FAQ to say "password server = THEPDC". thx! Done. But there was a error in the documentation. a pdc and bdc needs also encrypt passwords = yes And the pdc should NOT have passwordserver = thepdcname But i have fixed this now. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lkcl at samba.org Wed Jan 19 19:11:43 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: Problem adding a client to the domain with samba-tng In-Reply-To: <38860B2D.CEFAEEA1@NetUSE.DE> Message-ID: On Wed, 19 Jan 2000, Lars Kneschke wrote: > > > According to the howtos on http://www.kneschke.de/projekte/samba_tng/, the > > > difference between a PDC and BDC is "domain master = yes" for PDC and > > > "domain master = no" for BDC. > > > > lars, please update FAQ to say "password server = THEPDC". thx! > Done. But there was a error in the documentation. tsk tsk :) > a pdc and bdc needs also > > encrypt passwords = yes > > And the pdc should NOT have > > passwordserver = thepdcname that is correct. > But i have fixed this now. great! From lkcl at samba.org Wed Jan 19 19:12:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: Some questions on PDC support in TNG In-Reply-To: Message-ID: On Thu, 20 Jan 2000, Bruce Reed wrote: > > From: Luke Leighton [mailto:lkcl@samba.anu.edu.au]On Behalf Of Luke > . . > > > > you have a unix group domainadmins? > > Yes, "domainadmins" is in /etc/group: > > domainadmins::805:breed > > I also have a mapping in DomainGroupMap for eng="Engineering" and I fail to > see the Engineering group as well. Unlike domainadmins however, "eng" is > coming from NIS. There's a "+" at the end of /etc/group. shouldn't make any difference. isamba does getgrent() etc. From nazard at dragoninc.on.ca Wed Jan 19 19:19:48 2000 From: nazard at dragoninc.on.ca (nazard@dragoninc.on.ca) Date: Tue Dec 2 02:28:06 2003 Subject: smbmount compile error In-Reply-To: <200001191138.OAA11220@lasp.npi.msu.su> Message-ID: <20000119191620Z12886537-23442+40378@samba.anu.edu.au> On 19 Jan, Vladimir Stavrinov wrote: > > Again, smbmount as usual, can't be compiled despite all posted patches: > > Compiling client/smbmount.c > client/smbmount.c:149: warning: declaration of `fprintf' shadows global declaration > client/smbmount.c: In function `chkpath': > client/smbmount.c:150: warning: declaration of `fprintf' shadows global declaration > client/smbmount.c:163: warning: implicit declaration of function `cli_setup_pkt' > client/smbmount.c: In function `close_our_files': > client/smbmount.c:242: `NR_OPEN' undeclared (first use in this function) > client/smbmount.c:242: (Each undeclared identifier is reported only once > client/smbmount.c:242: for each function it appears in.) > client/smbmount.c: In function `mount_send_login': > client/smbmount.c:263: warning: implicit declaration of function `cli_send_login' > client/smbmount.c: In function `send_fs_socket': > client/smbmount.c:439: warning: implicit declaration of function `cli_open_sockets' > client/smbmount.c: At top level: > client/smbmount.c:527: warning: function declaration isn't a prototype > client/smbmount.c: In function `process': > client/smbmount.c:727: warning: implicit declaration of function `cli_send_logout' > client/smbmount.c:634: warning: unused variable `dbf' > make: *** [client/smbmount.o] Error 1 > I can't reproduce it here. I checked out a fresh tree to be sure. In my copy, line 149 is the start of chkpath(), not a fprintf call. With my patch, NR_OPEN should not be an issue. Here's the md5sum of the original and after my patch ccc5be49061f34e185c850bdd5808f0d smbmount.c 7bf33f1c25e20ab23cedc2c1e424fad7 smbmount.c.orig The freshly checked out try sorta compiles but the issues are to do with Luke's recent lib changes. 1) bin/libsmb.so and bin/libmsrpc.so need $(LDFLAGS) 2) bin/smbmount, bin/smbmnt, bin/smbumount do not need $(RPCLIB) Doug From lk at NetUSE.DE Wed Jan 19 19:21:07 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:06 2003 Subject: Some questions on PDC support in TNG References: Message-ID: <38860EA3.D106937B@NetUSE.DE> Bruce Reed wrote: > > I have TNG running as a PDC for a domain of 6 workstations and the samba > (linux) server. Most everything is working, but I have a few questions: Do you have the latest samba tng? If your version is a little bit older you need to set the group in the /etc/passwd. > o Has anyone created Unix'en init scripts for TNG? There are a lot of > daemons and starting/stopping by hand is tedious. Realize I can easily do > this, but if someone's already done this . . . kill `cat /var/locks/*.pid` will kill mostly all sambaprocesses. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lkcl at samba.org Wed Jan 19 19:28:43 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: smbmount compile error In-Reply-To: <20000119191620Z12886537-23442+40378@samba.anu.edu.au> Message-ID: vladimir, do a complete cvs checkout, not a cvs update. this is a frequent problem with public cvs. > > client/smbmount.c:727: warning: implicit declaration of function `cli_send_logout' > > client/smbmount.c:634: warning: unused variable `dbf' > > make: *** [client/smbmount.o] Error 1 > > > > I can't reproduce it here. I checked out a fresh tree to be sure. In my > copy, line 149 is the start of chkpath(), not a fprintf call. With my > patch, NR_OPEN should not be an issue. Here's the md5sum of the > original and after my patch > 1) bin/libsmb.so and bin/libmsrpc.so need $(LDFLAGS) that should be automtically sorted out through @LDSHFLAGS@ > 2) bin/smbmount, bin/smbmnt, bin/smbumount do not need $(RPCLIB) fixing this. From lkcl at samba.org Wed Jan 19 19:54:43 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: Samba RPC 3.0/TNG Problem In-Reply-To: <20000119203539.A6661@shadowland.sc> Message-ID: On Wed, 19 Jan 2000, Jens Skripczynski wrote: > > check log.smb that it's able to connect to > > /usr/local/samba/var/locks/.msrpc/PIPENAME > Same. it's not connecting to .msrpc/NETLOGON?? then that's your problem, you probably don't have cvs main. check the soruce code for the existence of create_pipe_socket(), and rpc_client/cli_connect.c. check in rpc_server/srv_pipe_hnd.c::open_rpc_pipe_p(), it should be doing an msrpc_use_add() then if that fails, indicating "rpc_redirect failed" at debug log level 10. From lkcl at samba.org Wed Jan 19 19:55:40 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: smbmount compile error In-Reply-To: <20000119195134Z13093132-11511+40917@samba.anu.edu.au> Message-ID: On Wed, 19 Jan 2000 nazard@dragoninc.on.ca wrote: > On 20 Jan, Luke Kenneth Casson Leighton wrote: > >> 1) bin/libsmb.so and bin/libmsrpc.so need $(LDFLAGS) > > > > that should be automtically sorted out through @LDSHFLAGS@ > > The problem is that I need to include -L/home/nazard/ldap/ldap/obj. > griffon/libraries which is set in LDFLAGS before running configure. > LDSHFLAGS only sets the flags to generate a shared lib AFAIK. oo. From lk at NetUSE.DE Wed Jan 19 20:03:46 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:06 2003 Subject: Samba RPC 3.0/TNG Problem References: Message-ID: <388618A2.1F991AAE@NetUSE.DE> Luke Kenneth Casson Leighton wrote: > > On Wed, 19 Jan 2000, Jens Skripczynski wrote: > > > > check log.smb that it's able to connect to > > > /usr/local/samba/var/locks/.msrpc/PIPENAME > > Same. Please check if the directory exists. If you install samba fresh, it's possible that /usr/local/samba/var/ or /usr/local/samba/var/locks/ not exists. > it's not connecting to .msrpc/NETLOGON?? then that's your problem, you > probably don't have cvs main. check the soruce code for the existence of > create_pipe_socket(), and rpc_client/cli_connect.c. > > check in rpc_server/srv_pipe_hnd.c::open_rpc_pipe_p(), it should be doing > an msrpc_use_add() then if that fails, indicating "rpc_redirect failed" at > debug log level 10. The crusoe processor seems to be very cool! We are watching the real viedo stream. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From vs at lasp.npi.msu.su Wed Jan 19 20:41:48 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:06 2003 Subject: smbmount compile error In-Reply-To: Your message of "Thu, 20 Jan 2000 06:19:58 +1100." <20000119191620Z12886537-23442+40378@samba.anu.edu.au> Message-ID: <200001192041.XAA28453@lasp.npi.msu.su> On Thu, 20 Jan 2000 06:19:58 +1100 nazard@dragoninc.on.ca wrote: -------- > On 19 Jan, Vladimir Stavrinov wrote: > > > > Again, smbmount as usual, can't be compiled despite all posted patches: > > > > Compiling client/smbmount.c > > client/smbmount.c:149: warning: declaration of `fprintf' shadows global declaration > > client/smbmount.c: In function `chkpath': > > client/smbmount.c:150: warning: declaration of `fprintf' shadows global declaration > > client/smbmount.c:163: warning: implicit declaration of function `cli_setup_pkt' > > client/smbmount.c: In function `close_our_files': > > client/smbmount.c:242: `NR_OPEN' undeclared (first use in this function) > > client/smbmount.c:242: (Each undeclared identifier is reported only once > > client/smbmount.c:242: for each function it appears in.) > > client/smbmount.c: In function `mount_send_login': > > client/smbmount.c:263: warning: implicit declaration of function `cli_send_login' > > client/smbmount.c: In function `send_fs_socket': > > client/smbmount.c:439: warning: implicit declaration of function `cli_open_sockets' > > client/smbmount.c: At top level: > > client/smbmount.c:527: warning: function declaration isn't a prototype > > client/smbmount.c: In function `process': > > client/smbmount.c:727: warning: implicit declaration of function `cli_send_logout' > > client/smbmount.c:634: warning: unused variable `dbf' > > make: *** [client/smbmount.o] Error 1 > > > > I can't reproduce it here. I checked out a fresh tree to be sure. In my > copy, line 149 is the start of chkpath(), not a fprintf call. With my Yes, the same in mine, but nevertheless... From vs at lasp.npi.msu.su Wed Jan 19 20:48:29 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:06 2003 Subject: smbmount compile error In-Reply-To: Your message of "Thu, 20 Jan 2000 06:32:04 +1100." Message-ID: <200001192048.XAA28479@lasp.npi.msu.su> On Thu, 20 Jan 2000 06:32:04 +1100 Luke Kenneth Casson Leighton wrote: -------- > vladimir, do a complete cvs checkout, not a cvs update. this is a > frequent problem with public cvs. > I know and doing, but it's too slowly. However, smbmount - minor problem, the main is "domain group map". What about this? You see, I sent all stuff You request... From lkcl at samba.org Wed Jan 19 21:03:14 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: smbmount compile error In-Reply-To: <200001192048.XAA28479@lasp.npi.msu.su> Message-ID: On Wed, 19 Jan 2000, Vladimir Stavrinov wrote: > On Thu, 20 Jan 2000 06:32:04 +1100 Luke Kenneth Casson Leighton wrote: > -------- > > > vladimir, do a complete cvs checkout, not a cvs update. this is a > > frequent problem with public cvs. > > > > I know and doing, but it's too slowly. > > However, smbmount - minor problem, the main is "domain group map". What about this? You see, I sent all stuff You request... i have an issue with rpcclient working on logins OR smbclient working on logins, but not both (temporary fix is to do "client schannel = no") to deal with, then i'll get to domain group map. oks? From vs at lasp.npi.msu.su Wed Jan 19 21:23:16 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:06 2003 Subject: smbmount compile error In-Reply-To: Your message of "Thu, 20 Jan 2000 08:05:42 +1100." Message-ID: <200001192123.AAA28614@lasp.npi.msu.su> On Thu, 20 Jan 2000 08:05:42 +1100 Luke Kenneth Casson Leighton wrote: -------- > > However, smbmount - minor problem, the main is "domain group map". What about this? You see, I sent all stuff You request... > > i have an issue with rpcclient working on logins OR smbclient working on > logins, but not both (temporary fix is to do "client schannel = no") to > deal with, then i'll get to domain group map. > > oks? OK, but some others have no this problem just now. Why? However, I can't login to NT as domain admin, only locally and this isn't implying by "client schannel = ". From mgeddes at xavier.sa.edu.au Wed Jan 19 21:58:03 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:06 2003 Subject: unencrypted passwords and Windows2000 References: <2608E16E82ACD3118DEF0008C7CF80453373C5@tx14exm01.fwrdc.rtsg.mot.com> Message-ID: <3886336B.4DACFF58@xavier.sa.edu.au> Gordon Steven-QSG001 wrote: > Does anyone know the registry hack for sending unencrypted passwords for a > Windows 2000 workstation? It's not in the same place as in Windows98 or > WindowsNT. > > Regards, > Does the .reg file included with Samba not work? It's usually found with the documentation (CVS, source and RPM I believe). Matt From sam at topic.com.au Wed Jan 19 23:58:42 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:28:06 2003 Subject: Need info on Samba with mod_perl In-Reply-To: <4.2.0.58.20000119114841.00adbb90@nicanor.acu.edu>; from simsa@acu.edu on Thu, Jan 20, 2000 at 05:01:19AM +1100 References: <4.2.0.58.20000119114841.00adbb90@nicanor.acu.edu> Message-ID: <20000119235842.D10022@mailhost.topic.com.au> April Sims wrote: > Trying to authenticate NT users to access an Apache web server on Solaris 7 > I have installed the mod_perl, AuthenSmb, Smb modules, recompiled > Apache. Just need some help in configuring the startup.pl , changing the > httpd.conf and writing the perl script (s) to Authenticate to the NT domain > and not use a local /etc/passwd file. > Have looked extensively in CPAN, SAMBA, APACHE sites for a clearer > description of this process but have not found what I needed. > > Is there any other sites or resources available to help me? Thanks. Just > a Perl Newbie. I don't understand where the Perl scripts come into it... Why not use mad_pam for Apache, and pam_smb or pam_ntdom to authenticate? Maybe I'm missing something about what you're trying to do. -- Sam Couter sam@topic.com.au Internet Engineer tSA Consulting From ed at schernau.com Thu Jan 20 00:27:55 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:28:06 2003 Subject: request: howto? or maybe Samba code Message-ID: <3886568B.44A73707@schernau.com> I'd like to be able to broadcast "Winpopup" messages to everyone in the workgroup/domain (same name) from any subnet. This currently breaks, as its broadcast only. Can Samba be configured, or maybe I need some routing trickery, or maybe Samba needs a Winpopup-proxy or something, to do this? Thanks -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From sam at topic.com.au Thu Jan 20 00:47:44 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:28:06 2003 Subject: pam_ntdom PAM module Message-ID: <20000120004744.E10022@mailhost.topic.com.au> With Luke's help, I've managed to get pam_ntdom to work on a Debian Potato box, with the samba PDC on a Solaris box. A very small patch is attached. Changes I made: 1) Hacked around the DEBUG_HDR macro. debughdr() seems to be missing from debug.c. 2) Changed the .mac file from being set to 0600 to 0640. On debian, programs that need auth info are in a 'shadow' group, so the .mac file needs to be group shadow also. 3) Changed an fopen() so write access to the .mac file isn't requested if the update variable isn't set. It's not used in that case as far as I can tell, someone please tell me if this breaks anything. 4) Changed hardcoded debug level of 100 to 0 after I got it working. You might want to leave this bit of the patch out until it works on your system too. ;) Luke, you've already seen part of this patch. Feel free to include whichever bits you feel are appropriate into the pam_ntdom CVS repository. -- Sam Couter sam@topic.com.au Internet Engineer tSA Consulting -------------- next part -------------- diff -ur pam_ntdom.orig/lib/include/smb.h pam_ntdom/lib/include/smb.h --- pam_ntdom.orig/lib/include/smb.h Mon Jan 17 16:28:26 2000 +++ pam_ntdom/lib/include/smb.h Tue Jan 18 08:38:13 2000 @@ -62,7 +62,7 @@ #define DEBUG_BODY( level, body ) \ ( (DEBUGLEVEL >= (level)) && ((debuglog body) == 0) ) -#define DEBUG_HDR(level) +#define DEBUG_HDR(level) 1 #define DEBUG( level, body ) (void)(DEBUG_HDR(level) && DEBUG_BODY(level, body)) #define DEBUGADD( level, body ) (void)(DEBUG_BODY(level, body)) diff -ur pam_ntdom.orig/lib/util/smbpassfile.c pam_ntdom/lib/util/smbpassfile.c --- pam_ntdom.orig/lib/util/smbpassfile.c Mon Jan 17 16:28:29 2000 +++ pam_ntdom/lib/util/smbpassfile.c Wed Jan 19 05:41:26 2000 @@ -64,7 +64,7 @@ get_trust_account_file_name( domain, name, mac_file); - if((mach_passwd_fp = sys_fopen(mac_file, "r+b")) == NULL) { + if((mach_passwd_fp = sys_fopen(mac_file, "rb")) == NULL) { if(errno == ENOENT && update) { mach_passwd_fp = sys_fopen(mac_file, "w+b"); } @@ -76,7 +76,7 @@ } } - chmod(mac_file, 0600); + chmod(mac_file, 0640); if(!file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), 60, &mach_passwd_lock_depth)) diff -ur pam_ntdom.orig/lib/util/util.c pam_ntdom/lib/util/util.c --- pam_ntdom.orig/lib/util/util.c Mon Jan 17 16:28:29 2000 +++ pam_ntdom/lib/util/util.c Wed Jan 19 01:20:19 2000 @@ -39,7 +39,11 @@ pstring scope = ""; struct in_addr ipzero = { 0 }; +#if 0 int DEBUGLEVEL = 100; +#else +int DEBUGLEVEL = 0; +#endif int Protocol = PROTOCOL_COREPLUS; From osabmt00 at fht-esslingen.de Thu Jan 20 01:30:26 2000 From: osabmt00 at fht-esslingen.de (Osama Abu-Aish) Date: Tue Dec 2 02:28:06 2003 Subject: RPC-Problem with TNG Message-ID: <200001200129.CAA30256@rslx01.fht-esslingen.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hallo out there, I have a problem with TNG. I use all TNG-daemons except smbd which is from MAIN. PDC NT, samba is domain member. After successfully having started all daemons, the server shows up in nethood. But clicking on it brings up "a RPC-error occured". What is wrong here? Thx for any help :) Attached is my configuration and logs. If You need anything else, let me know! -----BEGIN PGP SIGNATURE----- Version: PGP 5.5.5 -- QDPGP 2.12 Comment: Encrypted with PGP 5.5.3i - key available upon request. iQA/AwUBOIZXIgmMXnP+meK2EQInrACfYCQBNyo6H66ycnOtV2UjtB/2fj0AoN4F MMlBj7sp2r59Amgzz6765v1/ =7hHI -----END PGP SIGNATURE----- -------------- next part -------------- -----BEGIN PGP MESSAGE----- Version: PGP 5.5.5 -- QDPGP 2.12 Comment: Encrypted with PGP 5.5.3i - key available upon request. owGNuFOQaE3QJdq2bdu2fdq2bdu2bdu2bdu23ad1z/fPRNyJiftw90PFWlUrM3ft yKqs2hEA/MCgAByhaiSQ0bpOPxmHrYhASSMA2bDOkbDz6F4Hi6LQCfEgzOkzCsRg APkNp+rKOtffoEOd1/2fwZSBi3vWbzUqAIZQ1nZmdM4GjnRmnsAAAAD4URAQnMah HADA/7sf4FrHxm2rNfHW7BfqOddXvpMR9l6HS43z6p3Uwu7ofXjWVg4bXzcy2NqW RJG0gmNDr48ZgFSBjTICaZhMYwpSNPAYBgxjGgYMvkLBsUpHr3uRbrbWz+vz8mYE 3uudQdJmiYQf4WsefC84PVYQ0qF8QnqqATYMYZRm6G/AvI/y6YFZ5omv5Di8ReJx Va2W2w/2dzTZLgOWgx2KSQf69scDLTz3HFx9NM4DD8fkKDCtxCGhJSSnt4KChJhv apIDkqcHyymvow87ad9fxgXKgmozTN6pAB9JeLjYofgwkkinXLhv/yTzRTMdHaPW KsYZsiAAiBRJ5ymih/U5vlcDuazvMnBBpMcIv6keitjH8bBK4DV9lAcOcvfY/T+L 5LWi8GIR+J6P2exddeL1LJF2E9Ug9Cv1noX3s3LMQvxdaNZgcBfRcHrSAdsuXCdz Emae74Ys3J7uUXIPaFUTtLUBbesytpDW2yyV6VaHoeydoB3tQ2Rtzpi2z2LaONvz Ym3v9ZAzYm3n6g2m2trHi9KpdLuGLJ2kw1pYL1FxMThsihjs/VqZlNMAdg5Z20iF j2HVCTTlqb5FD4sjChPYrI1xPXPYL77o4qR2y584JgczxgNanTtibfp9zkNibfsI R0FitGTDdqqMLOjbdsVGg9osnSFFZE9ih06EvsQyt0RpIb3Zn0XVzlE8KLmglokP z0oo99f7pPCJjIoPf86fHJCswIcIZsV3KSD5kJIEPhHE1gfs3DHeixAnSgG302HL ioIITnxne/6wHOiCod93i8eWaniCsH8WFU3jw38J27eK53krvDJyL45qcEGOB5cd Vdtl3pqu4c8A9YzEgPP/fjF34DjwH5FIjfJEcB7k+cSHJI29EPniJBo8Z4hwBmCP zCzESzObR5H0HVFOEEYSDJGAEg2YZ4rmcQzsR7wLbX7I5EQ7aUScHf/QQd1KuKZJ ixNi2gvhSoISWyr9tfaFTgwrJwwik2X09UcgCYYgiPiTu2/z9WScLMIJz+ogBdUD MH3gPFSK+RfhJxh8CWOYpliWjOf0IDSHqczZ/k74W4C8ntO72m4auJphHi+/155e ztQgmj1GCIn8DaT3E/cvDkhfzg1udnSitBgNM9LGAGo53phpaO05yM/zKx25hjP2 Z5EZOPaYn+gXfAK6XNGcVwSj2ujv9ILLlPrwL9k0aLqsyxnlj93RE7nYqXgyrkFz 7Vv5DvO6k+EOAsTDEPG8CO05aiaUMM/NeevHtX+8okJJp2oSq+04BRZOyJ/QV3rg xfqrnO0cMYsxBhcSHvp+Qp/kOPKXYhFY6Cfo4tEf8VvaUPExJloSdQq2C5pT1OsN awzCpECgj5PHY/L2TIiM4IHLfOPnDgTo4itpfW+s1CMKZLnNGC2LP5bhdG4j29bj s+dcEs4V9auB1bZjyXJiev4B76+O5vjw13VvXmP12scBpH1zm5X4MoF5IsIvDQWX VrEzjDNFiAhgR753MU1bsRfhqeOFvyfftQFeR4DPW+1y/NxNQywYJj5c3PtuTz65 pU/fB+etczBeDsVvGkuVEBv3rzibEaif83M+US43mBbWMvUGIwsYLYLXZ7s+8W8x oTw6RqNPS99l/BcyeYzh04LuVbVxbEXDtn9jY4Knk3YgLth9Ip0tXUpTp7tZwQXn 2S+xQhdKPocu3A9DfG/dYCq3JA7k2q9C+4/3+Ihd0zgYkItAvINnwn0kw2uO8OKd 9/GvtUT4ScHa49/261qo/aTB+DKKv+yjoDBKqwF0C/MQg9C0ygFE1E85GQuASkWn mbc1yXJHFUN/w8UO7l622I9hgABubh4eXlHnD5D0N++LErBiXwMLwo/8r3ygEhQR l11opNQTS5g+PdpWl2tKzJYsPeWTj7Odc2AzTcUwDefnhVuwHt7Z+oCD4uWW1j/H P4bxBd03Gjp1jl2h2bDpiB+ZEmH+tM0SrIdsZBVDgpX0F68L8+FqsZs+j8qHQhZ+ TQVH/QGUB/1bbwW7mr7MtVkYVqfEP+t9UBGugDAi6VaDW02p1Vjau7uceWm6kc7G av0ymsypI1XHWtqq0VgqH4I7Q2kKO+CZk3dnLdvWHAgfQylRBw0s51ZsAkA7hcC2 u5uSWiHGIwWLqQWLeVZqN7i8IKK486STNd4TQNEvoMll0pVwWZkAH12ExRWZnGWD T0WzxIiyoFC8Mj2oPikqOVqrOYxyweY03xwxMOdam1RVLhv5rKlWvMY1RFg1RdhF TSvaWYPN/bKlKHFzi6GQhzDWH495CtluhLyljmvsO74ot1GWz1btjXNp/KaAt+0h ur7MSLuBUeiMJ63T44F5xtTy/vnX4mUtL7r/FV0l+gnniCshJt1d9JEluvFPYgQP 6XSpqJdy3k0C+4/xoPDjO4qBekin+ar3MN8s77R65LDN2KKovR7dVUJbfRSkKE/m 29Pp44R2TViGIv1pnpOcIgIOV2n0mJrOEvIf1UXy545qobzxJiuWGlmRJXeaw77D Y77UZVKbhBHQgqvjYFdp8oC0iO5LxG1i5D03Rqpcgugy0Y3ioWMSwC2FR4kPPaXc k3Yygg6Xeg5k1ss6rI/A8jzTLwlrBeZB69yFQWB4pQXcJMkdDaqdDJpwbOfinAoO JeFcNktKDQdGPmYGwPI5/A90pKPCfnJ5YD+Gw+KnkLO5S89SQv7QLzLf1B1yC3cK A9j1jwp6pjOCc/QCvyoUvJig8dMigwHTrBsvXwxXZypwx4569it38wGKm4SoYsYP A5SwfI3VQLbUaci1DQOxqy5uCTI9HhH+fYcxlmATLarrBHcuLMSGvk3+CCpcSY6R 7tn8p/kABVe12V4spgJ5P1G73mRAMYil+pF0DzE4tT8fDOwM+LeF+UPltJu1zZbE aRvu4VVCIvuahvgGVHGqjrp5uHl8upMaFilslfJtygWKux2IvxuJyjJDLLe4a9pr 3IkGC7Quo1bfDAtdqEPGA2Yx2jOhPbShPkzM4/lrjhHKMOLWL0Klwo5ZCAuPkjgB dEbVbYYh9hM7AstO4v3vwfnOcCsfieLqrCXW/dqxZ43z5btNWNKHF+1x1WvDqtBt VOgApgcaDRD6XYUWVbMvaN0DYX7qnNps4waMnd0k8zwRLW2kAWAaNEfc04aM4nT0 52ZQj+qh2TrMZ5QxKhmjioJiCyS/lG4vMye1yfMK6W2KQmfcsxqYngk2zhdrya2K QuIJmleRy/8yfLWTqGUVtaKlVqIGVtTShkJ6BCt/qbWkS1lMhDsJeAVtQMWpf0SR LZVKx8pM+cGQG4lGdcugLeXE1XTVpBy1us3tyvBy9OrG1KInR1Ci79sY9JhWTtX5 akvdwaxTK7OawWttIhKpz3vJLbiDYacPuvfZvCHn0pByw1vT+veXRUohqNBoEgXL jCryMtgqYZD0jk+NUaQ/sqJOx4y684pBDcj4uQkXXeKqkTerLl4zOV2noeU+Huo6 771x+JXUFjMn593+Y+pkA1yGWPNhA9aJwiHUWSy3UREUZt8KfesDVcSL9kPy/kAW lYIhzKn0xHJ/LUJAAIuLUY/oFanSwTK+Y7/+SfV3zTgNCkMdUIzA2lnbEBd5iZB+ DhHUEwy1H/wxWjFH2jDHkPD++2uMmjbXZWAGDpXhAOktPbuH5Do42xnSqNhLdta/ iVpTwC9CB57XmPjAA31aa5+/ee13twKapqV+7mbtTJTL/XuzW6OLbU6bsbaWTywJ ku4hGf0CPoJ/kOIpSh1ZW+nNHGl6abFQFXfIVbSf+updjhNED8FakqUDmf9lDME3 AQZo7Y+fqLeaVB/14k44dH+lkRAvCuRbTGVnO07a58kiN9oEDmfzIEaedSDHcx79 cETM5ZkckR2GZ2Em7lB+ocNUyFa18fajd2/qPGNUCvNtWT7Ue39i+R0YNQQ2M8IS mGCLY4xh0wmikUqXRPEQdboEjt4Pk53Vs9L6fuALP8mWHwC7Ps2qSW5KxfN4cdgc 2V/g2y7ja79UTUbuCMGDU6vbJOVZcSb646ALG/FKYFT8g5ZCEZZ5nfTVmIMU5TKF 7K78+kHv8LHK+Pv1X/xzvq/nfpuKwqlxjkh056vSvpiLwfDvdC/DwTDnK/2VmAss Y45HO+aTF9aBQRB80RDKyyCqztVAOiUNPS9BNbU/axrzrK4FU9exhLCeguukQ8t9 I89B1+2b1UJOi3wPZR87gc+vLWzPsQstUsXAB/Q89unMixymmRoy65TWmRw4IoxY JX1crSJZPFwLxITodt0U9eJYIGQuf0CKCKVMV+qTf1oZdsPoI484woZQ7xNmaIm9 zDF7nOsPO1JnIOasj4wOgwL6Wi50VuknghQuWBiEQU4H2FBgowM76crLupT0VPcD O/980UgB3bFBnXFVW4f308Dz1I6Je08L6rDhkmTB26ERNJOIlxPCDe2AvQM7jbWX e7+Szn7PQTSV17g65eCkujAh1Y0qbFQJABoZGaRNBxRkDQkkiNKeZ0H/nXZNvuQG sXXaTA6hZiq28mS+Sp92F9iiXdGa5fTJdoILHT4NZs7WqbwGT+8MupgB6a6U/+by wLqKN7hVC4tWxO/qvdIk3KGCqb0yK9pGB9zjgqguvkkzb8qvUgyL1hfs4ibRLoZi UGJQN4ZSfg2y4FssQEXeFoPTk/WkxuEbDCQcHCf7k+0AwWiZV7ltA3S8wn04OlQQ 2G7ILvd2eXqhu8Njc3ia1dajZevFHzw693hT1pYyc3T4N6fcE9fVuWoB5gm43NKO srhm6pTV7Um2Q0efR0bco9R0lV4D5UFF0EM0uFHnOEJAs5gm1i2qhuqiKOahiURX rs9h6aq5B8IKf9eBclDxGncKMdXyTj22fvM+FhVxFevuPbl6i1KjDeiiR6nR9pPj l1LjjZ38CgWT7+8LydW1ihQOEC2rdFKD9vH8yd9XRwu5aqbxsdjI7gwIPdVq0mrf 5xNApaAGqtJElTiQJZaRtz3ZwQrzab6GnTOpEsxerjY5igR1eu3nRh2m98SnzXsz Dw9JHjmytT/Hj1nuHCI0tkxSLN7fqD2GI7dylRYErGgHtTe71/7TmcBVraKm3zJx CTz+pjXz76oFGki51pl60CxSoJhPpfR5U+yuIOflQyYVFqbiKfp+3GxWkNtGayGl 2IFeaBi5yCKJNAw8EJ2MVQLs0PpjFUT2cqyh4H2yDp8Afixjz/oyw9nO7Pbw8W1z 4UZ0uz/7GE9QPGLfBN0V6cDU/uyYoujT9twm2TNI86XRTYThZxkt/qHvmTv9vCbb s6YcWX7Qt5YFu5437dtIl7AgZvJ2PklpwRT+nlsuCVFA5W11MJc2KQW7r5EqcS2A IT1WAg/sgj1dnpy575r5u7X2zqvIy5+Ql98+Aj0rFM/Iy15H5vZF7OFsIZ5ZZibl 7DpwyNDlbyFc5W0q4C9s+KKGzziGBXtmB+d+t5oBQJc2uQjn8F8BEO19WnDiU7+n 5M17zYoMpURYyTO6LL3lobQNp7HhiwSaIzXl/kEL++DvXiUfIlIt6lHNnW34Nhiw s6LJ8ncldO4I8Hlbx8fWkNe9VtDqSNc/HOd0VPa+ve9qgZ9VVf7fwax7sFZwbL+Q Vj/BrH6DmX5NU2qT53y0egl3Rh+Tf20bTrWC6j70IOjVwIBK9+PFIedDk5o6sya5 kjNIIeol46Hiwbropt+nKRYMerbWATzU9F+5dT6gqcsg//4ytfdmZOnIhzWtoafh itV8KAE3lpO/RrXVH2Y9JEK+VxGOSjxi1d0b8jq+3PZ1RzVdVa2N3c3O0u32KRRq 0XUaLNf0dWN0u7ielW0frRdDEZ4m8Ygi8nZsS1qgl2ab6mixgTuANj0wxhTRyLmU vKPmwxnzwoCYvrN9WcdMVAxQyRwxQI4LxVVwHSnfM4TgzPNBHcffbDOa5GsbHiYO OHMcN1EUpGPPloa+OBWd7lv6lba/k66wjSsx7SlFGkBJoMAjm7fLeTd/MiOlEBhq Tg92y/2YT74NDycLKzQjSgb7D/vD27RUmqLBpwx7YD1Y819agwkl8z745wcd3qEG kJUxZCADm6p7K1vUs/rxAMzQzqaPW4ubCGs0zt0dxuThUXk0HOIeC8LDR6rF0HlE wFHvUseu+lzABI/usI6WRCL+3BdiLF4Qy8aa925C+xcopflvBx8YKud/nIen8aes 0+btdocZw8gLhroca6quVOB1/LuHZ70RecCGhZUdpnT80WTfsBvG5RUsSHApe6M7 zqpqGyL8md/TnmXnTygcX8CKPqnTmr4iwUz5q4gXOESeZuGY9fdIhTPfTmrxyB5n BPrPCGEo1CPuXZjQ453oKoF0EqMWhJUZ8uzQUNKSmx128Omef/RfodElYy4MB0KK aXmhvO3HruztT8yPhzH8PvSCOL0c/LnPlISot7vxj88mt+O/15dYxb3vJ8cvrB6Q zPVX/LN0vdgVfk8D3D+TTyH7dfToIa8nb0RnJxcfB37EquQ6EpEmagM6k0WCN57D 7OTl7w/bh0b7iB1UvqptTiH8tgKRe5Wyho8Hwkz7xF+iu3KH4lyIR6/VA3VFzcsI RxRZ4tZN8h1DGDk1gmlCFiqUnpwj3hiWVD5kjS0aNAxbbzSpmbTThhWf7mhd8GyC JzSuI3FCdgnahSlN6iWODE00Yb2qCGURSHMsVgniNDG2IR7tQigbTwwYZhkiKzMq 95AkQIq+rwn98d7OG9+U+J8XYy9VYFov0batC8ydG7Jz57ZSvMjXfWYwm2JzGM05 uYzTrp6j9lrnGfkpuZCbF5hJrUvMoq4edbxGrYdm06lf0RuJeQ2a98yq1L6jlhNz 6rQfmFWg/EZth2bX/wZ1bsyWnywG5tZr3jG7SPmPlD8xX7z/qWX/qS0m5jhWfMU4 8dtA+Y/+Odv+p9e6MWsFo159/GfiXPU1Xfkm3SHTkcx5A/3QtL9UkjKehzp3ddM/ tc0OVD48VSMCZEOuxopUPkyjLgayYxHBttqeumIU0KoKvWcjTOvdpkh7aU/Y9QC1 qRQFWKMcdXOsWYYG7KRBq4tu6VCeY5mQOqibfyKfaql3iWpCTY16aaNRMW8tjCvs tPc+jETfxusCE9RzhIo+zaGjOsa+mfKqij2oBxI5/qZfFeqJPclYrRoL5p4E1q2p HGvQ4mhNvoZ1ov+c4PhVnED6QpAJTCW0okk1Wmka9lmvbJ0HcSnKvUpQ8YYo1/BN XCnVXZmw4hVRti4c/MLKMSGCfUOcayiGDQfToVwOuvU3x4Xao8WsKF3Boqg12SpH M71ZljacbcWQNvhOKrwU6QatlW9Y80jF1obay0TtRPrVsO6aDcjneDGzp3EL+jlD Cff8bkyXEx7o20h+hLF9xh3+ddKGmNZfu/J6RXd50Iaetn97srk/1bFGCZq9XCkK wlqVzloZ7hMy2ZiBert/xsakCaxmo1qQms1K3qZplQe9gbQOzUb1H25NsspxBIO3 VgWYzIgEAd0KWoHaSodszGQJGBSPkezWjG60XATZmmiRZcQrhbSuF0cOL+KgGC9w LcyxvNPXfRdriMH6a7NRbkD91G/wwmOPzwYF0VoayVWTC347InaxXNOk0OmJXcLc BToyr1HyZPg5rnpRzXtWcpUyayXVsUoZ+tPvkROoKN0COCzbbVwDsU4NtMdnbVdw DFdIW7gzxDiL4YfiJ1mTrhshtBGGipz9Wlft6lUV1LmzyyLQpqWNu3wjvuSvttnh 2h3HIeW2CdGfIBWiee51QVUmin2qullPe/IvQ26BsV0LesLGI/0tu9dmh3dZvfUG VDcboG/Qw3t1o47S7MHq+lZ/ELwqb9TlQ/g3onChNyX6iNJaV+Ff8nsiAvCa233L w+DJwPogxScJiT5RWz/wqjHtjFbLnyxP1sFXBc9oqcDrVGN79HGfCX3CXdqX73tq pqiEWLAnUzapgh5TrVMGNsM74qVSuGy/t6z+JQK6E2Y11+mmbC3rpXk9OONaiStU 7MvvutfiaWvCyevTJ2qSJFXBVY3FdEBQpXsVBV7rk/WGCbddznXnMwFSIoYSSRpI z+5k3twzTr8/TjxHaGMPotppov/y0vnFxe2FFZ6b32k1x1E0BM2Ftq6CJ/5j5KZR BPmEW/4bhlTxq/qhxSPuuS2NAvN4123wHTIhu9XoWxL4RnFC8+Md9Z5gtLOn6fON b+0orAZ8DOp2Xl4UmCu/WtMZ12j0QGzeFahaYtBtX7aAUMgbUYFQVXBh2bhr/gGv ZPk8VQEW3xpjaTgPthIBXYEAlc9sYyPXF9QxlzYkf1ov9J2ECJrJ09+SeFOnhXyE n1MnN9Li7SM6FQ0d3TfE37rkE0uk2aLtZZk0C566be18WyPITOnbog4cGKWmDm0X Iocmj6TRC7arfW1I35pTF5CppWCamav3mknglBdPWNEu46Y16mYI2dIuWj32Lcjm s77dWanPdr/PM53JoNzJ2a7g069DCSmXatRs6w/iwAo9XT27xOanuqox/pqDNrwH rfWh4gVD7l2TnF+ryXy/RrGrGFkDX/NmXbg3L7vm2Ux83O8zm+ZeDUJ3p5CemhWu HldXvqYh1Stu7XBg2dcRkgw9WcU0RcgwAb15hiWjxdtmM+wgImunzgb0C+af3raj mKgxRF/qMWxu7p+7g+Aj4jFErqLnvOd4I9k8pq3aV8Yx47t0I44PDu6Ldcfphqqg m1GY0FYcS1WO+2sUiPKgG6ij5ymE8zwAQEvBfV1KeY71WcfWfFzmNfCtFF5zStNb +NZPTyWE1YxAJQIE3KxAJeL5z02IZ1SgZhjAo6+XpOpApxB/RlmC2E+YUaAAAZx3 PIg/uItAQG07pIs+0JnEDPIQ0TbwnU5BJumolPfdXdax/fJE+nwUiHmYSSjxY56J X64CiIspHxJpp+zi+iSIEBme7dbN9W304Y/CsirUAOA8DK3jgE/JKmTjB1EbZkB9 BAxlAiqh7GIA1F4EEI6e4MoLXvBNCmKAKpbbuUAYWhQMm0UAiMwiPKJhQKAiH05O IBIBQKJcGN6UoaWHAJpMSCgILAKdu52cQJN4+WSgQEFAuS+h4SAciCLqG8C9DVDL nwCowfC/AzTCAqiChAqgK1CAfnngjw6SjFMeAgaLOIAm8OPgKUq4kh7EcV5wMK9P vKRk8XRmop25Lf+5lIdHxzKEz+rsR0g2hFL+plkEbZ5BDH9NUVBAx2DHUGXZWAD9 ttVgKQMC6gmkO6c8PIPQ7+JSHcmCUw1oBK9/EaxJf5jbCLKSNp1B5GDPkK8sBoKn oF1hxjAhSWdI4cmHQskiZqCoDjQwOEFNzVVjkFAWJFlETZhBlH/1R09lLHAQtqjg JctuNhCygUc4cgDFpdhFHxmKBqrEmgNE3rwOKBAExMKgOaS00JcXSPFnFfM39+pn H85lmShmMz5MpIcggUWqzU+g4xTuPK3mBGLzImCh0O87mKUh38TL5wRl8mXACLyG IFJ5CFaeUIIGSeb1F/eKqyIpcAgyuWqSCDCAbsqm8BKwEEik9zRBvq3PMxVSWQ1y 1pFz+ifVt9SZCB5mXnbwf9rSNiHSEU9GRWIVJ/g3GYq0XqgAhmnE8WiwYui0xsmS UwgKL//9Hbe7/VNlFUlOdVA0LwFLYTRJToTjNHMHr907PuFO69L/PjeBl1wFhf6u vqHoe3+wRB3Qu/3C99x/5gKRXC1PEM8c9yN7PTdBTIohhBJqoSziAhvAljiVYuMZ DFpImKAYGCSVSKTUohax/o3g6ds+Yl4QDIlHZtIBVD4Tlnr/cpeFncy3j0HT4E+/ XC+vWgubBMpWsyZokdHW00AtDkWlUYrKHk5Ag0V8vS9dslBrHewYJqgymp8XpwAv NOgoGSiJljsYNVqraWVn/n8vu17QUBwRQqGJUmUJVjyFmUmcfw1o4fGBVvS8TRVp 8hEMrCDt0t2PMbY2yZ8mOam7piXOeYt9n1hh/fd/ZuRxtL6LguLriJ8wuesmABjl l79PPDluoDikL5TCtPtfYkoQVtMMjef7M6Ecr0p3USfIKohzifdwAhVQgi/H2cnn 3yd9gq/WVhtWXgOuMp/Twub5CIo4/XMXlwpRzwbx/Orhn8lHBG26SWAgAJiSvIUT 4BsAzvI75KXPUQV81CogUPJBlAO6/V+k+HEBYS6K0HF9niGq1wGt2sbYBFlu29j+ /ubIJrO3R59/qYAJB5VyGu2c+28FhpbKnMM/uvWwMhODArNSSpypEOeo7+AA3uCH O7IcO1PgxXsRMesTgiRIHotxJXX9z9JMHAiBSfY1IqIleilJ64syKWcaS5DFtYsG UHoVmFGj3AL/8E/LOjlGxn9x44BV8v6zGHsX5dw+2LIvfi1aTRNxSDHcTx00Tk+3 BDJwBgWyOC8ay0hiNq58OOWSaLsWNSX3pzHyrGnuz1iaWeIejdL4gQDVkbvHzM3Z oxnChknVCxJTg2hn5jvIkTOQEGs3ty9t7x/jJd+7KHB5womFT6FJx7cLxHXD3D3h Uk2eAKNEhXx/oMVrgb0QI0oL6TPviWAWVXb8mPo+jAtz8EVPq9Kij3b0c+m2b2eW Q3AxLs0dhbfGBQmUQ4hEf6G4aE3yEtBeOR9/ttO6VQuLm3xUx+TJxtfXDLmcuQqM jiHviJT2zIa3LrWzpA/HpHy4PAaRbwYa4bgKwHcRx301yLOWY8euP6u4OBEw5W55 plUr1g5B0V7njJFn9dG/AvctOM4eHwMyiZE0Ogre/UB6PCJIdR/C2vRrEHRFK4Ze byiTeJcqjurgCEiiAiFYUDpCCTEAwZqkWVMnVBo8I+CnirNgX7XxxvLJRGCox7cI eeNUkYcvzIzzGwHinBLUgMReGA6WdEOHAcM5FitnlTniZhDEl23IYuRSsTXEMZZn o6qaRTPKTDcdKuM4uYpjy6vEQR5C6QD7F47AmO/9/V9HJ/uuHFpuFMhOOToCF0i8 Hzh1edNp7HJs9rvOkPJ9BAKt0ErB8bnuj4Oizeo/sfqFXLtxu8TORfwp/uRQ3dqY 3sHH0DjCtL0u6eT78O9UAJCsGnRoEfMDWY5QxvOmSSRaWsjlZE+kSSNZLBpDGpvt 4p0c4Z3tUfgXKanwgCCK+sMKO+Ji07/x8H/HaDLk6J+ktCOHxn9B06LggYqU/W3L YlkEVxgP7MFdyB5eT1OzVJqyRHn8ntPw8XRv9bxHnPf0eK6oxC7pzpTOjPQ5JOIK 8I1RR2d/KV8Z3zWE4gxOwwAhEQdJ+nfhx51iI05adoofsArwV6dMPM/fYnd+ZfU+ pVIYCFdEd6DQyx+S/TqPqlx6O7tzZ5KmPqyTdGVtj0ZkmEC7pMYJr2TaAdUWkkhy eA6s+qZMRljrsT2/kk6IMp3oRNymKNey5Ln+/rhG/RDrhtdw8D1dZOATCaQFtYRj 9G+1QdZP8OTuZADRPJZwDtIHARx99iZukiIXMyQxMVs2SZI1ue8OSKezNYGmqWlD R3Vy2jqIqHsjl0R+WWFem06ud3LWgsxWRjXlNNhowejv2EY5uPtj2byNNMg8AF9v fhpaX0c5qItlUrVoGjQoU5O41CwcaR0FlaNEK9z5M1pmFu4iCj/Ph3OD0i6rzjVO qYVdakC8+2CCMvaLIRA9Y4oIEQiOkIfnDMHqDVt+oELou+3BzI+cf8+dv2z1FbDb 6fFXxflrzAH5M5IMIiDCkBOfhCGni/oj5K8EzYmYLnbf9Am1X7kovA2dH46As5jH AgyXLQddFuLFQuLDjibEXSs97APOiy6G87+Xb/m8GPrv9vq+eX7h6bCIAxwqYc4w J34acjk6SqSRErADGBLK+sh+uUGMC3TtpH2fQgh4Q0HwoDQxbOYFInz1D0A8igUy ktgFZ7Og1/1Fd4TyzaUtndqzEXMVBSHgExV5ZPAnD9wResEEPYvPGeQfcMPXHi4g ibmH+Zr+9enUoG+rksmYrFSfG4SUHm6agvAvfGbIAhqIVG4PN3lEKtTBcZoEJk+E zzW7cZBHDJCnE+ZsC+nYR4k3p8wWy4QklP5qhG8SQCiO1O4Wb2Vw+C9kCVp+GZiy nMf5C5SHjnT1rkWXbPllrSYJ+1fc4hActRPEC3jGR37vU0y1OdcT24dNlj2wd+T+ pWNjdpFeMswSkXQEitaC/VRAcvgh0RFIfwfMIpFEFEg8BDnGH6YtC4likXDdRU/R ISjukaRuRepXY2UiHW+g9frhk0Rq4J8eW+pete44GTJidS6dU28z41kTvhRxV9GT eFDc5vzjK/KPx2VXDkFRaq7LFpZC6nZnOSvRo065PnQdKFHjCukV5TsXAaK4yEGP wwXX+XHxew1gGmv6szq4SKFgKCy/KAgVLXMYBKWFWtd4OFe+cjgye/GKeKXIUGln BYy3TaEoDmEIW4zWoCXg0UdS1eYXZsek+4rjhVT7+qyLIQSBly8Jnl3z+bbW7HLA WKcufMEnWgBxz1UMXVj77B2N5SvI69kxQAvI2KfuuwP58SzAp01D8G65kvEILJqx QPYBTzABWLPB8AFZy2AFv+BxTqwQ83PiaXZqGqSs84Ld2SjcOgrQk621PqHUnae1 OrHtcJuGmEFHengtcm3emVOXPr3OEItTgeuU2kpTPBE4uQ4EL5NdyjG+4XE0Vudj 4e5GlXTWR0KkpTB1yUwqvmGdpzBfOz4Rbbdx3itwI4vf9xtYgj7weE9aWmB5yHRG iwZ3uGv8vSRVDaulsZDRIy4AHOxBJgytot+WaHx0Coch8dfYQdoVu2Oo+YFcuZdq XHJ7Didk6eHsFLCISmweWAWq8yvdZVk9pxXpz3Ct2SGnZWRLzv1ObiFzBrTIbnjK 9uSCBQxfF4gURDO/O1fxeGiZrrgMXure2F48wTYE2zW4cPsWT3OUAidbBhgOPGGU 3CIKfxaTbXEF/Glo54cxeRTop7zfm59NKED7H3jPcGxXI9kAPuU64ewCeKPCBwym lDBhFmP9YRjxc57jTAWTkb73OzpjsrQV0GX7H6k9tvY2E9BQtmRX2pLpRkEEqjtH J0hIr4gt+pvs38b7kcOjtAG4C3uwOAZRFqSW7c2zuP6EAAvl1q26henJ0CDHlzMO BtSMfSUCRgHsfn8XbPWarpnqSxMTN7n9l937OGzboho+ZTfvO5EZVpAF/Cdh8sdh +aETHR4tnm9RrfVsI77HiiglW5B/ewKLU1/lxFe5bU80ep3hj9mYdsaYPYQJV5lv O/O4jPdfaIaHvJk4SqdLjnny++g+m6SW4ilTzt9s7R8+LWuu6rJEoScrs/K80okd qhBjyHb/06mTshvJ9iFRIrPfnc+FLXT8n51Poe48uFiddQCB3LJNUe1ZtBwJslXd h41UnckkCybR7Vhd2jVKLpwQtDlntxF+QGFyb9O2JRVymPBnOzqRUk0aT2zyitaX joEUupllzl8FNpxSVT8d+z1gsTcegpfYhomvW9eOP+y4ea/Ssgpp0NOFtSun6AKB Ggn+xjXKRgIR08NstTkFgt3v7D9f2S2NBydEW7YE/M5Icyah50dnRT/3kPXFf1vo sGrWcIb2jOgsUvsD2h7pP1ourHOkF082Nxl/KUZQegaBel4rQNWwEi7HFzVtl2RJ krTAqSAj40Y/BscxRR0qOwY9zXPWptf8e/CH+jO5tEHzRzYIAKnshM1r1B6mUZkz 5hJFPZPGeeoz4n+8rWbfJol8QTnveVv8FYttiVyaQNq11EJZ5baqjlEpTlFNdP0r 6QCPmBvKovCFipaJ8/nXZii4WDRDll9PYSKBvYAPTnGgEFxaNPS3ADrMiK3tJPVi Evbj5PB0rEZl9I1SGVD40LS5xxVWgqxWBpQha1XCXFnaVXFReHfduphoRg0gDQ28 ThRMBMK8ItXAnFgaVXGVz8GKhmBHqIMufLyx6hkQXoKPDLbMgPGVCE5jWo6lDkwe 02FW/pLGzmHtc+Q5kU4Po8CJCVd9NoFxoGo+qZjPXNLVAtZKmteAtVMVtGDtx4at VlapWNaovVJ1XRYSuh90M3JUvu/lfZpLL/gTroiQWZGfXbDxS7DXCcwVVGi7GdNq 80f3x1bRBdVwYUZQe5pn91GHTYLiP/ES3Hdunf1uUJ/hO58HwfnMF8BzPQuG8Z3P g+NuqoexueB37GaHbezydOfVeCir1WVa1Gk6sM98ttMXAYGzDLms1de3qlQYqeFI n1SbaIoImb/T2iQPhXmroKG9unKvhISwUkjq19yCkvBqoJmGimqsXW1ODlpCRFUv i6MBIxJm5udw7gcX0FHdqwwkD4P0iNN/op+rRKM9yDSecvwrpYZHlxOvim+uxIse 98tXkwTESAqjaK8/Q5Pe6hnw1E+7aqbC1EQUJ1WhqiDg5dXh+dI93LdkbhyrLvKq DfkUVbKO6uYmGqgHundd6GqOVSqLxzWx7UikAC9tDKAOJrwMjZ3NgclMOyotmpkL UezAXoEKUaSbTj0iXhtINztzSCOvS+NVf+EtDBJG9db81g0TNLusfHNUIk9ae7X/ qr0RialXvzuB24ogIV18Wt2JOh8QO50JOwOeZj3hdwI4cQx05W7NQ2afuj7mFs1D 4ohXR+M+MLkOT68jshuJX/8jzA7Dc8FPzKST/PgtrkHI4tYyOA2sARxxUFXNwcfh DRHEo2SxGFkchtaH4Q0VxKOl2Q0+GhHCmlowxUIW3rD2CNuIvamuWbHAnN7zX2pk ukI/JefAMKEttpAwkLvbAmkRp2fxN9+vMwA9B237/ZtVcWbna+z0u9G+PRg9fh9/ N66Y1CQuBPI6cvhShAWhbMrIu7TDE/6qZTnjyik+38aJYvlxKmnlMwRiEU8i5DF/ 8GEU/nAiLWDAy8aSKaPgh8i7s5yy937lDEwgE70+zhVlRVYAm/xgPXFcV4LinXDX YyUbYJqIHFy6NO4WRI/F84sokFRmzRaMW84LYxAvYwuTJpPPSe6zB7eR+4cvix+p J/a55v0W4ZqMQ1I0Ra5lHUe492nXmJDenTpmatvYcSlfy/I+IE3zaUXarrYtsR7+ ZgLszqJZLBcEuNMcXAGtuz380qwdXmE+TrbetxwYOrNrHdvHVS9e2kNq+kiKekkB vk2iakeKJEmfvTMpQBIivM5yuHUGXp3ZN0h5B+HQOUCyTx8sstk7zBckmAHEzr9w 9QLSR2RzqKLJ1MBziT2w9cwIso9lJsLdgIKdQwbaHqY1US7mG8y0x6O5q2lq19bB tY9XAq4OGuK/r6hsS4zfIGvHBggS+HRID2COrEkJ4DpEBsqCPLt4nY9gqsxjRrL/ u2Q+mrLNkK1gzu1D0La6pU3wdBxdOi/FWll/xZLPC/PK9BYH0m85fM3+HYsQ8CV2 9gQaTyvQySOvk8nN1hlLKmYU3zRNEQbwEqBRlqZ4CloMjhHj+aOO2Ku0LgjH3Zup Plddy5KVBTfkDO6aPCRb6zazNMHaSZfCHXMa4Hnu1Bg6WF5UrZcV1l7jo4hXOIoj 7oDyoTR3waNkRHdPYmGNqmEwBmbNQ0k9ZTUs7Jw4dKtTRMJ8XOcovHvCw9A6JmyS 4Qj+Fvcg6XsjTyXGUJdTMLHzHF3XbcXRC+aaSFvIuJ3JWMRY7DrOMsnv16MOU4vN shs1wvHA5etNRYxXzZJ2t7yB20WIwf7OA6LfWwYgTcHTYD3PB3IU6kUAcQRBDkEF pWf0yQCD2uuuqNmsw4swVI9emRj45ForZvWbynWhDpywT7CE4+1SXs6lropbRi2r N5pR9IeLIA6nRosXd2qJ3KIK35qgf4Yap/xte2nFpzbHHA/nZgMM0GWw5cJwel7g sX3JZ6/Mobvx0ZlNHCAT4mXuplb5vgSNYelWLACAQxWVDF+LAEAm2HU7LePNcc0n 4wMbFsofuWkF5R0uTsUm1yDoW/Fjvnk+R3g55NY3ZREc/A9bsa1vhMWqiQ1CVqbL nkTiDKHfaQ+WK5Pz1PXZiy/o0CwoRi2oCSOOTcXBDqar7ThOp2d9ne026nRQvrWV Nusv46IqADtMuQGo/6YpW8s3jxKssPhpgAWo/QjK3wyfwjlBdloME1TrEEeUVknu J/8geLD4Ijx9d3hRKopnjOPV/BFbAGCL3gh2bNmA8pYAkRQfQ2gWNOWWigoFtRDM ksxTrM4cD33LH8vMv/jih9HwneeC6LznheA6z/lReM4L7MVRu2QP3r3ZzvYYED9q ewrdH8nSoluC8DrfCWStT4+xnWfkbRPHyMFl3Bifm/x5OjzCVu6bY/wDn6QUgs8o Ka/iVhmVRb92NyF/fxmNzBwLo3OAWenhMbn3XEdji+TL32ZMrnGg8V6ZDpLB4QHf PBxzHhkFUovj4SL65VxU6YoCJYcYI9/Cgir8vZGcebXsFFHoSxt7nlaYekSziqs/ zFeuNaO9PKevLzUAQUl8bLXP+362Ao5X2CDlTygl4SHlyWX9ob6PIZZW832MF/ly HQ/tFlu0DsXrf0AuZ16SSecAx8KLKpEnS3LOI2lIGCYaZdm2PCx5T9p60eKFETLc SwnwJXYsUwtZBJEcTd3bFVmh+CTS3Zu0ccL0+G3KCWBl49mOczhswnMYbCg4DDbl necshD8rzEwUShVVaNrw83/1SWtSo2QWLz6EiKeiJEVzHWqw68jb5rF1zsXL4zmE kfY1yATe6570tJ2aZ2EKHlkTNofdruxgSHU6lHBrFLtGY1X1RaFHhTRcoPembQfO HXjdUTTB4siTjFPIlvyoMANvYBskFj8eTSuwl57q5pPx4MAz3MKrpzZ6fEN1e6+u itIW/PUC2in85l8eZfFRAHy+8172dLvf+0XVRObGep4OPihwRAVzctjwU45YtaYX p/Ycm5N3vNH9JKOnzML17KAzPaahMlmRu9F+ARASqaNx2on/kPo7iR2trq28/s10 +myQkbRxOTPRaNwaid5iHq6IP5nnXJdikGuBBatbv8BIIEFkigZ06xJhHRXhAS+L CzqLd76tx/vhf63tmbDBnjjT+1Ry1im5bG5hlPG32yH18jR1SnFRjGjK2nQqLJSw rG7Ba0ocdb3Ey/ueB/ijgPQngYAiDnfSaCYcZQE2f8Gc5f6qV500XDeW+lHSqwS2 Gb8lbVPkU/BT7LODBcBQBrhpxbbsY0cXqVo+cBS2M+fUrUubN7Jzh+PqtU6j7De/ R377QCzZ2Z34O9mqQ3TbcYgTMJqThic9jCGuP2K+zbarpaBYQw2ocjn3iONMF657 N+wOD85Nqxmt/aJ9A68/jFXLjeaOsW0WSPvAjs5hG31uzjrEIfzwJU3i/DDcWTfN 7W99z1jQQX4f+qobDd1dTfmwjl6OLY/J2TwvUlPhslyoLdmtRx6jVKTPBM1hIacx Kmm+U2AVbZtT4FDZAQg9znfcHqQvqCDxVYuJJ/ThXuU7eVmnbD192YMjYLIpmEDF YtJIZOtIswOLfuQqsQh9Nh3dqaQajb4cGdhPwItjvLZF68gCE98kpwzf6kFRJq4O UsNDzekBCSqujuKQXFic5/BYquaweEVCLhy+ysu8hsO+ggsA5fczR6anfzLrRPZl ISbY9DUsL18u6GbdREMbugzmOLAEbCNt/tkOx2CQcg5Xk9iYGyLWFhMHMBGieHZy EDvsFdW84R4yyWyZadls/TWN2AylZcAz2JtPuUUABoEJV0bnUvvT0d/chzFCwwZs MEN+aWAwhqlOxuAK8CFGGPJ9acM+iYurPYyZ3yXdqlELzhAzKxMHzephkLITFOx6 KgdN3YnL40yXC9KGuK6kB8tpKWER6jvZ0TYr3UqLU7lnY2+D1o9KtkkSRtHzkQn3 TF7MvE24vlLm57NIaxQfZ0ZsKLBRJel3RkKG6d3xdAgpUTbJ1vcr+hpCsQql4Ryi WxSHsnBuUW9u0a91AC6xiLhm4HOK7azkzdmLVzL+g56JRnnyvrWeiW9eY/7mTmHK OFFzh7BHnv6qmUw/ZJEqDXv5ipzwoHsAHkVs1QXPSES1kKRZcGFtlWR1dk6zzi7P 2WZAOPGPB4bD0bGhQdBNOcSAj4qYIsvshrI38N97e5gibRJ1srZI9ZA88C4K4+/W ZzUvh1eq7Jsi3kIgU7vCPU9Xx/vLY8eKGpUS5dnnJP0WzmHxhKq80lqJALfbpO/b mvM5PmZdGzuh0L8pqRWyAzJX9+JioQr1OQGseOvIJi73IrjrpF/R9Qg50uV/yHJF owMYKTStkl9rOUTWkLmInURDt4ppxBMXJEOiXHfxW7m7USoTUortF4bDTrgMic18 5sBkgxbDa8tGDlzkJ6kXIuI5eEaJNA15WEq5MBcT+Bx2JurHgZUh8QPIYG4QhcdF Xw3x073f9HokBRB8EXD+AoE9cF4H8YW4zMc5IPaLb3HqSdvtMRa5NpTXXsjGw2x3 F0ZMXR4b4k9zJUytTfnEJ09p6rdu07RKD7ePnr6HHxPVR8F2uMzw2OqcpEMrNDdm 3LdnSm8JnSQ8dvrDlcH9WuDSyb6N9a2skOi0tUTfSaTR0+K/yqHj2BzxLLIG0KwK SxLRPeDR/hEBfBbm6hIizMH+B0FEavlMkBTAgD++qHwLLh0V5pkyYqPmOc+isFD/ BCSXZzyLFZq2xjJFXmxLLE+/LogFxrsgDyes4B2OSyKIH+BEg+bWZipBOIPEdCFO RzAZ9bcicwdl2DMf/FW2gF1vL42DjuX+qsx4tzgoQSN3rxC6kufVnWSFflAMGUvn 6k4e5I2Ao1+5+ZN9+2e8BhZ/JDc4eZ4Xrzs5e/Rz372iMKMR8Z967kFx7fhx6LCk fPckSdEjNhIDZ+6ALzNIORLjEkEp7h1FJSqcUvRwSbCUSrh0+tVJ8sJGuHT72oKb eMg/qYfQt3RDyT4MjmkFzHiS9t9yHAUPlC4ZY5ojUMpjD5E2ifM4lAOdT+fCtLcM Gh0VLslnRBc0UsIBFYYixhUe6kLGSCwGLV2Szv55filLQqN4DZwQGKNQyDmEloou MLqeg7IpAeBSXZucJkJD6hYMU5c3ssjqxvlrztTmWxgOyjrzFUGElrlpaU6OSoTW iNzuwCn1grJhSbngNBxoEDBVChdmxvXQzxC/AwOcWnrDWlRQY9pFnrQACfxRt0YJ nMN0m+xQFs1tsk15FCeKyc8GkUHZ0jMvOM4FodGms4UiROZTfre0U9tDGiytO8wN ocEMoXFQ/IQoOI6Cn9UH6i+tLr9QAaqCo9ftK+/ds7Pk2/2VWfZdeQXBc1gD8PP6 AFysLLBjCxqvOG4FJzBZr+1zyBF6ixlqhTZYJ3kysMfM6nWO2DA7qZ1owEpLIwZf amFK9aRZ405vExGGapV1KaNQ4T4kkUn0A3TPCmW9p5wborrVZQLFzx0eB1Hk2bbT c4H4mV54do13+lbloEoNPK0ZijMt4hWb/iFH9xqgU6N7jRlt3WUA2kCa5TPdlKQ9 wmMQAuN36VmOxaMgC49Za6UVRb2l0bKSINxdcSUNBqU+qyCefAm30tNwBidedNCM qOt0VxcSz9gVX1xE6nWE09YB9xdSwmlkutrJdBEtZCWygYp1NJ4tTLmzNiW24Zio 0MCK5m+TUTTxyMg5aedRSRFNT+yVTpkYV2/UoIbSC4+kUmlSlHW4POkD2zOMIfNN IZpA1h8rdFTasDLpKP5XEUTANroAICKISjUzb1PIHAD5ujPeV2OqZNVLtvYhmIks AkXmZ1sguKn5LlihF4l6QMWWhGxHggsFWYsuR8kd7CnKsbpWON3peWhb6rJQX2QG o9B8SkBL60DeHn6S0F3UgeRcxOkiOdCZJrbjXespG6dV7QjoMEWeujGoN6F77XRw hGkDBYh1a2V26hx5/PlhGwM21GQMXJq+SBndPTNjSMEtXLamdbE+IhtFsFiVP4vF oBuWWpMckIQGaVl1h+IuOderJVFL8sQaHoIA1sjDVD6oPTGqD9n5LEj+NnrqJw16 /t8VtVQOLhgNblPC956vq3q8IicrCXcvy0G57bKbF+5pcX+LvEpltsbgmFrhbz2i 9Cy5KZTaoKFbYf6uxKs625pMLHWywXKYhT6m0FmR4MPZut6t50PBda2oGNUmOHNU 3Mp6e9bIFEcvW37GsupI8FwuccXOZgYDufd0e+3YDnX8lQlL8bKwp97MmysQpUej jwT+MjbPaAlVaaJzstsyuQ0hU24uyROe6psPrqn53haoIaNp+uTBVb3iiDQ1Psy1 F+mP8591KOJo9gepoaHrVlZWfxsZ4DV14JkTE+evdSFBMgVKQs1cHe04c9LUKLCw yfZ6CS5VOPvwlD0bMVy2PCM80HLJlbNb8/iBTWnOO6vMCtlqidsq/tHkerlbkTzt upYUYmcpdjNK2+HZMyFX66Oi6/rIWP7S+JT9jGJb0K3/pWeN8cGq97MZl98/m5gf 4tt0gEzkf/aqiQkiUAt1pNUp9NctV0sjJH2e1sZMrNJDxYTaUcLctNB6vYunZi0u WBbxzF3u9mrifxey3rRckajDU1aC5H1qVUTWwRiEvVQTtSzcd1Si7jKYD32mCYxe aNjeVmg3pas01yz2tAS9j+igXSD8a4MKNwB7qhQl2evr0Pcsjbjd67+fMbjQ/Gs6 iNzX+9FV2kMPhsSKQij04oTYadpcaW5YuacafG7TAl+ATl2ZKhqea4Ff86smk/We aWo+J03GRe+LbQUCJVp+++BrmHm/qkcr/Fsvvf3dndpBEU4cAI9h3hwNOSFQ9Ewy T9HgmAZZHCNRFK1qUK5giPawgNCnimTVHAkx4b9mPFkDpJtE2SZZrZDhWPX/cih3 mdJtqn3W/+kkUd4Hda9x/2oD1a3iVzrgYoXvJmtJt8SxUg795VnPLB61AtBKovpL tGp+q8pkgWGVPJwwzTwgVidpqrUg9odRkh/ZbahYBthOO45Nc/RP1YKYFMQaZJdC B8b0pvVDYDirhaqyx37M5AjGJQdVHLtmR/rjPHZKFOX/gu5F/yD8P3X6Yz32ysi9 ZvfCJSll8nkVoHhVmjKefbMn5xpQrCp9hWT/QuOibJOtVsc8/GMBcGwqsz0aO6iS X5mB1DQM8OkxUS4k6LyvzGBqt/mkQNQ/a8Z5w/4FS5hjUBzSDTR7us0Cy//oMKB4 k/PifFaGptxhJ7Qu6E5dCyCJr5YHWKJ/kacgNM4cbdzD9qM9SJGBKtiPaHMgDzCG vbNkf9NAZqAV8BJzmU7825D5LIuaDHp7IagsRv6EOTc23jQX2h0V5r1jaEGuBeBW MCBo3GB6drPAIqiBEhgYI7DtKe8WqNBnAvOBfDl4aGAAJP8oEyFDOgCu4XB5A6iA mACH3DCvWf98Mz+VgT5KWP1kSVBf6IdQeTXoqAO68Xl6NqwT1WnggwLy6GZ/JOZ7 0ysuSdfYI4y0ocw4K13OcHFc5Pi05Bnjo0O3Fqw0Prt1gEUs0eRsKBx+0uvz+222 CGLUG38J5v7URtGXHtzQdYzzKFcSIBvzBLOAZbAu2dj5mooQvZqRv64r4EToHl5D AieYWbhm4koOTD9udivAHmKiGcANYCmIGJ47mbQNBrz8WqHH6DlD4RIlB130GAOb Ams0OYMzEljvBzeJlvwjTD5vf6V0pDGBV9AFqRFAqk8B+F+/lH8uAh4QuiFj7bJa 2qCLKNciq0HPMWCQyZRIeEsp0GLByfBBDZFBE3VQPMDm8TAUGCBmP5D5DqLyA0ro e62GsPL9a433bZYotPf+gO2OIh31b/07BtQs89y3Vqy9tBvnyHpmLEWgcOSUG5hu y6oc9uwOPigfFn7lcOcqozjRHl6B23NXWJ5bMerx450tZTwVmlOouuhKRwb1GjYm SpUN1l2IqCRWF+c+GSojOKXUFIaCQJzBmzmyZax7X+Ax77OZAMSgDo3Omy+DTg22 m18gxdYdRBMLW6OZTKmNwqyr3pFrdwZsrRuzL9a3pQK3AtaGpEbIGISTcQsanTyG yST5QbPY1BrO+I9GJomDXNRjC49mg49C8ADfUJqBDE1UNDzeZb7yy+SgF/vL/oGG 6ITS7EejtbeoujjpBTaZYiM3W3BUAtuGnxG47rankXBalUbeGeJPOop5hp/HS2ZE 4KZPHzQSa5pnV55jEAiRS4P1Q36aXEdrb7fmhrjM9xn4eVdanvc4QMABauch3I82 GAcbRNlh3W5gj1gB8XoTY0y7l5P5PPuttAgY9jDAV6MISo6dZdYskRFut3M51h7v j4PNQQduNV9wOGFgGshVRh2MyURL9z5XiD/rpjD2rzQjcNE1Ft/y2C2fwobCJFjr JteAd7s84jfRz/9eX/dI6DPJz/t4X/LJNYYmfLlgd9LNXvNJtwhYzisz2/bIQAsX JJjJRvcc5S3/RzEXj99ntQjAcgSiuSzmgSZMxdgU8CL4c1ujUKuIb7k5kAdtW7Zr UrtWHNs0b1Wndiw7tGitdiw1cIH/B7pVnfzv8cc7i5ZtCrcdVoBQkVuu1lUFwJMF K7K6pAETn+P3PqJ72bDfJJq3orFfzkVCNT6dL72QYxemlnFRQM2Ayle1cKDkP7rk SrYpxy5rp1mVE1cUvHO6bi6bE+Th8G/WmfNIJg8X1/Ux/Iya3plBN4YNcXDZKPWx Gx9NzrtDdn+S3KKVHt26znWQpAx+sBfPnthxWvU5RI1J4g40cg+V3Kv73xF0Sb9k n5jdbf8M6W0p68/lXlOKbPCCqnys2jUUybfB0rmilJsUELtx2XRX5A/WfZ2zoaAY 8FGCXyeEcnB/ptHbzMYvIAi9TxzypSQT00+RZ2E3j2fXtrcl0KGOca3jSVMgTCbj AbjM79ieM+D48/pHqP9BaojWPmR61Psttfo1P54hFN3NfkQ+emBS9RRzvlnCdHiq P/VrOCEt0bvH5M+JeaG3N5QuvTycqA5cKKAJsbHpYk0abOWJS0+uyAR5O/RgcCdT MZyJUECBrvTN3GaB0DYohCXKsCFUclZIjJFstbStN9HtlqhvqCc0Vs3x6U0obaR7 TmerZugQ+/7hVdQ/0ZOrJmzCGFA3zKBBKTFovTwjh9NvefOg8H2NEqemlXYhX+PK BjPN5UCjG/VH/ytqJFAZFOP8MfGJvqf8xkhM2AjZnjoDI+KRJ0kIyDxBJHAKnRVa sAjmuGWXT7IzSORLSR5frGE/CSnBGr/RC5LhOQVrnGnDJv+JZEyGdIwpJtDd8Uho CjZGiMYZoHb8N1HKc6UXROM/Vcb/UrXUBFWzucTr8I5I+RgdSozPQk7XZo+aSKKf DFqemUFSFBKvka4otbNY1maHr0xaaBdbWxRIPTbZUtwgnbEVDXcMUDjYMkhmY0f/ XzQR62Iwk0VNNpPhRCcxCU/aIw2lGFRpi7QNkzTNol/zPPGfJLBZD+qKaNHngSV4 4NXACcG4nNgHhzQNJKQDf/Z2j5RFuQ2N2CDQvj74ocRYzbuAARFGDtW1bYtvu8zZ kImFnzGJJcPfK4ez4vvPmhR+1wTxEfkHK7JkgxlVIv9kghTZbdbIpft02Btsyt5P n31FpLGihCn+zVsT+4KdTz7gHgPER8YRKL8TzrBZMDq0rxhHcAfgLpBQIDmximXn hw3LzpfiEiUUWE6BAuOCAbIMe9+8M0WY7kICWgUdpK0RPAj6q4CGufEfLPRX/8tj wujREF5/nUOpPKZJJVjBTm4U27VyZWSm2maw/zjAmy+G4StMuBWx7D443LsTD+Mc VvLKWuwjOw7qT7l1T8hEWcTNAWtlT8m6jpUp4XHiH+4KMNIKxM7x05nTi/7cgai8 3m+0wzjcmlhVGU1HpLyWPgrl+j7jSpHYsek7KEd/9vk99b871mk4+8pWhaMo0vfw YTsNLjglNUetm1y3GlflbBbheM0bXCT0ToWbDgSVgraJlAkLHX9imcTI+ZkNFc6S lyhno8chcjKagW/GQE6Vs+EVJNHMdW9X2IwDTs80VcyRoLhGZRTxmLg+OlSkEjsk JgMPJk9PUlIgmSWNgWitTBsVTqiWFz9oIuRjinjVjdu6XKgTlIeZ5qiArvuQ1vs1 bKRp3FujdmdFfLkvLhqjw12smejWH6eykYjY6iMJYn4X/RTCGjmID4tFJLxEtpMh bOLC05AYN4kPy0SmX8OnlYhW6WMEQsBMqswvUeMNUt+HeNAOWTrKQIPFll+FcGF2 HMuPFKe7TTZ+ttVcMpPXAwRCHYxVTE3ljTcvQdxU4X8OBDmoqGV4q06yKcvP3P+y bOKk/kBNwatmAStZ/Vi+2k68n5jpeQ0f+kZ0e6WXVJ8rF2mIBPlkRohk8AaoT2pX TNm10tSG5ZH4KvNYFSVBsk4MN4UzMoCRti6+DOoovBtQy4K8Gfyff2twRh1L7Oka 5O7VYa9GXnw8sVogx6wJU1In4zDeBgp2l13IgEFpkHOyoOXcO7kWCJS8quWsh9ho LjVTdYONqVCh/friXMPwEMM+mNOM1WWgkX3CwgoQgVAFTXSrUO9KaB/qDW2Ueiip UO0w/igN6wHEkobdYJMaaRF05VoXunn7B51PRSYSYY/tKuKO7koWraPP4FoCOotN oLjACpiRKLyD+NNBtr41HJxZgh9zC76j8NLmYAp6GAYb6QZvSSh3JFKkUdyJFGbD Uyt2ZvPwEnGUHjws+8oyI2glhDNb5fiQGrvu+P7adkE3QJCRvTXstYoHG7RtMWFq 3Bp0AIpf795x2kOTzhn/0r7umT7aaIRi/lbK2qPvNJj4NWf1mOwsFsG1TW/k5Qs7 RmnAhNFaf7kMayTQZ62ZNkd+4coB49N+ha0ADphR63Y6D9C1CfgaNpHQl81teD8K K9a+f+FveTRr9q7p2q0tkHGZa+3Rq6Jk79N16n2PVjTseavpPsf2QZrxF6mgroEr OCCQe5jZtLzu/bswBXuLHPq3RljoogbssOmD2Dv63tCzM8s2jaUSZIPoDiZusH91 OU61K/MivEnzL88uS81Ue1JEuCgq8apLr95U+86/RLvOM28WDB/cf4JZIcfG2pZW SAxVF3DFHU/4SoMLC2vwoCKDzTZq+6oUI7P6R55r8picVNWB83e/g/n6vsy8Fc1l FVcP14Uf1glaN9XdiYfIb00NYAJ/HAasM494qmvLhJJ/vacdEK7b+obiJVn3R9SV K01rywTBj0mOEmi3+MyQ+TN4dsEQ7T9EqUuhJkuIUn8IVsowbCa/rxeh3V0PWLb4 jC1DEjdFBA45dgWM2HaB4atcVoSCsIErxKzXijULLUwqzJ8frd+mfkIMtE/J0MfW smLEkO31ZUd/3qdiChLSJbxrN/kMhQ+Zdnm4hkk+Q+HCJA1mBiZofNoVbjRg8SqR cOFHUNvfMUdFymTPwV99luW51InfGx7m93g/tLDt2ew1+FqHgM1Ol0LmQcatb9jp V0ZoAsTaIi0ZOl4AIBxyzJrltw3ObFwZ+N27AeQV/FF87bF6419cu/RtVa9N19R/ xQ5cZHdTWP8cUuoGmysSvs+OsY+JOQeVhOT5pDorhCCo3w1lDljz/fgL+LO0F25e 4zN1rpWekrYBLwduMI4y7Ti0vDlo1unk8XuikLPBAK8umEFtjmG9+vMDmwmh+ajn h2Ut3GreFWU6NYOkQyFd8yIIIgzQDe6O3AuytphX22q9QX47k3j2119t4Vimdl+N 1ThOz/vm7jW/z432lc0tv83zdQWY+vbklvAv8DNerk+LJF8O/+HVe7jKGeJav/g1 VxwIW++K4TTrA23lC4SiA7oL3gNE74KmMo73khXvYVPbfPULhOjopYJDgmRPp/t7 uMJVAgJ+xQo9H5ujupT+NgB+BTmDk/dwzZNE+CB+oqaLYMOzVQw6vLiJclWCz/V3 ueqdFwdVkWYPvoFOoafLgDhP3SrxOr2u+hUijuFCt2rUw+WaEcyK6PFaImMtnSUv UgGJeEsl/r/eRGP4CpwTk8u61wzxYXG+JgZZwyO3X2eMBlae1EPhc/GrGzGvTgi2 MNSm9iB2fSArfAKBXN8ofEZjkmv8dyb9h3pPqldb9+jc9ZWNsDP4z1+7O0u/rdYM d/7POoLXP5SX6napKgZ4+6wbWPpaUWRDTzAU+uOtmRAptGqOun+/XuZ2EhpNlDbT PR9Mj2+lSEbdiiUiv77LjxrOAxyzXybd+SK6GDZebw0lP7VfZc9MGrIjTRSnpwru wkz77ijz2xauur0/FLvnEtulRSClifVIiDzCDxSQCtCjiMB8JPFFOpHyJSYvyLfJ AasBczxGoARAQC9l8Eo3bDJ2J1SoCDnnNCeokkTQDlPa+/4E1AKC986YGiZCeAEE IzI3Am/xaVTlf4B8CNNABcP7C5hSLpSoxFpODDFNKe0zlBUrChALnN7fja1Ml2H0 z1U7dfmXKcPn0Af4z8BkFTMtd8QVOM8T1jMdYnUBLyFf00CKmShjgKFr+NvvEH9j ab5Su19fXVY+kU1JQapRIZucIRkpGZIKC6svvb/+NSWdfPZENCOPK1BF/ZmbxIj8 YcF4qnvo64r6/QziO/oVhjjyG/2N/sX8Zf4x+5p7/8Xc94N8xvhpU5nePdfb5IS6 /zUM+kV/mlgCmEb3i/jVmVu652/m+c+QSyz6gQcex0G/+FpAHOFR1zd4O/Ao9QhW dlgGiFgPEfK8kK67Cq+bAKI4DB8JS6x6H2ROVl1IXCa07+QYUqdifoImQeivH4n7 9oAzzt4AN3hfcZaG4uFJZbuO9ANQn/atJiUFt5Z3hsJ7XAFwUUh340hhde2h0Hea 8wQ2iG6uhDdmEfLk/U2X3pwfdx+XDzuWzx0JvwCT7ySukN4XUDAhnVRJ+Fa3AuMs kT5xkulJobrVUIkiepUK2PJJi1QvsovU8q9Dq8JAycUG3jC2/h+7awVz4d8wN2/G pKUIy9gvZFxMxGCOXQ2tG8fAoW0melUgrHLgj+gqMP8oC93+/RLXKrULoVJhbLFG 2AFTD24NAT5WSddKQ5UjuanxBm4Lzly/Eaz6XmL6gF/fMJuYXGdSaZvlDFtH/cQH Q0AXfhmGZWeSvoQtFpRDvxDlEaYrjcW626dDZk7VCE1RqSenc2qT1KCVysD8Y5XC 9/er88O0Kb1dHZ+vh6GuX+3cKT6ap8/dVj8E9Ls2JuCdmtLsmy+gy9YiHsrsHWCF EqmR0bLCPh+RTMvNPHEg5jRw/RZRAnCc88ib4jwGboL+ogTXxNU7c8g40SsvInsR gbCkwRApRAigr/TLSEF/NXvAigE5d2d87XCp7Lb8U5AZfJSUrFnuFFmid270lUB2 jGwfBChlR2GW1bcLxoDJvAF12uGxuEU/KYgrOLL428YiOLoUMJxmwL6g3UjSJPEW Vui/WbR2h8gOmxtYMULnCjb0AdCsv2V2guM/oGKKM78A5rmnR7/QQS/8Y3vTv70x T31X4Dy/+ELu33Frv/9nc4dZ/Us4f7TSd2q54XUDX4MzNZk36If68zu2+otTdrfR 9b5n+rs3FH67YddXiqs21R5+xotzvG/pyxWDlRGIDNYcUhAiBvFAIlL4MG1N07Zp 02CK0f5kwIZdd0fb8Yf8x8tdwgkTp4UaKA/HzVu+Z//KtkNWXgWSVOTQEDBomKfU gEbPWK9os5UVPEhk/l0Yi0ERiBKNESawWRdLrrGYsjfOkq8aLHM2EfWWawEz6cSj ee+F0biSs+3H1lYmu2qT+wODj2yYnYFJZiI46YITs/4/kPYPMDDrTPhnWUiSXUvP TfjnXUiCwcioMe2bdyYCSi2lwLhn1hr3Lz/3mvWvPGfDrP/H1lhIkUdL+ZMAzZY+ cwGtlpyY9m08ZcGmZZSYDmz/gev/7O3+2QctWc35D/0XjKPnDvOeo2cSNj37n4OT ZzMmAyc/rhYFHEjM2LrM3X048qoHHl3NXqO6slbNv6aaShFASBGo1nJOMxpbphpd QafViEzywQAx7d28+Dkv5oOqJRRerDNKFInpJ5C3P9qEMxRqNqTVdr/SUJvfGXTV AqNGmyZjcYyM8dgf2BAuTSn2VuSPoc5at/usBz1ieD/qWgYSW5nYF15XSzdihIIc ZeMsAHTUMBSTqyQj5yDmdAOSW94jlpvfNfa3rj0r16kAkxZJjtTwKzadP6bCby6N FP6+R7m3OPzE5BBPvFRnXISFDJQCK2R6avMq58RWdqnbL7YKrHnsLSinDtHdhbrs jZRLG1y50lxNXwE8pho74oc0Y7o4FXWztGjgmYLuQwUt9jYANZ6t0UgKctH1iAU9 CbjautkRU7VLN246Zdz23/OvQfMXngYYYAFHod+25x/Adb+ZRNIsYcWWlOJcRV8U ZlMvPpg1hanlve9HKRaImcx3bauXGF0orD0nbzue37Y/yAYVrzQBr0QTgOX45Qz4 63vHUKtU6D1oxCsUqfRNm1p0d6MXjpVwAHt/YigAqRmnnk5IQg1O3preLHcqbkA3 3SQsDu3F4vY5fmaZITzBossZitOh6oZdUuUOqxcLv0IHMd1tMibdnXi9KQnHqN+d Alg2EpYqtC/+4tdKlJacewoajYt832yzbyvNo4RrvqQEhTrKA5/KDkO7hMyZgtaq 8QqjXgl1bhKQKOUivQbtoRSU7J7bjFaM1OmL0Bt9ULQyRbKymkdCqfiVuBa+0CRZ YJlRoZAoD5DMTFVmEkFBH8Ok6M2LMWzgxtLVzfJbL2I/vtyEqmGuSYw9zj7eBETD FteVs2ktxU+ksmIeHN/pRn2TG/f8dE0/VdPkkcSJj/jlv+itua7/PhEM/uBf/w78 n83cwK8wEK8roEVNxnePQHFBkT2IxtHvYW33J/uwX/wPfsAZww9/MMP/lK+8B/7/ Vc/ygH/I88fu+2oMX8V/jc8o+n+jsH76smTVNpb0p+0GftmOfoP+79LHue8H5Bn9 u0Vl6vcl5xoL+7tXFkXU4YsV/QH7jk+H8W9Lwvjf0v8dZg7gVyp/7P2/IKO/i7ML B79zJ32Tv2Mv/19awF/keaOvPVXGzyO/Riea97yQ/1/Pyfvxb1EjpAyABDDA/wM= =0Og4 -----END PGP MESSAGE----- -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 # /etc/smb.conf.TNG # Configuration File for Samba-Server on garnix.homenet.oaa # 08/12/99 Osama Abu-Aish # # globale Einstellungen # [global] # workgroup=HOMENET.OAA.TNG workgroup=HOMENET.OAA netbios name=GARNIX announce as = NT announce version = 4.2 share modes = yes server string = Samba Server on \\%h (v%v) interfaces = 192.168.1.6/255.255.255.0 bind interfaces only = yes time server = no nt pipe support = yes nt smb support = yes client ntlmv2 = yes server ntlmv2 = yes unix realname = yes force create mode = 644 force directory mode = 755 # # Domain-Einstellungen # # domain logons = yes # allow trusted domains = yes # # Security Options # security = domain password server = asterix smb passwd file=/etc/samba-TNG/smbpasswd encrypt passwords = yes hosts allow = 192.168.1. 192.168.2. 127.0.0.1 guest account = nobody follow symlinks = yes null passwords = no hide dotfiles = yes # # DOS <-> UNIX Conversions # dos filetimes = yes character set = iso8859-1 client codepage = 850 hide dotfiles = no preserve case = yes mangle case = no case sensitive = no default case = lower # # Einstellungen f?r den WINS-Server # # wins proxy = no wins support = no local master = no preferred master = no domain master = no browse list = yes os level = 31 remote announce = 192.168.1.1 192.168.1.5 wins server = 192.168.1.5 name resolve order = wins lmhosts hosts bcast # # logging und auditing # debug level = 100 log level = 100 max log size = 100 log file = /var/log/samba/log.TNG.%m status = yes # # Tuning Options # read raw = yes writeraw = yes read prediction = yes getwd cache = yes wide links = no socket options = TCP_NODELAY # # File locking # blocking locks = no # # File-shares # [homes] path = /autohome/%S writable = yes comment = Home-Directory guest ok = no [root] path = /root writable = yes browseable = no comment = Home-Dir root guest ok = no user = root [root_fs] path = / writable = yes browseable = no comment = Root-Filesystem user = root guest ok = no [MSOffice] path = /share/msoffice writable = no write list = root browseable = yes guest ok = no comment = M$ Office 7.0 [Tools] path = /share/tools writable = no write list = root browseable = yes guest ok = no comment = Tools und Programme [Admin] path = /share/admin writable = yes browseable = yes guest ok = no comment = Administrations-Tools user = root [cdrom1] path = /cdrom1 fstype = CDFS writable = no browseable = yes guest ok = no comment = 6speed-CDROM [cdrom2] path = /cdrom2 fstype = CDFS writable = no browseable = yes guest ok = no comment = Doublespeed - da geht was !!! # # File-Share f?r Druckertreiber # [PRINT$] path=/etc/samba/printers public=no writable=no browseable=no [W32X86] path=/etc/samba/printers/W32X86 public=no writable=no browseable=no # # Printer-shares # # Port 1 [AGFA1] path = /tmp/spool.samba browseable = yes comment = NUR FUER TEST - NICHT BENUTZEN! printable = yes printer = raw public = yes guest ok = yes printing = BSD lpq command = /usr/bin/lpq -Praw [LaserJet] path = /tmp/spool.samba browseable = yes comment = HP LaserJet 6P printable = yes printer = raw public = yes guest ok = yes printing = BSD lpq command = /usr/bin/lpq -Praw print command = /usr/bin/lpr -Praw -m -r %s # [FAX-Printer] # path = /tmp/spool.samba # browseable = yes # comment = FAX-Modem # printable = yes # printer = fax # public = no # guest ok = no [PDF-Writer] path = /tmp/spool.samba browseable = yes comment = PDF-Schreiber printable = yes print command = echo File: %s >> /tmp/print.log; ps2pdf %s `pdfname %s %H %U %m`; rm %s public = no guest ok = no -----BEGIN PGP SIGNATURE----- Version: PGP 5.5.5 -- QDPGP 2.12 Comment: Encrypted with PGP 5.5.3i - key available upon request. iQA/AwUBOIZXJQmMXnP+meK2EQJE/ACfdeNuCxaJVGCotiqsz0ZU1C96M10AoJB7 fnZQtixGpcEFGrZfwFRilgn0 =ye9L -----END PGP SIGNATURE----- From lkcl at samba.org Thu Jan 20 01:58:46 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: RPC-Problem with TNG In-Reply-To: <200001200129.CAA30256@rslx01.fht-esslingen.de> Message-ID: > I have a problem with TNG. I use all TNG-daemons except smbd which > is from MAIN. PDC NT, samba is domain member. After successfully > having started all daemons, the server shows up in nethood. But clicking > on it brings up "a RPC-error occured". oh, darn, i forgot to test that today. i'm at home, now, i'll see if i can tell from your log files. From lkcl at samba.org Thu Jan 20 03:13:47 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: domain map group fail In-Reply-To: <200001191752.UAA27767@lasp.npi.msu.su> Message-ID: hi vladimir, the /etc/domaingroup.map file etc, it's world readable, right? this is required as it may be read by guest users right throught to root. On Thu, 20 Jan 2000, Vladimir Stavrinov wrote: > On Thu, 20 Jan 2000 04:12:16 +1100 Luke Kenneth Casson Leighton wrote: > -------- > > vladimir, please identify the version of samba you are using, plus send > > your smb.conf file along with the log files as well, to the list. that > > way people can review it. > > > > thanks! > > SAMBA_TNG + HEAD of Jan 18 near 06 AM -03 GMT > *.log files - in previous message (top of this thread) and smb.conf - here: > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From vs at lasp.npi.msu.su Thu Jan 20 04:11:38 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:06 2003 Subject: domain map group fail In-Reply-To: Your message of "Thu, 20 Jan 2000 14:17:06 +1100." Message-ID: <200001200411.HAA29563@lasp.npi.msu.su> On Thu, 20 Jan 2000 14:17:06 +1100 Luke Kenneth Casson Leighton wrote: -------- > hi vladimir, > > the /etc/domaingroup.map file etc, it's world readable, right? this is Yes, I am aware of this. This configuration is not changing for an year or more at all and I had no problems until start the TNG. From lkcl at samba.org Thu Jan 20 04:17:17 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: domain map group fail In-Reply-To: <200001200411.HAA29563@lasp.npi.msu.su> Message-ID: On Thu, 20 Jan 2000, Vladimir Stavrinov wrote: > On Thu, 20 Jan 2000 14:17:06 +1100 Luke Kenneth Casson Leighton wrote: > -------- > > > hi vladimir, > > > > the /etc/domaingroup.map file etc, it's world readable, right? this is > > Yes, I am aware of this. This configuration is not changing for an > year or more at all and I had no problems until start the TNG. argh. ok, can you try [latest cvs] again, and use rpcclient -S yoursambaserver -U% -l log and do the following commands: lsaquery enumusers enumgroups enumaliases then, pick an alias and a group that you _know is in the map files, and do: lookupnames "the alias name" "the group name" "maybe even a username" you should get some SIDs back. strip off all but the last RID, and do: lookupsids the-alias-rid the-group-rid maybe-even-the-username-rid you _should_ get the same alias, group and user names back, and it _should_ identify them correctly by type as well (thanks to elrond for that type patch!) From mgeddes at xavier.sa.edu.au Thu Jan 20 04:48:56 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:06 2003 Subject: Samba-TNG "Can't create IPC area" Message-ID: <388693B7.79EE799F@xavier.sa.edu.au> Hi guys, I have Samba-TNG (from about a week or so ago) and had it working. I must have changed something as all of the new daemons are dying, complaining about not being able to create or use the IPC area as the file exists. I have checked the log files (at debug level 8) and couldn't find anything that was a problem. The line above it in the log says: WARNING profile size is 16 (expecting 8). Apart form that, the logs are fine. smbd and nmbd from Samba-main start OK. Is it a permissions problem? I have checked the Samba-TNG FAQ for clues ;-). The browse lists and things are saved before it dies..... Thanks for your help, A very confused and weary Matthew Geddes Network Manager Xavier College Gawler SA From lkcl at samba.org Thu Jan 20 04:54:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: Samba-TNG "Can't create IPC area" In-Reply-To: <388693B7.79EE799F@xavier.sa.edu.au> Message-ID: matthew, i grepp'd for "IPC area" and that occurs in locking/shmem_sys5.c and profile/profile.c in several places. can i suggest that you check you're not enabled "-DWITH_PROFILE" and that you haven't enabled "-DHAVE_SYSV_IPC" by mistake? On Thu, 20 Jan 2000, Matthew Geddes wrote: > Hi guys, > > I have Samba-TNG (from about a week or so ago) and had it working. I > must have changed something as all of the new daemons are dying, > complaining about not being able to create or use the IPC area as the > file exists. I have checked the log files (at debug level 8) and > couldn't find anything that was a problem. The line above it in the log > says: WARNING profile size is 16 (expecting 8). Apart form that, the > logs are fine. smbd and nmbd from Samba-main start OK. > > Is it a permissions problem? I have checked the Samba-TNG FAQ for clues > ;-). > > The browse lists and things are saved before it dies..... > > Thanks for your help, > > A very confused and weary Matthew Geddes > Network Manager > Xavier College > Gawler SA > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mgeddes at xavier.sa.edu.au Thu Jan 20 05:08:03 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:06 2003 Subject: Samba-TNG "Can't create IPC area" References: Message-ID: <38869833.EA9EF3C2@xavier.sa.edu.au> Thanks for the extra-quick reply. I don't think I compiled with --with-profile, but I'm currently trying --without-profile (to be on the safe side). No doubt if it isn't the problem, I'll E-Mail the list again ;-). Thanks, Matt From lkcl at samba.org Thu Jan 20 05:09:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:06 2003 Subject: Samba-TNG "Can't create IPC area" In-Reply-To: <38869833.EA9EF3C2@xavier.sa.edu.au> Message-ID: do a make distclean or checkout again, anew. On Thu, 20 Jan 2000, Matthew Geddes wrote: > Thanks for the extra-quick reply. I don't think I compiled with > --with-profile, but I'm currently trying --without-profile (to be on the > safe side). No doubt if it isn't the problem, I'll E-Mail the list again From vs at lasp.npi.msu.su Thu Jan 20 05:35:37 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:07 2003 Subject: domain map group fail In-Reply-To: Your message of "Thu, 20 Jan 2000 15:19:17 +1100." Message-ID: <200001200535.IAA05155@lasp.npi.msu.su> On Thu, 20 Jan 2000 15:19:17 +1100 Luke Kenneth Casson Leighton wrote: -------- > On Thu, 20 Jan 2000, Vladimir Stavrinov wrote: > > > On Thu, 20 Jan 2000 14:17:06 +1100 Luke Kenneth Casson Leighton wrote: > > -------- > > > > > hi vladimir, > > > > > > the /etc/domaingroup.map file etc, it's world readable, right? this is > > > > Yes, I am aware of this. This configuration is not changing for an > > year or more at all and I had no problems until start the TNG. > > argh. ok, can you try [latest cvs] again, and use rpcclient -S > yoursambaserver -U% -l log and do the following commands: > > lsaquery > enumusers > enumgroups > enumaliases > > then, pick an alias and a group that you _know is in the map files, and > do: > > lookupnames "the alias name" "the group name" "maybe even a username" > > you should get some SIDs back. strip off all but the last RID, and do: > > lookupsids the-alias-rid the-group-rid maybe-even-the-username-rid > > you _should_ get the same alias, group and user names back, and it > _should_ identify them correctly by type as well (thanks to elrond for > that type patch!) adm="Domain Admins" root=admin See output below from rpcclient: [root@lasp source]# rpcclient -S lasp -U root -l /tmp/log Enter Password: [root@LASP]$ lsaquery lsaquery LSA Query Info Policy Domain Member - Domain: L.A.S.P SID: S-1-5-21-3528327861-1831579209-8958510 24 Domain Controller - Domain: LASP SID: S-1-5-21-3528327861-1831579209-895851024 [root@LASP]$ enumusers enumusers SAM Enumerate Users User RID: 3e8 User Name: root User RID: 7d0 User Name: vs User RID: 7d2 User Name: creaker$ User RID: 7f6 User Name: lasp$ [root@LASP]$ enumgroups enumgroups SAM Enumerate Groups [root@LASP]$ enumaliases enumaliases SAM Enumerate Aliases lookupnames "Domain Admins" adm root Lookup Names: SID: Domain Admins -> S-0-0 (8: UNKNOWN) SID: adm -> S-1-5-21-3528327861-1831579209-895851024-1006 (1: User) SID: root -> S-1-5-21-3528327861-1831579209-895851024-1000 (1: User) [root@LASP]$ lookupnames admin lookupnames admin /tmp/log is empty. You see: main answer is "Domain Admins" -> UNKNOWN thats is because log.smb say parameter "domain group map" unknown... :-( From j_wiese at hrzpub.tu-darmstadt.de Thu Jan 20 09:24:52 2000 From: j_wiese at hrzpub.tu-darmstadt.de (Jens Wiesecke) Date: Tue Dec 2 02:28:07 2003 Subject: Accounts for Samba and Linux Message-ID: <3886D464.105FC6A2@hrzpub.tu-darmstadt.de> Hi, I just started to build up a Samba-Server running under Linux (RH 6.1). At the end I want to establish the Samba-Server as BackupDomainController or PrimaryDomainContrioller of a NT 4.0 Domain. In this context some security questions came up. They claimed that _every_ NT-account must also have an Linux-account and this would open up some security holes in the NT-domain. Is it true that every Samba-user needs an Linux-account ? Note: I don't think that an additional Linux-Account would open extra security problems. I would just set /dev/none as default shell (and would have no mail-, http-, telnet-, ftp- etc. server running). -- Jens Wiesecke Institut f?r Makromolekulare Chemie AK Prof. Dr. Rehahn Petersenstr. 22 64287 Darmstadt E-Mail: j_wiese@hrzpub.tu-darmstadt.de From lonnie at borntreger.com Thu Jan 20 08:28:29 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:28:07 2003 Subject: Some questions on PDC support in TNG In-Reply-To: Message-ID: <000901bf6320$54ca2360$0500000a@borntreger.com> Bruce, This is from a Solaris box. Proper links need to be made to it from the rcX.d directories. For Linux, it goes into /etc/rc.d/init.d Lonnie gto-> cat /etc/init.d/samba #!/bin/sh # # samba # SAMBA=/usr/local/samba case "$1" in 'start') echo "SMB Service starting." PATH="/usr/bin:/sbin:/usr/sbin" export PATH ${SAMBA}/bin/smbd -D ${SAMBA}/bin/nmbd -D ${SAMBA}/bin/browserd -D ${SAMBA}/bin/lsarpcd -D ${SAMBA}/bin/netlogond -D ${SAMBA}/bin/samrd -D ${SAMBA}/bin/spoolssd -D ${SAMBA}/bin/srvsvcd -D ${SAMBA}/bin/svcctld -D ${SAMBA}/bin/winregd -D ${SAMBA}/bin/wkssvcd -D ;; 'restart') $0 stop $0 start ;; 'stop') echo "SMB Service stopping." for file in ${SAMBA}/var/locks/*.pid do if [ -r $file ] then kill `cat $file` rm $file fi done ;; *) echo "Usage: /etc/init.d/samba { start | stop | restart }" ;; esac exit 0 > -----Original Message----- > o Has anyone created Unix'en init scripts for TNG? There are a lot of > daemons and starting/stopping by hand is tedious. Realize I > can easily do > this, but if someone's already done this . . . From lonnie at borntreger.com Thu Jan 20 08:37:08 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:28:07 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc In-Reply-To: Message-ID: <000a01bf6321$8a6c7ee0$0500000a@borntreger.com> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Luke Kenneth Casson Leighton > > > This is dependent on the system configuration, but the library > > search path (much like the executable search path) should > not normally > > include ./, for security reasons. > > ooh.. then why does smbd run fine, even though i don't ahve a > LD_LIBRARY_PATH? The reason is that you are starting everything sitting in the directory above, in your current shell. Problems don't arise until you try to start the bins with an init.d script during boot with no user environment. Especially with the hard inclusion of the .so files (direct path as an object instead of -lxxxx). That makes everything run funny, when compared to "normal" library load/run-time rules. (Yes, I'm getting an updated Makefile.in diff to you. Just gotta make sure it works first -- compiling as I type ;) Lonnie Borntreger From lk at NetUSE.DE Thu Jan 20 08:56:33 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:07 2003 Subject: Some questions on PDC support in TNG References: <000901bf6320$54ca2360$0500000a@borntreger.com> Message-ID: <3886CDC1.BEDFE905@NetUSE.DE> "Lonnie J. Borntreger" wrote: > case "$1" in > 'start') > echo "SMB Service starting." > PATH="/usr/bin:/sbin:/usr/sbin" > export PATH # so you can also start luke mysterius binaries(which requires bin/lib*.so) :-) cd $(SAMBA) > ${SAMBA}/bin/smbd -D > ${SAMBA}/bin/nmbd -D > ${SAMBA}/bin/browserd -D > ${SAMBA}/bin/lsarpcd -D Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at NetUSE.DE Thu Jan 20 08:53:53 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:07 2003 Subject: Accounts for Samba and Linux References: <3886D464.105FC6A2@hrzpub.tu-darmstadt.de> Message-ID: <3886CD21.A8582BC@NetUSE.DE> Jens Wiesecke wrote: > > Hi, > > I just started to build up a Samba-Server running under Linux (RH 6.1). > At the end I want to establish the Samba-Server as > BackupDomainController or PrimaryDomainContrioller of a NT 4.0 Domain. > In this context some security questions came up. They claimed that > _every_ NT-account must also have an Linux-account and this would open > up some security holes in the NT-domain. Why? > Is it true that every > Samba-user needs an Linux-account ? Yes. You need the unixaccounts to check the userrights on the filesystem on the server. > Note: > I don't think that an additional Linux-Account would open extra security > problems. I would just set /dev/none as default shell (and would have no > mail-, http-, telnet-, ftp- etc. server running). Yes. You can set /bin/false as login-shell and you can lock the account in the shadow passwordfile. Don't know how this could be unsecure. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From simonmu at optimation.co.nz Thu Jan 20 09:02:38 2000 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:28:07 2003 Subject: Some questions on PDC support in TNG In-Reply-To: <000901bf6320$54ca2360$0500000a@borntreger.com> Message-ID: On Thu, 20 Jan 2000, Lonnie J. Borntreger wrote: This is from a Solaris box. Proper links need to be made to it from the rcX.d directories. For Linux, it goes into /etc/rc.d/init.d Also Debian uses /etc/init.d (not the wazzy redhat method :) Regards Simon Murcott From bojan at 4u.net Thu Jan 20 09:55:16 2000 From: bojan at 4u.net (Bojan) Date: Tue Dec 2 02:28:07 2003 Subject: Login problem Message-ID: <000001bf632c$74f77af0$790711ac@lj.rtvslo.si> Hi ! I recently "upgraded" 2.0.5a to main. Everything looked good (domain logons, roaming profiles). So I tried TNG. When I start deamons: when I log on, NT makes another cache profile "user.002", and first boot splash window apears. Logitech mouse driver crashes with access permision error. If I kill netloind everythig goes back to normal. Bojan -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 2565 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000120/fae1d554/smb.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: log.NETLOGON Type: application/octet-stream Size: 5114 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000120/fae1d554/log.obj From bobby at math01.cs.upd.edu.ph Thu Jan 20 10:23:31 2000 From: bobby at math01.cs.upd.edu.ph (bobby@math01.cs.upd.edu.ph) Date: Tue Dec 2 02:28:07 2003 Subject: Can't access user settings Message-ID: <20000120102331.2293.qmail@math01.cs.upd.edu.ph> Hi, I setup a Linux box as a WinNT PDC for more than one month now and everything went fine except that recently, I noticed that one user account cannot change his connection settings in Internet Explorer. When I open a telnet session in his account, an error message will pop up saying "Can't access user settings". Does this problem have something to do with samba? Until now my logon path is set to "\\%N\%U\profiles". I know that this is incorrect but I just can't make logon path = \\%N\profiles\%U to work. WinNT always complain about "Roaming profile not available, logging you to a local profile". Can anyone who has success in this area help me, please? -bobby ----------------------------------------------------- This mail sent through IMP: http://web.horde.org/imp/ From john.rooke at lpsystems.com Thu Jan 20 10:56:43 2000 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:28:07 2003 Subject: Error loading bin/libsmb.so? Message-ID: <3886E9EB.BA6E2DBC@lpsystems.com> I have downloaded, compiled and installed Samba TNG as of yesterday evening, but keep getting the following kind of error message whenever I try and run any Smba related programs: swat: error in loading shared libraries bin/libsmb.so: cannot open shared object file: No such file or directory I know this is probably basic, but what environment variable do I need to set to fix this. I have LD_LIBRARY_PATH=/opt/samba-tng and this does not work. Please help. -- John Rooke Director L&P Systems Limited john.rooke@lpsystems.com From Pontus.Karlsson at dat.hk-r.se Thu Jan 20 11:14:23 2000 From: Pontus.Karlsson at dat.hk-r.se (Pontus Karlsson) Date: Tue Dec 2 02:28:07 2003 Subject: No actual problem!! Message-ID: <3.0.5.32.20000120121423.00952370@mail.hk-r.se> Hi all!! This mail is not sent because I have a problem, more that I solved a problem that I had and could not find on any homepages or faqs I looked. I'm running Solaris 5.6 and Samba 2.0.4b(as PDC) with NT4 clients. One day I had to set special rigths on local files on one NT-client and found that, when I klicked on the show all users for the domain, only two users where shown and I got the error message "The tag is invalid". Now , what tag was that? ;) (it's not german so it was not the wrong day ;) Making the story short: If you get the problem above, make sure you don't have any old users in the smbpasswd that you have erased from the passwd file. After I removed the users from smbpasswd that where not found in the passwd file, I could see all the users on the NT-client again. Hopefully this info is helpfull to someone out there... Have a nice day!! "Everything should be as simple as it is, but not simpler" Albert Einstein (1879-1955) Pontus Karlsson [pontus.karlsson@dat.hk-r.se] SystemAdministrator at the Department of Computers at the University in Karlskrona/Ronneby Phone: +46 455 385153 From lk at NetUSE.DE Thu Jan 20 11:55:22 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:07 2003 Subject: Error loading bin/libsmb.so? References: <3886E9EB.BA6E2DBC@lpsystems.com> Message-ID: <3886F7AA.276DE4AC@NetUSE.DE> John Rooke wrote: > > I have downloaded, compiled and installed Samba TNG as of yesterday > evening, but keep getting the following kind of error message whenever I > try and run any Smba related programs: > > swat: error in loading shared libraries bin/libsmb.so: cannot open > shared object file: No such file or directory > > I know this is probably basic, but what environment variable do I need > to set to fix this. I have LD_LIBRARY_PATH=/opt/samba-tng and this does > not work. Please have a look at /source/bin. Copy all *.so-files from this directory to /opt/samba-tng/bin. Change into /opt/samba-tng. Now you can start your programms(example: bin/swat). Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 1247 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000120/f6295e6b/smime.bin From lk at NetUSE.DE Thu Jan 20 12:03:30 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:07 2003 Subject: Can't access user settings References: <20000120102331.2293.qmail@math01.cs.upd.edu.ph> Message-ID: <3886F992.C5DE0B4E@NetUSE.DE> bobby@math01.cs.upd.edu.ph wrote: > Can anyone who has success in this area help me, please? I have success. You can find my smb.conf at my homepage http://www.kneschke.de/projekte/samba_tng Also read the part about the installation. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 1247 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000120/c2958ca6/smime.bin From greg at discreet.com Thu Jan 20 12:27:58 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:07 2003 Subject: domain map group fail In-Reply-To: Message-ID: Yes but he said its been working for a while UNTIL he switched to TNG. AFAIK this world readable thing started in TNG - my old 2.1 PDC has the domain groups in private. Greg On 20-Jan-00 Luke Kenneth Casson Leighton wrote: > On Thu, 20 Jan 2000, Vladimir Stavrinov wrote: > >> On Thu, 20 Jan 2000 14:17:06 +1100 Luke Kenneth Casson Leighton wrote: >> -------- >> >> > hi vladimir, >> > >> > the /etc/domaingroup.map file etc, it's world readable, right? this is >> >> Yes, I am aware of this. This configuration is not changing for an >> year or more at all and I had no problems until start the TNG. > > argh. ok, can you try [latest cvs] again, and use rpcclient -S > yoursambaserver -U% -l log and do the following commands: > > lsaquery > enumusers > enumgroups > enumaliases > > then, pick an alias and a group that you _know is in the map files, and > do: > > lookupnames "the alias name" "the group name" "maybe even a username" > > you should get some SIDs back. strip off all but the last RID, and do: > > lookupsids the-alias-rid the-group-rid maybe-even-the-username-rid > > you _should_ get the same alias, group and user names back, and it > _should_ identify them correctly by type as well (thanks to elrond for > that type patch!) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From fricke at team.owl-online.de Thu Jan 20 12:42:46 2000 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:28:07 2003 Subject: Domain Admin Message-ID: Hi there, I run Samba 2.04b as a PDC on newest Debian. Works very fine (congratulation to the Samba-Team). My question: I?m Domain-Admin an I have "Access all Areas". But all new files I generate are owned by root and my group. Is it possible to be Domain-Admin an the permissions are owner.group of my Account or must the owner be root? It?s because we want to have files owned by root if it?s nessecary not just when I touch a file in my homedir or in other directories. Any help would be appreciated Thanx -------------------------------------------------------------------------------------------------- Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.team.owl-online.de/ ...keep on headbangin? , that rocks!!! From lk at netuse.de Thu Jan 20 13:26:51 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:07 2003 Subject: [Fwd: Re: Can't access user settings] Message-ID: <38870D1B.4338043F@netuse.de> -------- Original Message -------- From: Lars Kneschke Subject: Re: Can't access user settings To: bobby@math01.cs.upd.edu.ph CC: Multiple recipients of list SAMBA-NTDOM bobby@math01.cs.upd.edu.ph wrote: > Can anyone who has success in this area help me, please? I have success. You can find my smb.conf at my homepage http://www.kneschke.de/projekte/samba_tng Also read the part about the installation. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Thu Jan 20 13:26:57 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:07 2003 Subject: [Fwd: Re: Error loading bin/libsmb.so?] Message-ID: <38870D21.DA14134A@netuse.de> -------- Original Message -------- From: Lars Kneschke Subject: Re: Error loading bin/libsmb.so? To: john.rooke@lpsystems.com CC: Multiple recipients of list SAMBA-NTDOM John Rooke wrote: > > I have downloaded, compiled and installed Samba TNG as of yesterday > evening, but keep getting the following kind of error message whenever I > try and run any Smba related programs: > > swat: error in loading shared libraries bin/libsmb.so: cannot open > shared object file: No such file or directory > > I know this is probably basic, but what environment variable do I need > to set to fix this. I have LD_LIBRARY_PATH=/opt/samba-tng and this does > not work. Please have a look at /source/bin. Copy all *.so-files from this directory to /opt/samba-tng/bin. Change into /opt/samba-tng. Now you can start your programms(example: bin/swat). Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Thu Jan 20 13:31:29 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:07 2003 Subject: [Fwd: [Fwd: Re: Error loading bin/libsmb.so?]] Message-ID: <38870E31.D28E7BA6@netuse.de> -------- Original Message -------- From: Lars Kneschke Subject: [Fwd: Re: Error loading bin/libsmb.so?] To: SAMBA-NTDOM -------- Original Message -------- From: Lars Kneschke Subject: Re: Error loading bin/libsmb.so? To: john.rooke@lpsystems.com CC: Multiple recipients of list SAMBA-NTDOM John Rooke wrote: > > I have downloaded, compiled and installed Samba TNG as of yesterday > evening, but keep getting the following kind of error message whenever I > try and run any Smba related programs: > > swat: error in loading shared libraries bin/libsmb.so: cannot open > shared object file: No such file or directory > > I know this is probably basic, but what environment variable do I need > to set to fix this. I have LD_LIBRARY_PATH=/opt/samba-tng and this does > not work. Please have a look at /source/bin. Copy all *.so-files from this directory to /opt/samba-tng/bin. Change into /opt/samba-tng. Now you can start your programms(example: bin/swat). Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From Alan.Hourihane at pinacl.co.uk Thu Jan 20 14:38:41 2000 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:28:07 2003 Subject: CVS from a specific date Message-ID: <01BF6354.0DACE2E0.Alan.Hourihane@pinacl.co.uk> Can anyone tell me how to retrieve the SAMBA_TNG tree from about November 14th 1999. Thanks. Alan. From lk at NetUSE.DE Thu Jan 20 14:42:43 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:07 2003 Subject: CVS from a specific date References: <01BF6354.0DACE2E0.Alan.Hourihane@pinacl.co.uk> Message-ID: <38871EE3.4FBA804C@NetUSE.DE> Alan Hourihane wrote: > > Can anyone tell me how to retrieve the SAMBA_TNG tree from > about November 14th 1999. -D 1999/11/14 Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From prophecy at hts-nightvision.com Thu Jan 20 15:44:17 2000 From: prophecy at hts-nightvision.com (Justace Clutter) Date: Tue Dec 2 02:28:07 2003 Subject: Profile Problem In-Reply-To: <20000118203236.A15264@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: Hey all, I know that this question has been beat to death on the list and the other related lists for samba. I have TNG doing login and the smbd and the nmbd from the MAIN branch. I have the settings in my smb.conf file as follows: netbios name = GATEWAY logon script = %U.bat logon path = \\GATEWAY\profile\%U domain logons = Yes The problem is when a user logs onto the system all the roving profile stuff is being stored in the users home directory. I have tryed variouns settings and perms on the directory but it always goes to the home directory. The system in question is a Win98 Machine. I dunno. Has anybody else had this problem? Justace From greg at discreet.com Thu Jan 20 15:42:14 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:07 2003 Subject: TNG and the IRIX linker Message-ID: Hi, I really do like the idea of using .so libraries EXCEPT the IRIX linker is not happy with the link line. This is due to the way the linker resolves symbols. Would it be possible to move the $(SAMBA_LIBS) variable to the end of the linkline? eg: current: bin/samrd: $(SAMBA_LIBS) $(SAMRD_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SAMBA_LIBS) $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) new: bin/samrd: $(SAMBA_LIBS) $(SAMRD_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) $(SAMBA_LIBS) Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From giulioo at pobox.com Thu Jan 20 15:59:09 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:28:07 2003 Subject: Profile Problem In-Reply-To: References: <20000118203236.A15264@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000120155924.59480887E@i3.golden.dom> On Fri, 21 Jan 2000 02:43:45 +1100, hai scritto: > netbios name = GATEWAY > logon script = %U.bat > logon path = \\GATEWAY\profile\%U > domain logons = Yes After some discussions on the samba list it seems that in an nt environment win9x's cannot put the profiles outside the homeshare. from samba-2.0.6 on "logon path" is completely ignored from win9x (samba correctly doesn't give it to them). You have these options: - logon home = \\GATEWAY\%U\profile --> profile in a subdir of the homedir, net use x: /home works. - logon home = \\GATEWAY\profile\%U --> profile outside of the homedir (as you were asking), net use x: /home maps to the profile share. Starting 2.0.6 win9x's receive just "logon home". -- giulioo@pobox.com From lkcl at samba.org Thu Jan 20 16:20:31 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: domain map group fail In-Reply-To: <200001200535.IAA05155@lasp.npi.msu.su> Message-ID: On Thu, 20 Jan 2000, Vladimir Stavrinov wrote: > On Thu, 20 Jan 2000 15:19:17 +1100 Luke Kenneth Casson Leighton wrote: > -------- > > > On Thu, 20 Jan 2000, Vladimir Stavrinov wrote: > > > > > On Thu, 20 Jan 2000 14:17:06 +1100 Luke Kenneth Casson Leighton wrote: > > > -------- > > > > > > > hi vladimir, > > > > > > > > the /etc/domaingroup.map file etc, it's world readable, right? this is > > > > > > Yes, I am aware of this. This configuration is not changing for an > > > year or more at all and I had no problems until start the TNG. > > > > argh. ok, can you try [latest cvs] again, and use rpcclient -S > > yoursambaserver -U% -l log and do the following commands: > > > > lsaquery > > enumusers > > enumgroups > > enumaliases > > > > then, pick an alias and a group that you _know is in the map files, and > > do: > > > > lookupnames "the alias name" "the group name" "maybe even a username" > > > > you should get some SIDs back. strip off all but the last RID, and do: > > > > lookupsids the-alias-rid the-group-rid maybe-even-the-username-rid > > > > you _should_ get the same alias, group and user names back, and it > > _should_ identify them correctly by type as well (thanks to elrond for > > that type patch!) > > adm="Domain Admins" > root=admin > > See output below from rpcclient: > > [root@lasp source]# rpcclient -S lasp -U root -l /tmp/log > Enter Password: > > [root@LASP]$ lsaquery > lsaquery > LSA Query Info Policy > Domain Member - Domain: L.A.S.P SID: S-1-5-21-3528327861-1831579209-8958510 > 24 > Domain Controller - Domain: LASP SID: S-1-5-21-3528327861-1831579209-895851024 ok, straight away, there is a problem, here. if your server is a PDC, you should have Domain:L.A.S.P and Dimain: L.A.S.P here. i checked your [slightly difficult to read] smb.conf file again, and you are missing "security = user" from it. i don't know what the default is, but this may be part of the problem. the default may be "security = share" which will certainly _not_ make you a PDC. the other issue may be that you are using a NetBIOS name with "."s in it. try changing this to one that hasn't (e.g LASPDOMAIN). try theses tests again with these changes. thx! From lkcl at samba.org Thu Jan 20 16:23:26 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: domain map group fail In-Reply-To: <200001200535.IAA05155@lasp.npi.msu.su> Message-ID: > /tmp/log is empty. You see: main answer is "Domain Admins" -> UNKNOWN > thats is because log.smb say parameter "domain group map" unknown... :-( /tmp/log will not exist. /tmp/log.client will be empty because you have specified "debug level = 0" in your smb.conf file, set this to 100 and you will get something. log.smb says "domain group map" unknown because you are using cvs main smbd, which knows absolutely nothing about this parameter, and i'm not going to be the one to make it know anything about this parameter, i'm not responsible for cvs main, only SAMBA_TNG. try cvs main only, and please consider doing a complete checkout, i _know_ that public cvs has problems once in a while. thx. luke From lkcl at samba.org Thu Jan 20 16:34:44 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: Accounts for Samba and Linux In-Reply-To: <3886D464.105FC6A2@hrzpub.tu-darmstadt.de> Message-ID: On Thu, 20 Jan 2000, Jens Wiesecke wrote: > Hi, > > I just started to build up a Samba-Server running under Linux (RH 6.1). > At the end I want to establish the Samba-Server as > BackupDomainController or PrimaryDomainContrioller of a NT 4.0 Domain. > In this context some security questions came up. They claimed that > _every_ NT-account must also have an Linux-account true. > and this would open > up some security holes in the NT-domain. bullshit. > Is it true that every Samba-user needs an Linux-account ? yes. > Note: > I don't think that an additional Linux-Account would open extra security > problems. I would just set /dev/none as default shell (and would have no > mail-, http-, telnet-, ftp- etc. server running). you answered your own question :) i'm sure that there are other people on the list who may have additional security suggestions for you. polite ones, please. From lkcl at samba.org Thu Jan 20 16:42:17 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: [SAMBA-TNG] watch out: new LDAP schema may be introduced soon Message-ID: some kind person has volunteered to work on an NT5 compatible LDAP schema. that means that everyone currently using SAMBA-TNG's "development" schema is going to either be left behind or have to convert. i just wanted to warn you _now_ before code starts to get committed. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 20 16:51:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: Error loading bin/libsmb.so? In-Reply-To: <3886E9EB.BA6E2DBC@lpsystems.com> Message-ID: hi john, that's my fault. you need to do bin/smbd bin/nmbd etc. is it normal for people to have LD_LIBRARY_PATH? On Thu, 20 Jan 2000, John Rooke wrote: > I have downloaded, compiled and installed Samba TNG as of yesterday > evening, but keep getting the following kind of error message whenever I > try and run any Smba related programs: > > swat: error in loading shared libraries bin/libsmb.so: cannot open > shared object file: No such file or directory > > I know this is probably basic, but what environment variable do I need > to set to fix this. I have LD_LIBRARY_PATH=/opt/samba-tng and this does > not work. > > Please help. > -- > John Rooke > Director > L&P Systems Limited > john.rooke@lpsystems.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 20 16:54:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: domain map group fail In-Reply-To: Message-ID: On Thu, 20 Jan 2000, Greg Dickie wrote: > > > Yes but he said its been working for a while UNTIL he switched to TNG. AFAIK > this world readable thing started in TNG - my old 2.1 PDC has the domain groups > in private. yeah. *sigh*. From nial at Cuckoo.kai.ru Thu Jan 20 07:15:31 2000 From: nial at Cuckoo.kai.ru (Igor Mammedov) Date: Tue Dec 2 02:28:07 2003 Subject: changing password from NT possible? Message-ID: <007301bf6316$23ac7bc0$01000100@nial> I can not change password from NT'sp5, it's write "user name or old password is incorrect". I'am not using plain password. What I do wrong! ---------------------------------------------------------------------------- --- smb.conf ------------ [global] ;debuglevel = 100 workgroup = AP3 server string = AP3 Server client code page = 866 log file = /var/log/samba/log.%m max log size = 50 security = user domain group map = /etc/domaingroup.map local group map = /etc/localgroup.map admin users = nial encrypt passwords = yes update encrypted = yes smb passwd file = /etc/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/smbusers socket options = TCP_NODELAY local master = yes os level = 95 domain master = yes preferred master = yes domain logons = yes logon script = startup.bat logon path = \\%L\Profiles\%U name resolve order = wins lmhosts bcast time server = yes wins support = yes preserve case = yes short preserve case = yes default case = upper case sensitive = no guest account = nobody #========= Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes hide dot files = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no [Profiles] path = /home/profiles browseable = no guest ok = no writable = yes From simsa at acu.edu Thu Jan 20 17:21:43 2000 From: simsa at acu.edu (April Sims) Date: Tue Dec 2 02:28:07 2003 Subject: Need Help with pam_ntdom compile. Message-ID: <4.2.0.58.20000120112029.00afa948@nicanor.acu.edu> When I run ./configure, make on the pam_smb and pam_ntdom I get an error for both of them: Fatal error in reader: Makefile, line 73: Unexpected end of line seen Same error but a different line for pam_smb. I am using gcc. Sorry Sam, I didn't realize that the reply was directly to you.... >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< April Sims MCSE, CNE Abilene Christian University Systems Administrator ACU Box 29005 Information Technology Abilene, TX 79699 simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< From lkcl at samba.org Thu Jan 20 17:23:28 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: CVS from a specific date In-Reply-To: <01BF6354.0DACE2E0.Alan.Hourihane@pinacl.co.uk> Message-ID: use -D "14 Nov 1999". On Fri, 21 Jan 2000, Alan Hourihane wrote: > Can anyone tell me how to retrieve the SAMBA_TNG tree from > about November 14th 1999. > > Thanks. > > Alan. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 20 17:26:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: TNG and the IRIX linker In-Reply-To: Message-ID: greg, see if the latest stuff works, i just added Elrond's VERY cool libtool patch. if it doesn't, send me a patch for Makefile.in. you do the work, i commit it :) thx! On Fri, 21 Jan 2000, Greg Dickie wrote: > > Hi, > > I really do like the idea of using .so libraries EXCEPT the IRIX linker is > not happy with the link line. This is due to the way the linker resolves > symbols. Would it be possible to move the $(SAMBA_LIBS) variable to the end of > the linkline? > > eg: > current: > bin/samrd: $(SAMBA_LIBS) $(SAMRD_OBJ) bin/.dummy > @echo Linking $@ > @$(CC) $(FLAGS) -o $@ $(SAMBA_LIBS) $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) > new: > bin/samrd: $(SAMBA_LIBS) $(SAMRD_OBJ) bin/.dummy > @echo Linking $@ > @$(CC) $(FLAGS) -o $@ $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) $(SAMBA_LIBS) > > > Thanks, > Greg > > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From kellermg at potsdam.edu Thu Jan 20 17:37:36 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:28:07 2003 Subject: Need Help with pam_ntdom compile. References: <4.2.0.58.20000120112029.00afa948@nicanor.acu.edu> Message-ID: <388747E0.D48BC6B0@potsdam.edu> What versions of pam_smb and pam_ntdom? April Sims wrote: > > When I run ./configure, make on the pam_smb and pam_ntdom > I get an error for both of them: > Fatal error in reader: Makefile, line 73: Unexpected end of line seen > Same error but a different line for pam_smb. > I am using gcc. > > Sorry Sam, I didn't realize that the reply was directly to you.... > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > April Sims MCSE, CNE Abilene Christian University > Systems Administrator ACU Box 29005 > Information Technology Abilene, TX 79699 > simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From john.rooke at lpsystems.com Thu Jan 20 17:25:59 2000 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:28:07 2003 Subject: Error loading bin/libsmb.so? References: Message-ID: <38874527.A18051E@lpsystems.com> Luke Kenneth Casson Leighton wrote: > is it normal for people to have LD_LIBRARY_PATH? No - that was just me in my ignorance trying to get it to work (and in the process confusing Samba with something else) - sorry for the confusion. I have it working now - I copied the two *.so files to /bin and all is OK. Keep up the good work! John. From greg at discreet.com Thu Jan 20 17:33:14 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:07 2003 Subject: TNG and the IRIX linker In-Reply-To: Message-ID: You should be comitted. Ha ha yuck yuck !!! I crack me up.... cvs update'ing now... Will it bust other UNIXes though? I can test linux. Thanks, Greg On 20-Jan-00 Luke Kenneth Casson Leighton wrote: > greg, see if the latest stuff works, i just added Elrond's VERY cool > libtool patch. > > if it doesn't, send me a patch for Makefile.in. you do the work, i commit > it :) thx! > > On Fri, 21 Jan 2000, Greg Dickie wrote: > >> >> Hi, >> >> I really do like the idea of using .so libraries EXCEPT the IRIX linker is >> not happy with the link line. This is due to the way the linker resolves >> symbols. Would it be possible to move the $(SAMBA_LIBS) variable to the end >> of >> the linkline? >> >> eg: >> current: >> bin/samrd: $(SAMBA_LIBS) $(SAMRD_OBJ) bin/.dummy >> @echo Linking $@ >> @$(CC) $(FLAGS) -o $@ $(SAMBA_LIBS) $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) >> new: >> bin/samrd: $(SAMBA_LIBS) $(SAMRD_OBJ) bin/.dummy >> @echo Linking $@ >> @$(CC) $(FLAGS) -o $@ $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) $(SAMBA_LIBS) >> >> >> Thanks, >> Greg >> >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet (the logic is gone) >> Montreal >> (514) 954-7171 >> greg@discreet.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Thu Jan 20 17:44:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: Error loading bin/libsmb.so? In-Reply-To: <38874527.A18051E@lpsystems.com> Message-ID: On Thu, 20 Jan 2000, John Rooke wrote: > Luke Kenneth Casson Leighton wrote: > > is it normal for people to have LD_LIBRARY_PATH? > > No - that was just me in my ignorance trying to get it to work (and in the > process confusing Samba with something else) - sorry for the confusion. > > I have it working now - I copied the two *.so files to /bin and all is OK. v. cool. *sigh* it's all just changed, again, with elrond's libtool patch :-) :-) elrond, you want to take centre stage and explain how this works? do we need LD_LIBRARY_PATH? how can i run it _without_ doing "make install" which i almost never do? From lkcl at samba.org Thu Jan 20 17:46:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: TNG and the IRIX linker In-Reply-To: Message-ID: On Thu, 20 Jan 2000, Greg Dickie wrote: > > You should be comitted. Ha ha yuck yuck !!! I crack me up.... cvs update'ing > now... *giggle* i don't fit into cvs repositories, i'm human, not code. > Will it bust other UNIXes though? I can test linux. > eeh, whadda_i_care? i'm just a poor, lowly samba developer. what do _i_ know about unix? From lkcl at samba.org Thu Jan 20 17:49:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: changing password from NT possible? In-Reply-To: <007301bf6316$23ac7bc0$01000100@nial> Message-ID: On Fri, 21 Jan 2000, Igor Mammedov wrote: > > I can not change password from NT'sp5, it's write "user name or old password > is incorrect". I'am not using plain password. i'll look at it when i get in to work, i'm still at home right now. i use SP6 and it works. also please report which version of samba you using. if SAMbA_TNG, please update to latest. thx. From lharold at mrc.uidaho.edu Thu Jan 20 17:51:17 2000 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:28:07 2003 Subject: Error loading bin/libsmb.so? In-Reply-To: ; from "Luke Kenneth Casson Leighton" at Jan 21, 100 3:53 am Message-ID: <200001201751.JAA20928@hydra.mrc.uidaho.edu> >is it normal for people to have LD_LIBRARY_PATH? I would say it is for anyone that is using anything more than a bare bones system. All my users get it set for them in /etc/profile and then additions are made to it in setups files that they source from their $HOME/.profile. Len From simsa at acu.edu Thu Jan 20 18:10:09 2000 From: simsa at acu.edu (April Sims) Date: Tue Dec 2 02:28:07 2003 Subject: Need Help with pam_ntdom compile. In-Reply-To: <388747E0.D48BC6B0@potsdam.edu> References: <4.2.0.58.20000120112029.00afa948@nicanor.acu.edu> Message-ID: <4.2.0.58.20000120115903.043704e8@nicanor.acu.edu> pam_ntdom v 0.23 pam_smb 1.1.5 > What versions of pam_smb and pam_ntdom? > >April Sims wrote: > > > > When I run ./configure, make on the pam_smb and pam_ntdom > > I get an error for both of them: > > Fatal error in reader: Makefile, line 73: Unexpected end of line seen > > Same error but a different line for pam_smb. > > I am using gcc. > > > > Sorry Sam, I didn't realize that the reply was directly to you.... > > > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > > April Sims MCSE, CNE Abilene Christian University > > Systems Administrator ACU Box 29005 > > Information Technology Abilene, TX 79699 > > simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > > >-- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia >State University of New York at Potsdam > >Web: http://mattwork.potsdam.edu/ >PGP: http://mattwork.potsdam.edu/crypto/ April Sims Systems and Operations x2681 From Elrond at Wunder-Nett.org Thu Jan 20 18:16:49 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:07 2003 Subject: Error loading bin/libsmb.so? In-Reply-To: ; from Luke Kenneth Casson Leighton on Fri, Jan 21, 2000 at 05:04:28AM +1100 References: <38874527.A18051E@lpsystems.com> Message-ID: <20000120191649.A19714@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jan 21, 2000 at 05:04:28AM +1100, Luke Kenneth Casson Leighton wrote: > On Thu, 20 Jan 2000, John Rooke wrote: > > > Luke Kenneth Casson Leighton wrote: > > > is it normal for people to have LD_LIBRARY_PATH? > > > > No - that was just me in my ignorance trying to get it to work (and in the > > process confusing Samba with something else) - sorry for the confusion. > > > > I have it working now - I copied the two *.so files to /bin and all is OK. > > v. cool. *sigh* it's all just changed, again, with elrond's libtool patch > :-) :-) > > elrond, you want to take centre stage and explain how this works? do we > need LD_LIBRARY_PATH? Yeah, I will explain a bit down under. > how can i run it _without_ doing "make install" which i almost never do? So it works for you _after_ "make install" ? (Okay... I can reproduce the problem in the build-tree now here too... I'll check... [*hoping, not _again_ a bug in libtool*]) Okay: If I got all right, nobody should realy notice, that we ever switched to shared libraries. The binaries have compiled in, where the libraries are. You realy should be able to just do something like /usr/local/samba/bin/smbd -D in your start-up-scripts. No need for LD_LIBRAR_PATH, no need to be in the right directory, no need to add /usr/local/samba/lib to your shared-libraries-loaders configuration. libtool is just a big hack, that was filled with a lot of knowledge about shared libraries on various systems. So it should now build and properly use shared library system on nearly any system, that supports them. If you don't want shared libraries (for what ever reason), you can do "./configure --disable-shared". One _realy_ good reason for doing this is, if you want to mix versions from TNG. (like samrd from today, rpcclient from tomorrow) Hope, that helps. Elrond From chriseli at hh.bc.ca Thu Jan 20 19:20:50 2000 From: chriseli at hh.bc.ca (Chriseli de Rama) Date: Tue Dec 2 02:28:07 2003 Subject: changing password from NT possible? In-Reply-To: Message-ID: Hi Igor, 2.0.5a works and our users can change passwords from NT boxes when our NTs were still on SP5. Check your chat script on smb.conf and make sure it's matches what your passwd program does. If your Samba Server sits on a Linux box (RH in my case) it would help if you limit your password length to 6 <= passwd <= 8. Chriseli On Fri, 21 Jan 2000, Luke Kenneth Casson Leighton wrote: > On Fri, 21 Jan 2000, Igor Mammedov wrote: > > > > > I can not change password from NT'sp5, it's write "user name or old password > > is incorrect". I'am not using plain password. > > i'll look at it when i get in to work, i'm still at home right now. i use > SP6 and it works. > > also please report which version of samba you using. if SAMbA_TNG, please > update to latest. > > thx. > > From lkcl at samba.org Thu Jan 20 19:22:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:07 2003 Subject: Need Help with pam_ntdom compile. In-Reply-To: <4.2.0.58.20000120115903.043704e8@nicanor.acu.edu> Message-ID: hi, use pam_ntdom v 0.24, please. On Fri, 21 Jan 2000, April Sims wrote: > pam_ntdom v 0.23 > pam_smb 1.1.5 > > > > What versions of pam_smb and pam_ntdom? > > > >April Sims wrote: > > > > > > When I run ./configure, make on the pam_smb and pam_ntdom > > > I get an error for both of them: > > > Fatal error in reader: Makefile, line 73: Unexpected end of line seen > > > Same error but a different line for pam_smb. > > > I am using gcc. > > > > > > Sorry Sam, I didn't realize that the reply was directly to you.... > > > > > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > > > April Sims MCSE, CNE Abilene Christian University > > > Systems Administrator ACU Box 29005 > > > Information Technology Abilene, TX 79699 > > > simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 > > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > > > > > >-- > > > > - Matthew Keller - > > Lead Programmer/Analyst > > Distributed Computing and Telemedia > >State University of New York at Potsdam > > > >Web: http://mattwork.potsdam.edu/ > >PGP: http://mattwork.potsdam.edu/crypto/ > > April Sims > Systems and Operations > x2681 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From simsa at acu.edu Thu Jan 20 20:17:14 2000 From: simsa at acu.edu (April Sims) Date: Tue Dec 2 02:28:08 2003 Subject: Need Help with pam_ntdom compile. In-Reply-To: References: <4.2.0.58.20000120115903.043704e8@nicanor.acu.edu> Message-ID: <4.2.0.58.20000120141510.00afa5a0@nicanor.acu.edu> This is what happened with v 0.24 *** Building pam-ntdom(alpha) module of the framework... Contact: lkcl@samba.org gcc -O2 -DHAVE_CONFIG_H -fPIC -DSCONFIGED=\"/etc/security/\" -DDEBUG_PASSWORD -I./lib/include -I./lib/rpc/include -I./rpc_validate -c rpc_validate.c -o dynamic/rpc_validate.o rpc_validate.c: In function `client_connect': rpc_validate.c:62: parse error before `(' rpc_validate.c:67: parse error before `(' rpc_validate.c: In function `Valid_User': rpc_validate.c:92: parse error before `(' rpc_validate.c: In function `domain_client_validate': rpc_validate.c:170: parse error before `(' rpc_validate.c:198: parse error before `(' rpc_validate.c:219: parse error before `(' rpc_validate.c:230: parse error before `(' rpc_validate.c:246: parse error before `(' make: *** [dynamic/rpc_validate.o] Error 1 >hi, use pam_ntdom v 0.24, please. > >On Fri, 21 Jan 2000, April Sims wrote: > > > pam_ntdom v 0.23 > > pam_smb 1.1.5 > > > > > > > What versions of pam_smb and pam_ntdom? > > > > > >April Sims wrote: > > > > > > > > When I run ./configure, make on the pam_smb and pam_ntdom > > > > I get an error for both of them: > > > > Fatal error in reader: Makefile, line 73: Unexpected end of line seen > > > > Same error but a different line for pam_smb. > > > > I am using gcc. > > > > > > > > Sorry Sam, I didn't realize that the reply was directly to you.... > > > > > > > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > > > > April Sims MCSE, CNE Abilene Christian University > > > > Systems Administrator ACU Box 29005 > > > > Information Technology Abilene, TX 79699 > > > > simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 > > > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > > > > > > > > >-- > > > > > > - Matthew Keller - > > > Lead Programmer/Analyst > > > Distributed Computing and Telemedia > > >State University of New York at Potsdam > > > > > >Web: http://mattwork.potsdam.edu/ > > >PGP: http://mattwork.potsdam.edu/crypto/ > > > > April Sims > > Systems and Operations > > x2681 > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals April Sims Systems and Operations x2681 From lkcl at samba.org Thu Jan 20 20:38:46 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: Need Help with pam_ntdom compile. In-Reply-To: <4.2.0.58.20000120141510.00afa5a0@nicanor.acu.edu> Message-ID: yep. edit lib/ninclude/smb.h, do #define DEBUG_HDR() 1. or use cvs to obtain latest. On Fri, 21 Jan 2000, April Sims wrote: > This is what happened with v 0.24 > > *** Building pam-ntdom(alpha) module of the framework... > Contact: lkcl@samba.org > > gcc -O2 -DHAVE_CONFIG_H -fPIC -DSCONFIGED=\"/etc/security/\" > -DDEBUG_PASSWORD -I./lib/include -I./lib/rpc/include -I./rpc_validate -c > rpc_validate.c -o dynamic/rpc_validate.o > rpc_validate.c: In function `client_connect': > rpc_validate.c:62: parse error before `(' > rpc_validate.c:67: parse error before `(' > rpc_validate.c: In function `Valid_User': > rpc_validate.c:92: parse error before `(' > rpc_validate.c: In function `domain_client_validate': > rpc_validate.c:170: parse error before `(' > rpc_validate.c:198: parse error before `(' > rpc_validate.c:219: parse error before `(' > rpc_validate.c:230: parse error before `(' > rpc_validate.c:246: parse error before `(' > make: *** [dynamic/rpc_validate.o] Error 1 > > > >hi, use pam_ntdom v 0.24, please. > > > >On Fri, 21 Jan 2000, April Sims wrote: > > > > > pam_ntdom v 0.23 > > > pam_smb 1.1.5 > > > > > > > > > > What versions of pam_smb and pam_ntdom? > > > > > > > >April Sims wrote: > > > > > > > > > > When I run ./configure, make on the pam_smb and pam_ntdom > > > > > I get an error for both of them: > > > > > Fatal error in reader: Makefile, line 73: Unexpected end of line seen > > > > > Same error but a different line for pam_smb. > > > > > I am using gcc. > > > > > > > > > > Sorry Sam, I didn't realize that the reply was directly to you.... > > > > > > > > > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > > > > > April Sims MCSE, CNE Abilene Christian University > > > > > Systems Administrator ACU Box 29005 > > > > > Information Technology Abilene, TX 79699 > > > > > simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 > > > > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > > > > > > > > > > > >-- > > > > > > > > - Matthew Keller - > > > > Lead Programmer/Analyst > > > > Distributed Computing and Telemedia > > > >State University of New York at Potsdam > > > > > > > >Web: http://mattwork.potsdam.edu/ > > > >PGP: http://mattwork.potsdam.edu/crypto/ > > > > > > April Sims > > > Systems and Operations > > > x2681 > > > > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > April Sims > Systems and Operations > x2681 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From imak at bellatlantic.net Thu Jan 20 20:15:33 2000 From: imak at bellatlantic.net (Ivan Makfinsky) Date: Tue Dec 2 02:28:08 2003 Subject: subscribe Message-ID: <000101bf6387$94cd98e0$1174c897@reybomb.com> subscribe imak@bellatlantic.net -------------- next part -------------- HTML attachment scrubbed and removed From lkcl at samba.org Thu Jan 20 21:27:27 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: [SAMBA_TNG] netlogond implementation flaw Message-ID: i created a credential-store database for internal use in samba to fix the case where an SMB connection is dropped and reestablished in between NetrReqChal / NetrAuth2 and NetrSamLogons. the database key is "workstation name\0domain name". this is insufficient. consider the case where two users of rpcclient log in from the same workstation, or two smbd processes wish to verify users' passwords. both will use the same database key, and one will overwrite the other's credentials, including the session key. i have a solution: use the pid of the smbd process or rpcclient process in the database key. symptoms: erratic access to SAMBA_TNG files and erratic login access. give me a few hours to fix this. thx, luke From ed at schernau.com Thu Jan 20 23:34:03 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:28:08 2003 Subject: OT: SCO VisionFS Q Message-ID: <38879B6B.C90ECD7B@schernau.com> Apologies, I'll be brief. I've got an obscure VisionFS question, for you SCO-heads out there. -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From lkcl at samba.org Fri Jan 21 00:59:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: [SAMBA_TNG] netlogond implementation flaw In-Reply-To: Message-ID: OK, i fixed it. for details, please check http://samba.org/listproc/samba-cvs. this was _really_ obscure, but fortunately i was expecting there to be this kind of problem, so i knew what was wrong from the reliability failure symptoms. NOTE NOTE NOTE to cvs main / samba_tng users: give me a couple of hours to go home, update the portable, get some food, and then update cvs main's msrpc loopback interface to be compatible with the samba_tng changes i just had to make. luke On Fri, 21 Jan 2000, Luke Kenneth Casson Leighton wrote: > i created a credential-store database for internal use in samba to fix the > case where an SMB connection is dropped and reestablished in between > NetrReqChal / NetrAuth2 and NetrSamLogons. > > the database key is "workstation name\0domain name". > > this is insufficient. > > consider the case where two users of rpcclient log in from the same > workstation, or two smbd processes wish to verify users' passwords. both > will use the same database key, and one will overwrite the other's > credentials, including the session key. > > i have a solution: use the pid of the smbd process or rpcclient process in > the database key. > > symptoms: erratic access to SAMBA_TNG files and erratic login access. > > give me a few hours to fix this. > > thx, > > luke > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From frampton at j-com.co.jp Fri Jan 21 05:40:39 2000 From: frampton at j-com.co.jp (Steve Frampton) Date: Tue Dec 2 02:28:08 2003 Subject: Machine accounts? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello: I set up a Samba-based secondary domain controller yesterday (by following the directions in the excellent document at http://www.linuxworld.com/linuxworld/lw-1999-05/lw-05-thereandback.html). I have a couple of questions: - - Can a domain name not be the same as the machine name? I had set up my system as "TokyoTest" and my NT domain/workgroup as "TokyoTest" and scratched my head for hours, wondering why nothing was working. I then happened to try it with a different workgroup name, and it worked fine. - - I'm a little confused about machine accounts. For testing, I used a laptop running Win95 whose machine name was set to "User63". Therefore, I set up a User63$ account in /etc/passwd: USER63$:x:803:800:NT dummy account:/dev/null:/bin/false and then used "smbpasswd -a -m USER63" to create the corresponding entry in /etc/smbpasswd. I was under the impression that one was needed in order for authentication to work. However, after my laptop died this afternoon, I grabbed another one, and was able to get authenticated. So - -- can I just forget about the bother of creating about a hundred machine accounts then? :-) - - I'm preparing to set up a Netatalk service with the same file shares as offered by Samba. Is there something I should be aware of with regard to domain controller? I've done this (Samba/Netatalk combo) before, but I've never had to set up a domain controller before. Thanks in advance... - --------------< LINUX: The choice of a GNU generation. >-------------- Steve Frampton Japan Communications, Inc. Software Developer/Systems Administrator http://www.j-com.co.jp/ GNU Privacy Guard ID: D055EBC5 (see http://www.gnupg.org for details) GNU-PG Fingerprint: EEFB F03D 29B6 07E8 AF73 EF6A 9A72 F1F5 D055 EBC5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4h/FbmnLx9dBV68URAhLUAKCQ+rVQW+3k7Rfvp/o5yO/eWUIimACfc4ox 2aww6cbVIyvY476CMeOlqow= =5ne3 -----END PGP SIGNATURE----- From lonnie at borntreger.com Fri Jan 21 05:37:30 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:28:08 2003 Subject: Error loading bin/libsmb.so? In-Reply-To: <20000120191649.A19714@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <000201bf63d1$9ca16200$0500000a@borntreger.com> > -----Original Message----- > Elrond > If I got all right, nobody should realy notice, that we > ever switched to shared libraries. > The binaries have compiled in, where the libraries are. You > realy should be able to just do something like > /usr/local/samba/bin/smbd -D > in your start-up-scripts. > > No need for LD_LIBRAR_PATH, no need to be in the right > directory, no need to add /usr/local/samba/lib to your > shared-libraries-loaders configuration. It's beautiful. I'm tearing up just thinking about how nicely it compiled, installed and ran. :) Lonnie From gleblanc at cu-portland.edu Fri Jan 21 06:54:23 2000 From: gleblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:08 2003 Subject: FWD:Machine accounts? Message-ID: <3888029F.3A209089@cu-portland.edu> samba-ntdom@samba.org wrote: > > Subject: Machine accounts? > Date: Fri, 21 Jan 2000 16:55:01 +1100 > From: Steve Frampton > To: Multiple recipients of list SAMBA-NTDOM > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello: > > I set up a Samba-based secondary domain controller yesterday (by following > the directions in the excellent document at > http://www.linuxworld.com/linuxworld/lw-1999-05/lw-05-thereandback.html). I > have a couple of questions: > > - - Can a domain name not be the same as the machine name? I had set up my > system as "TokyoTest" and my NT domain/workgroup as "TokyoTest" and > scratched my head for hours, wondering why nothing was working. I then > happened to try it with a different workgroup name, and it worked fine. Generally, I'd say not. I've never tried, because I want my server to be SERVER, and my domain to be DOMAIN. (just examples). A domain can encompas much more than just a single machine, indeed, that is the purpose of having a domain. It allows password database replication across multiple servers, and gives NT machines a central database to confirm names and passwords. > > - - I'm a little confused about machine accounts. For testing, I used a > laptop running Win95 whose machine name was set to "User63". Therefore, I > set up a User63$ account in /etc/passwd: > > USER63$:x:803:800:NT dummy account:/dev/null:/bin/false > > and then used "smbpasswd -a -m USER63" to create the corresponding entry > in /etc/smbpasswd. I was under the impression that one was needed in > order for authentication to work. However, after my laptop died this > afternoon, I grabbed another one, and was able to get authenticated. So > - -- can I just forget about the bother of creating about a hundred machine > accounts then? :-) Machine accounts are only needed for NT machines, as per the way that the "real" NT does things. Win9x machines don't need accounts in the domain to function. > > - - I'm preparing to set up a Netatalk service with the same file shares as > offered by Samba. Is there something I should be aware of with regard to > domain controller? I've done this (Samba/Netatalk combo) before, but I've > never had to set up a domain controller before. Sorry, can't help you there, I don't even know that Netatalk is. Sounds Mac ish, which just isn't me. Greg From Herve.Cimadomo at imag.fr Fri Jan 21 07:02:07 2000 From: Herve.Cimadomo at imag.fr (CIMADOMO =?iso-8859-1?Q?herv=E9?=) Date: Tue Dec 2 02:28:08 2003 Subject: Samba TNG webpages References: <38765CF3.53D26E4F@kneschke.de> Message-ID: <3888046F.690ACB16@imag.fr> very good !! thank. one remarque: explain what mean TNG ... Lars Kneschke wrote: > > Hello! > > I have updated my samba tng webpages. Kevin Colby was so nice, to help > me with the spelling. .de is germany! :-) > He had not yet checked the new webpages. So the english may not be > perfect on this pages. > > Can the gurus please also check this pages? Maybe something is wrong. > > http://www.kneschke.de/projekte/samba_tng/index.php3 > > Cu > -- > > Do you like Samba? > Do you know KSamba? > Try http://www.ksamba.org!! > Or watch our other projects at http://www.kneschke.de/projekte! -- Herve Cimadomo Email: Herve.Cimadomo@imag.fr LSR ACTIMART, bat 8, avenue de Vignate 38610 Gieres tel : 04.76.63.34.61 From TWinterling at laserhost-gmbh.de Fri Jan 21 07:14:24 2000 From: TWinterling at laserhost-gmbh.de (Tobias Winterling) Date: Tue Dec 2 02:28:08 2003 Subject: OS change Message-ID: <71F81B28E32ED31197A400105AD74A75147C@nt_srv1> Hello all, i have a little question about our Samba system. Our clients used in the past Win95 as there OS. Now we have changed to Win98(WinNT). Now i can?t look in with the explorer. I get the message that me password is not right. I have also swat running. Is it possible to change there some things in the smb.conf? regards for any information Tobias Winterling From j_wiese at hrzpub.tu-darmstadt.de Fri Jan 21 08:28:49 2000 From: j_wiese at hrzpub.tu-darmstadt.de (Jens Wiesecke) Date: Tue Dec 2 02:28:08 2003 Subject: Profile Problem References: Message-ID: <388818C1.49CC269A@hrzpub.tu-darmstadt.de> Justace Clutter schrieb: > Hey all, > > I know that this question has been beat to death on the list and the > other related lists for samba. I have TNG doing login and the smbd and > the nmbd from the MAIN branch. I have the settings in my smb.conf file as > follows: > > netbios name = GATEWAY > logon script = %U.bat > logon path = \\GATEWAY\profile\%U > domain logons = Yes > > The problem is when a user logs onto the system all the roving profile > stuff is being stored in the users home directory. I have tryed variouns > settings and perms on the directory but it always goes to the home > directory. The system in question is a Win98 Machine. I dunno. Has > anybody else had this problem? > > Justace I'm new to Samba, so I don't now if there is a Samba-based solution. But I had the same problem running Win9x in a NT 4.0 Domain. I found a solution to this by doing the following: 1. disable raoming profiles on the _Win9x_-machine (2. creating a profile-drectory for each domain-user on the NT PDC) 3. telling all the Win9x-Clients where to put the Profiles on the PDC (it's a Registry-Hack described in the M$ literature for Win95) I did this one year ago, so I have to look if I can find the literature again (now, I have no Win9x-clients anymore). If anybody is interested in it, I would just post it to samba-ntdom@samba.org Attention: Be careful with the Administrator's-profile. It is possible, that the Administrator's-profile is corrupted, so you can't logon to the PDC anymore. -- Jens Wiesecke Institut f?r Makromolekulare Chemie AK Prof. Dr. Rehahn Petersenstr. 22 64287 Darmstadt E-Mail: j_wiese@hrzpub.tu-darmstadt.de From jgalsgaa at bellesystems.com Fri Jan 21 10:38:19 2000 From: jgalsgaa at bellesystems.com (Jens Galsgaard) Date: Tue Dec 2 02:28:08 2003 Subject: OS change References: <71F81B28E32ED31197A400105AD74A75147C@nt_srv1> Message-ID: <3888371B.38A1B93A@bellesystems.com> Hi Tobias You have to set 'encrypt passwords = Yes' in the smb.conf file. Or you have to change all workstations to use plaintext passwords. //Jens Tobias Winterling wrote: > Hello all, > > i have a little question about our Samba system. > Our clients used in the past Win95 as there OS. Now we have changed to > Win98(WinNT). > Now i can?t look in with the explorer. I get the message that me > password is not right. > I have also swat running. Is it possible to change there some things in > the smb.conf? > > regards for any information > > Tobias Winterling > > -- Jens Galsgaard -------------- next part -------------- HTML attachment scrubbed and removed From lk at NetUSE.DE Fri Jan 21 09:28:18 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:08 2003 Subject: Samba TNG webpages References: <38765CF3.53D26E4F@kneschke.de> <3888046F.690ACB16@imag.fr> Message-ID: <388826B2.7413B2C6@NetUSE.DE> CIMADOMO herv? wrote: > > very good !! > > thank. > > one remarque: > explain what mean TNG ... > Yes. Jens Skripczynski has send me already such pages. I'll update them at the weekend, but today we have a inhouse fair. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 1247 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000121/2af15fb1/smime.bin From sharpe at ns.aus.com Thu Jan 20 08:59:11 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:08 2003 Subject: Machine accounts? In-Reply-To: Message-ID: <3.0.6.32.20000120185911.009a4b50@mail.adelaide.on.net> At 04:54 PM 1/21/00 +1100, Steve Frampton wrote: >- - Can a domain name not be the same as the machine name? I had set up my >system as "TokyoTest" and my NT domain/workgroup as "TokyoTest" and >scratched my head for hours, wondering why nothing was working. I then >happened to try it with a different workgroup name, and it worked fine. The machine name and the domain name are NetBIOS names. There can only be one instance of a NetBIOS name in the network, and the machine name will be registered first, when Samba comes up, I think. Certainly, that will be the case with Windows ... If you do 'nmblookup -S ' you will find that is registered as a group name of type <00>. Thus you cannot have both a machine name and a domain name with the same name! Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From vs at lasp.npi.msu.su Fri Jan 21 12:55:45 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:08 2003 Subject: domain map group fail In-Reply-To: Your message of "Fri, 21 Jan 2000 03:20:31 +1100." Message-ID: <200001211255.PAA10765@lasp.npi.msu.su> On Fri, 21 Jan 2000 03:20:31 +1100 Luke Kenneth Casson Leighton wrote: -------- > > ok, straight away, there is a problem, here. if your server is a PDC, you > should have Domain:L.A.S.P and Dimain: L.A.S.P here. > What is "Dimain"? > i checked your [slightly difficult to read] smb.conf file again, and you > are missing "security = user" from it. i don't know what the default is, > but this may be part of the problem. > > the default may be "security = share" which will certainly _not_ make you > a PDC. > No. "security = user" is by default. But I will write this explicitly in smb.conf in any way. > the other issue may be that you are using a NetBIOS name with "."s in it. > try changing this to one that hasn't (e.g LASPDOMAIN). > Doubt. Why this was not cause any problems before? More over, even now, this is recognized by samba as domain name, what can be seen in many massages from different pieces of software and at length, I can log-in to domain as ordinary user. Nevertheless, may by You know better and if I will change domain name, this will be as last resort. Thanks for support. From vs at lasp.npi.msu.su Fri Jan 21 12:55:50 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:08 2003 Subject: domain map group fail In-Reply-To: Your message of "Fri, 21 Jan 2000 03:27:55 +1100." Message-ID: <200001211255.PAA10774@lasp.npi.msu.su> On Fri, 21 Jan 2000 03:27:55 +1100 Luke Kenneth Casson Leighton wrote: -------- > > /tmp/log is empty. You see: main answer is "Domain Admins" -> UNKNOWN > > thats is because log.smb say parameter "domain group map" unknown... :-( > > /tmp/log will not exist. /tmp/log.client will be empty because you have > specified "debug level = 0" in your smb.conf file, set this to 100 and you > will get something. No. First, directory /tmp/log exist as I have created it by hand. Next, I have switched debug level to 100 for a while of this test > > log.smb says "domain group map" unknown because you are using cvs main > smbd, which knows absolutely nothing about this parameter, and i'm not > going to be the one to make it know anything about this parameter, i'm not > responsible for cvs main, only SAMBA_TNG. > If so, how it's possible to make the tandem HEAD+TNG working, I mean, log-in to domain as domain admin, as my TNG only don't working now at all? > try cvs main only, and please consider doing a complete checkout, i _know_ > that public cvs has problems once in a while. This take lot of time, because of huge traffic and cvs frequent abnormal termination due to something like "unexpected end of file received from server". In such circumstances I compelled run cycle like this until cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba > /tmp/samba-cvs.log 2>&1; do rm -fr samba; done & and wait it's and for a day or more... From giulioo at pobox.com Fri Jan 21 13:09:31 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:28:08 2003 Subject: OS change In-Reply-To: <71F81B28E32ED31197A400105AD74A75147C@nt_srv1> References: <71F81B28E32ED31197A400105AD74A75147C@nt_srv1> Message-ID: <20000121131057.9EF9588DE@i3.golden.dom> On Fri, 21 Jan 2000 18:18:05 +1100, hai scritto: >Now i can?t look in with the explorer. I get the message that me >password is not right. Read ENCRYPTION.txt in the samba docs. Then either enable encryption on samba or disable it on win98/nt. -- giulioo@pobox.com From vs at lasp.npi.msu.su Fri Jan 21 14:11:31 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:08 2003 Subject: domain map group fail In-Reply-To: Your message of "Sat, 22 Jan 2000 00:01:50 +1100." <200001211255.PAA10774@lasp.npi.msu.su> Message-ID: <200001211411.RAA11174@lasp.npi.msu.su> On Sat, 22 Jan 2000 00:01:50 +1100 Vladimir Stavrinov wrote: -------- > On Fri, 21 Jan 2000 03:27:55 +1100 Luke Kenneth Casson Leighton wrote: > -------- > > > > log.smb says "domain group map" unknown because you are using cvs main > > smbd, which knows absolutely nothing about this parameter, and i'm not > > going to be the one to make it know anything about this parameter, i'm not > > responsible for cvs main, only SAMBA_TNG. > > > > If so, how it's possible to make the tandem HEAD+TNG working, I mean, log-in > to domain as domain admin, as my TNG only don't working now at all? > I have tried to solve this problem with username map = /etc/domainuser.map admin users = root in smb.conf and root=admin in domainuser.map, it cause possible to login with username "admin" from linux smbclient but not from NT. I still can login form NT as root, but without administrative rights ( I mean domain admin, not local ). Oh, all this are wired, not right and useless :-( From Elrond at Wunder-Nett.org Fri Jan 21 15:08:10 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:08 2003 Subject: domain map group fail In-Reply-To: <200001211255.PAA10765@lasp.npi.msu.su>; from Vladimir Stavrinov on Fri, Jan 21, 2000 at 11:58:40PM +1100 References: <200001211255.PAA10765@lasp.npi.msu.su> Message-ID: <20000121160809.A14842@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jan 21, 2000 at 11:58:40PM +1100, Vladimir Stavrinov wrote: > On Fri, 21 Jan 2000 03:20:31 +1100 Luke Kenneth Casson Leighton wrote: > -------- > > > > > ok, straight away, there is a problem, here. if your server is a PDC, you > > should have Domain:L.A.S.P and Dimain: L.A.S.P here. > > > > What is "Dimain"? "Domain". Luke wanted to say, that your output should look like this one: LSA Query Info Policy Domain Member - Domain: TEST SID: S-1-5-33-552317002-3460912474-1716743274 Domain Controller - Domain: TEST SID: S-1-5-33-552317002-3460912474-1716743274 where both are the same. > > i checked your [slightly difficult to read] smb.conf file again, and you > > are missing "security = user" from it. i don't know what the default is, > > but this may be part of the problem. > > > > the default may be "security = share" which will certainly _not_ make you > > a PDC. > > > > No. "security = user" is by default. But I will write this explicitly in > smb.conf in any way. And you also got samba to join its own domain? (There was a problem here, maybe you want to rejoin it.) > > the other issue may be that you are using a NetBIOS name with "."s in it. > > try changing this to one that hasn't (e.g LASPDOMAIN). > > I've seen Domains called "SOME.DOM" on nt-only networks. So that should work. Elrond From lkcl at samba.org Fri Jan 21 15:21:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: Machine accounts? In-Reply-To: Message-ID: > - - Can a domain name not be the same as the machine name? I had set up my > system as "TokyoTest" and my NT domain/workgroup as "TokyoTest" and > scratched my head for hours, wondering why nothing was working. I then > happened to try it with a different workgroup name, and it worked fine. no. > - - I'm a little confused about machine accounts. For testing, I used a > laptop running Win95 whose machine name was set to "User63". Therefore, I > set up a User63$ account in /etc/passwd: they are called trust accounts. read NT documentation and the samba list archives for info on what and why of trust accounts. the samba archives probably contain more info than the NT docs. > - - I'm preparing to set up a Netatalk service with the same file shares as > offered by Samba. Is there something I should be aware of with regard to > domain controller? I've done this (Samba/Netatalk combo) before, but I've yes. you know about Unix? well, you also need to know about NT, now. and you also need to know what samba's equivalency from NT to Unix is, and what samba's feature set is (what's supported and what isn't). this list's as good a place to start as any. good luck! luke From lkcl at samba.org Fri Jan 21 15:24:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: Samba TNG webpages In-Reply-To: <3888046F.690ACB16@imag.fr> Message-ID: > one remarque: > explain what mean TNG ... i haven't quite decided between "this no good" or "the next generation" From lkcl at samba.org Fri Jan 21 15:42:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: domain map group fail In-Reply-To: <200001211255.PAA10774@lasp.npi.msu.su> Message-ID: On Fri, 21 Jan 2000, Vladimir Stavrinov wrote: > On Fri, 21 Jan 2000 03:27:55 +1100 Luke Kenneth Casson Leighton wrote: > -------- > > > > /tmp/log is empty. You see: main answer is "Domain Admins" -> UNKNOWN > > > thats is because log.smb say parameter "domain group map" unknown... :-( > > > > /tmp/log will not exist. /tmp/log.client will be empty because you have > > specified "debug level = 0" in your smb.conf file, set this to 100 and you > > will get something. > > No. First, directory /tmp/log exist as I have created it by hand. Next, I > have switched debug level to 100 for a while of this test the -l log option is a file, not a directory, that is appended with ".client". > > smbd, which knows absolutely nothing about this parameter, and i'm not > > going to be the one to make it know anything about this parameter, i'm not > > responsible for cvs main, only SAMBA_TNG. > > > > If so, how it's possible to make the tandem HEAD+TNG working, I mean, log-in > to domain as domain admin, as my TNG only don't working now at all? i fixed an obscure bug, yesterday. > > try cvs main only, and please consider doing a complete checkout, i _know_ > > that public cvs has problems once in a while. > > This take lot of time, because of huge traffic and cvs frequent abnormal > termination due to something like "unexpected end of file received from > server". In such circumstances I compelled run cycle like this > > until cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba > /tmp/samba-cvs.log > 2>&1; do rm -fr samba; done & > > and wait it's and for a day or more... try this, if you get bored waiting for this to run, which me? i certainly do!!!!!! mkdir samba-main cd samba-main cvs co samba/source mv samba/* . rm -f samba cd .. mkdir samba-tng cd samba-tng cvs co -r SAMBA_TNG samba/source mv samba/* . rm -f samba why do this? because i like to see samba-main/source and samba-tng/source, not samba-tng1/samba/source, samba-tng/samba/source, samba_2_0/samba/source blahblahblah it gets boring and does my wrists in. From lkcl at samba.org Fri Jan 21 15:44:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: domain map group fail In-Reply-To: <200001211255.PAA10765@lasp.npi.msu.su> Message-ID: On Fri, 21 Jan 2000, Vladimir Stavrinov wrote: > On Fri, 21 Jan 2000 03:20:31 +1100 Luke Kenneth Casson Leighton wrote: > -------- > > > > > ok, straight away, there is a problem, here. if your server is a PDC, you > > should have Domain:L.A.S.P and Dimain: L.A.S.P here. > > > > What is "Dimain"? that's me on a 3k/s modem ssh link to australia with 15-20second refresh speed on my screen from keyboard, it's too much effort to correct it to "Domain". > Doubt. Why this was not cause any problems before? More over, even now, this > is recognized by samba as domain name, what can be seen in many massages from > different pieces of software and at length, I can log-in to domain as ordinary > user. Nevertheless, may by You know better and if I will change domain name, > this will be as last resort. vladimir, try latest cvs, i fixed an obscure but important bug. From norm at city.ac.uk Fri Jan 21 15:56:59 2000 From: norm at city.ac.uk (NoRM) Date: Tue Dec 2 02:28:08 2003 Subject: Samba TNG webpages (and FAQ) In-Reply-To: Message-ID: As long it doesn't become "Samba - the choice for the Unix generation." :) Incidentally, the samba.org webpages still have a 'NT domain FAQ' which was last updated in *March '99*. If no-one is likely to keep it up to date shouldn't it at least be marked as out-of-date and a link to the TNG pages put in? Norman R. McBride http://www.staff.city.ac.uk/~norm/ Computing Services, City University, England norm@city.ac.uk (MIME) "...the extreme case best illustrates the norm..." Stephen King On Sat, 22 Jan 2000, Luke Kenneth Casson Leighton wrote: > > one remarque: > > explain what mean TNG ... > > i haven't quite decided between "this no good" or "the next generation" > > From vs at lasp.npi.msu.su Fri Jan 21 15:57:57 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:08 2003 Subject: domain map group fail In-Reply-To: Your message of "Sat, 22 Jan 2000 02:11:43 +1100." <20000121160809.A14842@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <200001211557.SAA11585@lasp.npi.msu.su> On Sat, 22 Jan 2000 02:11:43 +1100 Elrond wrote: -------- > On Fri, Jan 21, 2000 at 11:58:40PM +1100, Vladimir Stavrinov wrote: > > On Fri, 21 Jan 2000 03:20:31 +1100 Luke Kenneth Casson Leighton wrote: > > -------- > > > > > > > > ok, straight away, there is a problem, here. if your server is a PDC, you > > > should have Domain:L.A.S.P and Dimain: L.A.S.P here. > > > > > > > What is "Dimain"? > > "Domain". > > Luke wanted to say, that your output should look like this > one: > > LSA Query Info Policy > Domain Member - Domain: TEST SID: S-1-5-33-552317002-3460912474-1716743274 > Domain Controller - Domain: TEST SID: S-1-5-33-552317002-3460912474-1716743274 > > where both are the same. > > Yes, this is exactly my case: both SID are identical. Luck understood this erroneously because the last two digits (24) in SID were wrapped to next string (see original message) From gtm at oracom.com Fri Jan 21 17:46:04 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:28:08 2003 Subject: Domain admins Message-ID: <38889B5C.662BFEE9@oracom.com> Hi all, I am updating my samba-tng now and reading Lars' pages again. I see on the "become admin" page that you no longer set the group of the user in the passwd file but in the group file. Does this mean do something like: domainadmin:x:500:users and all people of group users will be domain admins? I don't have to put domainadmin as the group in the passwd file, correct? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From ed at schernau.com Fri Jan 21 17:21:31 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:28:08 2003 Subject: pam_smb vs. pam_ntdom Message-ID: <3888959B.97DAB67@schernau.com> The version number of pam_smb is a) higher and b) > 1.0, but I've heard references to pam_ntdom. Which should I use? I've got a single NT Domain with a single server, and adding 1 Linux box to the network. Thanks -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From greg at discreet.com Fri Jan 21 16:55:55 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:08 2003 Subject: trouble with libtool on IRIX Message-ID: Hi, I looked at fixing this myself but it does not seem straightforward. IRIX likes to preallocate memory space for the .so and uses an so_locations file for that but with libtool I get this: Linking shared library bin/libsamba.la /bin/sh ./libtool --quiet --mode=link /usr/freeware/bin/gcc -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE=\"/var/samba\" -DSMBLOGFILE=\"/var/samba/log.smb\" -DNMBLOGFILE=\"/var/samba/log.nmb\" -DCONFIGFILE=\"/usr/local/samba/lib/smb.conf\" -DLMHOSTSFILE=\"/usr/local/samba/lib/lmhosts\" -DSWATDIR=\"/usr/local/samba/swat\" -DSBINDIR=\"/usr/local/samba/bin\" -DLOCKDIR=\"/var/samba/locks\" -DSMBRUN=\"/usr/local/samba/bin/smbrun\" -DCODEPAGEDIR=\"/usr/local/samba/lib/codepages\" -DDRIVERFILE=\"/usr/local/samba/lib/printers.def\" -DBINDIR=\"/usr/local/samba/bin\" -DFORMSFILE=\"/usr/local/samba/lib/ntforms.def\" -DNTDRIVERSDIR=\"/usr/local/samba/lib\" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM=\"/bin/passwd\" -DSMB_PASSWD_PROGRAM=\"/usr/local/samba/bin/smbpasswd\" -DSMB_PASSWD_FILE=\"/usr/local/samba/private/smbpasswd\" -DSMB_PASSGRP_FILE=\"/usr/local/samba/private/smbpassgrp\" -DSMB_GROUP_FILE=\"/usr/local/samba/private/smbgroup\" -DSMB_ALIAS_FILE=\"/usr/local/samba/private/smbalias\" -o bin/libsamba.la -rpath /usr/local/samba/lib -version-info 0:1:0 \ param/loadparm.lo param/params.lo lib/charcnv.lo lib/charset.lo lib/debug.lo lib/fault.lo lib/getsmbpass.lo lib/interface.lo lib/kanji.lo lib/md4.lo lib/netmask.lo lib/pidfile.lo lib/replace.lo lib/signal.lo lib/slprintf.lo lib/system.lo lib/doscalls.lo lib/time.lo lib/ufc.lo lib/util.lo lib/genrand.lo lib/username.lo lib/vuser.lo lib/access.lo lib/smbrun.lo lib/bitmap.lo lib/util_sid.lo lib/snprintf.lo lib/util_str.lo lib/util_unistr.lo lib/util_file.lo lib/util_sock.lo lib/util_sec.lo lib/util_array.lo lib/vagent.lo lib/util_hnd.lo tdb/tdb.lo ld32: ERROR 48 : Cannot access registry file .libs/so_locations (No such file or directory) - ignored. ld32: FATAL 51 : Can't assign virtual addresses for libsamba.so.1 of size 20000 within specified range. Please check your registry file .libs/so_locations. Gmake: *** [bin/libsamba.la] Error 1 I looked in the libtool source and it seems like the .libs directory should get created but I'm not sure. Thanks, Greg ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From Alan.Hourihane at pinacl.co.uk Fri Jan 21 17:13:04 2000 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:28:08 2003 Subject: trouble with libtool on IRIX Message-ID: <01BF6432.C7E10AE0.Alan.Hourihane@pinacl.co.uk> Do a 'mkdir bin' and all is well. Alan. On 21 January 2000 16:57, Greg Dickie [SMTP:greg@discreet.com] wrote: > Hi, > > I looked at fixing this myself but it does not seem straightforward. IRIX > likes to preallocate memory space for the .so and uses an so_locations file for > that but with libtool I get this: > > Linking shared library bin/libsamba.la > /bin/sh ./libtool --quiet --mode=link /usr/freeware/bin/gcc -O -Iinclude > -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE=\"/var/samba\" > -DSMBLOGFILE=\"/var/samba/log.smb\" -DNMBLOGFILE=\"/var/samba/log.nmb\" > -DCONFIGFILE=\"/usr/local/samba/lib/smb.conf\" > -DLMHOSTSFILE=\"/usr/local/samba/lib/lmhosts\" > -DSWATDIR=\"/usr/local/samba/swat\" -DSBINDIR=\"/usr/local/samba/bin\" > -DLOCKDIR=\"/var/samba/locks\" -DSMBRUN=\"/usr/local/samba/bin/smbrun\" > -DCODEPAGEDIR=\"/usr/local/samba/lib/codepages\" > -DDRIVERFILE=\"/usr/local/samba/lib/printers.def\" > -DBINDIR=\"/usr/local/samba/bin\" > -DFORMSFILE=\"/usr/local/samba/lib/ntforms.def\" > -DNTDRIVERSDIR=\"/usr/local/samba/lib\" -DHAVE_INCLUDES_H > -DPASSWD_PROGRAM=\"/bin/passwd\" > -DSMB_PASSWD_PROGRAM=\"/usr/local/samba/bin/smbpasswd\" > -DSMB_PASSWD_FILE=\"/usr/local/samba/private/smbpasswd\" > -DSMB_PASSGRP_FILE=\"/usr/local/samba/private/smbpassgrp\" > -DSMB_GROUP_FILE=\"/usr/local/samba/private/smbgroup\" > -DSMB_ALIAS_FILE=\"/usr/local/samba/private/smbalias\" -o bin/libsamba.la > -rpath /usr/local/samba/lib -version-info 0:1:0 \ > param/loadparm.lo param/params.lo lib/charcnv.lo lib/charset.lo lib/debug.lo > lib/fault.lo lib/getsmbpass.lo lib/interface.lo lib/kanji.lo lib/md4.lo > lib/netmask.lo lib/pidfile.lo lib/replace.lo lib/signal.lo lib/slprintf.lo > lib/system.lo lib/doscalls.lo lib/time.lo lib/ufc.lo lib/util.lo lib/genrand.lo > lib/username.lo lib/vuser.lo lib/access.lo lib/smbrun.lo lib/bitmap.lo > lib/util_sid.lo lib/snprintf.lo lib/util_str.lo lib/util_unistr.lo > lib/util_file.lo lib/util_sock.lo lib/util_sec.lo lib/util_array.lo > lib/vagent.lo lib/util_hnd.lo tdb/tdb.lo > ld32: ERROR 48 : Cannot access registry file .libs/so_locations (No such file > or directory) - ignored. > ld32: FATAL 51 : Can't assign virtual addresses for libsamba.so.1 of size > 20000 within specified range. Please check > your registry file .libs/so_locations. > Gmake: *** [bin/libsamba.la] Error 1 > > > I looked in the libtool source and it seems like the .libs directory should get > created but I'm not sure. > > Thanks, > Greg > > > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- From Elrond at Wunder-Nett.org Fri Jan 21 17:25:21 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:08 2003 Subject: trouble with libtool on IRIX In-Reply-To: ; from Greg Dickie on Sat, Jan 22, 2000 at 03:57:19AM +1100 References: Message-ID: <20000121182520.B14842@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi, On Sat, Jan 22, 2000 at 03:57:19AM +1100, Greg Dickie wrote: > Hi, > > I looked at fixing this myself but it does not seem straightforward. IRIX > likes to preallocate memory space for the .so and uses an so_locations file for > that but with libtool I get this: Ohhh weee... I don't have a nice irix machine to test that myself. Could you please try/answer the following things? a) Send me (that's not so relevant for the list) the output of /bin/sh ./libtool --config b) Did samba build shared libs before I invented libtool? c) Just for test: Could you run the command, you pasted here: > /bin/sh ./libtool --quiet --mode=link /usr/freeware/bin/gcc -O -Iinclude > -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE=\"/var/samba\" > -DSMBLOGFILE=\"/var/samba/log.smb\" -DNMBLOGFILE=\"/var/samba/log.nmb\" > -DCONFIGFILE=\"/usr/local/samba/lib/smb.conf\" > -DLMHOSTSFILE=\"/usr/local/samba/lib/lmhosts\" > -DSWATDIR=\"/usr/local/samba/swat\" -DSBINDIR=\"/usr/local/samba/bin\" > -DLOCKDIR=\"/var/samba/locks\" -DSMBRUN=\"/usr/local/samba/bin/smbrun\" > -DCODEPAGEDIR=\"/usr/local/samba/lib/codepages\" > -DDRIVERFILE=\"/usr/local/samba/lib/printers.def\" > -DBINDIR=\"/usr/local/samba/bin\" > -DFORMSFILE=\"/usr/local/samba/lib/ntforms.def\" > -DNTDRIVERSDIR=\"/usr/local/samba/lib\" -DHAVE_INCLUDES_H > -DPASSWD_PROGRAM=\"/bin/passwd\" > -DSMB_PASSWD_PROGRAM=\"/usr/local/samba/bin/smbpasswd\" > -DSMB_PASSWD_FILE=\"/usr/local/samba/private/smbpasswd\" > -DSMB_PASSGRP_FILE=\"/usr/local/samba/private/smbpassgrp\" > -DSMB_GROUP_FILE=\"/usr/local/samba/private/smbgroup\" > -DSMB_ALIAS_FILE=\"/usr/local/samba/private/smbalias\" -o bin/libsamba.la > -rpath /usr/local/samba/lib -version-info 0:1:0 \ > param/loadparm.lo param/params.lo lib/charcnv.lo lib/charset.lo lib/debug.lo > lib/fault.lo lib/getsmbpass.lo lib/interface.lo lib/kanji.lo lib/md4.lo > lib/netmask.lo lib/pidfile.lo lib/replace.lo lib/signal.lo lib/slprintf.lo > lib/system.lo lib/doscalls.lo lib/time.lo lib/ufc.lo lib/util.lo lib/genrand.lo > lib/username.lo lib/vuser.lo lib/access.lo lib/smbrun.lo lib/bitmap.lo > lib/util_sid.lo lib/snprintf.lo lib/util_str.lo lib/util_unistr.lo > lib/util_file.lo lib/util_sock.lo lib/util_sec.lo lib/util_array.lo > lib/vagent.lo lib/util_hnd.lo tdb/tdb.lo from a shell, but 1) remove the --quiet and have a look at the real compiler-invocation. 1) replace bin/libsamba.la with just libsamba.la. (It won't help to move libsamba.la into bin after that though, if it worked.) d) last resort: ./configure --disable-shared ... ohh well... Elrond From greg at discreet.com Fri Jan 21 17:31:17 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:08 2003 Subject: trouble with libtool on IRIX In-Reply-To: <01BF6432.C7E10AE0.Alan.Hourihane@pinacl.co.uk> Message-ID: Uh no. bin exists already. Greg On 21-Jan-00 Alan Hourihane wrote: > Do a > > 'mkdir bin' > > and all is well. > > Alan. > > On 21 January 2000 16:57, Greg Dickie [SMTP:greg@discreet.com] wrote: >> Hi, >> >> I looked at fixing this myself but it does not seem straightforward. IRIX >> likes to preallocate memory space for the .so and uses an so_locations file >> for >> that but with libtool I get this: >> >> Linking shared library bin/libsamba.la >> /bin/sh ./libtool --quiet --mode=link /usr/freeware/bin/gcc -O -Iinclude >> -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE=\"/var/samba\" >> -DSMBLOGFILE=\"/var/samba/log.smb\" -DNMBLOGFILE=\"/var/samba/log.nmb\" >> -DCONFIGFILE=\"/usr/local/samba/lib/smb.conf\" >> -DLMHOSTSFILE=\"/usr/local/samba/lib/lmhosts\" >> -DSWATDIR=\"/usr/local/samba/swat\" -DSBINDIR=\"/usr/local/samba/bin\" >> -DLOCKDIR=\"/var/samba/locks\" -DSMBRUN=\"/usr/local/samba/bin/smbrun\" >> -DCODEPAGEDIR=\"/usr/local/samba/lib/codepages\" >> -DDRIVERFILE=\"/usr/local/samba/lib/printers.def\" >> -DBINDIR=\"/usr/local/samba/bin\" >> -DFORMSFILE=\"/usr/local/samba/lib/ntforms.def\" >> -DNTDRIVERSDIR=\"/usr/local/samba/lib\" -DHAVE_INCLUDES_H >> -DPASSWD_PROGRAM=\"/bin/passwd\" >> -DSMB_PASSWD_PROGRAM=\"/usr/local/samba/bin/smbpasswd\" >> -DSMB_PASSWD_FILE=\"/usr/local/samba/private/smbpasswd\" >> -DSMB_PASSGRP_FILE=\"/usr/local/samba/private/smbpassgrp\" >> -DSMB_GROUP_FILE=\"/usr/local/samba/private/smbgroup\" >> -DSMB_ALIAS_FILE=\"/usr/local/samba/private/smbalias\" -o bin/libsamba.la >> -rpath /usr/local/samba/lib -version-info 0:1:0 \ >> param/loadparm.lo param/params.lo lib/charcnv.lo lib/charset.lo >> lib/debug.lo >> lib/fault.lo lib/getsmbpass.lo lib/interface.lo lib/kanji.lo lib/md4.lo >> lib/netmask.lo lib/pidfile.lo lib/replace.lo lib/signal.lo lib/slprintf.lo >> lib/system.lo lib/doscalls.lo lib/time.lo lib/ufc.lo lib/util.lo >> lib/genrand.lo >> lib/username.lo lib/vuser.lo lib/access.lo lib/smbrun.lo lib/bitmap.lo >> lib/util_sid.lo lib/snprintf.lo lib/util_str.lo lib/util_unistr.lo >> lib/util_file.lo lib/util_sock.lo lib/util_sec.lo lib/util_array.lo >> lib/vagent.lo lib/util_hnd.lo tdb/tdb.lo >> ld32: ERROR 48 : Cannot access registry file .libs/so_locations (No such >> file >> or directory) - ignored. >> ld32: FATAL 51 : Can't assign virtual addresses for libsamba.so.1 of size >> 20000 within specified range. Please check >> your registry file .libs/so_locations. >> Gmake: *** [bin/libsamba.la] Error 1 >> >> >> I looked in the libtool source and it seems like the .libs directory should >> get >> created but I'm not sure. >> >> Thanks, >> Greg >> >> >> ---------------------------------- >> Greg Dickie >> just a guy* >> *from Discreet (the Logic is gone) >> ---------------------------------- ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From lkcl at samba.org Fri Jan 21 17:43:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: domain map group fail In-Reply-To: <200001211557.SAA11585@lasp.npi.msu.su> Message-ID: > Yes, this is exactly my case: both SID are identical. Luck understood this > erroneously because the last two digits (24) in SID were wrapped to next > string (see original message) no i didn't: the SIDs are the same but the name isn't, which indicates a configuration problem with your setup. resolving this needs to be the first priority. From lkcl at samba.org Fri Jan 21 17:46:16 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: Domain admins In-Reply-To: <38889B5C.662BFEE9@oracom.com> Message-ID: On Sat, 22 Jan 2000, Glenn MacGregor wrote: > Hi all, > > I am updating my samba-tng now and reading Lars' pages again. I > see on the "become admin" page that you no longer set the group of the > user in the passwd file but in the group file. Does this mean do > something like: > domainadmin:x:500:users naah, i don't think this will work as expected. users will be treated as a user. From lkcl at samba.org Fri Jan 21 17:49:19 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: trouble with libtool on IRIX In-Reply-To: Message-ID: greg, bugs with libtool should be reported to them./ unless it's something that elrond can deal with, he is already cross with the libtool team (and me too) for assuming that linking is going to be in the same directory: $(LD) bin/rpcclient fails, they assume $(LD) rpcclient, he had to hack it to get it to work. On Sat, 22 Jan 2000, Greg Dickie wrote: > Hi, > > I looked at fixing this myself but it does not seem straightforward. IRIX > likes to preallocate memory space for the .so and uses an so_locations file for > that but with libtool I get this: > > Linking shared library bin/libsamba.la > /bin/sh ./libtool --quiet --mode=link /usr/freeware/bin/gcc -O -Iinclude > -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE=\"/var/samba\" > -DSMBLOGFILE=\"/var/samba/log.smb\" -DNMBLOGFILE=\"/var/samba/log.nmb\" > -DCONFIGFILE=\"/usr/local/samba/lib/smb.conf\" > -DLMHOSTSFILE=\"/usr/local/samba/lib/lmhosts\" > -DSWATDIR=\"/usr/local/samba/swat\" -DSBINDIR=\"/usr/local/samba/bin\" > -DLOCKDIR=\"/var/samba/locks\" -DSMBRUN=\"/usr/local/samba/bin/smbrun\" > -DCODEPAGEDIR=\"/usr/local/samba/lib/codepages\" > -DDRIVERFILE=\"/usr/local/samba/lib/printers.def\" > -DBINDIR=\"/usr/local/samba/bin\" > -DFORMSFILE=\"/usr/local/samba/lib/ntforms.def\" > -DNTDRIVERSDIR=\"/usr/local/samba/lib\" -DHAVE_INCLUDES_H > -DPASSWD_PROGRAM=\"/bin/passwd\" > -DSMB_PASSWD_PROGRAM=\"/usr/local/samba/bin/smbpasswd\" > -DSMB_PASSWD_FILE=\"/usr/local/samba/private/smbpasswd\" > -DSMB_PASSGRP_FILE=\"/usr/local/samba/private/smbpassgrp\" > -DSMB_GROUP_FILE=\"/usr/local/samba/private/smbgroup\" > -DSMB_ALIAS_FILE=\"/usr/local/samba/private/smbalias\" -o bin/libsamba.la > -rpath /usr/local/samba/lib -version-info 0:1:0 \ > param/loadparm.lo param/params.lo lib/charcnv.lo lib/charset.lo lib/debug.lo > lib/fault.lo lib/getsmbpass.lo lib/interface.lo lib/kanji.lo lib/md4.lo > lib/netmask.lo lib/pidfile.lo lib/replace.lo lib/signal.lo lib/slprintf.lo > lib/system.lo lib/doscalls.lo lib/time.lo lib/ufc.lo lib/util.lo lib/genrand.lo > lib/username.lo lib/vuser.lo lib/access.lo lib/smbrun.lo lib/bitmap.lo > lib/util_sid.lo lib/snprintf.lo lib/util_str.lo lib/util_unistr.lo > lib/util_file.lo lib/util_sock.lo lib/util_sec.lo lib/util_array.lo > lib/vagent.lo lib/util_hnd.lo tdb/tdb.lo > ld32: ERROR 48 : Cannot access registry file .libs/so_locations (No such file > or directory) - ignored. > ld32: FATAL 51 : Can't assign virtual addresses for libsamba.so.1 of size > 20000 within specified range. Please check > your registry file .libs/so_locations. > Gmake: *** [bin/libsamba.la] Error 1 > > > I looked in the libtool source and it seems like the .libs directory should get > created but I'm not sure. > > Thanks, > Greg > > > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Fri Jan 21 17:50:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: trouble with libtool on IRIX In-Reply-To: <20000121182520.B14842@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > b) Did samba build shared libs before I invented libtool? yes, smbwrapper.so, and it still does. From simsa at acu.edu Fri Jan 21 17:51:42 2000 From: simsa at acu.edu (April Sims) Date: Tue Dec 2 02:28:08 2003 Subject: Help with Apache using pam_ntdom Message-ID: <4.2.0.58.20000121114707.00a80e88@nicanor.acu.edu> Need some help from anyone running Apache 1.3.9 out there.. Would like users to authenticate using Basic Auth to the NT domain rather than keeping up with a separate database and/or password files on a Solaris box. Have heard that you can use CPAN modules using Perl to do this but it was recommended a simpler solution called pam_ntdom. What needs to be put in the httpd.conf to call up pam_ntdom? Or can this be done this way? Thanks for any insight. >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< April Sims MCSE, CNE Abilene Christian University Systems Administrator ACU Box 29005 Information Technology Abilene, TX 79699 simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< From lkcl at samba.org Fri Jan 21 18:19:46 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:08 2003 Subject: trouble with libtool on IRIX In-Reply-To: Message-ID: On Sat, 22 Jan 2000, Greg Dickie wrote: > > Uh no. bin exists already. > > Greg > > On 21-Jan-00 Alan Hourihane wrote: > > Do a > > > > 'mkdir bin' does libtool use the right so_locations? there's one in the top-level source/ dir, is libtool expecting one to be in bin/? From Elrond at Wunder-Nett.org Fri Jan 21 18:25:21 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:08 2003 Subject: trouble with libtool on IRIX In-Reply-To: ; from Luke Kenneth Casson Leighton on Sat, Jan 22, 2000 at 04:55:56AM +1100 References: Message-ID: <20000121192521.D14842@baerbel.mug.maschinenbau.tu-darmstadt.de> On Sat, Jan 22, 2000 at 04:55:56AM +1100, Luke Kenneth Casson Leighton wrote: > greg, bugs with libtool should be reported to them./ unless it's something > that elrond can deal with, he is already cross with the libtool team (and > me too) for assuming that linking is going to be in the same directory: > $(LD) bin/rpcclient fails, they assume $(LD) rpcclient, he had to hack it > to get it to work. And from the report, that I got from Greg (thanks for doing, what I asked for !), it looks like, this is the same story, but this time for libraries. I'm currently trying to track that down in the libtool-sources... For the moment, I know only one easy, but not so nice work-arround, until I find the "right" way: ./configure --disable-shared From danch at priv.milw.str.com Fri Jan 21 18:27:24 2000 From: danch at priv.milw.str.com (Dan Christopherson) Date: Tue Dec 2 02:28:08 2003 Subject: Help with Apache using pam_ntdom In-Reply-To: <4.2.0.58.20000121114707.00a80e88@nicanor.acu.edu> Message-ID: I'm using something called mod_auth_samba to do this. It lies on top of pam_smb. The config is pretty simple, here's a chunk of my httpd.conf, sanitized to protect the innocent: Options FollowSymLinks AllowOverride None AuthSambaAuthoritative On AuthType Basic AuthName AuthSambaDomain : require valid-user I found that by doing a search for modules at apache.org. If you have trouble finding it, I can probably dig up an URL. Dan Christopherson (danch) STR Technical Architect (www.str.com) Opinions expressed are my own and do not neccessarily reflect the opinions/positions of STR, my family, or (particularly) my cats. On Sat, 22 Jan 2000, April Sims wrote: > Need some help from anyone running Apache 1.3.9 out there.. > > Would like users to authenticate using Basic Auth to the NT domain rather > than keeping up with a separate database and/or password files on a Solaris > box. Have heard that you can use CPAN modules using Perl to do this but it > was recommended a simpler solution called pam_ntdom. > > What needs to be put in the httpd.conf to call up pam_ntdom? Or can this > be done this way? Thanks for any insight. > > > > > > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > April Sims MCSE, CNE Abilene Christian University > Systems Administrator ACU Box 29005 > Information Technology Abilene, TX 79699 > simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< > > From greg at discreet.com Fri Jan 21 18:30:29 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:08 2003 Subject: trouble with libtool on IRIX In-Reply-To: Message-ID: I sent Elrond some more info and tried some suggestions which worked so I believe he knows what's going on but I have no idea if its libtool or the way its being used thats the problem. I'm sure he will enlighten us. Greg On 21-Jan-00 Luke Kenneth Casson Leighton wrote: > greg, bugs with libtool should be reported to them./ unless it's something > that elrond can deal with, he is already cross with the libtool team (and > me too) for assuming that linking is going to be in the same directory: > $(LD) bin/rpcclient fails, they assume $(LD) rpcclient, he had to hack it > to get it to work. > > > On Sat, 22 Jan 2000, Greg Dickie wrote: > >> Hi, >> >> I looked at fixing this myself but it does not seem straightforward. IRIX >> likes to preallocate memory space for the .so and uses an so_locations file >> for >> that but with libtool I get this: >> >> Linking shared library bin/libsamba.la >> /bin/sh ./libtool --quiet --mode=link /usr/freeware/bin/gcc -O -Iinclude >> -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE=\"/var/samba\" >> -DSMBLOGFILE=\"/var/samba/log.smb\" -DNMBLOGFILE=\"/var/samba/log.nmb\" >> -DCONFIGFILE=\"/usr/local/samba/lib/smb.conf\" >> -DLMHOSTSFILE=\"/usr/local/samba/lib/lmhosts\" >> -DSWATDIR=\"/usr/local/samba/swat\" -DSBINDIR=\"/usr/local/samba/bin\" >> -DLOCKDIR=\"/var/samba/locks\" -DSMBRUN=\"/usr/local/samba/bin/smbrun\" >> -DCODEPAGEDIR=\"/usr/local/samba/lib/codepages\" >> -DDRIVERFILE=\"/usr/local/samba/lib/printers.def\" >> -DBINDIR=\"/usr/local/samba/bin\" >> -DFORMSFILE=\"/usr/local/samba/lib/ntforms.def\" >> -DNTDRIVERSDIR=\"/usr/local/samba/lib\" -DHAVE_INCLUDES_H >> -DPASSWD_PROGRAM=\"/bin/passwd\" >> -DSMB_PASSWD_PROGRAM=\"/usr/local/samba/bin/smbpasswd\" >> -DSMB_PASSWD_FILE=\"/usr/local/samba/private/smbpasswd\" >> -DSMB_PASSGRP_FILE=\"/usr/local/samba/private/smbpassgrp\" >> -DSMB_GROUP_FILE=\"/usr/local/samba/private/smbgroup\" >> -DSMB_ALIAS_FILE=\"/usr/local/samba/private/smbalias\" -o bin/libsamba.la >> -rpath /usr/local/samba/lib -version-info 0:1:0 \ >> param/loadparm.lo param/params.lo lib/charcnv.lo lib/charset.lo >> lib/debug.lo >> lib/fault.lo lib/getsmbpass.lo lib/interface.lo lib/kanji.lo lib/md4.lo >> lib/netmask.lo lib/pidfile.lo lib/replace.lo lib/signal.lo lib/slprintf.lo >> lib/system.lo lib/doscalls.lo lib/time.lo lib/ufc.lo lib/util.lo >> lib/genrand.lo >> lib/username.lo lib/vuser.lo lib/access.lo lib/smbrun.lo lib/bitmap.lo >> lib/util_sid.lo lib/snprintf.lo lib/util_str.lo lib/util_unistr.lo >> lib/util_file.lo lib/util_sock.lo lib/util_sec.lo lib/util_array.lo >> lib/vagent.lo lib/util_hnd.lo tdb/tdb.lo >> ld32: ERROR 48 : Cannot access registry file .libs/so_locations (No such >> file >> or directory) - ignored. >> ld32: FATAL 51 : Can't assign virtual addresses for libsamba.so.1 of size >> 20000 within specified range. Please check >> your registry file .libs/so_locations. >> Gmake: *** [bin/libsamba.la] Error 1 >> >> >> I looked in the libtool source and it seems like the .libs directory should >> get >> created but I'm not sure. >> >> Thanks, >> Greg >> >> >> ---------------------------------- >> Greg Dickie >> just a guy* >> *from Discreet (the Logic is gone) >> ---------------------------------- >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From jphollan at earthlink.net Fri Jan 21 18:42:55 2000 From: jphollan at earthlink.net (jason holland) Date: Tue Dec 2 02:28:09 2003 Subject: Help with Apache using pam_ntdom In-Reply-To: Message-ID: <000a01bf643f$54b79d60$0264a8c0@sophocles.earthlink.net> http://www2.angen.net/~jylitalo/apache/mod_auth_samba/ Jason P. Holland Sprint Paranet - Unix Administrator jphollan@sprintparanet.com ]- ]- ]- I'm using something called mod_auth_samba to do this. It lies on top of ]- pam_smb. The config is pretty simple, here's a chunk of my httpd.conf, ]- sanitized to protect the innocent: ]- ]- ]- Options FollowSymLinks ]- AllowOverride None ]- ]- AuthSambaAuthoritative On ]- AuthType Basic ]- AuthName ]- AuthSambaDomain : ]- require valid-user ]- ]- ]- I found that by doing a search for modules at apache.org. If you have ]- trouble finding it, I can probably dig up an URL. ]- ]- Dan Christopherson (danch) ]- STR Technical Architect (www.str.com) ]- Opinions expressed are my own and do not neccessarily reflect the ]- opinions/positions of STR, my family, or (particularly) my cats. ]- ]- On Sat, 22 Jan 2000, April Sims wrote: ]- ]- > Need some help from anyone running Apache 1.3.9 out there.. ]- > ]- > Would like users to authenticate using Basic Auth to the NT ]- domain rather ]- > than keeping up with a separate database and/or password files ]- on a Solaris ]- > box. Have heard that you can use CPAN modules using Perl to ]- do this but it ]- > was recommended a simpler solution called pam_ntdom. ]- > ]- > What needs to be put in the httpd.conf to call up pam_ntdom? ]- Or can this ]- > be done this way? Thanks for any insight. ]- > ]- > ]- > ]- > ]- > ]- > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< ]- > April Sims MCSE, CNE Abilene Christian University ]- > Systems Administrator ACU Box 29005 ]- > Information Technology Abilene, TX 79699 ]- > simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 ]- > >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< ]- > ]- > ]- ]- From Elrond at Wunder-Nett.org Fri Jan 21 19:00:45 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:09 2003 Subject: trouble with libtool on IRIX In-Reply-To: ; from Greg Dickie on Sat, Jan 22, 2000 at 05:35:45AM +1100 References: Message-ID: <20000121200045.E14842@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi, On Sat, Jan 22, 2000 at 05:35:45AM +1100, Greg Dickie wrote: > > I sent Elrond some more info and tried some suggestions which worked so I > believe he knows what's going on but I have no idea if its libtool or the way > its being used thats the problem. I'm sure he will enlighten us. Hehe, thanks for the nice words. :) > Greg It's _again_ libtool (and the way, we use it... they didn't expect us to do it) I've tracked some things down. Could you edit libtool (it's a shell-script), and do the following: Somewhere at the beginning, there should be two lines looking like these ones: # Commands used to build and install a shared archive. archive_cmds="\$CC ..... " in the second line, there should be somewhere in the middle a \${wl}\${objdir}/so_locations could you replace that with: \${wl}\${output_objdir}/so_locations Okay, after that do a "rm bin/* && make" and hope, that it helped... If it helped, I'll modify libtool to generate this so. (Oh well, now I know again, why gtk+ and the like have their own libtool, we are going to have that too soon...) Elrond From lkcl at samba.org Fri Jan 21 19:01:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:09 2003 Subject: Help with Apache using pam_ntdom In-Reply-To: Message-ID: On Sat, 22 Jan 2000, Dan Christopherson wrote: > I'm using something called mod_auth_samba to do this. It lies on top of > pam_smb. The config is pretty simple, here's a chunk of my httpd.conf, > sanitized to protect the innocent: i never got round to writing a mod_auth_ntdom... From timothy_d_cole at md.northgrum.com Fri Jan 21 19:13:27 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:28:09 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631DD@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Wednesday, January 19, 2000 13:32 > To: Cole, Timothy D. > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: RE: [SAMBA-TNG] using and createing libsmb and libmsrpc > > > This is dependent on the system configuration, but the library > > search path (much like the executable search path) should not normally > > include ./, for security reasons. > > ooh.. then why does smbd run fine, even though i don't ahve a > LD_LIBRARY_PATH? > If you're using libtool, it might be being clever and hard-coding the library installation paths in the binaries. (it does on some architectures) I would be VERY, VERY suprised if the CWD was in the library search path. The linker generally has a default path of /lib:/usr/lib, perhaps augmented by paths specified in an /etc/ld.so.conf or similar depending on the OS. > > > > btw, _yes_ i intend to to a total replacement of the libsmrpc code, > with > > > function parameter arguments EXACTLY the same as the MSDN. this will > be > > > about.........hmmm.... four to six weeks' work. > > > > > What specific benefits are there to duplicating that hideous > > interface? I mean, seriously? > > LOTS! porting NT applications back to Unix, for a start! > > and actually, i quite _like_ the hideous interface, i've been having to > work "behind-the-scenes" for the last two years, and i quite like it! ok, > i've seen better, but if you understanda that it's _all_, and i do _mean_ > all, based on DCE/RPC, then you kinda get used to its quirks. > Well, I'll take your word for it. From maillist at nudaymedia.com Fri Jan 21 19:17:47 2000 From: maillist at nudaymedia.com (Chavous Camp) Date: Tue Dec 2 02:28:09 2003 Subject: pam_smb and pam_ntdom Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey folks, I haven't been following this list very much. I read here and there, but it gets way too much traffic for me to keep up with daily. I don't know how luke and the folks do it. Anyway, I have a question, what does pam_smb and pam_ntdom do? I assume they deal with pam authentication, but where do they fit in and where/how should I be using them? or should I even be using them? Thanks! - ---- Chavous P. Camp cpc@nudaymedia.com NuDay Media, Inc. Columbia, SC -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOIiw22Jw39BzDJ9pEQLRqgCg4JCqKY949n9qgeowvVs/D5flzUkAmwbF zbv/A91ltNCAYoWo1PfTb5mt =RyZk -----END PGP SIGNATURE----- From timothy_d_cole at md.northgrum.com Fri Jan 21 19:33:27 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:28:09 2003 Subject: Error loading bin/libsmb.so? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631E0@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Thursday, January 20, 2000 13:05 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Error loading bin/libsmb.so? > > On Thu, 20 Jan 2000, John Rooke wrote: > > > Luke Kenneth Casson Leighton wrote: > > > is it normal for people to have LD_LIBRARY_PATH? > > > > No - that was just me in my ignorance trying to get it to work (and in > the > > process confusing Samba with something else) - sorry for the confusion. > > > > I have it working now - I copied the two *.so files to /bin and all is > OK. > > v. cool. *sigh* it's all just changed, again, with elrond's libtool patch > :-) :-) > > elrond, you want to take centre stage and explain how this works? do we > need LD_LIBRARY_PATH? > > how can i run it _without_ doing "make install" which i almost never do? > libtool should handle this automagically. Pre-installation, the actual binaries go in ${srcdir}/.libs, and the executables in the build dir are actually wrapper shell scripts that set the LD_LIBRARY_PATH appropriately. From jphollan at earthlink.net Fri Jan 21 19:33:13 2000 From: jphollan at earthlink.net (jason holland) Date: Tue Dec 2 02:28:09 2003 Subject: pam_smb and pam_ntdom In-Reply-To: Message-ID: <000c01bf6446$5ba520a0$0264a8c0@sophocles.earthlink.net> the General Info section might help answer your questions http://www.csn.ul.ie/~airlied/pam_smb/faq/ Jason P. Holland Sprint Paranet - Unix Administrator jphollan@sprintparanet.com ]- ]- Hey folks, ]- ]- I haven't been following this list very much. I read here and there, ]- but it gets way too much traffic for me to keep up with daily. I ]- don't know how luke and the folks do it. Anyway, I have a question, ]- what does pam_smb and pam_ntdom do? I assume they deal with pam ]- authentication, but where do they fit in and where/how should I be ]- using them? or should I even be using them? Thanks! ]- ]- ---- ]- Chavous P. Camp ]- cpc@nudaymedia.com ]- NuDay Media, Inc. ]- Columbia, SC ]- ]- ]- *** END PGP VERIFIED MESSAGE *** ]- ]- From cigor at EUnet.yu Fri Jan 21 18:53:37 2000 From: cigor at EUnet.yu (=?ISO-8859-2?Q?=C8olovi=E6_Igor?=) Date: Tue Dec 2 02:28:09 2003 Subject: domain map group fail In-Reply-To: <200001211411.RAA11174@lasp.npi.msu.su> Message-ID: if this sound stupid please corect me. Have you tryed to put in domainuser.map: admin=root Maybe this will help. ------------------------------------------------------ "Unibus timeout fatal trap program lost sorry" - An error message printed by DEC's RSTS operating system for the PDP-11 > I have tried to solve this problem with > > username map = /etc/domainuser.map > admin users = root > > in smb.conf and > > root=admin > > in domainuser.map, it cause possible to login with username "admin" from linux smbclient but not from NT. I still can login form NT as root, but without administrative rights ( I mean domain admin, not local ). > > Oh, all this are wired, not right and useless :-( > From timothy_d_cole at md.northgrum.com Fri Jan 21 20:22:39 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:28:09 2003 Subject: Samba TNG webpages Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631E2@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Friday, January 21, 2000 10:27 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Samba TNG webpages > > > one remarque: > > explain what mean TNG ... > > i haven't quite decided between "this no good" or "the next generation" > How about "Terribly Nifty Gadgets"? :) From simsa at acu.edu Fri Jan 21 21:15:33 2000 From: simsa at acu.edu (April Sims) Date: Tue Dec 2 02:28:09 2003 Subject: Fwd: Problem with mod auth samba compile Message-ID: <4.2.0.58.20000121151408.00abdf80@nicanor.acu.edu> >Also sent this in to the author...Dan or Jason?? Apparently I am getting a liberal dose of make lessons.... >Trying to compile Apache 1.3.9 on a Solaris 7 box...adding the >mod_auth_samba. >using /bin/sh and set LIBS "/usr/lib/etc" >Only included the portion that mentioned the module...Thanks for any insight. > >===> src/modules/extra >gcc -c -I../../os/unix -I../../include -DSOLARIS2=270 -DUSE_EXPAT >-I../../lib/expat-lite `../../apaci` mod_auth_samba.c >mod_auth_samba.c: In function `mod_samba_auth_check_passwd': >mod_auth_samba.c:241: warning: assignment makes pointer from integer >without a cast >mod_auth_samba.c: In function `mod_samba_auth_authenticate_basic_user': >mod_auth_samba.c:365: warning: passing arg 2 of `ap_get_basic_auth_pw' >from incompatible pointer type >mod_auth_samba.c: In function `mod_samba_auth_check_auth': >mod_auth_samba.c:386: warning: initialization discards `const' from >pointer target type >rm -f libextra.a >ar cr libextra.a mod_auth_samba.o >ranlib libextra.a ><=== src/modules/extra ><=== src/modules >gcc -c -I./os/unix -I./include -DSOLARIS2=270 -DUSE_EXPAT >-I./lib/expat-lite `./apaci` modules.c >gcc -c -I./os/unix -I./include -DSOLARIS2=270 -DUSE_EXPAT >-I./lib/expat-lite `./apaci` buildmark.c >gcc -DSOLARIS2=270 -DUSE_EXPAT -I./lib/expat-lite `./apaci` \ > -o httpd buildmark.o modules.o modules/extra/libextra.a > modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a > ap/libap.a lib/expat-lite/libexpat.a -lsocket -lnsl >Undefined first referenced > symbol in file >Valid_User modules/extra/libextra.a(mod_auth_samba.o) >ld: fatal: Symbol referencing errors. No output written to httpd >make[2]: *** [target_static] Error 1 >make[2]: Leaving directory `/usr/local/apache_1.3.9/src' >make[1]: *** [build-std] Error 2 >make[1]: Leaving directory `/usr/local/apache_1.3.9' >make: *** [build] Error 2 ># >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< April Sims MCSE, CNE Abilene Christian University Systems Administrator ACU Box 29005 Information Technology Abilene, TX 79699 simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< From greg at discreet.com Fri Jan 21 21:26:29 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:09 2003 Subject: trouble with libtool on IRIX In-Reply-To: <20000121200045.E14842@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: Hi Elrond, This change make it work. U R great! thanks, Greg On 21-Jan-00 Elrond wrote: > > Hi, > > On Sat, Jan 22, 2000 at 05:35:45AM +1100, Greg Dickie wrote: >> >> I sent Elrond some more info and tried some suggestions which worked so I >> believe he knows what's going on but I have no idea if its libtool or the >> way >> its being used thats the problem. I'm sure he will enlighten us. > > Hehe, thanks for the nice words. :) > >> Greg > > It's _again_ libtool (and the way, we use it... they didn't > expect us to do it) > > I've tracked some things down. > > Could you edit libtool (it's a shell-script), and do the > following: > > Somewhere at the beginning, there should be two lines > looking like these ones: > > # Commands used to build and install a shared archive. > archive_cmds="\$CC ..... " > > in the second line, there should be somewhere in the middle > a > \${wl}\${objdir}/so_locations > could you replace that with: > \${wl}\${output_objdir}/so_locations > > Okay, after that do a "rm bin/* && make" and hope, that it > helped... If it helped, I'll modify libtool to generate > this so. > > > (Oh well, now I know again, why gtk+ and the like have > their own libtool, we are going to have that too soon...) > > > Elrond ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From maru at xpr.com Sat Jan 22 09:17:35 2000 From: maru at xpr.com (Tracey Maru) Date: Tue Dec 2 02:28:09 2003 Subject: samba-tng, samba-main (Thoughts questions etc.) Message-ID: Well I have been playing with current samba-main and tng for about 2 weeks now, and have successfully been able to get some stuff working great and other stuff remains sketchy. After reading the many pages and list archives, I am still confused about certain functionality etc. Please bear with me as I explain what I have discovered so far. My first venture was to try the samba-main dist that came packaged with my linux dist. Surprisingly enough, I got alot of functionality out of the box. All my win9x and winnt workstations were able to join the domain. Profiles worked great as well as policies placed in the netlogon share. I thought I was in good shape and wondered what all the big deal was that I was reading in the list archives. The win9x boxes could access shares on other win9x boxes, the PDC and the winnt boxes without a hitch. However the winnt boxes could not access the win9x shares "access denied" error. After some thought I fugured out that the reason was the win9x boxes were in "share security mode" so I switched them to user security, rebooted and went to reshare the directories. Now there was a dialog where you could pick which users. This list responded "list of users not currently available". This is when I realized that I must neeed the TNG code. (That and to set domain administrators etc.) Now I had read things about using the nmbd and smbd from main with the make install from tng, but decided I was an experimental kind of guy and would go with a full tng system. I got the latest from CVS, rebuilt , removed all workstations from the domain, rebooted PDC with new sambatng and tried to join the domain. The Win9x boxes this time went right on and were able to retrieve lists of users for access control to shares from the PDC, this was obviously a plus! However now myt NT boxes refused to join the domain . I tried everything removed trust accounts and recreated, etc. Nothing. Finally I got frustrated and decided to try tng with smbd and nmbd from main. I wiped everything and started agin with latest cvs for main and tng. got everything up and tried my NT box. Finally it joined the domain and all was happy. Until I went to one of my 9x boxesx rebooted, now the 9x boxes couldnt join the domain. So long story short I am back with samba-main and limited functionality for now. Is this how it is for others or am I missing something big??? Each time I startedwith a fresh smbpasswd and added trust accounts etc. following all the helpfull info out there. From s.striker at striker.nl Sat Jan 22 10:38:17 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? Message-ID: <000501bf64c4$cb0da560$0a00a8c0@office.striker.nl> Hi, I was just browsing through the mail archives and stumbled across a few things. It's very annoying btw that the search results are wrongly linked; you have to _browse_ through all the messages. What's the status on: - interdomain trust relations (for trusted _and_ trusting relations) - general documentation (besides the FAQ from Lars) (I know this is not your department Luke ;-) ) - integration of TNG tree with HEAD (It has been quiet in the bugs department this week ;-) ) - printing (W2K, NT4SPx, W98) and 'driver downloads' (I haven't been able to test this with TNG yet) And some other questions: - Is it possible to do a sync between Samba BDC and NT PDC using smbpasswd -S, or is another command te be used? - Is it possible to unjoin from a domain? You can join, but can you move to another domain at a later time? Greetings, Sander Striker From kbn at pjat.dk Sat Jan 22 10:44:08 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:09 2003 Subject: trouble with libtool on IRIX References: Message-ID: <388989F8.5A3870BB@pjat.dk> Greg Dickie wrote: > > Hi Elrond, > > This change make it work. U R great! > > thanks, > Greg snip... Hi Greg (and others!), I'm no programmer, though no rookie either. I can follow instructions - and I wonder if you kept a simple diary/recipie for Samba_TNG on IRIX? I'd really like to try an IRIX/Samba PDC. Please advise if you developed a "step by step" record. Thanks - Kim From lars at kneschke.de Sat Jan 22 12:08:18 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? References: <000501bf64c4$cb0da560$0a00a8c0@office.striker.nl> Message-ID: <38899DB2.A880D8B1@kneschke.de> "S. Striker" wrote: > > Hi, > > I was just browsing through the mail archives and stumbled across > a few things. It's very annoying btw that the search results are > wrongly linked; you have to _browse_ through all the messages. Yes. If i could get a shell account on this machine i could fix that. > And some other questions: > - Is it possible to do a sync between Samba BDC and NT PDC using > smbpasswd -S, or is another command te be used? http://www.kneschke.de/projekte/samba_tng/samba_bdc.php3 > - Is it possible to unjoin from a domain? You can join, but can you > move to another domain at a later time? Yes. Create a new Worktstation Trust Account on the new PDC and do smbpasswd -j "domainname" on the samba server that shuld join the domain. Hope this helps! Cu -- Do you like Samba? Do you know KSamba? Try http://www.kneschke.de/projekte/ksamba!! Or watch our other projects at http://www.kneschke.de/projekte! From s.striker at striker.nl Sat Jan 22 12:36:55 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? In-Reply-To: <38899DB2.A880D8B1@kneschke.de> Message-ID: <000601bf64d5$5db0e930$0a00a8c0@office.striker.nl> >> - Is it possible to do a sync between Samba BDC and NT PDC using >> smbpasswd -S, or is another command te be used? > http://www.kneschke.de/projekte/samba_tng/samba_bdc.php3 I know, I've seen and read the FAQ, but I wish to do this from a crontab. Can you do something like: echo "samsync" | rpcclient -S THEPDCNAME -U admin%pass -W THEPDCDOMAINNAME >> - Is it possible to unjoin from a domain? You can join, but can you >> move to another domain at a later time? > Yes. Create a new Worktstation Trust Account on the new PDC and do > smbpasswd -j "domainname" on the samba server that shuld join the > domain. OK. That's the joining part, but aren't you still a member of the first domain you joined? How do you 'unjoin'? Or, can you only be a member of one domain? Greetings, Sander Striker From vs at lasp.npi.msu.su Sat Jan 22 12:45:40 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:09 2003 Subject: domain map group fail In-Reply-To: Your message of "Sat, 22 Jan 2000 07:01:56 +1100." Message-ID: <200001221245.PAA20745@lasp.npi.msu.su> On Sat, 22 Jan 2000 07:01:56 +1100 =?ISO-8859-2?Q?=C8olovi=E6_Igor?= wrote: -------- > if this sound stupid please corect me. Have you tryed to put in > domainuser.map: > > admin=root > > Maybe this will help. > No, the order is correct: root=admin. But the problem is that SAMBA_HEAD doesn't recognize the "domain group map" parameter. I solve this problem by moving admin from group adm to domainadmin, because adm has the same user name. However this still doesn't give admin the domain admin privileges. From lars at kneschke.de Sat Jan 22 14:20:55 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? References: <000601bf64d5$5db0e930$0a00a8c0@office.striker.nl> Message-ID: <3889BCC7.65D758AF@kneschke.de> "S. Striker" wrote: > > >> - Is it possible to do a sync between Samba BDC and NT PDC using > >> smbpasswd -S, or is another command te be used? > > http://www.kneschke.de/projekte/samba_tng/samba_bdc.php3 > > I know, I've seen and read the FAQ, but I wish to do this from a > crontab. Can you do something like: > echo "samsync" | rpcclient -S THEPDCNAME -U admin%pass -W THEPDCDOMAINNAME I don't have the source here. But have you read the manpage for rpcclient. There must be a way to do this. > >> - Is it possible to unjoin from a domain? You can join, but can you > >> move to another domain at a later time? > > Yes. Create a new Worktstation Trust Account on the new PDC and do > > smbpasswd -j "domainname" on the samba server that shuld join the > > domain. > > OK. That's the joining part, but aren't you still a member of the first > domain you joined? How do you 'unjoin'? Or, can you only be a member > of one domain? In the "private" directory exists a *.mac file, after you have joined the domain(i think domainname.netbiosname.mac). If you delete this file you can't log in the domain anymore. You can also delete the workstation trust account on the pdc. Cu -- Do you like Samba? Do you know KSamba? Try http://www.kneschke.de/projekte/ksamba!! Or watch our other projects at http://www.kneschke.de/projekte! From Elrond at Wunder-Nett.org Sat Jan 22 14:39:13 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:09 2003 Subject: trouble with libtool on IRIX In-Reply-To: ; from Greg Dickie on Fri, Jan 21, 2000 at 04:26:29PM -0500 References: <20000121200045.E14842@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000122153912.B15830@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jan 21, 2000 at 04:26:29PM -0500, Greg Dickie wrote: > > Hi Elrond, > > This change make it work. U R great! > > thanks, > Greg [...] Okay, I've sent a patch to Luke, that will make configure create a fixed libtool. I'm currently thinking about making static libraries the default. And people, who want shared libs, can call configure with --enable-shared. am-utils is made this way for example. Okay... Let's hope, that libtool isn't broken on more platforms too. Elrond From Elrond at Wunder-Nett.org Sat Jan 22 14:45:47 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? In-Reply-To: <3889BCC7.65D758AF@kneschke.de>; from Lars Kneschke on Sun, Jan 23, 2000 at 01:28:34AM +1100 References: <000601bf64d5$5db0e930$0a00a8c0@office.striker.nl> <3889BCC7.65D758AF@kneschke.de> Message-ID: <20000122154547.A19382@baerbel.mug.maschinenbau.tu-darmstadt.de> On Sun, Jan 23, 2000 at 01:28:34AM +1100, Lars Kneschke wrote: > "S. Striker" wrote: > > > > >> - Is it possible to do a sync between Samba BDC and NT PDC using > > >> smbpasswd -S, or is another command te be used? > > > http://www.kneschke.de/projekte/samba_tng/samba_bdc.php3 > > > > I know, I've seen and read the FAQ, but I wish to do this from a > > crontab. Can you do something like: > > echo "samsync" | rpcclient -S THEPDCNAME -U admin%pass -W THEPDCDOMAINNAME > I don't have the source here. But have you read the manpage for > rpcclient. > There must be a way to do this. Did you ever invoke rpcclient without any arguments? It says: [...] -c command string execute semicolon separated commands [...] So rpcclient -S THEPDCNAME -U admin%pass -W THEPDCDOMAINNAME -c samsync should do the trick, I hope. Elrond From lynn at cis.usouthal.edu Sat Jan 22 15:02:17 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:09 2003 Subject: Printer accounting on RedHat Linux 6.0 Message-ID: I have been able to get Samba to act as a PDC. I am using RedHat Linux 6.0. I have a printer available through Samba and have placed an af entry in the printcap file. How do I get the printer accounting to turn on? I assume this is more of a Linux problem than Samba, but I thought someone might know. Thanks. Keith Lynn From flynn at engsoc.queensu.ca Sat Jan 22 15:13:05 2000 From: flynn at engsoc.queensu.ca (Kevin Everets) Date: Tue Dec 2 02:28:09 2003 Subject: Question Re: NTDOM+LDAP Message-ID: <20000122101305.A17245@engsoc.queensu.ca> Grr. We're having a bit of a frustrating time trying to get Samba to play nicely with LDAP. Following the HowTo at: http://www.unav.es/cti/ldap-smb-howto.html we got through to trying to use smbpasswd to populate the passwd database. At this point, though, we just keep getting the following when attempting to add either a machine name or a user password: [root@engsoc lib]# smbpasswd -am WIGGUM -D 255 load_client_codepage: filename /etc/samba/lib/codepages/codepage.850 does not exist. getpwnam(WIGGUM$) Building passwd hash table Building passwd hash table for the first time Found: WIGGUM$:*:504:102:NT Workstation Account:/home/WIGGUM$:/bin/bash getpwnam(WIGGUM$) Found: WIGGUM$:*:504:102:NT Workstation Account:/home/WIGGUM$:/bin/bash bind: Inappropriate authentication pwdb_smb_map_names: NULL pwdb_smb_map_names: unix NULL nt WIGGUM$ unix 504 nt-1 lookupsmbpwuid: unix uid 504 initialising map uidtoname(504) Found: WIGGUM$:*:504:102:NT Workstation Account:/home/WIGGUM$:/bin/bash Allocating new RID bind: Inappropriate authentication Failed to add entry for user WIGGUM$. Failed to change password entry for WIGGUM$ We're using the CVS code from 1999-10-15, and can see the database is working in OpenLdap (1.2.7) by getting back expected results from ldapsearch commands. Any ideas on how to proceed from here would be muchly appreciated at this point. Thanks in advance, Kevin Everets. From lkcl at samba.org Sat Jan 22 15:14:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:09 2003 Subject: samba-tng, samba-main (Thoughts questions etc.) In-Reply-To: Message-ID: On Sat, 22 Jan 2000, Tracey Maru wrote: > Well I have been playing with current samba-main and tng for about 2 weeks > now, and have successfully been able to get some stuff working great and > other stuff remains sketchy. After reading the many pages and list > archives, I am still confused about certain functionality etc. Please bear > with me as I explain what I have discovered so far. > > My first venture was to try the samba-main dist that came packaged with my hi tracey, that's not samba-main. samba-main is cvs main. i.e cvs co samba with no tag, instead of cvs co -R SAMBA_TNG. i wonder if anyone else has made this mistake... From greg at discreet.com Sat Jan 22 15:27:28 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? In-Reply-To: <000501bf64c4$cb0da560$0a00a8c0@office.striker.nl> Message-ID: I agree it's annoying but it can be used, just change the URL you get from the search but putiing /current/ just before the html file. Greg On 22-Jan-00 S. Striker wrote: > Hi, > > I was just browsing through the mail archives and stumbled across > a few things. It's very annoying btw that the search results are > wrongly linked; you have to _browse_ through all the messages. > > What's the status on: > - interdomain trust relations (for trusted _and_ trusting relations) > - general documentation (besides the FAQ from Lars) > (I know this is not your department Luke ;-) ) > - integration of TNG tree with HEAD > (It has been quiet in the bugs department this week ;-) ) > - printing (W2K, NT4SPx, W98) and 'driver downloads' > (I haven't been able to test this with TNG yet) > > And some other questions: > - Is it possible to do a sync between Samba BDC and NT PDC using > smbpasswd -S, or is another command te be used? > - Is it possible to unjoin from a domain? You can join, but can you > move to another domain at a later time? > > Greetings, > > Sander Striker ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From lkcl at samba.org Sat Jan 22 15:40:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? In-Reply-To: <000501bf64c4$cb0da560$0a00a8c0@office.striker.nl> Message-ID: On Sat, 22 Jan 2000, S. Striker wrote: > Hi, > > I was just browsing through the mail archives and stumbled across > a few things. It's very annoying btw that the search results are > wrongly linked; you have to _browse_ through all the messages. > > What's the status on: > - interdomain trust relations (for trusted _and_ trusting relations) it works, but not seriously. i have the jmajor bits. we don't have a SURS table system in place in order to map DOMAIN\user to unixuser properly, yet, so it's likely to be a bit flakey. > - integration of TNG tree with HEAD > (It has been quiet in the bugs department this week ;-) ) yeah, innit great? means i'm not doing my job properly. > And some other questions: > - Is it possible to do a sync between Samba BDC and NT PDC using > smbpasswd -S, or is another command te be used? rpcclient's "samsync" command. > - Is it possible to unjoin from a domain? You can join, but can you > move to another domain at a later time? well... yeah, of course! From lkcl at samba.org Sat Jan 22 15:41:47 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? In-Reply-To: <000601bf64d5$5db0e930$0a00a8c0@office.striker.nl> Message-ID: On Sat, 22 Jan 2000, S. Striker wrote: > > >> - Is it possible to do a sync between Samba BDC and NT PDC using > >> smbpasswd -S, or is another command te be used? > > http://www.kneschke.de/projekte/samba_tng/samba_bdc.php3 > > I know, I've seen and read the FAQ, but I wish to do this from a > crontab. Can you do something like: > echo "samsync" | rpcclient -S THEPDCNAME -U admin%pass -W THEPDCDOMAINNAME rpcclient -S pdc -U admin%pass -W domain -e "lsaquery ; samsync". the -e comes over from smbclient code fro over two years ago. From lkcl at samba.org Sat Jan 22 15:49:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:09 2003 Subject: trouble with libtool on IRIX In-Reply-To: <20000122153912.B15830@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > Okay, I've sent a patch to Luke, that will make configure > create a fixed libtool. got it. > I'm currently thinking about making static libraries the > default. And people, who want shared libs, can call eek! > Okay... Let's hope, that libtool isn't broken on more > platforms too. kit will be. we just have to find them. let's leave it at the most-broken, most-bug-catching settings, for now. From greg at discreet.com Sat Jan 22 15:54:54 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:09 2003 Subject: trouble with libtool on IRIX In-Reply-To: Message-ID: I agree, DSOs are the way to go, if its the default it will stabilize faster. It's been quite painless considering the scope of the change. nice work! Thanks for the help Elrond, Greg On 22-Jan-00 Luke Kenneth Casson Leighton wrote: >> Okay, I've sent a patch to Luke, that will make configure >> create a fixed libtool. > > got it. > >> I'm currently thinking about making static libraries the >> default. And people, who want shared libs, can call > > eek! > >> Okay... Let's hope, that libtool isn't broken on more >> platforms too. > > kit will be. we just have to find them. > > let's leave it at the most-broken, most-bug-catching settings, for now. ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From paden at hetnet.nl Sat Jan 22 17:30:53 2000 From: paden at hetnet.nl (Paul de Nooijer) Date: Tue Dec 2 02:28:09 2003 Subject: subscribe Message-ID: <000801bf64fe$6f6c42e0$0100a8c0@tref.nl> subscribe -------------- next part -------------- HTML attachment scrubbed and removed From s.striker at striker.nl Sat Jan 22 18:02:48 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? In-Reply-To: Message-ID: <000301bf6502$e487fac0$0a00a8c0@office.striker.nl> >>>> - Is it possible to do a sync between Samba BDC and NT PDC using >>>> smbpasswd -S, or is another command te be used? >>> http://www.kneschke.de/projekte/samba_tng/samba_bdc.php3 >> >> I know, I've seen and read the FAQ, but I wish to do this from a >> crontab. Can you do something like: >> echo "samsync" | rpcclient -S THEPDCNAME -U admin%pass -W THEPDCDOMAINNAME > > rpcclient -S pdc -U admin%pass -W domain -e "lsaquery ; samsync". > the -e comes over from smbclient code from over two years ago. Oops. Could have found that one in the man pages. Sorry. By the way, it says -c like Elrond said. However, does smbpasswd -S also work, or is this outdated? Greetings, Sander Striker From lkcl at samba.org Sat Jan 22 18:02:47 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? In-Reply-To: <000301bf6502$e487fac0$0a00a8c0@office.striker.nl> Message-ID: i really don't want smbpasswd to be doing remote updates. in fact, i really don't want rpcclient to be doing _local_ updates! i'm going to be modifying rpcclient so that it doesn't have to use libsmbpw.so, and smbclient so that it doesn't ahave to use libmsrpc.so. does that make any sense? :) luke On Sat, 22 Jan 2000, S. Striker wrote: > > >>>> - Is it possible to do a sync between Samba BDC and NT PDC using > >>>> smbpasswd -S, or is another command te be used? > >>> http://www.kneschke.de/projekte/samba_tng/samba_bdc.php3 > >> > >> I know, I've seen and read the FAQ, but I wish to do this from a > >> crontab. Can you do something like: > >> echo "samsync" | rpcclient -S THEPDCNAME -U admin%pass -W > THEPDCDOMAINNAME > > > > rpcclient -S pdc -U admin%pass -W domain -e "lsaquery ; samsync". > > the -e comes over from smbclient code from over two years ago. > > Oops. Could have found that one in the man pages. Sorry. By the way, > it says -c like Elrond said. However, does smbpasswd -S also work, or is > this > outdated? > > Greetings, > > Sander Striker > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sat Jan 22 18:06:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:09 2003 Subject: SAMBA TNG - Alpha release Message-ID: for the benefit of those people who are unable to use cvs, i have created an alpha release of SAMBA_TNG: ftp://samba.org/pub/samba/alpha/samba-tng-alpha.0.0.tar.gz please read the WHATSNEW.txt and the source/README *before* proceeding. regards, luke (samba team, iss x-force research). Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From s.striker at striker.nl Sat Jan 22 18:42:10 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:28:09 2003 Subject: Status on...? In-Reply-To: Message-ID: <000401bf6508$646270e0$0a00a8c0@office.striker.nl> > i really don't want smbpasswd to be doing remote updates. in fact, i > really don't want rpcclient to be doing _local_ updates! > > i'm going to be modifying rpcclient so that it doesn't have to use > libsmbpw.so, and smbclient so that it doesn't ahave to use libmsrpc.so. > > does that make any sense? :) Yep, that makes a lot of sense. The only thing left after these changes is for both tools a new/updated manpage... :^) > luke Sander From saraceno at ccs.neu.edu Sat Jan 22 21:43:49 2000 From: saraceno at ccs.neu.edu (Robert Saraceno, Jr.) Date: Tue Dec 2 02:28:09 2003 Subject: Where do I find it? Message-ID: Where do I find the lastest version of samba with NT domain support? If there is also a non CVS way of getting, please let me know. Thanks. From lars at kneschke.de Sat Jan 22 22:00:16 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:09 2003 Subject: Where do I find it? References: Message-ID: <388A2870.BD01AD2E@kneschke.de> "Robert Saraceno, Jr." wrote: > > Where do I find the lastest version of samba with NT domain support? If > there is also a non CVS way of getting, please let me know. I have created a webpage, where you find the neccesary informations. http://www.kneschke.de/projekte/samba_tng You can get a tar-ball from http://sernet.pair.com/ Cu -- Do you like Samba? Do you know KSamba? Try http://www.kneschke.de/projekte/ksamba!! Or watch our other projects at http://www.kneschke.de/projekte! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 1251 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000122/6e5a3801/smime.bin From lkcl at samba.org Sun Jan 23 04:17:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:09 2003 Subject: Where do I find it? In-Reply-To: <388A2870.BD01AD2E@kneschke.de> Message-ID: lars, i did a mini-release and i will probably continue to do one regularly from now on. On Sun, 23 Jan 2000, Lars Kneschke wrote: > "Robert Saraceno, Jr." wrote: > > > > Where do I find the lastest version of samba with NT domain support? If > > there is also a non CVS way of getting, please let me know. > I have created a webpage, where you find the neccesary informations. > http://www.kneschke.de/projekte/samba_tng > > You can get a tar-ball from > http://sernet.pair.com/ > > > Cu > -- > > Do you like Samba? > Do you know KSamba? > Try http://www.kneschke.de/projekte/ksamba!! > Or watch our other projects at http://www.kneschke.de/projekte! Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From vperez69 at hotmail.com Sun Jan 23 05:52:03 2000 From: vperez69 at hotmail.com (Victor Perez) Date: Tue Dec 2 02:28:09 2003 Subject: information wanted Message-ID: <20000123055203.87895.qmail@hotmail.com> would like to setup a linux box as a PDC for win98 stations. how? ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From vs at lasp.npi.msu.su Sun Jan 23 08:45:59 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:09 2003 Subject: SAMBA TNG - Alpha release In-Reply-To: Your message of "Sun, 23 Jan 2000 05:23:47 +1100." Message-ID: <200001230846.LAA14548@lasp.npi.msu.su> On Sun, 23 Jan 2000 05:23:47 +1100 Luke Kenneth Casson Leighton wrote: -------- Tonight I have downloaded both latest SAMBA_TNG & SAMBA_HEAD. Both are excellent working in all basics operations, except that TNG does not printing, while HEAD does. With TNG printer even unseen in browser. Luck, if in TNG printing need some specific configuration, different from one in HEAD? In any way, my congratulations to You, Luck. Certainly, it's a great work! From vs at lasp.npi.msu.su Sun Jan 23 09:03:01 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:09 2003 Subject: SAMBA TNG - Alpha release In-Reply-To: Your message of "Sun, 23 Jan 2000 05:23:47 +1100." Message-ID: <200001230903.MAA14591@lasp.npi.msu.su> On Sun, 23 Jan 2000 05:23:47 +1100 Luke Kenneth Casson Leighton wrote: -------- P.S. Sorry, missing one note: installer need light fixing: libsmbpw.la, /etc/libsmbpw.so.0 -> libsmbpw.so.0.0.1 these libs does not installing, thus should be placed by hand. From daniel.sandmeier at ca.kamp.net Sun Jan 23 13:12:14 2000 From: daniel.sandmeier at ca.kamp.net (Daniel Sandmeier) Date: Tue Dec 2 02:28:09 2003 Subject: AW: information wanted In-Reply-To: <20000123055203.87895.qmail@hotmail.com> Message-ID: Just install the last version (2.06) of Samba, and read the FAQs on www.samba.org The documentation there is really clear and even understandeble for someone who doesn't have used Samba before!! Yours Sandos187 From sharpe at ns.aus.com Sun Jan 23 14:18:40 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:09 2003 Subject: Wow, latest Samba-TNG reduces the size of RPMs Message-ID: <3.0.6.32.20000124001840.00955e50@203.16.214.248> Hi, I just made RPMs for Samba-2.1.0-prealpha for TurboLinux. The Samba rpm came down in size from 2.8M to 800k! Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From kbn at pjat.dk Sun Jan 23 13:20:58 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:09 2003 Subject: Problems compiling Samba-TNG for IRIX Message-ID: <388B003A.27E2678E@pjat.dk> Hi, Using the instructions from www.kneschke.de, Succesfully installed cvs, gcc and misc. IRIX libs & headers. Downloaded latest source via cvs. Succesfully (it seems) ran ./configure prx 14# ./configure --prefix=/opt/samba-tng loading cache ./config.cache checking for gcc... (cached) gcc snip... checking statvfs function (SVR4)... (cached) yes checking configure summary configure OK creating ./config.status creating include/stamp-h creating Makefile creating include/config.h include/config.h is unchanged prx 15# make make: file `Makefile' line 308: Syntax error prx 16# ...hmm! syntax error line 308: SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) \ $(UBIQX_OBJ) \ $(RPC_SRVUTIL_OBJ) \ $(LOCKING_OBJ) $(PROFILE_OBJ) \ $(LIBSTATUS_OBJ) Does anyone have any ideas? Thanks - Kim From greg at discreet.com Sun Jan 23 14:01:39 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:09 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <388B003A.27E2678E@pjat.dk> Message-ID: Use gnumake. Greg On 23-Jan-00 Kim Bjoern Nielsen wrote: > Hi, > > Using the instructions from www.kneschke.de, > > Succesfully installed cvs, gcc and misc. IRIX libs & headers. > > Downloaded latest source via cvs. > > Succesfully (it seems) ran ./configure > > prx 14# ./configure --prefix=/opt/samba-tng > loading cache ./config.cache > checking for gcc... (cached) gcc > > snip... > > checking statvfs function (SVR4)... (cached) yes > checking configure summary > configure OK > creating ./config.status > creating include/stamp-h > creating Makefile > creating include/config.h > include/config.h is unchanged > prx 15# make > make: file `Makefile' line 308: Syntax error > prx 16# > > ..hmm! syntax error line 308: > > SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) \ > $(UBIQX_OBJ) \ > $(RPC_SRVUTIL_OBJ) \ > $(LOCKING_OBJ) $(PROFILE_OBJ) \ > $(LIBSTATUS_OBJ) > > Does anyone have any ideas? > > Thanks - Kim ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From kbn at pjat.dk Sun Jan 23 14:34:22 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:09 2003 Subject: Problems compiling Samba-TNG for IRIX References: Message-ID: <388B116E.C5E9121E@pjat.dk> Greg Dickie wrote: Thanks Greg, > > Use gnumake. Just tried gmake ver. 3.76.1. That produced lots of funny errors (-: Beginning with: prx 19# cd /usr/src/samba-tng/samba/source/ prx 20# gmake Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE="/opt/samba-tng/var" -DSMBLOGFILE="/opt/samba-tng/var/log.smb" -DNMBLOGFILE="/opt/samba-tng/var/log.nmb" -DCONFIGFILE="/opt/samba-tng/lib/smb.conf" -DLMHOSTSFILE="/opt/samba-tng/lib/lmhosts" -DSWATDIR="/opt/samba-tng/swat" -DSBINDIR="/opt/samba-tng/bin" -DLOCKDIR="/opt/samba-tng/var/locks" -DSMBRUN="/opt/samba-tng/bin/smbrun" -DCODEPAGEDIR="/opt/samba-tng/lib/codepages" -DDRIVERFILE="/opt/samba-tng/lib/printers.def" -DBINDIR="/opt/samba-tng/bin" -DFORMSFILE="/opt/samba-tng/lib/ntforms.def" -DNTDRIVERSDIR="/opt/samba-tng/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/opt/samba-tng/bin/smbpasswd" -DSMB_PASSWD_FILE="/opt/samba-tng/private/smbpasswd" -DSMB_PASSGRP_FILE="/opt/samba-tng/private/smbpassgrp" -DSMB_GROUP_FILE="/opt/samba-tng/private/smbgroup" -DSMB_ALIAS_FILE="/opt/samba-tng/private/smbalias" Using LIBS = Compiling param/loadparm.c with libtool In file included from include/includes.h:58, from param/loadparm.c:50: /usr/include/sys/types.h:115: warning: empty declaration /usr/include/sys/types.h:120: warning: empty declaration /usr/include/sys/types.h:218: warning: empty declaration In file included from include/smb.h:28, from include/includes.h:565, from param/loadparm.c:50: include/md5.h:27: parse error before `uint32' include/md5.h:27: warning: no semicolon at end of struct or union include/md5.h:28: warning: data definition has no type or storage class include/md5.h:30: parse error before `}' In file included from include/smb.h:29, from include/includes.h:565, from param/loadparm.c:50: include/hmacmd5.h:27: field `ctx' has incomplete type In file included from include/includes.h:565, from param/loadparm.c:50: include/smb.h:271: parse error before `uint32' include/smb.h:271: warning: no semicolon at end of struct or union include/smb.h:272: warning: data definition has no type or storage class include/smb.h:274: warning: data definition has no type or storage class include/smb.h:294: parse error before `NTTIME' include/smb.h:294: warning: no semicolon at end of struct or union include/smb.h:295: warning: data definition has no type or storage class include/smb.h:296: parse error before `kickoff_time' include/smb.h:296: warning: data definition has no type or storage class lots of: param/loadparm.c:1342: request for member `szDontdescend' in something not a structure or union and finally: param/loadparm.c:3054: request for member `bPreferredMaster' in something not a structure or union include/client.h: At top level: include/client.h:117: storage size of `nt' isn't known make: *** [param/loadparm.lo] Error 1 prx 16# Any ideas? Thanks - Kim > > Greg > > On 23-Jan-00 Kim Bjoern Nielsen wrote: > > Hi, > > > > Using the instructions from www.kneschke.de, > > > > Succesfully installed cvs, gcc and misc. IRIX libs & headers. > > > > Downloaded latest source via cvs. > > > > Succesfully (it seems) ran ./configure > > > > prx 14# ./configure --prefix=/opt/samba-tng > > loading cache ./config.cache > > checking for gcc... (cached) gcc > > > > snip... > > > > checking statvfs function (SVR4)... (cached) yes > > checking configure summary > > configure OK > > creating ./config.status > > creating include/stamp-h > > creating Makefile > > creating include/config.h > > include/config.h is unchanged > > prx 15# make > > make: file `Makefile' line 308: Syntax error > > prx 16# > > > > ..hmm! syntax error line 308: > > > > SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) \ > > $(UBIQX_OBJ) \ > > $(RPC_SRVUTIL_OBJ) \ > > $(LOCKING_OBJ) $(PROFILE_OBJ) \ > > $(LIBSTATUS_OBJ) > > > > Does anyone have any ideas? > > > > Thanks - Kim > > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- From appro at fy.chalmers.se Sun Jan 23 14:46:17 2000 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:28:09 2003 Subject: Problems compiling Samba-TNG for IRIX References: <388B003A.27E2678E@pjat.dk> Message-ID: <388B1439.4D3A2F8A@fy.chalmers.se> > IRIX > checking for gcc... (cached) gcc Is it supported? GNU C and MIPSpro C (the one IRIX libc compiled with:-) pass (short) structures in incompatible ways which used to make samba fail miserably (at run-time). See http://gcc.gnu.org/install/specific.html#mips*-sgi-irix6 for further details. I can't see no reason why it can't be resolved by e.g. linking with a module which overloads offended libc calls, fixes arguments up and then passes control to the real libc functions, but was it actually done? Andy. From snail_talk at yahoo.com Sun Jan 23 15:21:59 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:28:09 2003 Subject: Wow, latest Samba-TNG reduces the size of RPMs References: <3.0.6.32.20000124001840.00955e50@203.16.214.248> Message-ID: <388B1C97.FAEB9C99@yahoo.com> hello richard, currently using 2.0.6, but i'm willing to try out pre-alpha rpm. i'm currently using linux mandrake which gives me funny messages when i try to install a non-mandrake samba rpm (with the .so files.) and samba becomes broken when i use a non-mandrake rpm. (i wonde why that happens...) well, anyway, i guess if the pre-alpha rpm is available somewhere on the samba site hten more people may be willing to try out the pre-alpha version. which i guess is a _good_ thing. Richard Sharpe wrote: > > Hi, > > I just made RPMs for Samba-2.1.0-prealpha for TurboLinux. > > The Samba rpm came down in size from 2.8M to 800k! > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Co-author, SAMS Teach Yourself Samba in 24 Hours > Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course -- Regards, snail talk (geoff) From greg at discreet.com Sun Jan 23 15:22:02 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:09 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <388B116E.C5E9121E@pjat.dk> Message-ID: Are you using the IRIX C compiler? The TNG branch hasn't compiled with it for a while, I'm using gcc now. You can get it off the sgi free stuff web site. The cvs head branch however still seems to work with the native IRIX make and C compiler. Course I haven't check the logs for a couple of days, maybe it doesn't compile... Greg On 23-Jan-00 Kim Bjoern Nielsen wrote: > Greg Dickie wrote: > > Thanks Greg, > >> >> Use gnumake. > > Just tried gmake ver. 3.76.1. > > That produced lots of funny errors (-: > > Beginning with: > > prx 19# cd /usr/src/samba-tng/samba/source/ > prx 20# gmake > Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper > -DLOGFILEBASE="/opt/samba-tng/var" > -DSMBLOGFILE="/opt/samba-tng/var/log.smb" > -DNMBLOGFILE="/opt/samba-tng/var/log.nmb" > -DCONFIGFILE="/opt/samba-tng/lib/smb.conf" > -DLMHOSTSFILE="/opt/samba-tng/lib/lmhosts" > -DSWATDIR="/opt/samba-tng/swat" -DSBINDIR="/opt/samba-tng/bin" > -DLOCKDIR="/opt/samba-tng/var/locks" > -DSMBRUN="/opt/samba-tng/bin/smbrun" > -DCODEPAGEDIR="/opt/samba-tng/lib/codepages" > -DDRIVERFILE="/opt/samba-tng/lib/printers.def" > -DBINDIR="/opt/samba-tng/bin" > -DFORMSFILE="/opt/samba-tng/lib/ntforms.def" > -DNTDRIVERSDIR="/opt/samba-tng/lib" -DHAVE_INCLUDES_H > -DPASSWD_PROGRAM="/bin/passwd" > -DSMB_PASSWD_PROGRAM="/opt/samba-tng/bin/smbpasswd" > -DSMB_PASSWD_FILE="/opt/samba-tng/private/smbpasswd" > -DSMB_PASSGRP_FILE="/opt/samba-tng/private/smbpassgrp" > -DSMB_GROUP_FILE="/opt/samba-tng/private/smbgroup" > -DSMB_ALIAS_FILE="/opt/samba-tng/private/smbalias" > Using LIBS = > Compiling param/loadparm.c with libtool > In file included from include/includes.h:58, > from param/loadparm.c:50: > /usr/include/sys/types.h:115: warning: empty declaration > /usr/include/sys/types.h:120: warning: empty declaration > /usr/include/sys/types.h:218: warning: empty declaration > In file included from include/smb.h:28, > from include/includes.h:565, > from param/loadparm.c:50: > include/md5.h:27: parse error before `uint32' > include/md5.h:27: warning: no semicolon at end of struct or union > include/md5.h:28: warning: data definition has no type or storage class > include/md5.h:30: parse error before `}' > In file included from include/smb.h:29, > from include/includes.h:565, > from param/loadparm.c:50: > include/hmacmd5.h:27: field `ctx' has incomplete type > In file included from include/includes.h:565, > from param/loadparm.c:50: > include/smb.h:271: parse error before `uint32' > include/smb.h:271: warning: no semicolon at end of struct or union > include/smb.h:272: warning: data definition has no type or storage class > include/smb.h:274: warning: data definition has no type or storage class > include/smb.h:294: parse error before `NTTIME' > include/smb.h:294: warning: no semicolon at end of struct or union > include/smb.h:295: warning: data definition has no type or storage class > include/smb.h:296: parse error before `kickoff_time' > include/smb.h:296: warning: data definition has no type or storage class > > > lots of: > > param/loadparm.c:1342: request for member `szDontdescend' in something > not a structure or union > > and finally: > > param/loadparm.c:3054: request for member `bPreferredMaster' in > something not a structure or union > include/client.h: At top level: > include/client.h:117: storage size of `nt' isn't known > make: *** [param/loadparm.lo] Error 1 > prx 16# > > Any ideas? > > Thanks - Kim > >> >> Greg >> >> On 23-Jan-00 Kim Bjoern Nielsen wrote: >> > Hi, >> > >> > Using the instructions from www.kneschke.de, >> > >> > Succesfully installed cvs, gcc and misc. IRIX libs & headers. >> > >> > Downloaded latest source via cvs. >> > >> > Succesfully (it seems) ran ./configure >> > >> > prx 14# ./configure --prefix=/opt/samba-tng >> > loading cache ./config.cache >> > checking for gcc... (cached) gcc >> > >> > snip... >> > >> > checking statvfs function (SVR4)... (cached) yes >> > checking configure summary >> > configure OK >> > creating ./config.status >> > creating include/stamp-h >> > creating Makefile >> > creating include/config.h >> > include/config.h is unchanged >> > prx 15# make >> > make: file `Makefile' line 308: Syntax error >> > prx 16# >> > >> > ..hmm! syntax error line 308: >> > >> > SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) \ >> > $(UBIQX_OBJ) \ >> > $(RPC_SRVUTIL_OBJ) \ >> > $(LOCKING_OBJ) $(PROFILE_OBJ) \ >> > $(LIBSTATUS_OBJ) >> > >> > Does anyone have any ideas? >> > >> > Thanks - Kim >> >> ---------------------------------- >> Greg Dickie >> just a guy* >> *from Discreet (the Logic is gone) >> ---------------------------------- ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From greg at discreet.com Sun Jan 23 15:23:52 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <388B1439.4D3A2F8A@fy.chalmers.se> Message-ID: I'm using gcc from the sgi website with no ill effects. Greg On 23-Jan-00 Andy Polyakov wrote: >> IRIX >> checking for gcc... (cached) gcc > Is it supported? GNU C and MIPSpro C (the one IRIX libc compiled with:-) > pass (short) structures in incompatible ways which used to make samba > fail miserably (at run-time). See > http://gcc.gnu.org/install/specific.html#mips*-sgi-irix6 for further > details. I can't see no reason why it can't be resolved by e.g. linking > with a module which overloads offended libc calls, fixes arguments up > and then passes control to the real libc functions, but was it actually > done? > > Andy. ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From kbn at pjat.dk Sun Jan 23 15:32:40 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX References: Message-ID: <388B1F18.A0D78507@pjat.dk> Greg Dickie wrote: > > Are you using the IRIX C compiler? The TNG branch hasn't compiled with it for a > while, I'm using gcc now. You can get it off the sgi free stuff web site. The > cvs head branch however still seems to work with the native IRIX make and C > compiler. Course I haven't check the logs for a couple of days, maybe it > doesn't compile... > I'm using the gcc ver. 2.8.1 (fw_gcc-2.8.1-sgipl2.tardist) I have just downloaded fw_egcs-1.1.2.tardist. Maybe that's better? Thanks - Kim > Greg > > On 23-Jan-00 Kim Bjoern Nielsen wrote: > > Greg Dickie wrote: > > > > Thanks Greg, > > > >> > >> Use gnumake. > > > > Just tried gmake ver. 3.76.1. > > > > That produced lots of funny errors (-: > > > > Beginning with: > > > > prx 19# cd /usr/src/samba-tng/samba/source/ > > prx 20# gmake > > Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper > > -DLOGFILEBASE="/opt/samba-tng/var" > > -DSMBLOGFILE="/opt/samba-tng/var/log.smb" > > -DNMBLOGFILE="/opt/samba-tng/var/log.nmb" > > -DCONFIGFILE="/opt/samba-tng/lib/smb.conf" > > -DLMHOSTSFILE="/opt/samba-tng/lib/lmhosts" > > -DSWATDIR="/opt/samba-tng/swat" -DSBINDIR="/opt/samba-tng/bin" > > -DLOCKDIR="/opt/samba-tng/var/locks" > > -DSMBRUN="/opt/samba-tng/bin/smbrun" > > -DCODEPAGEDIR="/opt/samba-tng/lib/codepages" > > -DDRIVERFILE="/opt/samba-tng/lib/printers.def" > > -DBINDIR="/opt/samba-tng/bin" > > -DFORMSFILE="/opt/samba-tng/lib/ntforms.def" > > -DNTDRIVERSDIR="/opt/samba-tng/lib" -DHAVE_INCLUDES_H > > -DPASSWD_PROGRAM="/bin/passwd" > > -DSMB_PASSWD_PROGRAM="/opt/samba-tng/bin/smbpasswd" > > -DSMB_PASSWD_FILE="/opt/samba-tng/private/smbpasswd" > > -DSMB_PASSGRP_FILE="/opt/samba-tng/private/smbpassgrp" > > -DSMB_GROUP_FILE="/opt/samba-tng/private/smbgroup" > > -DSMB_ALIAS_FILE="/opt/samba-tng/private/smbalias" > > Using LIBS = > > Compiling param/loadparm.c with libtool > > In file included from include/includes.h:58, > > from param/loadparm.c:50: > > /usr/include/sys/types.h:115: warning: empty declaration > > /usr/include/sys/types.h:120: warning: empty declaration > > /usr/include/sys/types.h:218: warning: empty declaration > > In file included from include/smb.h:28, > > from include/includes.h:565, > > from param/loadparm.c:50: > > include/md5.h:27: parse error before `uint32' > > include/md5.h:27: warning: no semicolon at end of struct or union > > include/md5.h:28: warning: data definition has no type or storage class > > include/md5.h:30: parse error before `}' > > In file included from include/smb.h:29, > > from include/includes.h:565, > > from param/loadparm.c:50: > > include/hmacmd5.h:27: field `ctx' has incomplete type > > In file included from include/includes.h:565, > > from param/loadparm.c:50: > > include/smb.h:271: parse error before `uint32' > > include/smb.h:271: warning: no semicolon at end of struct or union > > include/smb.h:272: warning: data definition has no type or storage class > > include/smb.h:274: warning: data definition has no type or storage class > > include/smb.h:294: parse error before `NTTIME' > > include/smb.h:294: warning: no semicolon at end of struct or union > > include/smb.h:295: warning: data definition has no type or storage class > > include/smb.h:296: parse error before `kickoff_time' > > include/smb.h:296: warning: data definition has no type or storage class > > > > > > lots of: > > > > param/loadparm.c:1342: request for member `szDontdescend' in something > > not a structure or union > > > > and finally: > > > > param/loadparm.c:3054: request for member `bPreferredMaster' in > > something not a structure or union > > include/client.h: At top level: > > include/client.h:117: storage size of `nt' isn't known > > make: *** [param/loadparm.lo] Error 1 > > prx 16# > > > > Any ideas? > > > > Thanks - Kim > > > >> > >> Greg > >> > >> On 23-Jan-00 Kim Bjoern Nielsen wrote: > >> > Hi, > >> > > >> > Using the instructions from www.kneschke.de, > >> > > >> > Succesfully installed cvs, gcc and misc. IRIX libs & headers. > >> > > >> > Downloaded latest source via cvs. > >> > > >> > Succesfully (it seems) ran ./configure > >> > > >> > prx 14# ./configure --prefix=/opt/samba-tng > >> > loading cache ./config.cache > >> > checking for gcc... (cached) gcc > >> > > >> > snip... > >> > > >> > checking statvfs function (SVR4)... (cached) yes > >> > checking configure summary > >> > configure OK > >> > creating ./config.status > >> > creating include/stamp-h > >> > creating Makefile > >> > creating include/config.h > >> > include/config.h is unchanged > >> > prx 15# make > >> > make: file `Makefile' line 308: Syntax error > >> > prx 16# > >> > > >> > ..hmm! syntax error line 308: > >> > > >> > SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) \ > >> > $(UBIQX_OBJ) \ > >> > $(RPC_SRVUTIL_OBJ) \ > >> > $(LOCKING_OBJ) $(PROFILE_OBJ) \ > >> > $(LIBSTATUS_OBJ) > >> > > >> > Does anyone have any ideas? > >> > > >> > Thanks - Kim > >> > >> ---------------------------------- > >> Greg Dickie > >> just a guy* > >> *from Discreet (the Logic is gone) > >> ---------------------------------- > > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- From greg at discreet.com Sun Jan 23 15:38:17 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <388B1F18.A0D78507@pjat.dk> Message-ID: I'm compiling now. 2.8.1 should work i think... ya thats what I'm using. Greg On 23-Jan-00 Kim Bjoern Nielsen wrote: > Greg Dickie wrote: >> >> Are you using the IRIX C compiler? The TNG branch hasn't compiled with it >> for a >> while, I'm using gcc now. You can get it off the sgi free stuff web site. >> The >> cvs head branch however still seems to work with the native IRIX make and C >> compiler. Course I haven't check the logs for a couple of days, maybe it >> doesn't compile... >> > > I'm using the gcc ver. 2.8.1 (fw_gcc-2.8.1-sgipl2.tardist) > > I have just downloaded fw_egcs-1.1.2.tardist. Maybe that's better? > > Thanks - Kim > >> Greg >> >> On 23-Jan-00 Kim Bjoern Nielsen wrote: >> > Greg Dickie wrote: >> > >> > Thanks Greg, >> > >> >> >> >> Use gnumake. >> > >> > Just tried gmake ver. 3.76.1. >> > >> > That produced lots of funny errors (-: >> > >> > Beginning with: >> > >> > prx 19# cd /usr/src/samba-tng/samba/source/ >> > prx 20# gmake >> > Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper >> > -DLOGFILEBASE="/opt/samba-tng/var" >> > -DSMBLOGFILE="/opt/samba-tng/var/log.smb" >> > -DNMBLOGFILE="/opt/samba-tng/var/log.nmb" >> > -DCONFIGFILE="/opt/samba-tng/lib/smb.conf" >> > -DLMHOSTSFILE="/opt/samba-tng/lib/lmhosts" >> > -DSWATDIR="/opt/samba-tng/swat" -DSBINDIR="/opt/samba-tng/bin" >> > -DLOCKDIR="/opt/samba-tng/var/locks" >> > -DSMBRUN="/opt/samba-tng/bin/smbrun" >> > -DCODEPAGEDIR="/opt/samba-tng/lib/codepages" >> > -DDRIVERFILE="/opt/samba-tng/lib/printers.def" >> > -DBINDIR="/opt/samba-tng/bin" >> > -DFORMSFILE="/opt/samba-tng/lib/ntforms.def" >> > -DNTDRIVERSDIR="/opt/samba-tng/lib" -DHAVE_INCLUDES_H >> > -DPASSWD_PROGRAM="/bin/passwd" >> > -DSMB_PASSWD_PROGRAM="/opt/samba-tng/bin/smbpasswd" >> > -DSMB_PASSWD_FILE="/opt/samba-tng/private/smbpasswd" >> > -DSMB_PASSGRP_FILE="/opt/samba-tng/private/smbpassgrp" >> > -DSMB_GROUP_FILE="/opt/samba-tng/private/smbgroup" >> > -DSMB_ALIAS_FILE="/opt/samba-tng/private/smbalias" >> > Using LIBS = >> > Compiling param/loadparm.c with libtool >> > In file included from include/includes.h:58, >> > from param/loadparm.c:50: >> > /usr/include/sys/types.h:115: warning: empty declaration >> > /usr/include/sys/types.h:120: warning: empty declaration >> > /usr/include/sys/types.h:218: warning: empty declaration >> > In file included from include/smb.h:28, >> > from include/includes.h:565, >> > from param/loadparm.c:50: >> > include/md5.h:27: parse error before `uint32' >> > include/md5.h:27: warning: no semicolon at end of struct or union >> > include/md5.h:28: warning: data definition has no type or storage class >> > include/md5.h:30: parse error before `}' >> > In file included from include/smb.h:29, >> > from include/includes.h:565, >> > from param/loadparm.c:50: >> > include/hmacmd5.h:27: field `ctx' has incomplete type >> > In file included from include/includes.h:565, >> > from param/loadparm.c:50: >> > include/smb.h:271: parse error before `uint32' >> > include/smb.h:271: warning: no semicolon at end of struct or union >> > include/smb.h:272: warning: data definition has no type or storage class >> > include/smb.h:274: warning: data definition has no type or storage class >> > include/smb.h:294: parse error before `NTTIME' >> > include/smb.h:294: warning: no semicolon at end of struct or union >> > include/smb.h:295: warning: data definition has no type or storage class >> > include/smb.h:296: parse error before `kickoff_time' >> > include/smb.h:296: warning: data definition has no type or storage class >> > >> > >> > lots of: >> > >> > param/loadparm.c:1342: request for member `szDontdescend' in something >> > not a structure or union >> > >> > and finally: >> > >> > param/loadparm.c:3054: request for member `bPreferredMaster' in >> > something not a structure or union >> > include/client.h: At top level: >> > include/client.h:117: storage size of `nt' isn't known >> > make: *** [param/loadparm.lo] Error 1 >> > prx 16# >> > >> > Any ideas? >> > >> > Thanks - Kim >> > >> >> >> >> Greg >> >> >> >> On 23-Jan-00 Kim Bjoern Nielsen wrote: >> >> > Hi, >> >> > >> >> > Using the instructions from www.kneschke.de, >> >> > >> >> > Succesfully installed cvs, gcc and misc. IRIX libs & headers. >> >> > >> >> > Downloaded latest source via cvs. >> >> > >> >> > Succesfully (it seems) ran ./configure >> >> > >> >> > prx 14# ./configure --prefix=/opt/samba-tng >> >> > loading cache ./config.cache >> >> > checking for gcc... (cached) gcc >> >> > >> >> > snip... >> >> > >> >> > checking statvfs function (SVR4)... (cached) yes >> >> > checking configure summary >> >> > configure OK >> >> > creating ./config.status >> >> > creating include/stamp-h >> >> > creating Makefile >> >> > creating include/config.h >> >> > include/config.h is unchanged >> >> > prx 15# make >> >> > make: file `Makefile' line 308: Syntax error >> >> > prx 16# >> >> > >> >> > ..hmm! syntax error line 308: >> >> > >> >> > SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) \ >> >> > $(UBIQX_OBJ) \ >> >> > $(RPC_SRVUTIL_OBJ) \ >> >> > $(LOCKING_OBJ) $(PROFILE_OBJ) \ >> >> > $(LIBSTATUS_OBJ) >> >> > >> >> > Does anyone have any ideas? >> >> > >> >> > Thanks - Kim >> >> >> >> ---------------------------------- >> >> Greg Dickie >> >> just a guy* >> >> *from Discreet (the Logic is gone) >> >> ---------------------------------- >> >> ---------------------------------- >> Greg Dickie >> just a guy* >> *from Discreet (the Logic is gone) >> ---------------------------------- ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From duehr at id-pro.net Sun Jan 23 15:43:52 2000 From: duehr at id-pro.net (Stephan Duehr) Date: Tue Dec 2 02:28:10 2003 Subject: compiling tng with ldap Message-ID: <20000123164352.A10790@qwerty.office.id-pro.net> results in Compiling lsarpcd/srv_lsa.c Compiling rpc_server/srv_pipe_srv.c Compiling rpc_server/srv_pipe_noauth.c Linking bin/lsarpcd bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' make: *** [bin/lsarpcd] Error 1 I just configured --with-ldap. any ideas? -- Stephan Duehr * ID-PRO GmbH * Tel +49 228 4 21 54 0 * Fax +49 228 4 21 54 29 * http://open-for-the-better.com/ From bobby at math01.cs.upd.edu.ph Sun Jan 23 15:53:14 2000 From: bobby at math01.cs.upd.edu.ph (bobby@math01.cs.upd.edu.ph) Date: Tue Dec 2 02:28:10 2003 Subject: information wanted In-Reply-To: <20000123055203.87895.qmail@hotmail.com> References: <20000123055203.87895.qmail@hotmail.com> Message-ID: <20000123155314.25868.qmail@math01.cs.upd.edu.ph> If you are using Linux, then read the excellent article of Gerald Carter at http://www.linuxworld.com/linuxworld/lw-1999-05/lw-05-thereandback.html Bobby O. Corpus, Jr. Department of Mathematics University of the Philippines Diliman, Quezon City Quoting Victor Perez : > would like to setup a linux box as a PDC for win98 stations. how? > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com > From duehr at id-pro.net Sun Jan 23 15:56:27 2000 From: duehr at id-pro.net (Stephan Duehr) Date: Tue Dec 2 02:28:10 2003 Subject: status of LDAP support Message-ID: <20000123165627.B10790@qwerty.office.id-pro.net> What is recommended if I want to build an PDC LDAP now? There is no LDAP-support in cvs-main, why? There were some of you talking about mixing main and tng code (using smbd and nmbd from main), is that really a good idea? What about using 2.0.6 for file- und printservice and tng as PDC with LDAP for authentication only? Greetings -- Stephan Duehr * ID-PRO GmbH * Tel +49 228 4 21 54 0 * Fax +49 228 4 21 54 29 * http://open-for-the-better.com/ From s.striker at striker.nl Sun Jan 23 16:33:35 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:28:10 2003 Subject: status of LDAP support In-Reply-To: <20000123165627.B10790@qwerty.office.id-pro.net> Message-ID: <000c01bf65bf$97d60dd0$0a00a8c0@office.striker.nl> Hi, > What is recommended if I want to build an PDC LDAP now? Have you read Luke's warning? You maight want to take this into consideration if you want to do this: > some kind person has volunteered to work on an NT5 compatible LDAP schema. > that means that everyone currently using SAMBA-TNG's "development" schema > is going to either be left behind or have to convert. > > i just wanted to warn you _now_ before code starts to get committed. > > luke > There is no LDAP-support in cvs-main, why? Sorry, can't help you there :-). Anyone? > There were some of you talking about mixing main and tng code > (using smbd and nmbd from main), is that really a good idea? You only want to do this if you want the latest fileserving code (from the main branch) and the domain controller code (from the tng branch). If you want to do NT domain control you will have to use TNG. You don't have to use smbd main if you can live with a somewhat older version. > What about using 2.0.6 for file- und printservice and tng > as PDC with LDAP for authentication only? The smbd from the main branch is altered to work with tng. If you want a mixed environment, you have to use the cvs main version. I don't know if this is any different if you use tng as a PDC for authentication only. Greetings, Sander Striker From lars at kneschke.de Sun Jan 23 16:38:06 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:10 2003 Subject: status of LDAP support References: <20000123165627.B10790@qwerty.office.id-pro.net> Message-ID: <388B2E6E.4B4AF32@kneschke.de> Stephan Duehr wrote: > > What is recommended if I want to build an PDC LDAP now? > There is no LDAP-support in cvs-main, why? Don't know! some days ago was a message from luke, that there are some ldap changes on the way. > There were some of you talking about mixing main and tng code > (using smbd and nmbd from main), is that really a good idea? So you can have the best of both branches. File- and printservices gets developed in the main branch, PDC functions gets developed in the samba_tng branch. > What about using 2.0.6 for file- und printservice and tng > as PDC with LDAP for authentication only? This would be best way, to get the best of all. Cu -- Do you like Samba? Do you know KSamba? Try http://www.kneschke.de/projekte/ksamba!! Or watch our other projects at http://www.kneschke.de/projekte! From lkcl at samba.org Sun Jan 23 17:25:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:10 2003 Subject: SAMBA TNG - Alpha release In-Reply-To: <200001230846.LAA14548@lasp.npi.msu.su> Message-ID: On Sun, 23 Jan 2000, Vladimir Stavrinov wrote: > On Sun, 23 Jan 2000 05:23:47 +1100 Luke Kenneth Casson Leighton wrote: > -------- > > Tonight I have downloaded both latest SAMBA_TNG & SAMBA_HEAD. Both are > excellent working in all basics operations, except that TNG does not printing, > while HEAD does. With TNG printer even unseen in browser. > > Luck, if in TNG printing need some specific configuration, different from one > in HEAD? yes, there is. a couple of people have set it up successfully, perhaps they could enlighten us (including me!). if you can't get it working, i'll set it up myself next week. > In any way, my congratulations to You, Luck. Certainly, it's a great work! excellent! it works! thank you! From lkcl at samba.org Sun Jan 23 17:27:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:10 2003 Subject: Wow, latest Samba-TNG reduces the size of RPMs In-Reply-To: <3.0.6.32.20000124001840.00955e50@203.16.214.248> Message-ID: On Mon, 24 Jan 2000, Richard Sharpe wrote: > Hi, > > I just made RPMs for Samba-2.1.0-prealpha for TurboLinux. > > The Samba rpm came down in size from 2.8M to 800k! no way. that's so cool, the libraries do a pretty good job, then, huh? From lkcl at samba.org Sun Jan 23 17:30:52 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <388B003A.27E2678E@pjat.dk> Message-ID: there were a couple of tabstops / spaces at line 308 in Makefile.in. do a cvs update. > make: file `Makefile' line 308: Syntax error > prx 16# > > ..hmm! syntax error line 308: > > SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) \ > $(UBIQX_OBJ) \ > $(RPC_SRVUTIL_OBJ) \ > $(LOCKING_OBJ) $(PROFILE_OBJ) \ > $(LIBSTATUS_OBJ) > > Does anyone have any ideas? > > Thanks - Kim > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 23 17:37:26 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:10 2003 Subject: compiling tng with ldap In-Reply-To: <20000123164352.A10790@qwerty.office.id-pro.net> Message-ID: ah, you're one of the first few people to do that. hmm, there's a problem with using names. damn, i really need to do something about that. redesign the passwd db API so that it's just rids, uids, gids and sids and no names. On Mon, 24 Jan 2000, Stephan Duehr wrote: > results in > > Compiling lsarpcd/srv_lsa.c > Compiling rpc_server/srv_pipe_srv.c > Compiling rpc_server/srv_pipe_noauth.c > Linking bin/lsarpcd > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > make: *** [bin/lsarpcd] Error 1 > > I just configured --with-ldap. > > any ideas? > > -- > Stephan Duehr > > * ID-PRO GmbH > * Tel +49 228 4 21 54 0 > * Fax +49 228 4 21 54 29 > * http://open-for-the-better.com/ > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 23 17:40:02 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:10 2003 Subject: compiling tng with ldap In-Reply-To: <20000123164352.A10790@qwerty.office.id-pro.net> Message-ID: nggh! i wanted to remove the dependencies on srv_lookup.c. i'll fix this, temporarily. On Mon, 24 Jan 2000, Stephan Duehr wrote: > results in > > Compiling lsarpcd/srv_lsa.c > Compiling rpc_server/srv_pipe_srv.c > Compiling rpc_server/srv_pipe_noauth.c > Linking bin/lsarpcd > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > make: *** [bin/lsarpcd] Error 1 > > I just configured --with-ldap. > > any ideas? > > -- > Stephan Duehr > > * ID-PRO GmbH > * Tel +49 228 4 21 54 0 > * Fax +49 228 4 21 54 29 > * http://open-for-the-better.com/ > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 23 17:41:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:10 2003 Subject: status of LDAP support In-Reply-To: <20000123165627.B10790@qwerty.office.id-pro.net> Message-ID: On Mon, 24 Jan 2000, Stephan Duehr wrote: > What is recommended if I want to build an PDC LDAP now? > There is no LDAP-support in cvs-main, why? > There were some of you talking about mixing main and tng code > (using smbd and nmbd from main), is that really a good idea? for LDAP support? no. > > What about using 2.0.6 for file- und printservice and tng > as PDC with LDAP for authentication only? i mentioned a way to do this last month. set up samba-tng as an LDAP PDC, and then set up a 2.0.6 separate server in "security = domain" mode and "password server = theldappdc". From kbn at pjat.dk Sun Jan 23 19:07:10 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX References: Message-ID: <388B515E.5DDF655C@pjat.dk> Luke Kenneth Casson Leighton wrote: > > there were a couple of tabstops / spaces at line 308 in Makefile.in. > do a cvs update. OK. That brought me to line 515 make: file `Makefile' line 515: Syntax error line 515 all : CHECK $(SPROGS) $(PROGS) and line 715 bin/testprns: $(SAMBALIB) $(TESTPRNS_OBJ) bin/.dummy Do you see any logic for the errors at 515 & 715? Thanks - Kim > > > make: file `Makefile' line 308: Syntax error > > prx 16# > > > > ..hmm! syntax error line 308: > > > > SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) \ > > $(UBIQX_OBJ) \ > > $(RPC_SRVUTIL_OBJ) \ > > $(LOCKING_OBJ) $(PROFILE_OBJ) \ > > $(LIBSTATUS_OBJ) > > > > Does anyone have any ideas? > > > > Thanks - Kim > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 23 19:13:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <388B515E.5DDF655C@pjat.dk> Message-ID: > make: file `Makefile' line 515: Syntax error > > line 515 > all : CHECK $(SPROGS) $(PROGS) > > and line 715 > bin/testprns: $(SAMBALIB) $(TESTPRNS_OBJ) bin/.dummy > > Do you see any logic for the errors at 515 & 715? nope! From operator at mysticplace.freeservers.com Sun Jan 23 19:19:52 2000 From: operator at mysticplace.freeservers.com (operator@mysticplace.freeservers.com) Date: Tue Dec 2 02:28:10 2003 Subject: Compilation Problem with TNG on Linux Message-ID: <388B5457.18732077@mysticplace.freeservers.com> Maybe this is a well known, easy to solve problem, but I can't compile TNG on my slackware 4.0, b/c configure stops with: ERROR: No locking available. Running Samba would be unsafe I am running Kernel 2.2.14 with no patches. any suggestions? -- Nach Paragraph 28 Abs. 3 Bundesdatenschutzgesetz widerspreche ich der Nutzung meiner Daten f?r Werbezwecke oder f?r die Mark- oder Meinungs- forschung Linux ist benutzerfreundlich, es ist nur nicht idiotenfreundlich! From lkcl at samba.org Sun Jan 23 20:43:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:10 2003 Subject: Compilation Problem with TNG on Linux In-Reply-To: <388B5457.18732077@mysticplace.freeservers.com> Message-ID: hmm. in cvs main, andrew did a proper job of detecting the locking configurations. i cut/paste as much of what he did as i could understand. try compiling cvs main on your system and send in a report, ok? On Mon, 24 Jan 2000 operator@mysticplace.freeservers.com wrote: > > Maybe this is a well known, easy to solve problem, but I can't compile > TNG on my slackware 4.0, b/c configure stops with: > > ERROR: No locking available. Running Samba would be unsafe > > I am running Kernel 2.2.14 with no patches. > > any suggestions? > -- > > Nach Paragraph 28 Abs. 3 Bundesdatenschutzgesetz widerspreche ich der > Nutzung meiner Daten f?r Werbezwecke oder f?r die Mark- oder Meinungs- > forschung > > Linux ist benutzerfreundlich, es ist nur nicht idiotenfreundlich! > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From imak at bellatlantic.net Sun Jan 23 21:18:55 2000 From: imak at bellatlantic.net (Ivan Makfinsky) Date: Tue Dec 2 02:28:10 2003 Subject: Browser Message-ID: <001901bf65e7$754a0820$2774c897@reybomb.com> Maybe I am overlooking something but i cannot seem to get the browser function working correctly... i cant see shares from other workstations. Let me explain - i have one pdc running off samba 2.0.5a, and two workstations - one w98 and one nt4.0. I have shares on both the workstations that cannot be seen from each other. I have the latest tng code and have tried running that, but for some odd reason it wont authenticate me, so i cannot logon to the workstations, this is pre3.0.0 code... i just did a cvs update, a few mins ago... here's the error i get - on the nt workstation: the system cannot log you on (C000019B), try again later... i was having a problem with file permissions earlier but i fixed that... wrong mask set... but i cannot logon from the domain logon prompt even after fixing this with the pre3.0 code, i can logon no problem with the 2.0.5 code... help? what information would be helpful in diagnosing this? imak From kbn at pjat.dk Sun Jan 23 21:09:00 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX References: Message-ID: <388B6DEC.B4C1C725@pjat.dk> Greg Dickie wrote: > > I'm compiling now. 2.8.1 should work i think... ya thats what I'm using. > > Greg Thanks Greg, I'm confused! I just carried out a full cvs download/configure/compilation of samba_main. - And tested it. It works. I still can't get samba_tng to compile - argh! Did you make your own changes to src? Are you using environment settings related to GNU gcc or libs? Any ideas much appreciated Thanks - Kim > > On 23-Jan-00 Kim Bjoern Nielsen wrote: > > Greg Dickie wrote: > >> > >> Are you using the IRIX C compiler? The TNG branch hasn't compiled with it > >> for a > >> while, I'm using gcc now. You can get it off the sgi free stuff web site. > >> The > >> cvs head branch however still seems to work with the native IRIX make and C > >> compiler. Course I haven't check the logs for a couple of days, maybe it > >> doesn't compile... > >> > > > > I'm using the gcc ver. 2.8.1 (fw_gcc-2.8.1-sgipl2.tardist) > > > > I have just downloaded fw_egcs-1.1.2.tardist. Maybe that's better? > > > > Thanks - Kim > > > >> Greg From greg at discreet.com Sun Jan 23 21:23:09 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <388B6DEC.B4C1C725@pjat.dk> Message-ID: nothing special at all, today it just works. What version of irix are you using? I'm on 6.5.4, maybe thats the diff. Greg On 23-Jan-00 Kim Bjoern Nielsen wrote: > Greg Dickie wrote: >> >> I'm compiling now. 2.8.1 should work i think... ya thats what I'm using. >> >> Greg > > Thanks Greg, > > I'm confused! I just carried out a full cvs > download/configure/compilation of samba_main. - And tested it. > > It works. > > I still can't get samba_tng to compile - argh! > > Did you make your own changes to src? > Are you using environment settings related to GNU gcc or libs? > > Any ideas much appreciated > > Thanks - Kim > >> >> On 23-Jan-00 Kim Bjoern Nielsen wrote: >> > Greg Dickie wrote: >> >> >> >> Are you using the IRIX C compiler? The TNG branch hasn't compiled with it >> >> for a >> >> while, I'm using gcc now. You can get it off the sgi free stuff web site. >> >> The >> >> cvs head branch however still seems to work with the native IRIX make and >> >> C >> >> compiler. Course I haven't check the logs for a couple of days, maybe it >> >> doesn't compile... >> >> >> > >> > I'm using the gcc ver. 2.8.1 (fw_gcc-2.8.1-sgipl2.tardist) >> > >> > I have just downloaded fw_egcs-1.1.2.tardist. Maybe that's better? >> > >> > Thanks - Kim >> > >> >> Greg ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From kbn at pjat.dk Sun Jan 23 21:27:28 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX References: Message-ID: <388B7240.36530944@pjat.dk> Greg Dickie wrote: > > nothing special at all, today it just works. What version of irix are you > using? I'm on 6.5.4, maybe thats the diff. I'm using 6.5.6m on an INDY R4400 I'll try 6.5.6f on an INDY R5000 later (tonight)! Thanks - Kim > > Greg > > On 23-Jan-00 Kim Bjoern Nielsen wrote: > > Greg Dickie wrote: > >> > >> I'm compiling now. 2.8.1 should work i think... ya thats what I'm using. > >> > >> Greg > > > > Thanks Greg, > > > > I'm confused! I just carried out a full cvs > > download/configure/compilation of samba_main. - And tested it. > > > > It works. > > > > I still can't get samba_tng to compile - argh! > > > > Did you make your own changes to src? > > Are you using environment settings related to GNU gcc or libs? > > > > Any ideas much appreciated > > > > Thanks - Kim > > > >> > >> On 23-Jan-00 Kim Bjoern Nielsen wrote: > >> > Greg Dickie wrote: > >> >> > >> >> Are you using the IRIX C compiler? The TNG branch hasn't compiled with it > >> >> for a > >> >> while, I'm using gcc now. You can get it off the sgi free stuff web site. > >> >> The > >> >> cvs head branch however still seems to work with the native IRIX make and > >> >> C > >> >> compiler. Course I haven't check the logs for a couple of days, maybe it > >> >> doesn't compile... > >> >> > >> > > >> > I'm using the gcc ver. 2.8.1 (fw_gcc-2.8.1-sgipl2.tardist) > >> > > >> > I have just downloaded fw_egcs-1.1.2.tardist. Maybe that's better? > >> > > >> > Thanks - Kim > >> > > >> >> Greg > > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- From greg at discreet.com Sun Jan 23 21:29:53 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:10 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <388B7240.36530944@pjat.dk> Message-ID: Ya, I'm always on the f stream, that could be it. Greg On 23-Jan-00 Kim Bjoern Nielsen wrote: > Greg Dickie wrote: >> >> nothing special at all, today it just works. What version of irix are you >> using? I'm on 6.5.4, maybe thats the diff. > > I'm using 6.5.6m on an INDY R4400 > > I'll try 6.5.6f on an INDY R5000 later (tonight)! > > Thanks - Kim > >> >> Greg >> >> On 23-Jan-00 Kim Bjoern Nielsen wrote: >> > Greg Dickie wrote: >> >> >> >> I'm compiling now. 2.8.1 should work i think... ya thats what I'm using. >> >> >> >> Greg >> > >> > Thanks Greg, >> > >> > I'm confused! I just carried out a full cvs >> > download/configure/compilation of samba_main. - And tested it. >> > >> > It works. >> > >> > I still can't get samba_tng to compile - argh! >> > >> > Did you make your own changes to src? >> > Are you using environment settings related to GNU gcc or libs? >> > >> > Any ideas much appreciated >> > >> > Thanks - Kim >> > >> >> >> >> On 23-Jan-00 Kim Bjoern Nielsen wrote: >> >> > Greg Dickie wrote: >> >> >> >> >> >> Are you using the IRIX C compiler? The TNG branch hasn't compiled with >> >> >> it >> >> >> for a >> >> >> while, I'm using gcc now. You can get it off the sgi free stuff web >> >> >> site. >> >> >> The >> >> >> cvs head branch however still seems to work with the native IRIX make >> >> >> and >> >> >> C >> >> >> compiler. Course I haven't check the logs for a couple of days, maybe >> >> >> it >> >> >> doesn't compile... >> >> >> >> >> > >> >> > I'm using the gcc ver. 2.8.1 (fw_gcc-2.8.1-sgipl2.tardist) >> >> > >> >> > I have just downloaded fw_egcs-1.1.2.tardist. Maybe that's better? >> >> > >> >> > Thanks - Kim >> >> > >> >> >> Greg >> >> ---------------------------------- >> Greg Dickie >> just a guy* >> *from Discreet (the Logic is gone) >> ---------------------------------- ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From neumann at get2net.dk Sun Jan 23 21:38:29 2000 From: neumann at get2net.dk (David Sebastian Neumann) Date: Tue Dec 2 02:28:10 2003 Subject: Help with win2000 domain logons needed References: <20000122202847Z12861612-24228+42124@samba.anu.edu.au> Message-ID: <000701bf65ea$317cd340$0600a8c0@sesus> Hi. I was wondering how to make Windows 2000 find my Samba NT domain. I want to know if it is possible to make win2000 find the domain, without compiling and installing the special NT domain version of samba. If that is not possible, does anyone know when the next update for samba is available, and if it will support win2000 domain logons. If any of you know of a faq or HOWTO on how to make win2000 logon to a samba NT domain, please let me know. Regards. David Sebastian Neumann neumann@get2net.dk From marcel at henselin.de Sun Jan 23 22:33:33 2000 From: marcel at henselin.de (Marcel Henselin) Date: Tue Dec 2 02:28:10 2003 Subject: all inclusive documentation Message-ID: <00d101bf65f1$e15808f0$1264a8c0@WS1> Hi there all you freaks, is there any all inclusive documentation available? If it isn't then I want to start a project called The_all-inclusive-documentation_for_samba. So if you think it's a good idea then send me any of your configuration scripts and all your documentations (any language available!) thx in advance Marcel -------------- next part -------------- HTML attachment scrubbed and removed From lars at kneschke.de Sun Jan 23 22:57:12 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:10 2003 Subject: all inclusive documentation References: <00d101bf65f1$e15808f0$1264a8c0@WS1> Message-ID: <388B8748.B26D9712@kneschke.de> > Marcel Henselin wrote: > > Hi there all you freaks, > is there any all inclusive documentation available? > If it isn't then I want to start a project called > The_all-inclusive-documentation_for_samba. > > So if you think it's a good idea then send me any of your > configuration scripts and all your documentations (any language > available!) There exists a freely available Samba book. This book covers most of the needs, of the normal samba user. There are also some websites, which covers different samba specific themes. http://www.kneschke.de/projekte/samba_tng http://www.sambahq.de http://www.unav.es/cti/ldap-smb-howto.html and the docu at www.samba.org http://de.samba.org/samba/docs Cu -- Do you like Samba? Do you know KSamba? Try http://www.kneschke.de/projekte/ksamba!! Or watch our other projects at http://www.kneschke.de/projekte! From D.Bannon at latrobe.edu.au Sun Jan 23 23:46:55 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:28:10 2003 Subject: Printer accounting on RedHat Linux 6.0 In-Reply-To: Message-ID: <3.0.6.32.20000124104655.0089e6b0@bioserve.latrobe.edu.au> At 02:00 AM 23/01/2000 +1100, Keith Lynn wrote: > I have been able to get Samba to act as a PDC. I am using RedHat >Linux 6.0. I have a printer available through Samba and have placed an af >entry in the printcap file. How do I get the printer accounting to turn >on? I assume this is more of a Linux problem than Samba, but I thought >someone might know. Thanks. Lots of people have different solutions to that problem. You might like to look at mine on http://bioserve.latrobe.edu.au/about/admin/aprint/aprint.html for one way to do it. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sharpe at ns.aus.com Sun Jan 23 18:06:33 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:10 2003 Subject: Struggling with RPMs Message-ID: <3.0.6.32.20000124040633.00a3fb80@203.16.214.248> Hi, I find that the files in source/bin called netlogond, samrd, etc, are simply scripts that look like they build the final thing, and that the final binaries seem to end up in source/bin/.libs ... Is this correct? Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lkcl at samba.org Mon Jan 24 02:45:17 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:10 2003 Subject: Struggling with RPMs In-Reply-To: <3.0.6.32.20000124040633.00a3fb80@203.16.214.248> Message-ID: On Mon, 24 Jan 2000, Richard Sharpe wrote: > Hi, > > I find that the files in source/bin called netlogond, samrd, etc, are > simply scripts that look like they build the final thing, and that the > final binaries seem to end up in source/bin/.libs ... > > Is this correct? yes. ask elrond or anyone who has done libtool work before. the scripts "preload" the library paths for developers to be able to do./bin/smbd etc. From sharpe at ns.aus.com Sun Jan 23 19:42:49 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:10 2003 Subject: Struggling with RPMs In-Reply-To: References: <3.0.6.32.20000124040633.00a3fb80@203.16.214.248> Message-ID: <3.0.6.32.20000124054249.00a45160@203.16.214.248> Hi, At 01:45 PM 1/24/00 +1100, Luke Kenneth Casson Leighton wrote: >On Mon, 24 Jan 2000, Richard Sharpe wrote: > >> Hi, >> >> I find that the files in source/bin called netlogond, samrd, etc, are >> simply scripts that look like they build the final thing, and that the >> final binaries seem to end up in source/bin/.libs ... >> >> Is this correct? > >yes. > >ask elrond or anyone who has done libtool work before. the scripts >"preload" the library paths for developers to be able to do./bin/smbd etc. Hmmm, that being the case, where should the final binaries end up, and what files do I need to install? Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From zen at sprynet.com Mon Jan 24 04:31:50 2000 From: zen at sprynet.com (John Cusick) Date: Tue Dec 2 02:28:10 2003 Subject: libsmbpw.so.0 error Message-ID: <388BD5B6.3F32B332@sprynet.com> I have installed the TMG-prealpha version on a Suse 6.2 box running kernel 2.2.13. When I attempt to add machines with the smbpasswd command, I receive the following error: "smbpasswd: error in loading shared libraries: libsmbpw.so.0: cannot open shared object file: No such file or directory" I note there are no libsmbpw files in the samba lib directory. What do I need to do to create them? From lonnie at borntreger.com Mon Jan 24 07:15:06 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:28:10 2003 Subject: libsmbpw.so.0 error In-Reply-To: <388BD5B6.3F32B332@sprynet.com> Message-ID: <000201bf663a$be92eee0$0500000a@borntreger.com> In your source directory, after making "install"...: /bin/sh ./libtool --quiet --mode=install ./install-sh -c \ bin/libsmbpw.la (your install prefix)/lib You'll have to do this after each time you recompile/install, until the Makefile.in is updated to include this lib in the install-libs rule. TTFN, Lonnie Borntreger > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > John Cusick > Sent: Sunday, January 23, 2000 10:33 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: libsmbpw.so.0 error > > > I have installed the TMG-prealpha version on a Suse 6.2 box running > kernel 2.2.13. > > When I attempt to add machines with the smbpasswd command, I > receive the > following error: > > "smbpasswd: error in loading shared libraries: libsmbpw.so.0: cannot > open shared object file: No such file or directory" > > I note there are no libsmbpw files in the samba lib directory. > > What do I need to do to create them? > From Elrond at Wunder-Nett.org Mon Jan 24 13:18:19 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:10 2003 Subject: Struggling with RPMs In-Reply-To: <3.0.6.32.20000124054249.00a45160@203.16.214.248>; from Richard Sharpe on Mon, Jan 24, 2000 at 02:03:31PM +1100 References: <3.0.6.32.20000124040633.00a3fb80@203.16.214.248> <3.0.6.32.20000124054249.00a45160@203.16.214.248> Message-ID: <20000124141818.A12290@baerbel.mug.maschinenbau.tu-darmstadt.de> On Mon, Jan 24, 2000 at 02:03:31PM +1100, Richard Sharpe wrote: > Hi, > > At 01:45 PM 1/24/00 +1100, Luke Kenneth Casson Leighton wrote: > >On Mon, 24 Jan 2000, Richard Sharpe wrote: > > > >> Hi, > >> > >> I find that the files in source/bin called netlogond, samrd, etc, are > >> simply scripts that look like they build the final thing, and that the > >> final binaries seem to end up in source/bin/.libs ... > >> > >> Is this correct? > > > >yes. > > > >ask elrond or anyone who has done libtool work before. the scripts > >"preload" the library paths for developers to be able to do./bin/smbd etc. > > Hmmm, that being the case, where should the final binaries end up, and what > files do I need to install? You should not mangle with the binaries in .libs directly. That's bad and can cause all trouble. I suggest, you do something like this: ./configure --prefix=/usr (if you want it in /usr) make make prefix=/tmp/inst-root/usr BASEDIR=/tmp/inst-root/usr install The Makefile currently isn't that friendly to package-builders, I've got to admit. Maybe I'm going to add "DESTDIR"-support some time in the future. If you need to install the binaries "by hand", take a look at the installbin-target in the Makefile, you _realy_ should use libtool to install them in your package-build-root. Hope, that helps a bit. BTW: I don't think, that rpms of TNG currently make any real sense. But that's me. Elrond From duehr at id-pro.net Mon Jan 24 13:23:06 2000 From: duehr at id-pro.net (Stephan Duehr) Date: Tue Dec 2 02:28:10 2003 Subject: PDC LDAP Message-ID: <20000124142306.B12861@qwerty.office.id-pro.net> I would like to checkout or download some more or less working PDC LDAP Sources. Ignacio Coupeau has reported to have used CVS HEAD of 99-10-15 successfully. I'll try checking out with cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -D "1999-10-15 23:59" samba configure --with-ldap then work, but I get ... Linking bin/rpcclient rpcclient/rpcclient.o: In function `process': rpcclient/rpcclient.o(.text+0x497): undefined reference to `wait_keyboard' May be someone could send me a good date for checking out or an URL for getting a working source. (Ignacio?) Thank you -- Stephan Duehr * ID-PRO GmbH * Tel +49 228 4 21 54 0 * Fax +49 228 4 21 54 29 * http://open-for-the-better.com/ From duehr at id-pro.net Mon Jan 24 13:57:49 2000 From: duehr at id-pro.net (Stephan Duehr) Date: Tue Dec 2 02:28:10 2003 Subject: PDC LDAP In-Reply-To: <20000124142306.B12861@qwerty.office.id-pro.net>; from duehr@id-pro.net on Tue, Jan 25, 2000 at 12:26:16AM +1100 References: <20000124142306.B12861@qwerty.office.id-pro.net> Message-ID: <20000124145749.E12861@qwerty.office.id-pro.net> Ok, now I tried cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -D "1999-10-15 00:00" samba and I got it compiled. Now I'll take a look at Ignacios fine howto and see... On Tue, Jan 25, 2000 at 12:26:16AM +1100, Stephan Duehr wrote: > I would like to checkout or download some more or less working PDC LDAP > Sources. Ignacio Coupeau has reported to have used CVS HEAD of 99-10-15 > successfully. I'll try checking out with > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -D "1999-10-15 23:59" samba > > configure --with-ldap then work, but I get > .. > Linking bin/rpcclient > rpcclient/rpcclient.o: In function `process': > rpcclient/rpcclient.o(.text+0x497): undefined reference to `wait_keyboard' > > May be someone could send me a good date for checking out or an URL > for getting a working source. (Ignacio?) > > Thank you -- Stephan Duehr * ID-PRO GmbH * Tel +49 228 4 21 54 0 * Fax +49 228 4 21 54 29 * http://open-for-the-better.com/ From sharpe at ns.aus.com Mon Jan 24 02:29:41 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:10 2003 Subject: What else works in Samba-TNG Message-ID: <3.0.6.32.20000124122941.007dd6e0@203.16.214.248> Hi, I am just starting to come to grips with Samba TNG, and I have a paper to get ready for a Singapore Linux event in March. What else works with Samba TNG, apart from Win2K joining the domain and User Manager for Domains? Do inter-domain trusts work, or some such? I really need to get RPMs built for my machine, as I swap around between several versions on the one machine (Samba 2.0.6, 2.0.7, 3.0.0 and TNG), and it is easiest if I simply reinstall from RPMs ... Although, it might be easier if I had separate install directories ... Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From ely at txc.com Mon Jan 24 15:35:07 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:28:10 2003 Subject: User Manager doesn't work Message-ID: <388C712B.39A19BB@txc.com> Hi, I successfully installed combined samba-tng and samba-main. I run Linux Red Hat 6.1 as PDC, joined WinNT stand alone server to domain. When I tried to open my sambaPDC by double clicking on Network Neighborhood I got error message: "\\sambaPDC is not accessible. The handle is invalid." When I opened User Manager for Domains I got message: " The RPC server is unavailable." I tried to follow all cvs changes for last couple weeks but still have the same problem. What I did wrong? Ely Zavin From Alan.Hourihane at pinacl.co.uk Mon Jan 24 15:41:05 2000 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:28:10 2003 Subject: Disallowing Non-NT clients Message-ID: <01BF6681.6F2B3460.Alan.Hourihane@pinacl.co.uk> Is there any way to disallow any non-NT clients from accessing a sharename ? I know about the hosts allow/deny but it's going to be a big list if I use this. Alan. From jens.skripczynski at igd.fhg.de Mon Jan 24 15:46:41 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:10 2003 Subject: User Manager doesn't work In-Reply-To: <388C712B.39A19BB@txc.com>; from ely@txc.com on Tue, Jan 25, 2000 at 02:35:38AM +1100 References: <388C712B.39A19BB@txc.com> Message-ID: <20000124164641.A1413@pclinux.igd.fhg.de> Ely Zavin: > Hi, > I successfully installed combined samba-tng and samba-main. > I run Linux Red Hat 6.1 as PDC, joined WinNT stand alone server to > domain. When I tried to open my sambaPDC by double clicking on Network > Neighborhood I got error message: "\\sambaPDC is not > accessible. The handle is invalid." > When I opened User Manager for Domains I got message: " The > RPC server is unavailable." > I tried to follow all cvs changes for last couple weeks but still have > the same problem. > What I did wrong? I really have the same Problem but have not noticed anything in the log files. Maybe you are a bit luckier than me. Lars has a describtion for a bug report on his homepage: http://www.kneschke.de/projekte/samba_tng/bugreport.php3 Good luck. Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From jens.skripczynski at igd.fhg.de Mon Jan 24 15:47:49 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:10 2003 Subject: Disallowing Non-NT clients In-Reply-To: <01BF6681.6F2B3460.Alan.Hourihane@pinacl.co.uk>; from Alan.Hourihane@pinacl.co.uk on Tue, Jan 25, 2000 at 02:44:09AM +1100 References: <01BF6681.6F2B3460.Alan.Hourihane@pinacl.co.uk> Message-ID: <20000124164749.B1413@pclinux.igd.fhg.de> Alan Hourihane: > Is there any way to disallow any non-NT clients from accessing a sharename ? > > I know about the hosts allow/deny but it's going to be a big list if I use this. Do you mean only a number of hosts or a complete subnet or all computers not belonging to your domain ? Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From Alan.Hourihane at pinacl.co.uk Mon Jan 24 15:57:47 2000 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:28:10 2003 Subject: Disallowing Non-NT clients Message-ID: <01BF6683.C2DE22F0.Alan.Hourihane@pinacl.co.uk> I mean all computers not running Windows NT. We have some machines running Win95 and Win98 that I don't want accessing the shares. Alan. On 24 January 2000 15:48, Jens Skripczynski [SMTP:jens.skripczynski@igd.fhg.de] wrote: > Alan Hourihane: > > Is there any way to disallow any non-NT clients from accessing a sharename ? > > > > I know about the hosts allow/deny but it's going to be a big list if I use this. > Do you mean only a number of hosts or a complete subnet or all computers not > belonging to your domain ? > > Ciao > > Jens Skripczynski > -- > E-Mail: skripi@igd.fhg.de > > Computers are like airconditioners: They stop working > properly if you open windows. From pierre.troian at thomcast.thomson-csf.com Mon Jan 24 15:54:19 2000 From: pierre.troian at thomcast.thomson-csf.com (pierre troian) Date: Tue Dec 2 02:28:11 2003 Subject: unsubscribe Message-ID: <388C75AB.928AD69C@thomcast.thomson-csf.com> unsubscribe -------------- next part -------------- A non-text attachment was scrubbed... Name: pierre.troian.vcf Type: text/x-vcard Size: 308 bytes Desc: Carte pour pierre troian Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000124/026a7c28/pierre.troian.vcf From schapiro at clerk.pi.huji.ac.il Mon Jan 24 16:05:27 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:28:11 2003 Subject: Error C000019B In-Reply-To: <20000124164749.B1413@pclinux.igd.fhg.de> Message-ID: Hi Friends, after reading this list for soem days I also got the TNG :-) I like the concept very much, btw. Now something stupid: Some days ago the list talked about error C000019B on logon from NT WS. I now also get the same error. The real problem is that both search engines (the one at lists.samba.org/listproc/ghindex.html and at us1.samba.org/search/smb-mail.shtml) DO NOT WORK ! The latter one finds mails, but all links to the actual mails return a 404. So could please comebody kind write me again how to fix the problem ? I am using nmbd/smbd pre-3.0.0 and TNG-prealpha (downloaded both today via CVS). Thanks, -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-85812 email: schapiro@clerk.pi.huji.ac.il From g.schram at linvision.com Mon Jan 24 16:10:43 2000 From: g.schram at linvision.com (Geerten Schram) Date: Tue Dec 2 02:28:11 2003 Subject: Disallowing Non-NT clients References: <01BF6681.6F2B3460.Alan.Hourihane@pinacl.co.uk> Message-ID: <388C7983.3B0E5641@linvision.com> Alan Hourihane wrote: > Is there any way to disallow any non-NT clients from accessing a sharename ? > > I know about the hosts allow/deny but it's going to be a big list if I use this. > > Alan. For the share that is only accesable for winnt do something like this: include /etc/smb.%a # include a different smb.winnt depending on the clients architecture. in that /etc/smb.winnt define the share that is only accessible by WinNT. Geerten -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Linvision V.o.F. Linux Specialisten tel: +31 15 260 04 33 fax: +31 15 260 04 05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From icoupeau at unav.es Mon Jan 24 16:16:03 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:28:11 2003 Subject: PDC LDAP References: <20000124142306.B12861@qwerty.office.id-pro.net> <20000124145749.E12861@qwerty.office.id-pro.net> Message-ID: <388C7AC3.8784B0BC@unav.es> Stephan Duehr wrote: > > Ok, now I tried > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -D "1999-10-15 00:00" samba > > and I got it compiled. Now I'll take a look at Ignacios fine howto and see... > ... but the TNG runs too (I tested the TNG 2000/01/12), Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From s.striker at striker.nl Mon Jan 24 16:36:15 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:28:11 2003 Subject: Disallowing Non-NT clients In-Reply-To: <01BF6683.C2DE22F0.Alan.Hourihane@pinacl.co.uk> Message-ID: <001301bf6689$223318f0$0a00a8c0@office.striker.nl> Hi, Maybe you can setup different smb.conf files for different architectures. You can use the %a substition to find out what os the client is running. Have a look at the man page of smb.conf to see what it recognizes. Greetings and good luck, Sander Striker > I mean all computers not running Windows NT. > > We have some machines running Win95 and Win98 that I don't want accessing > the shares. > > Alan. > > On 24 January 2000 15:48, Jens Skripczynski > [SMTP:jens.skripczynski@igd.fhg.de] wrote: > > Alan Hourihane: > > > Is there any way to disallow any non-NT clients from > accessing a sharename ? > > > > > > I know about the hosts allow/deny but it's going to be a big > list if I use this. > > Do you mean only a number of hosts or a complete subnet or all > computers not > > belonging to your domain ? > > > > Ciao > > > > Jens Skripczynski > > -- > > E-Mail: skripi@igd.fhg.de > > > > Computers are like airconditioners: They stop working > > properly if you open windows. > From greg at discreet.com Mon Jan 24 16:38:16 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:11 2003 Subject: Disallowing Non-NT clients In-Reply-To: <01BF6681.6F2B3460.Alan.Hourihane@pinacl.co.uk> Message-ID: You could use the client type to disable the share by including some_include file.%a and putting available=no for the client types you want to deny access to. Greg On 24-Jan-00 Alan Hourihane wrote: > Is there any way to disallow any non-NT clients from accessing a sharename ? > > I know about the hosts allow/deny but it's going to be a big list if I use > this. > > Alan. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From nord at cdt.luth.se Mon Jan 24 16:40:05 2000 From: nord at cdt.luth.se (James Nord) Date: Tue Dec 2 02:28:11 2003 Subject: best way to get TNG working with main. Message-ID: <388C8065.FFD405BF@cdt.luth.se> Hi, I am about to compile TNG and test out the domain capabilities with win 2000. I read earlier that it is best to not use the head (now TNG) for main fileserver work as it was potentially buggy and may cause file corruption. Hence how is the best way to go about this? The machine i will be installing two has had a virtual interface set up so I can bind without affecting the normal samba server (which will be left alone). However I would like to use this (origonal) samba server for the file serving. Is there any way to do this seemlessly or would I still need to validate to this samba server. Or is there a better way to do this? Thanks /James -- Technology is a word that describes something that doesn't work yet. Douglas Adams From David.Bear at asu.edu Mon Jan 24 17:34:42 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:28:11 2003 Subject: auditing Message-ID: I don't allow users to log in interactively to the linux box. Is there a way that samba can 'audit' file accesses? We're concerned about tracking down possible 'unauthorized' erasures of files. Can samba syslog file erase transactions? David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From duehr at id-pro.net Mon Jan 24 18:18:18 2000 From: duehr at id-pro.net (Stephan Duehr) Date: Tue Dec 2 02:28:11 2003 Subject: PDC LDAP In-Reply-To: <388C7AC3.8784B0BC@unav.es>; from icoupeau@unav.es on Tue, Jan 25, 2000 at 03:26:00AM +1100 References: <20000124142306.B12861@qwerty.office.id-pro.net> <20000124145749.E12861@qwerty.office.id-pro.net> <388C7AC3.8784B0BC@unav.es> Message-ID: <20000124191818.A13718@qwerty.office.id-pro.net> On Tue, Jan 25, 2000 at 03:26:00AM +1100, Ignacio Coupeau wrote: > Stephan Duehr wrote: > > > > Ok, now I tried > > > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -D "1999-10-15 00:00" samba > > > > and I got it compiled. Now I'll take a look at Ignacios fine howto and see... > > > .. but the TNG runs too (I tested the TNG 2000/01/12), So which of them would you recommend? -- Stephan Duehr * ID-PRO GmbH * Tel +49 228 4 21 54 0 * Fax +49 228 4 21 54 29 * http://open-for-the-better.com/ From abakun at reac.com Mon Jan 24 18:35:44 2000 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:28:11 2003 Subject: auditing References: Message-ID: <388C9B80.42D6A59@reac.com> David Bear wrote: > I don't allow users to log in interactively to the linux box. Is there a > way that samba can 'audit' file accesses? We're concerned about tracking > down possible 'unauthorized' erasures of files. Can samba syslog file > erase transactions? Check out http://www.reac.com/samba/samba-audit.html Which does exactly that. Recording deletions is the reason I wrote it, in fact. From lkcl at samba.org Mon Jan 24 18:39:26 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: libsmbpw.so.0 error In-Reply-To: <388BD5B6.3F32B332@sprynet.com> Message-ID: manually copy it ove from bin/.lib/ for now. On Mon, 24 Jan 2000, John Cusick wrote: > I have installed the TMG-prealpha version on a Suse 6.2 box running > kernel 2.2.13. > > When I attempt to add machines with the smbpasswd command, I receive the > following error: > > "smbpasswd: error in loading shared libraries: libsmbpw.so.0: cannot > open shared object file: No such file or directory" > > I note there are no libsmbpw files in the samba lib directory. > > What do I need to do to create them? > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 24 18:42:02 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: libsmbpw.so.0 error In-Reply-To: <000201bf663a$be92eee0$0500000a@borntreger.com> Message-ID: On Mon, 24 Jan 2000, Lonnie J. Borntreger wrote: > In your source directory, after making "install"...: > /bin/sh ./libtool --quiet --mode=install ./install-sh -c \ > bin/libsmbpw.la (your install prefix)/lib > > You'll have to do this after each time you recompile/install, until the > Makefile.in is updated to include this lib in the install-libs rule. thx lonnie, this gave me enough to go on to fix this. From gene_yee at hotmail.com Mon Jan 24 18:50:59 2000 From: gene_yee at hotmail.com (Gene Yee) Date: Tue Dec 2 02:28:11 2003 Subject: Print Share Length Limit? Message-ID: <20000124185059.63574.qmail@hotmail.com> I hope this message goes out, just subscribed to the lists... Anyway, I have created a Linux Samba print server using Red Hat 6.1 If someone tells me how to check the version of Samba, I will be glad to look and tell. However it is the one which comes with the RH 6.1 distribution. Everything in general appears to work OK, however shares with names longer than 12 characters fails to print from WinNT 4.0. I have not tested in other enviroments except for Win2k which does print OK. When I do a test page out of NT4.0 I get a message stating a failure and: The filename, directory name, or volume label syntax is incorrect. Thanks for any help you may be able to provide. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From Elrond at Wunder-Nett.org Mon Jan 24 19:02:34 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:11 2003 Subject: libsmbpw.so.0 error In-Reply-To: ; from Luke Kenneth Casson Leighton on Tue, Jan 25, 2000 at 05:49:13AM +1100 References: <000201bf663a$be92eee0$0500000a@borntreger.com> Message-ID: <20000124200234.B12290@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Jan 25, 2000 at 05:49:13AM +1100, Luke Kenneth Casson Leighton wrote: > On Mon, 24 Jan 2000, Lonnie J. Borntreger wrote: > > > In your source directory, after making "install"...: > > /bin/sh ./libtool --quiet --mode=install ./install-sh -c \ > > bin/libsmbpw.la (your install prefix)/lib > > > > You'll have to do this after each time you recompile/install, until the > > Makefile.in is updated to include this lib in the install-libs rule. > > thx lonnie, this gave me enough to go on to fix this. hehe... sent you a fix for this in my last (big) patch too. ;) Elrond From lkcl at samba.org Mon Jan 24 19:04:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: What else works in Samba-TNG In-Reply-To: <3.0.6.32.20000124122941.007dd6e0@203.16.214.248> Message-ID: On Tue, 25 Jan 2000, Richard Sharpe wrote: > Hi, > > I am just starting to come to grips with Samba TNG, and I have a paper to > get ready for a Singapore Linux event in March. > > What else works with Samba TNG, apart from Win2K joining the domain and > User Manager for Domains? Do inter-domain trusts work, or some such? yes they do... after a fashion. you will need to unify the name space across all domains in order to get it working properly. From gleblanc at cu-portland.edu Mon Jan 24 19:12:09 2000 From: gleblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:11 2003 Subject: Print Share Length Limit? References: <20000124185059.63574.qmail@hotmail.com> Message-ID: <388CA409.23296BD0@cu-portland.edu> Gene Yee wrote: > > I hope this message goes out, just subscribed to the lists... > > Anyway, I have created a Linux Samba print server using Red Hat 6.1 If > someone tells me how to check the version of Samba, I will be glad to look > and tell. However it is the one which comes with the RH 6.1 distribution. That would be version 2.0.5a. for future reference, run the command 'rpm -qa |grep ' to find all the packages like . > > Everything in general appears to work OK, however shares with names longer > than 12 characters fails to print from WinNT 4.0. I have not tested in > other enviroments except for Win2k which does print OK. > > When I do a test page out of NT4.0 I get a message stating a failure and: > > The filename, directory name, or volume label syntax is incorrect. I've had trouble with the same thing on NT with some clients, but I don't recall what I've done about it. From lkcl at samba.org Mon Jan 24 19:11:59 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: Disallowing Non-NT clients In-Reply-To: <01BF6683.C2DE22F0.Alan.Hourihane@pinacl.co.uk> Message-ID: On Tue, 25 Jan 2000, Alan Hourihane wrote: > I mean all computers not running Windows NT. > > We have some machines running Win95 and Win98 that I don't want accessing > the shares. there is a remote arch %subst macro that you might be able to use, or you can investigate "min protocol" to see what win9x asks for and what winnt asks for. From lkcl at samba.org Mon Jan 24 19:14:59 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: Error C000019B In-Reply-To: Message-ID: 19b. that's 411 in decimal. nterr.h. that's NT_STATUS_DOMAIN_TRUST_INCONSISTENT. ehh??????????? i never return that error message, anywhere!!! sorry, don't know, without log files. increase logs to level 100, take a look through them see if there's anything obvious that catches your eye. On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > Hi Friends, > > after reading this list for soem days I also got the TNG :-) > > I like the concept very much, btw. > > Now something stupid: > > Some days ago the list talked about error C000019B on logon from NT WS. I > now also get the same error. The real problem is that both search engines > (the one at lists.samba.org/listproc/ghindex.html and at > us1.samba.org/search/smb-mail.shtml) DO NOT WORK ! The latter one finds > mails, but all links to the actual mails return a 404. > > So could please comebody kind write me again how to fix the problem ? I am > using nmbd/smbd pre-3.0.0 and TNG-prealpha (downloaded both today via > CVS). > > Thanks, > > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-85812 > email: schapiro@clerk.pi.huji.ac.il > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From cmoon at mmcable.com Mon Jan 24 19:15:27 2000 From: cmoon at mmcable.com (Charles Moon) Date: Tue Dec 2 02:28:11 2003 Subject: rh6.1 client on an NT domain Message-ID: <003a01bf669f$6488bfa0$1601a8c0@acciokc.com> I am trying to configure samba on a RH6.1 box currently sitting as a client on an NT4.0 domain. I am having difficulty making it work. NT4.0 server is the PDC, WINS server & DNS server, etc. Anyone have success getting this up and running? Anyone want to share a smb.conf file with a working configuration? From cmoon at mmcable.com Mon Jan 24 19:17:32 2000 From: cmoon at mmcable.com (Charles Moon) Date: Tue Dec 2 02:28:11 2003 Subject: nmbd failed to start on RH6.1 Message-ID: <003d01bf669f$b5e043f0$1601a8c0@acciokc.com> /etc/rc.d/init.d contains a file called smb. When I run by performing "# ./smb start" I get the folowing: Starting SMB services [ OK ] Starting NMB services [FAILED] I am assuming that something is not correct in the smb.conf. What will cause NMB to fail? What is it looking for? ********************************************************************* Romans 1:16-17 ? For I am not ashamed of the gospel of Christ: for it is the power of God unto salvation to every one that believeth; to the Jew first, and also to the Greek. For therein is the righteousness of God revealed from faith to faith: as it is written, The just shall live by faith. Click Here http://www.studentz.com/Presentation/pc/flashform.htm From lkcl at samba.org Mon Jan 24 19:43:51 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: libsmbpw.so.0 error In-Reply-To: <20000124200234.B12290@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > > > You'll have to do this after each time you recompile/install, until the > > > Makefile.in is updated to include this lib in the install-libs rule. > > > > thx lonnie, this gave me enough to go on to fix this. > > hehe... sent you a fix for this in my last (big) patch too. ;) DOH! 1335 lines isn't a big patch, by the way. jean-francois did a diff / merge which didn't work out, unfrotunately, of about 7mb of diff file. or was it 13mb? i can't remember... From goery.valance at ac-reims.fr Mon Jan 24 19:40:06 2000 From: goery.valance at ac-reims.fr (Goery VALANCE) Date: Tue Dec 2 02:28:11 2003 Subject: read the samba's log files Message-ID: <006001bf66a3$f2fe07a0$2954a8c0@wanadoo.fr> Hi I search tools to read the samba's log files. I want to know the number of loggin, file's access etc... Thank's for any answers. Goery -------------- next part -------------- HTML attachment scrubbed and removed From lkcl at samba.org Mon Jan 24 19:50:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: nmbd failed to start on RH6.1 In-Reply-To: <003d01bf669f$b5e043f0$1601a8c0@acciokc.com> Message-ID: check your inetd.conf for something already running on ports 137 and 138. On Tue, 25 Jan 2000, Charles Moon wrote: > > /etc/rc.d/init.d contains a file called smb. When I run by performing "# > /smb start" I get the folowing: > > Starting SMB services [ OK ] > Starting NMB services [FAILED] > > I am assuming that something is not correct in the smb.conf. What will > cause NMB to fail? What is it looking for? > > > > > > ********************************************************************* > Romans 1:16-17 > ? For I am not ashamed of the gospel of Christ: for it is the power > of God unto salvation to every one that believeth; to the Jew first, > and also to the Greek. For therein is the righteousness of God revealed > from faith to faith: as it is written, The just shall live by faith. > > Click Here http://www.studentz.com/Presentation/pc/flashform.htm > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 24 19:51:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: Print Share Length Limit? In-Reply-To: Message-ID: > > Everything in general appears to work OK, however shares with names longer > > than 12 characters fails to print from WinNT 4.0. I have not tested in > > other enviroments except for Win2k which does print OK. > > Known program fault with NT I believe. oh. yes. it is. fixed in nt5. From lkcl at samba.org Mon Jan 24 19:53:01 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: Error C000019B (fwd) Message-ID: i got this report in from someone, thought i'd share it with you. lars, can you add this to the FAQ? if anyone else is maintaining FAQs, please add thhthis too. ---------- Forwarded message ---------- Date: Mon, 24 Jan 2000 14:45:47 -0800 To: lkcl@samba.org Subject: RE: Error C000019B I got that error when I had joinded the NT machine to a samba pdc, then upgraded samba to a newev version and recreated the SID. You will either have to go back to the old SID or remove the trust account from smbpasswd and recreate..... -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Luke Kenneth Casson Leighton Sent: Monday, January 24, 2000 11:25 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Error C000019B 19b. that's 411 in decimal. nterr.h. that's NT_STATUS_DOMAIN_TRUST_INCONSISTENT. ehh??????????? i never return that error message, anywhere!!! sorry, don't know, without log files. increase logs to level 100, take a look through them see if there's anything obvious that catches your eye. On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > Hi Friends, > > after reading this list for soem days I also got the TNG :-) > > I like the concept very much, btw. > > Now something stupid: > > Some days ago the list talked about error C000019B on logon from NT WS. I > now also get the same error. The real problem is that both search engines > (the one at lists.samba.org/listproc/ghindex.html and at > us1.samba.org/search/smb-mail.shtml) DO NOT WORK ! The latter one finds > mails, but all links to the actual mails return a 404. > > So could please comebody kind write me again how to fix the problem ? I am > using nmbd/smbd pre-3.0.0 and TNG-prealpha (downloaded both today via > CVS). > > Thanks, > > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-85812 > email: schapiro@clerk.pi.huji.ac.il > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From gene_yee at hotmail.com Mon Jan 24 20:09:03 2000 From: gene_yee at hotmail.com (Gene Yee) Date: Tue Dec 2 02:28:11 2003 Subject: Print Share Length Limit? Message-ID: <20000124200903.97482.qmail@hotmail.com> Understandable to NT4.0 might not handle it very gracefully and error out. But NT does support 255 characters in a share name, at least when using a actual NT box as a print server. Anyway to make Samba work with NT4.0 in this way? I am trying to convert a corporate NT print server and would like to retain the share names. I've found that the Linux Print server doesn't seem to work well with spaces in the share name either. I just used a underscore instead, however 12 characters is rather limiting. Thanks. >From: David Ford >Reply-To: David Ford >To: Gene Yee >CC: Multiple recipients of list SAMBA-NTDOM >Subject: Re: Print Share Length Limit? >Date: Fri, 2 Jan 1998 23:34:00 -0800 (PST) > >On Tue, 25 Jan 2000, Gene Yee wrote: > > Anyway, I have created a Linux Samba print server using Red Hat 6.1 If > > someone tells me how to check the version of Samba, I will be glad to >look > > and tell. However it is the one which comes with the RH 6.1 >distribution. > ># smbd -V >Version pre-3.0.0 > > > Everything in general appears to work OK, however shares with names >longer > > than 12 characters fails to print from WinNT 4.0. I have not tested in > > other enviroments except for Win2k which does print OK. > >Known program fault with NT I believe. > > > When I do a test page out of NT4.0 I get a message stating a failure >and: > > The filename, directory name, or volume label syntax is incorrect. > > Thanks for any help you may be able to provide. > >Check your /var/log/* files on the samba server, and if differently >specified in your smb.conf and printcap, check those specified locations >too. > >-d > >-- >Open for Y2K - Linux, we never shutdown > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From lkcl at samba.org Mon Jan 24 20:18:31 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: Print Share Length Limit? In-Reply-To: <20000124200903.97482.qmail@hotmail.com> Message-ID: On Tue, 25 Jan 2000, Gene Yee wrote: > > Understandable to NT4.0 might not handle it very gracefully and error out. > But NT does support 255 characters in a share name, at least when using a > actual NT box as a print server. no it doesn't, even NT to NT. printing may be different. > Anyway to make Samba work with NT4.0 in this way? hmm, i wonder if NT to NT uses different MSRPC calls or something? the onlly way is to obtain a comparative trace and work at it for several days, maybe a couple of weeks, slowly working through the differences in netmon traffic until you get it right. personally, is it worth _my_ time to provide that functionality (unpaid) when a simple solution is to rename the printer shares? if there was _no_ alternative solution i might consider it. thx, luke From gene_yee at hotmail.com Mon Jan 24 20:41:16 2000 From: gene_yee at hotmail.com (Gene Yee) Date: Tue Dec 2 02:28:11 2003 Subject: Print Share Length Limit? Message-ID: <20000124204116.75056.qmail@hotmail.com> Point taken, I won't count on it being fixed anytime soon. If I was skilled for the task, I would say it was worth it. Since I work for a large corporation, this would involve a fairly major name convention change. We are use to doing something similar to 'B10L Dinosaur'. Building 10 Lower Floor Dinosaur. Now of course I think we need to ax the flintstone naming convention, but people enjoy give the printers funky names for some reason... >From: Luke Kenneth Casson Leighton >To: Gene Yee >CC: Multiple recipients of list SAMBA-NTDOM >Subject: Re: Print Share Length Limit? >Date: Tue, 25 Jan 2000 07:18:31 +1100 > >On Tue, 25 Jan 2000, Gene Yee wrote: > > > > > Understandable to NT4.0 might not handle it very gracefully and error >out. > > But NT does support 255 characters in a share name, at least when using >a > > actual NT box as a print server. > >no it doesn't, even NT to NT. printing may be different. > > > Anyway to make Samba work with NT4.0 in this way? > > >hmm, i wonder if NT to NT uses different MSRPC calls or something? the >onlly way is to obtain a comparative trace and work at it for several >days, maybe a couple of weeks, slowly working through the differences in >netmon traffic until you get it right. > >personally, is it worth _my_ time to provide that functionality (unpaid) >when a simple solution is to rename the printer shares? if there was _no_ >alternative solution i might consider it. > >thx, > >luke > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From swaters at amicus.com Mon Jan 24 20:45:41 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:28:11 2003 Subject: Print Share Length Limit? References: Message-ID: <388CB9F5.9422E465@amicus.com> i'm on a mixed network w/ OSR2, win98, ntws sp 4,5,6a, and i find that i have trouble with any share names (printer or file) over 12 chars. on the whole, i suggest making shares 12 or less characters with no spaces. -s Luke Kenneth Casson Leighton wrote: > > > > Everything in general appears to work OK, however shares with names longer > > > than 12 characters fails to print from WinNT 4.0. I have not tested in > > > other enviroments except for Win2k which does print OK. > > > > Known program fault with NT I believe. > > oh. yes. it is. fixed in nt5. From cmoon at mmcable.com Mon Jan 24 21:04:21 2000 From: cmoon at mmcable.com (Charles Moon) Date: Tue Dec 2 02:28:11 2003 Subject: nmbd failed to start on RH6.1 In-Reply-To: <388CABDE.7038CDE6@grainsystems.com> Message-ID: <004501bf66ae$98d45c60$1601a8c0@acciokc.com> > Any one of a thousand and one ways of misconfiguring it is the > most likely culprit. You didn't mention anything about your > configuration, so I don't know what to tell you. The following is the content of smb.conf # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2000/01/24 12:07:09 # Global parameters [global] workgroup = ACCI netbios name = PAUL security = DOMAIN encrypt passwords = Yes password server = 192.168.1.1 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = 192.168.1.1 guest account = guest hosts allow = 192.168.1. [homes] comment = Home Directories read only = No guest ok = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No [cdrom] path = /mnt/cdrom guest ok = Yes browseable = No [cdrom1] path = /mnt/cdrom1 guest ok = Yes browseable = No > -----Original Message----- > From: Kevin Colby [mailto:kevinc@grainsystems.com] > Sent: Monday, January 24, 2000 1:46 PM > To: cmoon@mmcable.com > Subject: Re: nmbd failed to start on RH6.1 > > > Charles Moon wrote: > > > > /etc/rc.d/init.d contains a file called smb. When I run by > > performing "# /smb start" I get the folowing: > > > > Starting SMB services [ OK ] > > Starting NMB services [FAILED] > > > > I am assuming that something is not correct in the smb.conf. > > Correct. > > > What will cause NMB to fail? > > Any one of a thousand and one ways of misconfiguring it is the > most likely culprit. You didn't mention anything about your > configuration, so I don't know what to tell you. > > You are trying to do the PDC stuff with the TNG code? > (This is the TNG/PDC/NTDomain list, you know.) > > - Kevin Colby > kevinc@grainsystems.com From gtm at oracom.com Mon Jan 24 21:09:41 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:28:11 2003 Subject: Can't join domain now Message-ID: <388CBF95.5FB3AAAC@oracom.com> Hi all, I just updated my samba tng source. and I cannot get WinNT to join the domain. I have done a 100 level debug. Tell me what logs you need. Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From kdr1 at ECE.MsState.EDU Mon Jan 24 22:38:43 2000 From: kdr1 at ECE.MsState.EDU (Kary Rogers) Date: Tue Dec 2 02:28:11 2003 Subject: Doesn't ask for password Message-ID: <388CD473.1A4ED43E@ece.msstate.edu> I've got Samba cooperating with an LDAP server. I can login with a user onto a PC in the domain, etc. But, I have a problem. When I try to map a drive to a Samba share or connect to a share via browsing (public = no) it asks for a username, but it doesn't require a password. As long as I supply any valid username, it will connect and not prompt for a password. note: This is when I am not logged into the domain, but just Administrator of the PC. This is not how I wish it to behave for obvious reasons. Any help would be appreciated. Thanks in advance, -Kary Rogers The Obligatory smb.conf: ------------------------------ [global] netbios name = yavinsamba workgroup = TEST server string = TEST_ECE Samba Server #LDAP info ldap suffix = "ou=Samba,o=ece,o=msstate,o=edu,c=us" ldap bind as = "cn=root,o=ece,o=msstate,o=edu,c=us" ldap passwd file = /opt/samba/private/ldappasswd ldap server = localhost log level = 10 # change 'no' to 'yes' and uncomment 'lpstat' to autodetect printers load printers = no ; printcap name = lpstat # separate log file for each machine log file = /opt/samba/var/log.%m # WINS and LMHOSTS files lock dir = /opt/samba/var/locks # size at which to cap logs (in kB) max log size = 1024 # make users supply passwords to access services security = user # no-access user who browses guest account = samba # Password options encrypt passwords = yes # reccommended for performance socket options = TCP_NODELAY # configure browsing domain logons = yes local master = yes domain master = yes preferred master = yes wins support = yes os level = 65 # hm. dns proxy = no # case preservation and sensitivity case sensitive = no preserve case = yes short preserve case = no default case = lower mangle case = no allow hosts = 130.18.65. 130.18.64. name resolve order = host wins bcast #============================ Share Definitions ============================== # directories [test] comment = test path = /usr/local/rpm browseable = yes public = no From schapiro at clerk.pi.huji.ac.il Tue Jan 25 05:03:35 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:28:11 2003 Subject: Error C000019B In-Reply-To: Message-ID: NoNo, the NT WS gives that error. First I was using smbd 2.0.5a, created my domain, registered all WS etc. Works perfect (within 2.0.5 PDC limitations). Then I downloaded the samba-head and samba-TNG code, compiled both, make install for TNG and copied smbd & nmbd from the head branch (as recommended in the TNG FAQ). added a machine account for the server in /etc/passwd, and run smbpasswd -a -m PDCNAME (from the TNG branch). linked the smb.conf and smbpasswd between my old install and the new one. killed old smbd & nmbd and run the new nmbd & smbd and all other *d deamons (netlogond, winregd etc.). THEN I tried again to logon to the domain from the NT and got that error message. smbpasswd seems to be OK, also with samba 2.0.5a the error was different if the machine account was bad. Schlomo On Tue, 25 Jan 2000, Luke Kenneth Casson Leighton wrote: > 19b.that's 411 in decimal. nterr.h. that's > NT_STATUS_DOMAIN_TRUST_INCONSISTENT. > > ehh??????????? > > i never return that error message, anywhere!!! > > sorry, don't know, without log files. > > increase logs to level 100, take a look through them seeif there's > anything obvious that catches your eye. > > On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > > > Hi Friends, > > > > after reading this list for soem days I also got the TNG :-) > > > > I like the concept very much, btw. > > > > Now something stupid: > > > > Some days ago the list talked about error C000019B on logon from NT WS. I > > now also get the same error. The real problem is that both search engines > > (the one at lists.samba.org/listproc/ghindex.html and at > > us1.samba.org/search/smb-mail.shtml) DO NOT WORK ! The latter one finds > > mails, but all links to the actual mails return a 404. > > > > So could please comebody kind write me again how to fix the problem ? I am > > using nmbd/smbd pre-3.0.0 and TNG-prealpha (downloaded both today via > >CVS). > > > > Thanks, > > > > > >-- > > Schlomo Schapiro > > Computation Authority > > Hebrew University of Jerusalem > > > > Tel: ++972 / 2 / 65-85812 > > email: schapiro@clerk.pi.huji.ac.il > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-85812 email: schapiro@clerk.pi.huji.ac.il From matty at cifs.org Tue Jan 25 05:18:52 2000 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:28:11 2003 Subject: Error C000019B In-Reply-To: ; from lkcl@samba.org on Tue, Jan 25, 2000 at 06:25:28AM +1100 References: Message-ID: <20000125161852.A24704@cifs.org> On Tue, Jan 25, 2000 at 06:25:28AM +1100, Luke Kenneth Casson Leighton wrote: > 19b. that's 411 in decimal. nterr.h. that's > NT_STATUS_DOMAIN_TRUST_INCONSISTENT. > > ehh??????????? > > i never return that error message, anywhere!!! Luke, STATUS_DOMAIN_TRUST_INCONSISTENT (0xc000019b) means that the domain information returned by the domain controller is inconsistent with that cached in the security hive. Most likely the .SID file was changed at some point. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From lkcl at samba.org Tue Jan 25 05:46:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:11 2003 Subject: Error C000019B In-Reply-To: Message-ID: On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > NoNo, > > the NT WS gives that error. yes. this is caused by your having changed the SID of the domain. you will need to either restore that SID (stored in 2.0.5 in MACHINE.SID and in samba tng in YOUR_DOMAIN_NAME.SID) or have your workstation rejoin the domain. the problems are probably caused by stopping 2.0.5, starting samba tng, stopping samba tng and starting 2.0.5, which will recreate a random MACHINE.SID that was renamed by samba tng to YOUR_DOMAIN_NAME.SID. > First I was using smbd 2.0.5a, created my domain, registered all WS > etc. Works perfect (within 2.0.5 PDC limitations). > > Then I downloaded the samba-head and samba-TNG code, compiled both, make > install for TNG and copied smbd & nmbd from the head branch (as > recommended in the TNG FAQ). > > added a machine account for the server in /etc/passwd, and run smbpasswd > -a -m PDCNAME (from the TNG branch). > > linked the smb.conf and smbpasswd between my old install and the new one. > killed old smbd & nmbd and run the new nmbd & smbd and all other *d > deamons (netlogond, winregd etc.). > > THEN I tried again to logon to the domain from the NT and got that error > message. > > smbpasswd seems to be OK, also with samba 2.0.5a the error was different > if the machine account was bad. > > Schlomo > > > > On Tue, 25 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > 19b.that's 411 in decimal. nterr.h. that's > > NT_STATUS_DOMAIN_TRUST_INCONSISTENT. > > > > ehh??????????? > > > > i never return that error message, anywhere!!! > > > > sorry, don't know, without log files. > > > > increase logs to level 100, take a look through them seeif there's > > anything obvious that catches your eye. > > > > On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > > > > > Hi Friends, > > > > > > after reading this list for soem days I also got the TNG :-) > > > > > > I like the concept very much, btw. > > > > > > Now something stupid: > > > > > > Some days ago the list talked about error C000019B on logon from NT WS. I > > > now also get the same error. The real problem is that both search engines > > > (the one at lists.samba.org/listproc/ghindex.html and at > > > us1.samba.org/search/smb-mail.shtml) DO NOT WORK ! The latter one finds > > > mails, but all links to the actual mails return a 404. > > > > > > So could please comebody kind write me again how to fix the problem ? I am > > > using nmbd/smbd pre-3.0.0 and TNG-prealpha (downloaded both today via > > >CVS). > > > > > > Thanks, > > > > > > > > >-- > > > Schlomo Schapiro > > > Computation Authority > > > Hebrew University of Jerusalem > > > > > > Tel: ++972 / 2 / 65-85812 > > > email: schapiro@clerk.pi.huji.ac.il > > > > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-85812 > email: schapiro@clerk.pi.huji.ac.il > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From cmoon at mmcable.com Tue Jan 25 05:46:27 2000 From: cmoon at mmcable.com (Charles Moon) Date: Tue Dec 2 02:28:12 2003 Subject: Starting NMB services: [FAILED] Message-ID: <005601bf66f7$8b53e670$1601a8c0@acciokc.com> This is a second attempt to convey my problem. I have made some discoveries along the way that might assist in diagnosing this this. First, I have a RH6.1 workstation I want to join an NT Domain. I have SWAT up and running. The following is the /etc/smb.conf produced using SWAT. # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2000/01/24 12:07:09 # Global parameters [global] workgroup = ACCI netbios name = PAUL security = DOMAIN encrypt passwords = Yes password server = 192.168.1.1 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = 192.168.1.1 guest account = guest hosts allow = 192.168.1. [homes] comment = Home Directories read only = No guest ok = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No [cdrom] path = /mnt/cdrom guest ok = Yes browseable = No [cdrom1] path = /mnt/cdrom1 guest ok = Yes browseable = No When starting /etc/rc.d/init.d/smb I get the following: [root@paul /etc/rc.d/init.d]# ./smb start Starting SMB services: [ OK ] Starting NMB services: [FAILED] [root@paul /etc/rc.d/init.d]# /var/log/samba/log.smb contains the following: [2000/01/24 23:16:17, 1] smbd/server.c:main(628) smbd version 2.0.5a started. Copyright Andrew Tridgell 1992-1998 [2000/01/24 23:16:17, 0] lib/util.c:get_myname(1756) Get_Hostbyname: Unknown host paul [2000/01/24 23:16:17, 0] lib/util.c:get_myname(1756) Get_Hostbyname: Unknown host paul [2000/01/24 23:16:17, 1] smbd/files.c:file_init(216) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/24 23:16:17, 0] lib/util_sock.c:open_socket_in(854) Get_Hostbyname: Unknown host paul /var/log/samba/log.nmb contains the following: [2000/01/24 23:22:12, 1] nmbd/nmbd.c:main(684) Netbios nameserver version 2.0.5a started. Copyright Andrew Tridgell 1994-1998 [2000/01/24 23:22:13, 0] lib/util.c:get_myname(1756) Get_Hostbyname: Unknown host paul [2000/01/24 23:22:13, 0] nmbd/nmbd.c:main(689) Unable to get my hostname - exiting. Where should I look and/or what should I do? From lkcl at samba.org Tue Jan 25 06:00:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:12 2003 Subject: coding volunteers needed for msrpc server-side API conversion Message-ID: if anyone wants to help with a very boring but basically self-consistent task, i'd really appreciate it. the goal is, examine rpc_client/cli_*.c functions, e.g samr_open_domain(), and create a srv_*.c function with EXACTLY the same paramaters called _samr_open_domain(), for all functions in rpc_client/cli_*.c and srv_*.c. please see samba tng's rpc_server/srv_samr.c and samrd/srv_samr_passdb.c for examples of the code-conversion in progress. i cut/paste a section of proto.h from rpc_client/cli_samr.c into the top of samrd/srv_samr_passdb.c to make this job easier. if you want to help out, then please follow these instructions, in order to avoid duplication of effort: 1) EITHER: refer to http://samba.org/listproc/samba-technical and look for messages with this subject line OR: change your subscription to non-digest mode on samba-technical. 2) post a message to samba-technical in reply to this message (exclude the text) saying which MSRPC pipe and which functions in that pipe you would like to volunteer for the conversion. 3) wait 20 mins or so, refer to samba-technical, see if anyone else also volunteered. sort it out between you so as not to duplicate effort. 4) examine and follow the example code plus the coding STYLE, please. put copyright your name 2000 at the top of the file in the GPL header. istarted out by making 2 copies of rpc_server/srv_samr.c and then go from there. changes to rpc_parse/parse_*.c::make_r*() functions are sometimes necessary. changes to rpc_parse/parse_*.c::make_q*() functions are NOT necessary and should not be done. 5) send me a diff -u patch, they're far easier to read before doing patch -p0 < your_diff. send it as an attachment not inline text because your emailer or mine may word-wrap anything over 80 chars in length. i will be chewing through srv_samr.c from the top: if anyone wants to start at the bottom and work up, i'll meet you somewhere in the middle :) please follow the reporting instructions above. thx! luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Tue Jan 25 06:04:00 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:12 2003 Subject: Starting NMB services: [FAILED] In-Reply-To: <005601bf66f7$8b53e670$1601a8c0@acciokc.com> Message-ID: > This is a second attempt to convey my problem. I have made some discoveries > along the way that might assist in diagnosing this this. > > First, I have a RH6.1 workstation I want to join an NT Domain. I have SWAT > up and running. The following is the /etc/smb.conf produced using SWAT. > /var/log/samba/log.nmb contains the following: > > > [2000/01/24 23:22:12, 1] nmbd/nmbd.c:main(684) > Netbios nameserver version 2.0.5a started. > Copyright Andrew Tridgell 1994-1998 > [2000/01/24 23:22:13, 0] lib/util.c:get_myname(1756) > Get_Hostbyname: Unknown host paul > [2000/01/24 23:22:13, 0] nmbd/nmbd.c:main(689) > Unable to get my hostname - exiting. ^^^^^^^^^^^^^^^^^^ dude, as someone mentioned earlier, you don't have the bog-standard dns resolution correctly set up on your box. i often don't have my box set up correctly, either, so i hack it and put in /etc/hosts 127.0.0.1 myservername or, correct.ip.add.ress myservername. luke From schapiro at clerk.pi.huji.ac.il Tue Jan 25 07:16:45 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:28:12 2003 Subject: Error C000019B (fwd) In-Reply-To: Message-ID: Yes, this seems logical. But where is the SID kept ? I have a file called DOMAINNAME.SID, is it that ? Samba 2.0.5a created a file called MACHINE.SID, should I copy its contents to the DOMAINNAME.SID for the new smbd/nmbd ? Could there be a problem if I start smbd/nmbd AFTER starting the other daemons ? Lately the problem changed a bit (I re-created the server machine account when the NEW nmbd/smbd was running): It doesn't create the C000019B message but tells me that my password is wrong (this long message that suggests to check caps lock). Setting it again via smbpasswd didn't help either. What are the neccessary steps to move from samba 2.0.5a to a mixed head/TNG setup without going to all the WS and joining the domain again. Schlomo PS: Thanks for your help PPS: The two search sites are STILL not working, could sombody please notify the webmaster ? On Tue, 25 Jan 2000, Luke Kenneth Casson Leighton wrote: > i got this report in from someone, thought i'd share it with you. > > lars, can you add this to the FAQ?if anyone else is maintaining FAQs, > please add thhthis too. > > ---------- Forwarded message ---------- > Date: Mon, 24 Jan 2000 14:45:47 -0800 > To: lkcl@samba.org > Subject: RE: Error C000019B > > I got that error when I had joinded the NT machine to a samba pdc, then > upgraded samba to a newev version and recreated the SID.You will either > have to go back to the old SID or remove the trust account from smbpasswd > and recreate..... > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Luke Kenneth Casson Leighton > Sent: Monday, January 24, 2000 11:25 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Error C000019B > > > 19b.that's 411 in decimal. nterr.h. that's > NT_STATUS_DOMAIN_TRUST_INCONSISTENT. > > ehh??????????? > > i never return that error message, anywhere!!! > > sorry, don't know, without log files. > > increase logs to level 100, take a look through them see if there's > anything obvious that catches your eye. > > On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > > > Hi Friends, > > > > after reading this list for soem days I also got the TNG :-) > > > > I like the concept very much, btw. > > > > Now something stupid: > > > > Some days ago the list talked about error C000019B on logon from NT WS. I > > now also get the same error. The real problem is that both search engines > > (the one at lists.samba.org/listproc/ghindex.html and at > > us1.samba.org/search/smb-mail.shtml) DO NOT WORK ! The latter one finds > > mails, but all links to the actual mails return a 404. > > > > So could please comebody kind write me again how to fix the problem ? I am > > using nmbd/smbd pre-3.0.0 and TNG-prealpha (downloaded both today via > > CVS). > > > > Thanks, > > > > > >-- > > Schlomo Schapiro > > Computation Authority > > Hebrew University of Jerusalem > > > > Tel: ++972 / 2 / 65-85812 > > email: schapiro@clerk.pi.huji.ac.il > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-85812 email: schapiro@clerk.pi.huji.ac.il From schapiro at clerk.pi.huji.ac.il Tue Jan 25 07:24:42 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:28:12 2003 Subject: Error C000019B In-Reply-To: Message-ID: Hi, does that mean that the 2.0.5 creates a new SID on each start ? How can I then switch between the 2.0.5 and the tng ? (Note - I am using pre-3.0.0 for smbd/nmbd ! Another point: Just now the 2.0.5 samba tools are in the search path (and not the tng ones). Are they used by the smbd/nmbd/netlogond/winregd daemons ? How can I switch from 2.0.5 to pre-3.0.0/tng "on the fly" without having trouble with the NT WS clients ? Thanks a lot, Schlomo On Tue, 25 Jan 2000, Luke Kenneth Casson Leighton wrote: > On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > > > NoNo, > > > > the NT WS gives that error. > > yes.this is caused by your having changed the SID of the domain. you > will need to either restore that SID (stored in 2.0.5 in MACHINE.SID and > in samba tng in YOUR_DOMAIN_NAME.SID) or have your workstation rejoin the > domain. > > the problems are probably caused by stopping 2.0.5, starting samba tng, > stopping samba tng and starting 2.0.5, which will recreate a random > MACHINE.SID that was renamed by samba tng to YOUR_DOMAIN_NAME.SID. > > > > > First I was using smbd 2.0.5a, created my domain, registered all WS > > etc. Works perfect (within 2.0.5 PDC limitations). > > > > Then I downloaded the samba-head and samba-TNG code, compiled both, make > > install for TNG and copied smbd & nmbd from the head branch (as > > recommended in the TNG FAQ). > > > > added a machine account for the server in /etc/passwd, and run smbpasswd > > -a -m PDCNAME (from the TNG branch). > > > > linked the smb.conf and smbpasswd between my old install and the new one. > > killed old smbd & nmbd and run the new nmbd & smbd and all other *d > > deamons (netlogond, winregd etc.). > > > > THEN I tried again to logon to the domain from the NT and got that error > > message. > > > > smbpasswd seems tobe OK, also with samba 2.0.5a the error was different > > if the machine account was bad. > > > > Schlomo > > > > > > > >On Tue, 25 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > > > 19b.that's411 in decimal. nterr.h. that's > > > NT_STATUS_DOMAIN_TRUST_INCONSISTENT. > > > > > > ehh??????????? > > > > > > i never return that error message, anywhere!!! > > > > > > sorry, don't know, without log files. > > > > > > increase logs to level 100, take a look through them seeif there's > > > anything obvious that catches your eye. > > > > > > On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > > > > > > > Hi Friends, > > > > > > > > after reading this list for soem days I also got the TNG :-) > > > > > > > > I like the concept very much, btw. > > > > > > > > Now something stupid: > > > > > > > > Some days ago the list talked about error C000019B on logon from NT WS. I > > > > now also get the same error. The real problem is that both search engines > > > > (the one at lists.samba.org/listproc/ghindex.html and at > > > > us1.samba.org/search/smb-mail.shtml) DO NOT WORK ! The latter one finds > > > > mails, but all links to the actual mails return a 404. > > > > > > > > So could please comebody kind write me again how to fix the problem ? I am > > > > using nmbd/smbd pre-3.0.0 and TNG-prealpha (downloaded both today via > > > >CVS). > > > > > > > > Thanks, > > > > > > > > > > > >-- > > > > Schlomo Schapiro > > > > Computation Authority > > > > Hebrew University of Jerusalem > > > > > > > > Tel: ++972 / 2 / 65-85812 > > > > email: schapiro@clerk.pi.huji.ac.il > > > > > > > > > > Luke Kenneth Casson Leighton > > > Samba and Network Development > > > Samba Web site > >> Internet Security Systems, Inc. > > > Macmillan Technical Publishing > > > > > >ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > > > > -- > > Schlomo Schapiro > > Computation Authority > > Hebrew University of Jerusalem > > > > Tel: ++972 / 2 / 65-85812 > > email: schapiro@clerk.pi.huji.ac.il > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-85812 email: schapiro@clerk.pi.huji.ac.il From yannick.thoumelin at cnes.fr Tue Jan 25 07:34:13 2000 From: yannick.thoumelin at cnes.fr (Yannick Thoumelin - OSIATIS) Date: Tue Dec 2 02:28:12 2003 Subject: unsubscribe Message-ID: <388D51F5.B3FF3F28@cnes.fr> unsubscribe -------------- next part -------------- A non-text attachment was scrubbed... Name: yannick.thoumelin.vcf Type: text/x-vcard Size: 312 bytes Desc: Card for Yannick Thoumelin - OSIATIS Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000125/d47836a5/yannick.thoumelin.vcf From mader at niles.de Tue Jan 25 08:40:15 2000 From: mader at niles.de (Alexander Mader) Date: Tue Dec 2 02:28:12 2003 Subject: P:Trusted Domains and smbd start References: <0846B011B9A4D111A1EE006097DA4FCE02F812B4@icex1.cc.ic.ac.uk> Message-ID: <388D616F.B917BD14@niles.de> Hallo, yesterday I checked out the TNG branch, compiled, and installed it. Everything worked fine so far: Creation of machine and user accounts; joining the new domain; login from a freshly joined server; acting as admin just by membership in "Domain Admins"---great! Thanks a lot! If I have an entry trusted domains = NILES smbd won't start---even so if this line is all the smb.conf. Are there any hints for settings of other parameters to fix this? Many thanks, Alexander. -- Alexander Mader Fon: +49-30-92797-636 NILES Werkzeugmaschinenfabrik GmbH From lk at NetUSE.DE Tue Jan 25 11:59:30 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:12 2003 Subject: best way to get TNG working with main. References: <388C8065.FFD405BF@cdt.luth.se> Message-ID: <388D9022.74EA116C@NetUSE.DE> James Nord wrote: > > Hi, > > I am about to compile TNG and test out the domain capabilities with win > 2000. > > I read earlier that it is best to not use the head (now TNG) for main > fileserver work as it was potentially buggy and may cause file > corruption. > > Hence how is the best way to go about this? The machine i will be > installing two has had a virtual interface set up so I can bind without > affecting the normal samba server (which will be left alone). However I > would like to use this (origonal) samba server for the file serving. Is > there any way to do this seemlessly or would I still need to validate to > this samba server. > Or is there a better way to do this? You can use the same smbpasswd file for both servers. Or, you let act samba tng as pdc, and your old samba server joins the "samba tng"-domain. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at NetUSE.DE Tue Jan 25 12:20:32 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:12 2003 Subject: Doesn't ask for password References: <388CD473.1A4ED43E@ece.msstate.edu> Message-ID: <388D9510.EF75298A@NetUSE.DE> Kary Rogers wrote: > > I've got Samba cooperating with an LDAP server. I can login with a user > onto a PC in the domain, etc. But, I have a problem. When I try to map > a drive to a Samba share or connect to a share via browsing (public = > no) it asks for a username, but it doesn't require a password. As long > as I supply any valid username, it will connect and not prompt for a > password. note: This is when I am not logged into the domain, but just > Administrator of the PC. > > This is not how I wish it to behave for obvious reasons. Any help would > be appreciated. Maybe the parameter "map to guest" helps you. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From norman at lithe.uark.edu Tue Jan 25 15:35:44 2000 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:28:12 2003 Subject: Print Share Length Limit? References: <388CB9F5.9422E465@amicus.com> Message-ID: <388DC2D0.583254D4@lithe.uark.edu> Stephen Waters wrote: > i'm on a mixed network w/ OSR2, win98, ntws sp 4,5,6a, and i find that > i have trouble with any share names (printer or file) over 12 chars. on > the whole, i suggest making shares 12 or less characters with no spaces. > I have found something interesting... When working with NT, it is true that if another NT workstation is connected, then it does not matter what the length of the share name is (within the 255 character limit), but if a Win9x workstation is connected, then yes, there is a 12 character barrier.... but, if you are using the share level of Win9x to connect another Win9x (this works even better when the x's are the same), then you once again defeat the 12 character limit, and can use spaces in the share. It seems like MickySoft does do some form of OS level recognition during network share connection. > > -s > > Luke Kenneth Casson Leighton wrote: > > > > > > Everything in general appears to work OK, however shares with names longer > > > > than 12 characters fails to print from WinNT 4.0. I have not tested in > > > > other enviroments except for Win2k which does print OK. > > > > > > Known program fault with NT I believe. > > > > oh. yes. it is. fixed in nt5. -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu It is not that I would "prefer to do this without an NT server", it is just that I would "prefer to do it right". ------------------------------------------------------------------- From LEYMARIE_Gerard at accor-hotels.com Tue Jan 25 15:03:45 2000 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:28:12 2003 Subject: Local admin Message-ID: <025e01bf6745$6063f0b0$2300c839@accorhotels.com> All, Is it possible to grant administrator right only to a local machine to a user member of a domain. I'm using samba 2.0.6 as a PDC Many thanks From zen at uninet.net.id Tue Jan 25 14:48:30 2000 From: zen at uninet.net.id (ZEN el GUAY) Date: Tue Dec 2 02:28:12 2003 Subject: Same experience was Re: Print Share Length Limit? In-Reply-To: <388DC2D0.583254D4@lithe.uark.edu> References: <388CB9F5.9422E465@amicus.com> <388DC2D0.583254D4@lithe.uark.edu> Message-ID: <00012522075102.01093@zen.sphenisci.or.id> > > I have found something interesting... When working with NT, it is true that > if another NT workstation is connected, then it does not matter what the > length of the share name is (within the 255 character limit), but if a Win9x > workstation is connected, then yes, there is a 12 character barrier.... > ===ZEN I had the same experience with only Win9x connection. I think there is a limitation of a Windows 9x implementation of what they called Long File Name to cooperate from different environment other than Windows Family or (maybe) file system. Win 9x still use the FAT partition, which only support 8 character file name (an old time DOS), that never recognise a long naming file... >but, > if you are using the share level of Win9x to connect another Win9x (this > works even better when the x's are the same), then you once again defeat > the 12 character limit, and can use spaces in the share. > ===ZEN Yea, same with me... When Win9x connect to another Win9x, they can recognise each other long naming file. ZEN From kevinc at grainsystems.com Tue Jan 25 15:15:31 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:28:12 2003 Subject: Print Share Length Limit? References: <388CB9F5.9422E465@amicus.com> <388DC2D0.583254D4@lithe.uark.edu> Message-ID: <388DBE13.5F66AF6B@grainsystems.com> Norman Weathers wrote: > > I have found something interesting... When working with NT, it is true that > if another NT workstation is connected, then it does not matter what the > length of the share name is (within the 255 character limit), but if a Win9x > workstation is connected, then yes, there is a 12 character barrier.... but, > if you are using the share level of Win9x to connect another Win9x (this > works even better when the x's are the same), then you once again defeat > the 12 character limit, and can use spaces in the share. We have shares here (true NT) longer than 12 characters and containing spaces that 95, 98, and NT machines all connect to. How or where are you noticing this failure? - Kevin Colby kevinc@grainsystems.com From imak at bellatlantic.net Tue Jan 25 15:34:47 2000 From: imak at bellatlantic.net (Ivan Makfinsky) Date: Tue Dec 2 02:28:12 2003 Subject: admin group Message-ID: <008101bf674a$dd3f0980$e37cc897@reybomb.com> ok, i am having trouble setting up a user as an admin for the domain. The man pages are outdated and i cannot search the archives... i am using the latest tng code and have added the user to the group wheel, smb.conf has "domain admin group = wheel" and that's not working. When trying to join an nt ws, i get the response that the user does not have sufficient rights to perform this task... what am i doing wrong? imak From lk at NetUSE.DE Tue Jan 25 15:56:08 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:12 2003 Subject: admin group References: <008101bf674a$dd3f0980$e37cc897@reybomb.com> Message-ID: <388DC798.CC70EE68@NetUSE.DE> Ivan Makfinsky wrote: > > ok, i am having trouble setting up a user as an admin for the domain. The > man pages are outdated and i cannot search the archives... > i am using the latest tng code and have added the user to the group wheel, > smb.conf has "domain admin group = wheel" and that's not working. When > trying to join an nt ws, i get the response that the user does not have > sufficient rights to perform this task... what am i doing wrong? Please read my famous webpages! After drinking beer at work, i feel much better! :-) http://www.kneschke.de/projekte/samba_tng Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lkcl at samba.org Tue Jan 25 16:22:17 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:12 2003 Subject: Error C000019B (fwd) In-Reply-To: Message-ID: On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > Yes, this seems logical. But where is the SID kept ? I have a file called > DOMAINNAME.SID, is it that ? yep. > Samba 2.0.5a created a file called MACHINE.SID, should I copy its contents > to the DOMAINNAME.SID for the new smbd/nmbd ? if you still have a copy of it, yes! your NT workstations have cached the SID stored in the MACHINE.SID file and are now relying on that to be the same. From zen at sprynet.com Tue Jan 25 16:24:53 2000 From: zen at sprynet.com (John Cusick) Date: Tue Dec 2 02:28:12 2003 Subject: Joining Domain as PDC - Connection Refused Message-ID: <388DCE55.F721FE4E@sprynet.com> I am using TNG-prealpha version on Linux kernel 2.2.13, attempting to establish that machine as PDC. Upon issuing the command smbpasswd -j XXX I received the following result Joining Domain as PDC socket connect to /tmp/smb.0/agent failed: Connection refused error connecting to xxx.xxx.xxx.xxx:445 (Connection refused) 2000/01/24 21:42:28: change_trust_account_password: changed password for domain XXX Joined domain XXX. When attempting to login to domain XXX from Windows NT workstations, those machines crash with the following blue screen: Windows Login Process system process terminated unexpectedly with a status of 0xc0000005 I believe this is related to the "connection refused" error and am wondering if I should be doing something with port 445 on the Linux box. Ideas? From lkcl at samba.org Tue Jan 25 16:26:07 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:12 2003 Subject: Error C000019B In-Reply-To: Message-ID: On Tue, 25 Jan 2000, Schlomo Schapiro wrote: > Hi, > > does that mean that the 2.0.5 creates a new SID on each start ? How can I > then switch between the 2.0.5 and the tng ? (Note - I am using pre-3.0.0 > for smbd/nmbd ! i modified both cvs main and tng to rename a file called MACHINE.SID to YOUR_SAM_DATABASE_NAME.SID. i also added code to *exit* if both files are found. From lepape at shom.fr Tue Jan 25 16:30:21 2000 From: lepape at shom.fr (Jean-Marc Le Pape) Date: Tue Dec 2 02:28:12 2003 Subject: login, logout problems Message-ID: <388DCF9D.89D13B50@shom.fr> Hi, I'm using a PDC running on a solaris 2.6. It works fine. I log onto the PDC succesfully once but when I logout then login again I've got the message : "PDC is not accessible ....." and I can't have neither my profiles (on the PDC) nor my logon script. What happens and what can I do? JM From jroman6 at ford.com Tue Jan 25 16:33:04 2000 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:28:12 2003 Subject: admin group Message-ID: <200001251643.LAA24625@mailfw1.ford.com> It appears that you are trying to do two different things. I'll address what I think is the main issue first, adding the NT4 WS to the domain. To add a machine to the domain you must first create a machine ID in the /etc/passwd file. To do this, you take the computer name from the workstation and add a $ to the end of the name. For example, if your computer name is machine1, then add an entry for machine1$ to your passwd file. On many Linux distributions you can use the useradd command: /usr/sbin/useradd -d /dev/null machine1$ You should edit your passwd file so that machine accounts have the home directory set to /dev/null and the password set to /bin/false for security reasons. (You don't want someone to be able to telnet or ftp in as the machine name.) Your passwd entry should look like this: machine1$:*:1000:1000:any description:/dev/null:/bin/false After entering the machine name into the passwd file, you then add it to the smbpasswd file with the command: smbpasswd -a -m machine1 This specifies to add (-a) a new machine (-m) account to the file. After this is complete, go to the workstation and add it to the domain, but DO NOT check the "Create a computer account in the domain" box. (This will bomb with an error message.) Just change the Domain name to the one configured on your Samba machine and click OK. You should get the message that your machine was successfully added to the domain. -----Original Message----- From: Ivan Makfinsky [mailto:imak@bellatlantic.net] Sent: Tuesday, January 25, 2000 10:36 AM To: Multiple recipients of list SAMBA-NTDOM Subject: admin group ok, i am having trouble setting up a user as an admin for the domain. The man pages are outdated and i cannot search the archives... i am using the latest tng code and have added the user to the group wheel, smb.conf has "domain admin group = wheel" and that's not working. When trying to join an nt ws, i get the response that the user does not have sufficient rights to perform this task... what am i doing wrong? imak From lk at NetUSE.DE Tue Jan 25 17:15:16 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:12 2003 Subject: Joining Domain as PDC - Connection Refused References: <388DCE55.F721FE4E@sprynet.com> Message-ID: <388DDA24.F653338E@NetUSE.DE> John Cusick wrote: > > I am using TNG-prealpha version on Linux kernel 2.2.13, attempting to > establish that machine as PDC. > > Upon issuing the command > > smbpasswd -j XXX > > I received the following result > > Joining Domain as PDC > socket connect to /tmp/smb.0/agent failed: Connection refused > error connecting to xxx.xxx.xxx.xxx:445 (Connection refused) > 2000/01/24 21:42:28: change_trust_account_password: changed password > for domain XXX > Joined domain XXX. > > When attempting to login to domain XXX from Windows NT workstations, > those machines crash with the following blue screen: > > Windows Login Process system process terminated unexpectedly with a > status of > 0xc0000005 > > I believe this is related to the "connection refused" error and am > wondering if I should be doing something with port 445 on the Linux box. No, i don't need to do something. Port 445 is not important for Windows NT. Have you read my webapges at http://www.kneschke.de/projekte/samba_tng? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From MTEOHB at ntu.edu.sg Tue Jan 25 17:27:33 2000 From: MTEOHB at ntu.edu.sg (Teo Hai Beng) Date: Tue Dec 2 02:28:12 2003 Subject: Samba Enquiries Message-ID: <65C64E7C072ED311A44D0008C75D1C8CB4C6D4@EXCHANGE7> > Dear Sir, > > I have some queries concerning the samba and appreciate if you could help. > > I tried to connect from a Win NT PC to a SGI unix samba server (hostname: > canesgs01) by clicking network neighborhood. It shows the following > error. What could be the problem? I have type C:\> ipconfig/all to > extract the system information. > > <<...>> <<...>> > <<...>> > From Jean-Francois.Micouleau at dalalu.fr Tue Jan 25 18:05:10 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:12 2003 Subject: Print Share Length Limit? In-Reply-To: Message-ID: On Tue, 25 Jan 2000, Luke Kenneth Casson Leighton wrote: > > Understandable to NT4.0 might not handle it very gracefully and error out. > > But NT does support 255 characters in a share name, at least when using a > > actual NT box as a print server. > > no it doesn't, even NT to NT. printing may be different. NT printing does (read in my mind luke: spoolss) because NT exports different printer names by the rpc spoolss service, the standard share name are just for backward compatibility with win95/98, 3.11 J.F. From plpm at mapfre.com Tue Jan 25 16:46:21 2000 From: plpm at mapfre.com (Paniagua Moreno, Pedro Luis) Date: Tue Dec 2 02:28:12 2003 Subject: Latest support for PDC, BDC, trusted relationships Message-ID: I am trying to guess which is the latest (and, if possible) version I should have to get to get to this scenario: domain Master: PDC -> WNT domain Slave: BDC -> Samba 2.X (linux). This is a resource Domain; no accounts. I thing TNG should do it, but i'm confused as how to get it. I would like to know, also, if it's some guessed date of release of 2.1 (I think this is the version which will have PDC/BDC stable support). Thanks in advance. > Pedro Luis Paniagua Moreno > MAPFRE AMERICA > Inform?tica - Area T?cnica > Tel: (+34) 915 81 50 18 > Fax: (+34) 915 81 11 19 > e-mail: plpm@mapfre.com > > From lkcl at samba.org Tue Jan 25 19:12:47 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:12 2003 Subject: Joining Domain as PDC - Connection Refused In-Reply-To: <388DCE55.F721FE4E@sprynet.com> Message-ID: On Wed, 26 Jan 2000, John Cusick wrote: > I am using TNG-prealpha version on Linux kernel 2.2.13, attempting to > establish that machine as PDC. > > Upon issuing the command > > smbpasswd -j XXX > > I received the following result > > Joining Domain as PDC > socket connect to /tmp/smb.0/agent failed: Connection refused ignore this. > error connecting to xxx.xxx.xxx.xxx:445 (Connection refused) ignore this. > 2000/01/24 21:42:28: change_trust_account_password: changed password > for domain XXX > Joined domain XXX. > > When attempting to login to domain XXX from Windows NT workstations, > those machines crash with the following blue screen: > > Windows Login Process system process terminated unexpectedly with a > status of > 0xc0000005 oops! that's access denied. can you get a netmon trace? thx > I believe this is related to the "connection refused" error and am > wondering if I should be doing something with port 445 on the Linux box. no it's not. From lkcl at samba.org Tue Jan 25 21:09:50 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:12 2003 Subject: What else works in Samba-TNG In-Reply-To: <200001252100.PAA16976@pug.aae.wisc.edu> Message-ID: for all ntdomains, for all users, groups and aliases, the names must be unique. e.g DOMAIN1\administrator and DOMAIN2\administrator is not allowed as samba will consider these two users to be exactly the same. On Tue, 25 Jan 2000, Super User wrote: > > On Tue, 25 Jan 2000, Richard Sharpe wrote: > > yes they do... after a fashion. you will need to unify the name space > > across all domains in order to get it working properly. > > > > What do you mean by "Unify name space", Luke? > > --Anders > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From grahamj at virtue.cx Tue Jan 25 22:17:02 2000 From: grahamj at virtue.cx (Quicker than the human eye) Date: Tue Dec 2 02:28:12 2003 Subject: smbpasswd -j DOMAIN fails strangely! Message-ID: My setup is rather simple. Two NT workstations WISDOM and JUSTICE (10.10.0.3 and 10.10.0.3) and a Samba server TRUTH running Linux RH6.0 (with appropriate updates!) at 10.10.0.1 When attempting to get TRUTH to act like a PDC. I have the requisite smb.conf options: [global] workgroup = VIRTUE netbios name = TRUTH interfaces = 10.10.0.1/16 local master = yes domain master = yes preferred master = yes domain logons = yes wins support = yes encrypt passwords = yes smb passwd file = /opt/samba-tng/private/smbpasswd security = user I can add an account for TRUTH fine. /opt/samba-tng/bin/smbpasswd -a -m TRUTH returns: Added user TRUTH$. Password changed for user TRUTH$ However : /opt/samba-tng/bin/smbpasswd -j VIRTUE returns: Joining Domain as PDC trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac do_reseed: got 40 bytes from /dev/urandom. cli_connection_init_auth: \\TRUTH \PIPE\NETLOGON copy_nt_creds: null creds cli_net_use_add copy_nt_creds: user domain nopw Yes flgs: 0 cli_find: \\TRUTH copy_nt_creds: null creds cli_init_creds: ntlmssp_flgs: 0 copy_nt_creds: user domain nopw Yes flgs: 0 cli_init_creds: ntlmssp_flgs: 0 resolve_srv_name: \\TRUTH resolve_name: Attempting lmhosts lookup for name TRUTH startlmhosts: Can't open lmhosts file /opt/samba-tng/lib/lmhosts. Error was No s uch file or directory resolve_name: Attempting host lookup for name TRUTH cli_establish_connection: TRUTH<00> connecting to TRUTH<20> (10.10.0.1) - [] wi th NTLMv1, nopw: Yes socket open succeeded. file name: /tmp/.smb.0/agent socket connect to /tmp/.smb.0/agent failed: Connection refused redirect FAILED, make direct connection Connecting to 10.10.0.1 at port 445 error connecting to 10.10.0.1:445 (Connection refused) Connecting to 10.10.0.1 at port 139 [000] 81 00 00 48 20 46 45 46 43 46 46 46 45 45 49 43 ...H FEF CFFFEEIC [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC [020] 41 43 41 43 41 00 20 46 45 46 43 46 46 46 45 45 ACACA. F EFCFFFEE [030] 49 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ICACACAC ACACACAC [040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. .... write_socket(4,76) write_socket(4,76) wrote 76 .. .. .. cli_nt_session_open: cli_nt_create failed on pipe \NETLOGON to machine TRUTH. Error was ERRSRV - ERRaccess (The requester does not have the necessary access rights within the specified context for the reque .. .. .. cli_shutdown cli_nt_setup_creds: request challenge failed 2000/01/25 16:59:11 : change_trust_account_password: Failed to change password for domain VIRTUE. Unable to join domain VIRTUE. Any ideas as to the problem here? After I execute this I get a VIRTUE.TRUTH.mac file in /ops/samba-tng/private/ it contains: 6EEDFD6884E8A287030FA5E86F800303:TLC-388E2056 From imak at bellatlantic.net Tue Jan 25 22:27:14 2000 From: imak at bellatlantic.net (Ivan Makfinsky) Date: Tue Dec 2 02:28:12 2003 Subject: admin users Message-ID: <016c01bf6783$554c3e60$e37cc897@reybomb.com> When i add domain group map to smb.conf, i can start the samba, but i cannot get admin access. I ran testparm and it starts out saying: Unknown parameter encountered: "domain group map" Ignoring unknown parameter "domain group map" however, the man pages and all the docs i can find say to set up admins that way. I get this problem on both tng/pre3.0.0 and 2.0.5a i got the nt ws added back to the domain, just had to redo the smbpasswd entry for the machine. thanks to those who responded. From lkcl at samba.org Tue Jan 25 22:28:22 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:12 2003 Subject: smbpasswd -j DOMAIN fails strangely! In-Reply-To: Message-ID: please can you track down the cause of the \PIPE\NETLOGO cli_nt_create failure? are you running netlogond? is there a connection attempt shown in log.NETLOGON (debug level 100)? On Wed, 26 Jan 2000, Quicker than the human eye wrote: > > My setup is rather simple. Two NT workstations WISDOM and JUSTICE > (10.10.0.3 and 10.10.0.3) and a Samba server TRUTH running Linux RH6.0 > (with appropriate updates!) at 10.10.0.1 > > When attempting to get TRUTH to act like a PDC. I have the requisite > smb.conf options: > > [global] > workgroup = VIRTUE > netbios name = TRUTH > interfaces = 10.10.0.1/16 > local master = yes > domain master = yes > preferred master = yes > domain logons = yes > wins support = yes > encrypt passwords = yes > smb passwd file = /opt/samba-tng/private/smbpasswd > security = user > > I can add an account for TRUTH fine. > > /opt/samba-tng/bin/smbpasswd -a -m TRUTH > > returns: > > Added user TRUTH$. > Password changed for user TRUTH$ > > However : > > /opt/samba-tng/bin/smbpasswd -j VIRTUE > > returns: > > Joining Domain as PDC > trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac > trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac > do_reseed: got 40 bytes from /dev/urandom. > cli_connection_init_auth: \\TRUTH \PIPE\NETLOGON > copy_nt_creds: null creds > cli_net_use_add > copy_nt_creds: user domain nopw Yes flgs: 0 > cli_find: \\TRUTH > copy_nt_creds: null creds > cli_init_creds: ntlmssp_flgs: 0 > copy_nt_creds: user domain nopw Yes flgs: 0 > cli_init_creds: ntlmssp_flgs: 0 > resolve_srv_name: \\TRUTH resolve_name: > Attempting lmhosts lookup for name TRUTH startlmhosts: Can't open lmhosts > file /opt/samba-tng/lib/lmhosts. Error was No s uch file or directory > resolve_name: Attempting host lookup for name TRUTH > cli_establish_connection: TRUTH<00> connecting to TRUTH<20> (10.10.0.1) - > [] wi th NTLMv1, nopw: Yes > socket open succeeded. file name: /tmp/.smb.0/agent > socket connect to /tmp/.smb.0/agent failed: Connection refused > redirect FAILED, make direct connection > Connecting to 10.10.0.1 at port 445 > error connecting to 10.10.0.1:445 (Connection refused) > Connecting to 10.10.0.1 at port 139 > [000] 81 00 00 48 20 46 45 46 43 46 46 46 45 45 49 43 ...H FEF CFFFEEIC > [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC > [020] 41 43 41 43 41 00 20 46 45 46 43 46 46 46 45 45 ACACA. F EFCFFFEE > [030] 49 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ICACACAC ACACACAC > [040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. .... > write_socket(4,76) write_socket(4,76) wrote 76 > . > . > . > cli_nt_session_open: cli_nt_create failed on pipe \NETLOGON to machine > TRUTH. Error was ERRSRV - ERRaccess (The requester does not have the > necessary access rights within the specified context for the reque > . > . > . > cli_shutdown > cli_nt_setup_creds: request challenge failed > 2000/01/25 16:59:11 : change_trust_account_password: Failed to change > password for domain VIRTUE. > Unable to join domain VIRTUE. > > > Any ideas as to the problem here? After I execute this I get a > VIRTUE.TRUTH.mac file in /ops/samba-tng/private/ it contains: > 6EEDFD6884E8A287030FA5E86F800303:TLC-388E2056 > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From grahamj at virtue.cx Tue Jan 25 22:29:01 2000 From: grahamj at virtue.cx (Quicker than the human eye) Date: Tue Dec 2 02:28:12 2003 Subject: smbpasswd -j DOMAIN fails strangely! In-Reply-To: Message-ID: Incidentally. I the problems I describe occured with a fresh cvs download that I did last night (Jan 24th). --- "If anyone thinks that nothing can be known, he does not know whether even this can be known, since he admits he knows nothing. Against such an adversary, therefore, who deliberately stands on his head, I will not trouble to argue my case." Lucretius (Latham translation) On Wed, 26 Jan 2000, Quicker than the human eye wrote: > > My setup is rather simple. Two NT workstations WISDOM and JUSTICE > (10.10.0.3 and 10.10.0.3) and a Samba server TRUTH running Linux RH6.0 > (with appropriate updates!) at 10.10.0.1 > > When attempting to get TRUTH to act like a PDC. I have the requisite > smb.conf options: > > [global] > workgroup = VIRTUE > netbios name = TRUTH > interfaces = 10.10.0.1/16 > local master = yes > domain master = yes > preferred master = yes > domain logons = yes > wins support = yes > encrypt passwords = yes > smb passwd file = /opt/samba-tng/private/smbpasswd > security = user > > I can add an account for TRUTH fine. > > /opt/samba-tng/bin/smbpasswd -a -m TRUTH > > returns: > > Added user TRUTH$. > Password changed for user TRUTH$ > > However : > > /opt/samba-tng/bin/smbpasswd -j VIRTUE > > returns: > > Joining Domain as PDC > trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac > trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac > do_reseed: got 40 bytes from /dev/urandom. > cli_connection_init_auth: \\TRUTH \PIPE\NETLOGON > copy_nt_creds: null creds > cli_net_use_add > copy_nt_creds: user domain nopw Yes flgs: 0 > cli_find: \\TRUTH > copy_nt_creds: null creds > cli_init_creds: ntlmssp_flgs: 0 > copy_nt_creds: user domain nopw Yes flgs: 0 > cli_init_creds: ntlmssp_flgs: 0 > resolve_srv_name: \\TRUTH resolve_name: > Attempting lmhosts lookup for name TRUTH startlmhosts: Can't open lmhosts > file /opt/samba-tng/lib/lmhosts. Error was No s uch file or directory > resolve_name: Attempting host lookup for name TRUTH > cli_establish_connection: TRUTH<00> connecting to TRUTH<20> (10.10.0.1) - > [] wi th NTLMv1, nopw: Yes > socket open succeeded. file name: /tmp/.smb.0/agent > socket connect to /tmp/.smb.0/agent failed: Connection refused > redirect FAILED, make direct connection > Connecting to 10.10.0.1 at port 445 > error connecting to 10.10.0.1:445 (Connection refused) > Connecting to 10.10.0.1 at port 139 > [000] 81 00 00 48 20 46 45 46 43 46 46 46 45 45 49 43 ...H FEF CFFFEEIC > [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC > [020] 41 43 41 43 41 00 20 46 45 46 43 46 46 46 45 45 ACACA. F EFCFFFEE > [030] 49 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ICACACAC ACACACAC > [040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. .... > write_socket(4,76) write_socket(4,76) wrote 76 > . > . > . > cli_nt_session_open: cli_nt_create failed on pipe \NETLOGON to machine > TRUTH. Error was ERRSRV - ERRaccess (The requester does not have the > necessary access rights within the specified context for the reque > . > . > . > cli_shutdown > cli_nt_setup_creds: request challenge failed > 2000/01/25 16:59:11 : change_trust_account_password: Failed to change > password for domain VIRTUE. > Unable to join domain VIRTUE. > > > Any ideas as to the problem here? After I execute this I get a > VIRTUE.TRUTH.mac file in /ops/samba-tng/private/ it contains: > 6EEDFD6884E8A287030FA5E86F800303:TLC-388E2056 > > > > From grahamj at virtue.cx Tue Jan 25 22:39:27 2000 From: grahamj at virtue.cx (Quicker than the human eye) Date: Tue Dec 2 02:28:12 2003 Subject: smbpasswd -j DOMAIN fails strangely! In-Reply-To: Message-ID: On Wed, 26 Jan 2000, Luke Kenneth Casson Leighton wrote: > please can you track down the cause of the \PIPE\NETLOGO cli_nt_create > failure? > > are you running netlogond? No it's not running...is this something that should be running? > is there a connection attempt shown in log.NETLOGON (debug level 100)? no...no log.NETLOGON file at all. I've attached a level 100 debug of the command /opt/samba-tng/bin/smbpasswd -j VIRTUE If there's anything else you need let me know. -------------- next part -------------- doing parameter time server = yes doing parameter printcap name = /etc/printcap doing parameter load printers = yes doing parameter netbios name = TRUTH doing parameter printing = bsd doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter security = user doing parameter encrypt passwords = yes doing parameter smb passwd file = /opt/samba-tng/private/smbpasswd doing parameter unix password sync = Yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* doing parameter socket options = TCP_NODELAY doing parameter interfaces = 10.10.0.1/16 doing parameter local master = yes doing parameter os level = 33 doing parameter domain master = yes doing parameter preferred master = yes doing parameter domain logons = yes doing parameter wins support = yes doing parameter dns proxy = no pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Added interface ip=10.10.0.1 bcast=10.10.255.255 nmask=255.255.0.0 Joining Domain as PDC trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac do_reseed: got 40 bytes from /dev/urandom. cli_connection_init_auth: \\TRUTH \PIPE\NETLOGON copy_nt_creds: null creds cli_net_use_add copy_nt_creds: user domain nopw Yes flgs: 0 cli_find: \\TRUTH copy_nt_creds: null creds cli_init_creds: ntlmssp_flgs: 0 copy_nt_creds: user domain nopw Yes flgs: 0 cli_init_creds: ntlmssp_flgs: 0 resolve_srv_name: \\TRUTH resolve_name: Attempting lmhosts lookup for name TRUTH startlmhosts: Can't open lmhosts file /opt/samba-tng/lib/lmhosts. Error was No such file or directory resolve_name: Attempting host lookup for name TRUTH cli_establish_connection: TRUTH<00> connecting to TRUTH<20> (10.10.0.1) - [] with NTLMv1, nopw: Yes socket open succeeded. file name: /tmp/.smb.0/agent socket connect to /tmp/.smb.0/agent failed: Connection refused redirect FAILED, make direct connection Connecting to 10.10.0.1 at port 445 error connecting to 10.10.0.1:445 (Connection refused) Connecting to 10.10.0.1 at port 139 [000] 81 00 00 48 20 46 45 46 43 46 46 46 45 45 49 43 ...H FEF CFFFEEIC [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC [020] 41 43 41 43 41 00 20 46 45 46 43 46 46 46 45 45 ACACA. F EFCFFFEE [030] 49 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ICACACAC ACACACAC [040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. .... write_socket(4,76) write_socket(4,76) wrote 76 Sent session request got smb length of 0 [000] 82 00 00 00 .... size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 size=164 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2924 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=129 [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN [070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12 [080] 00 . write_socket(4,168) write_socket(4,168) wrote 168 got smb length of 91 size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=27904 (0x6D00) smb_vwv[8]=11 (0xB) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=45115 (0xB03B) smb_vwv[13]=33992 (0x84C8) smb_vwv[14]=48999 (0xBF67) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=22 [000] 8F E1 A4 D8 1F A8 89 4A 56 00 49 00 52 00 54 00 .......J V.I.R.T. [010] 55 00 45 00 00 00 U.E... size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=27904 (0x6D00) smb_vwv[8]=11 (0xB) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=45115 (0xB03B) smb_vwv[13]=33992 (0x84C8) smb_vwv[14]=48999 (0xBF67) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=22 [000] 8F E1 A4 D8 1F A8 89 4A 56 00 49 00 52 00 54 00 .......J V.I.R.T. [010] 55 00 45 00 00 00 U.E... server's domain: VIRTUE bcc: 22 cli_session_setup. extended security: No size=76 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2924 smb_uid=0 smb_mid=1 smt_wct=13 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=17408 (0x4400) smb_vwv[3]=2 (0x2) smb_vwv[4]=2924 (0xB6C) smb_vwv[5]=2925 (0xB6D) smb_vwv[6]=0 (0x0) smb_vwv[7]=1 (0x1) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_bcc=15 [000] 00 00 00 55 6E 69 78 00 00 53 61 6D 62 61 00 ...Unix. .Samba. write_socket(4,80) write_socket(4,80) wrote 80 got smb length of 72 size=72 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=31 [000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 70 Unix.Sam ba TNG-p [010] 72 65 61 6C 70 68 61 00 56 49 52 54 55 45 00 realpha. VIRTUE. size=72 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=31 [000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 70 Unix.Sam ba TNG-p [010] 72 65 61 6C 70 68 61 00 56 49 52 54 55 45 00 realpha. VIRTUE. size=61 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=4 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=1 (0x1) smb_bcc=18 [000] 00 5C 5C 54 52 55 54 48 5C 49 50 43 24 00 49 50 .\\TRUTH \IPC$.IP [010] 43 00 C. write_socket(4,65) write_socket(4,65) wrote 65 got smb length of 49 size=49 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=8 [000] 49 50 43 00 49 50 43 00 IPC.IPC. size=49 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=8 [000] 49 50 43 00 49 50 43 00 IPC.IPC. size=93 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=24 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=2304 (0x900) smb_vwv[3]=1536 (0x600) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=40704 (0x9F00) smb_vwv[8]=513 (0x201) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=768 (0x300) smb_vwv[16]=0 (0x0) smb_vwv[17]=256 (0x100) smb_vwv[18]=0 (0x0) smb_vwv[19]=0 (0x0) smb_vwv[20]=0 (0x0) smb_vwv[21]=512 (0x200) smb_vwv[22]=0 (0x0) smb_vwv[23]=0 (0x0) smb_bcc=10 [000] 5C 4E 45 54 4C 4F 47 4F 4E 00 \NETLOGO N. write_socket(4,97) write_socket(4,97) wrote 97 got smb length of 35 size=35 smb_com=0xa2 smb_rcls=2 smb_reh=0 smb_err=4 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 size=35 smb_com=0xa2 smb_rcls=2 smb_reh=0 smb_err=4 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 cli_nt_session_open: cli_nt_create failed on pipe \NETLOGON to machine TRUTH. Error was ERRSRV - ERRaccess (The requester does not have the necessary access rights within the specified context for the reque cli_connection_free: 213 msrpc smb connection size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=34184 (0x8588) smb_vwv[1]=65535 (0xFFFF) smb_vwv[2]=65535 (0xFFFF) smb_bcc=0 write_socket(4,45) write_socket(4,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=1 smb_reh=0 smb_err=6 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 size=35 smb_com=0x4 smb_rcls=1 smb_reh=0 smb_err=6 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 cli_net_use_del: \\TRUTH. . . force close: No connection: TRUTH idx: 0 num_users now: 0 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 write_socket(4,43) write_socket(4,43) wrote 43 got smb length of 39 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 cli_shutdown cli_nt_setup_creds: request challenge failed 2000/01/25 17:37:39 : change_trust_account_password: Failed to change password for domain VIRTUE. From lkcl at samba.org Tue Jan 25 22:43:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:12 2003 Subject: No subject In-Reply-To: Message-ID: On Tue, 25 Jan 2000, Quicker than the human eye wrote: > > On Wed, 26 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > please can you track down the cause of the \PIPE\NETLOGO cli_nt_create > > failure? > > > > are you running netlogond? > > No it's not running...is this something that should be running? yeees :) otherwise you can't be authenticated :-) netlogond is responsible for authenticating users (and is used by all the other msrpc daemons for that purpose _and_ by smbd). except when you have "security = domain/share/server" or "encrypt passwords = no and migrate passwords = no", in which case smbd will go direct to the unix password database, and you don't need _any_ msrpc daemons. luke -------------- next part -------------- doing parameter time server = yes doing parameter printcap name = /etc/printcap doing parameter load printers = yes doing parameter netbios name = TRUTH doing parameter printing = bsd doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter security = user doing parameter encrypt passwords = yes doing parameter smb passwd file = /opt/samba-tng/private/smbpasswd doing parameter unix password sync = Yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* doing parameter socket options = TCP_NODELAY doing parameter interfaces = 10.10.0.1/16 doing parameter local master = yes doing parameter os level = 33 doing parameter domain master = yes doing parameter preferred master = yes doing parameter domain logons = yes doing parameter wins support = yes doing parameter dns proxy = no pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Added interface ip=10.10.0.1 bcast=10.10.255.255 nmask=255.255.0.0 Joining Domain as PDC trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac trust_account_file_name: /opt/samba-tng/private/VIRTUE.TRUTH.mac do_reseed: got 40 bytes from /dev/urandom. cli_connection_init_auth: \\TRUTH \PIPE\NETLOGON copy_nt_creds: null creds cli_net_use_add copy_nt_creds: user domain nopw Yes flgs: 0 cli_find: \\TRUTH copy_nt_creds: null creds cli_init_creds: ntlmssp_flgs: 0 copy_nt_creds: user domain nopw Yes flgs: 0 cli_init_creds: ntlmssp_flgs: 0 resolve_srv_name: \\TRUTH resolve_name: Attempting lmhosts lookup for name TRUTH startlmhosts: Can't open lmhosts file /opt/samba-tng/lib/lmhosts. Error was No such file or directory resolve_name: Attempting host lookup for name TRUTH cli_establish_connection: TRUTH<00> connecting to TRUTH<20> (10.10.0.1) - [] with NTLMv1, nopw: Yes socket open succeeded. file name: /tmp/.smb.0/agent socket connect to /tmp/.smb.0/agent failed: Connection refused redirect FAILED, make direct connection Connecting to 10.10.0.1 at port 445 error connecting to 10.10.0.1:445 (Connection refused) Connecting to 10.10.0.1 at port 139 [000] 81 00 00 48 20 46 45 46 43 46 46 46 45 45 49 43 ...H FEF CFFFEEIC [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC [020] 41 43 41 43 41 00 20 46 45 46 43 46 46 46 45 45 ACACA. F EFCFFFEE [030] 49 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ICACACAC ACACACAC [040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. .... write_socket(4,76) write_socket(4,76) wrote 76 Sent session request got smb length of 0 [000] 82 00 00 00 .... size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 size=164 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2924 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=129 [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN [070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12 [080] 00 . write_socket(4,168) write_socket(4,168) wrote 168 got smb length of 91 size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=27904 (0x6D00) smb_vwv[8]=11 (0xB) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=45115 (0xB03B) smb_vwv[13]=33992 (0x84C8) smb_vwv[14]=48999 (0xBF67) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=22 [000] 8F E1 A4 D8 1F A8 89 4A 56 00 49 00 52 00 54 00 .......J V.I.R.T. [010] 55 00 45 00 00 00 U.E... size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=27904 (0x6D00) smb_vwv[8]=11 (0xB) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=45115 (0xB03B) smb_vwv[13]=33992 (0x84C8) smb_vwv[14]=48999 (0xBF67) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=22 [000] 8F E1 A4 D8 1F A8 89 4A 56 00 49 00 52 00 54 00 .......J V.I.R.T. [010] 55 00 45 00 00 00 U.E... server's domain: VIRTUE bcc: 22 cli_session_setup. extended security: No size=76 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2924 smb_uid=0 smb_mid=1 smt_wct=13 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=17408 (0x4400) smb_vwv[3]=2 (0x2) smb_vwv[4]=2924 (0xB6C) smb_vwv[5]=2925 (0xB6D) smb_vwv[6]=0 (0x0) smb_vwv[7]=1 (0x1) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_bcc=15 [000] 00 00 00 55 6E 69 78 00 00 53 61 6D 62 61 00 ...Unix. .Samba. write_socket(4,80) write_socket(4,80) wrote 80 got smb length of 72 size=72 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=31 [000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 70 Unix.Sam ba TNG-p [010] 72 65 61 6C 70 68 61 00 56 49 52 54 55 45 00 realpha. VIRTUE. size=72 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=31 [000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 70 Unix.Sam ba TNG-p [010] 72 65 61 6C 70 68 61 00 56 49 52 54 55 45 00 realpha. VIRTUE. size=61 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=4 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=1 (0x1) smb_bcc=18 [000] 00 5C 5C 54 52 55 54 48 5C 49 50 43 24 00 49 50 .\\TRUTH \IPC$.IP [010] 43 00 C. write_socket(4,65) write_socket(4,65) wrote 65 got smb length of 49 size=49 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=8 [000] 49 50 43 00 49 50 43 00 IPC.IPC. size=49 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=8 [000] 49 50 43 00 49 50 43 00 IPC.IPC. size=93 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=24 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=2304 (0x900) smb_vwv[3]=1536 (0x600) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=40704 (0x9F00) smb_vwv[8]=513 (0x201) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=768 (0x300) smb_vwv[16]=0 (0x0) smb_vwv[17]=256 (0x100) smb_vwv[18]=0 (0x0) smb_vwv[19]=0 (0x0) smb_vwv[20]=0 (0x0) smb_vwv[21]=512 (0x200) smb_vwv[22]=0 (0x0) smb_vwv[23]=0 (0x0) smb_bcc=10 [000] 5C 4E 45 54 4C 4F 47 4F 4E 00 \NETLOGO N. write_socket(4,97) write_socket(4,97) wrote 97 got smb length of 35 size=35 smb_com=0xa2 smb_rcls=2 smb_reh=0 smb_err=4 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 size=35 smb_com=0xa2 smb_rcls=2 smb_reh=0 smb_err=4 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 cli_nt_session_open: cli_nt_create failed on pipe \NETLOGON to machine TRUTH. Error was ERRSRV - ERRaccess (The requester does not have the necessary access rights within the specified context for the reque cli_connection_free: 213 msrpc smb connection size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=34184 (0x8588) smb_vwv[1]=65535 (0xFFFF) smb_vwv[2]=65535 (0xFFFF) smb_bcc=0 write_socket(4,45) write_socket(4,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=1 smb_reh=0 smb_err=6 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 size=35 smb_com=0x4 smb_rcls=1 smb_reh=0 smb_err=6 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 cli_net_use_del: \\TRUTH. . . force close: No connection: TRUTH idx: 0 num_users now: 0 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 write_socket(4,43) write_socket(4,43) wrote 43 got smb length of 39 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2924 smb_uid=100 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 cli_shutdown cli_nt_setup_creds: request challenge failed 2000/01/25 17:37:39 : change_trust_account_password: Failed to change password for domain VIRTUE. From grahamj at virtue.cx Tue Jan 25 22:51:23 2000 From: grahamj at virtue.cx (Quicker than the human eye) Date: Tue Dec 2 02:28:12 2003 Subject: your mail In-Reply-To: Message-ID: On Wed, 26 Jan 2000, Luke Kenneth Casson Leighton wrote: > On Tue, 25 Jan 2000, Quicker than the human eye wrote: > > > > > On Wed, 26 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > > > please can you track down the cause of the \PIPE\NETLOGO cli_nt_create > > > failure? > > > > > > are you running netlogond? > > > > No it's not running...is this something that should be running? > > yeees :) otherwise you can't be authenticated :-) netlogond is > responsible for authenticating users (and is used by all the other msrpc > daemons for that purpose _and_ by smbd). > > except when you have "security = domain/share/server" or "encrypt > passwords = no and migrate passwords = no", in which case smbd will go > direct to the unix password database, and you don't need _any_ msrpc > daemons. > > luke Ultra...that works! Your kung-fu's the best! Thanks! From lkcl at samba.org Tue Jan 25 22:54:12 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: [samba-tng] status Message-ID: password changing is broken, again. i'm on it. From vgill at technologist.com Wed Jan 26 03:11:59 2000 From: vgill at technologist.com (Vern H. Gill) Date: Tue Dec 2 02:28:13 2003 Subject: Multiple messages Message-ID: <000601bf67ab$1be934c0$3405a8c0@gillnet.org> Can whomever is the maintainer of this list please check to see if my email addy is listed twice. I am getting dupes of EVERYTHING, which ain't a small amount. Thanks in advance. From paulc at wickedawesome.dhs.org Wed Jan 26 04:41:19 2000 From: paulc at wickedawesome.dhs.org (Paul Coleman) Date: Tue Dec 2 02:28:13 2003 Subject: remove References: Message-ID: <000d01bf67b7$978dec40$0a01a8c0@wickedawesome.dhs.org> remove From lk at NetUSE.DE Wed Jan 26 08:53:29 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:13 2003 Subject: Latest support for PDC, BDC, trusted relationships References: Message-ID: <388EB609.327B86E6@NetUSE.DE> "Paniagua Moreno, Pedro Luis" wrote: > > I am trying to guess which is the latest (and, if possible) version I should > have to get to get to this scenario: > domain Master: PDC -> WNT > domain Slave: BDC -> Samba 2.X (linux). This is a resource Domain; > no accounts. This should work with the current samba tng from the cvs. But you need to create useraccounts at the linux bdc for every domainuser, if want to share some files on the linux bdc. > I thing TNG should do it, but i'm confused as how to get it. I have created a webpage which tells you the basic stuff, and how to get it. You can find it under http://www.kneschke.de/projekte/samba_tng. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at NetUSE.DE Wed Jan 26 09:13:19 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:13 2003 Subject: smbpasswd -j DOMAIN fails strangely! References: Message-ID: <388EBAAF.BCFFA848@NetUSE.DE> Quicker than the human eye wrote: > > On Wed, 26 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > please can you track down the cause of the \PIPE\NETLOGO cli_nt_create > > failure? > > > > are you running netlogond? > > No it's not running...is this something that should be running? Yes. > > is there a connection attempt shown in log.NETLOGON (debug level 100)? > > no...no log.NETLOGON file at all. Because no netlogond is running. The simpliest way is to run all these programms: browserd lsarpcd netlogond nmbd samrd smbd spoolssd svcctld winregd wkssvcd You don't need all in any case. But so you have all necessary programms run. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From peter at cadcamlab.org Wed Jan 26 10:05:09 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:13 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc References: <51FBD4A8EFD9D111BA7300A0C927DADB5631DD@xcgmd008.md.essd.northgrum.com> Message-ID: <14478.50250.729181.222890@wire.cadcamlab.org> [Tim Cole] > If you're using libtool, it might be being clever and hard-coding the > library installation paths in the binaries. (it does on some > architectures) Last I knew, libtool used "rpath" (hard-coding the library search path) on all architectures that support it. Which, though it is subtly different from what you describe, would produce the same effect in this case. There was quite a flamewar on the debian-devel list some time ago about this. The libtool author believes in rpath, the Debian people don't. Long story. I think they decided to just go their separate ways, i.e. Debian packages that use libtool are now built with a Debian-specific libtool. * back to topic at hand * Luke, if you're curious (and if you use Linux), use `ldd' to see what libraries are being used by a given binary. If it says libsmb.so => /home/lkcl/build/tng/.../libsmb.so.0 then the dynamic linker is resolving the path. If instead it's /home/lkcl/build/tng/.../libsmb.so => /home/lkcl/build/tng/.../libsmb.so.0 then the path is being hard-coded in. Peter From jrb at fluent.de Wed Jan 26 15:00:55 2000 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:28:13 2003 Subject: Panic: Failed to set uid Message-ID: <200001261500.QAA05192@prag.fluent.de> Hi everybody, I installed a printer on today's tng, but each time I try to print I get Failed to set uid privileges to (2034,2034) now set to (0,0) PANIC: failed to set uid in the logfile. The files are generated in the printer directory, I can print those manually via lpr. The system is Suse linux 6.3, 2.2.13 with today's tng. Please let me know if you need more info. Did I miss something? Or is this a known problem? TIA Juergen Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-0 From martijn at ilse.nl Wed Jan 26 16:13:54 2000 From: martijn at ilse.nl (Martijn Grendelman) Date: Tue Dec 2 02:28:13 2003 Subject: Don't get it (am I stupid?) Message-ID: <000f01bf6818$57a66650$54b89ec0@ilse.net> Hi! I am new to this list, new to Samba-TNG and new to CVS-stuff, so I apologize in advance if my question is really stupid. Today I got the latest CVS-source for Samba-MAIN and Samba-TNG, to try to experiment a little with Samba as a PDC. I read all the READMEs and I read Lars Kneschke's FAQ, but there MUST be something I'm missing. When I try to add a machine account for my NT Workstation by I see: martijn@Serv2> pwd /usr/local/samba/bin martijn@Serv2> ./smbpasswd -a -m testmg smbpasswd: illegal option -- a smbpasswd [options] [password] options: -s use stdin for password prompt -D LEVEL debug level -U USER remote username -r MACHINE remote machine What's wrong with my "smbpasswd" and how do I get one that works? Thanx, Martijn. From martijn at ilse.nl Wed Jan 26 16:30:18 2000 From: martijn at ilse.nl (Martijn Grendelman) Date: Tue Dec 2 02:28:13 2003 Subject: I get it now (I AM stupid) Message-ID: <002501bf681a$a1e1c730$54b89ec0@ilse.net> Okay, Running "smbpasswd" as root was a big improvement ;-) Martijn. From MHVanDrie at software.rockwell.com Wed Jan 26 16:31:14 2000 From: MHVanDrie at software.rockwell.com (Van Drie, Matthew) Date: Tue Dec 2 02:28:13 2003 Subject: Setting up PDC on two networks Message-ID: I'm looking to set up a Samba server to be a PDC to two networks. One network will be the public one here at my work, the other will be a private network of probably 5 - 6 computers. The server really will only have to do its PDCing on the private network, but it must also be seen on the company network. Is it possible to do this with Samba now? If so, where might I go for help or howtos on how to do this? Thanks, Matt Van Drie Rockwell Software From mg at plum.de Wed Jan 26 16:41:07 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:28:13 2003 Subject: Don't get it (am I stupid?) References: <000f01bf6818$57a66650$54b89ec0@ilse.net> Message-ID: <388F23A3.132ED626@plum.de> Martijn Grendelman wrote: > > martijn@Serv2> pwd > /usr/local/samba/bin > martijn@Serv2> ./smbpasswd -a -m testmg > smbpasswd: illegal option -- a > smbpasswd [options] [password] > options: > -s use stdin for password prompt > -D LEVEL debug level > -U USER remote username > -r MACHINE remote machine > > What's wrong with my "smbpasswd" and how do I get one that works? Please double-check what version of samba your running. It seems that you are running some old version of Samba. smbpasswd -? gives here : mbpasswd [options] [username] [password] options: -s use stdin for password prompt -D LEVEL debug level -U USER remote username -r MACHINE remote machine -R ORDER name resolve order -j DOMAIN join domain name -a add user -d disable user -e enable user -n set no password -m machine trust account regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From plussier at ne.arris-i.com Wed Jan 26 16:51:21 2000 From: plussier at ne.arris-i.com (Paul Lussier) Date: Tue Dec 2 02:28:13 2003 Subject: PDC code and Trust Relationships Message-ID: <200001261651.LAA22177@coda.docd-east> Hi all, Can a Samba PDC be configured for "Trust Relationships" with other NT domains (which are using NT PDCs)? If so, can someone point me to the right place in the docs? Thanks, -- Seeya, Paul ---- Doing something stupid always costs less (up front) than doing something intelligent. A conclusion is simply the place where you got tired of thinking. If you're not having fun, you're not doing it right! From lkcl at samba.org Wed Jan 26 17:13:07 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: Multiple messages In-Reply-To: <000601bf67ab$1be934c0$3405a8c0@gillnet.org> Message-ID: you can do this yourself. http://samba.org/listproc. On Wed, 26 Jan 2000, Vern H. Gill wrote: > Can whomever is the maintainer of this list please check to see if my email > addy is listed twice. I am getting dupes of EVERYTHING, which ain't a small > amount. Thanks in advance. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 26 17:24:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: remove In-Reply-To: <000d01bf67b7$978dec40$0a01a8c0@wickedawesome.dhs.org> Message-ID: paykm thank you for telling about 1,000 people that you would like to be removed from the samba-ntdom mailing list. sadly, this doesn't happen automatically by sending to the list itself, but only to listproc@samba.org. see http://samba.org/listproc. luke On Wed, 26 Jan 2000, Paul Coleman wrote: > remove > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From merkes at t-online.de Wed Jan 26 17:24:37 2000 From: merkes at t-online.de (markus stephany) Date: Tue Dec 2 02:28:13 2003 Subject: Panic: Failed to set uid In-Reply-To: <200001261500.QAA05192@prag.fluent.de> References: <200001261500.QAA05192@prag.fluent.de> Message-ID: <0767.000126@merkespages.de> Hello Juergen, Wednesday, January 26, 2000, 4:03:40 PM, you wrote: JB> Hi everybody, JB> I installed a printer on today's tng, but each time I try to print I get JB> Failed to set uid privileges to (2034,2034) now set to (0,0) JB> PANIC: failed to set uid JB> in the logfile. The files are generated in the printer directory, I can JB> print those manually via lpr. JB> The system is Suse linux 6.3, 2.2.13 with today's tng. Please let JB> me know if you need more info. JB> Did I miss something? Or is this a known problem? JB> TIA JB> Juergen JB> Juergen Bock jrb@fluent.de JB> FLUENT Deutschland GmbH Hindenburgstrasse 36 JB> D-64295 Darmstadt +49-(0)6151-3644-0 hello, i also have these problems with the same suse and kernel. also tng (from yesterday cvs) seems not to map the german umlauts correctly (i used the same character mapping like in my samba 2.0.6 configuration, but i couldn't access e.g. the "startmen?" folder in my roaming profiles). to circumvent these problems temporarily, i added a second ip-address to the network adapter, and now i run tng as pdc on the second ip address and samba 2.0.6 as my print and file server on the first one. -- rgds, markus stephany ==================================== mailto:merkes@merkespages.de http://www.merkespages.de From lkcl at samba.org Wed Jan 26 17:49:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: [SAMBA-TNG] using and createing libsmb and libmsrpc In-Reply-To: <14478.50250.729181.222890@wire.cadcamlab.org> Message-ID: @begin off-topic > this. The libtool author believes in rpath, the Debian people don't. [well, belief is a bloody nuisance that just irritates people like me. i don't "believe" things, i either know them or i don't. i associate knowledge with the context in which it was received or generated, and pass it on or use it as appropriate, if i think that the context is appropriate. e.g i don't talk to edenists about darwin!] the author of libtool should not be so inflexible as to decide that his way is best, period, and should put in a means to accomodate the debian method as a libtool option, disabled by default. we're so lucky to be in open source, because if the libtool author was a proprietary developer, both us and the debian people would be screwed. > * back to topic at hand * yes. @end off-topic > Luke, if you're curious to be honest, not really, but i appreciate that other people might be! > (and if you use Linux), use `ldd' to see what > libraries are being used by a given binary. If it says > > libsmb.so => /home/lkcl/build/tng/.../libsmb.so.0 it does this. > then the dynamic linker is resolving the path. If instead it's > > /home/lkcl/build/tng/.../libsmb.so => /home/lkcl/build/tng/.../libsmb.so.0 > > then the path is being hard-coded in. it doesn't do this. From cliff at scs.uiuc.edu Wed Jan 26 17:50:35 2000 From: cliff at scs.uiuc.edu (Clifford Meece) Date: Tue Dec 2 02:28:13 2003 Subject: Start-up script Message-ID: <388F33EA.2FA0897A@scs.uiuc.edu> Hi all, I have attached a samba startup script suitable for placement in init.d. It works great for Irix and should be fine for SYS V style Unixes. I know I saw something like this before, but I couldn't find it again. -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== -------------- next part -------------- #! /bin/sh # # Samba server control # IS_ON=/etc/chkconfig KILLALL=/sbin/killall SAMBAD=/usr/samba/bin/smbd #SAMBA_OPTS=-d2 NMBD=/usr/samba/bin/nmbd BROWSERD=/usr/samba/bin/browserd LSARPCD=/usr/samba/bin/lsarpcd NETLOGOND=/usr/samba/bin/netlogond SAMRD=/usr/samba/bin/samrd SPOOLSSD=/usr/samba/bin/spoolssd SRVSVCD=/usr/samba/bin/srvsvcd SVCCTLD=/usr/samba/bin/svcctld WINREGD=/usr/samba/bin/winregd WKSSVCD=/usr/samba/bin/wkssvcd #NMBD_OPTS=-d1 if test ! -x $IS_ON ; then IS_ON=true fi if $IS_ON verbose ; then ECHO=echo else # For a quiet startup and shutdown ECHO=: fi case $1 in 'start') if $IS_ON samba && test -x $SAMBAD; then $KILLALL -15 smbd nmbd browserd lsarpcd netlogond samrd spoolssd srvsvcd svcctld winregd wkssvcd $ECHO "Samba:\c" $SAMBAD $SAMBA_OPTS -D; $ECHO " smbd\c" $NMBD $NMBD_OPTS -D; $ECHO " nmbd\c" $LSARPCD; $ECHO " lsarpcd\c" $NETLOGOND; $ECHO " netlogond\c" $SAMRD; $ECHO " samrd\c" $SPOOLSSD; $ECHO " spoolssd\c" $SRVSVCD; $ECHO " srvsvcd\c" $SVCCTLD; $ECHO " svcctld\c" $WINREGD; $ECHO " winregd\c" $WKSSVCD; $ECHO " wkssvcd\c" $BROWSERD; $ECHO " browserd\c" $ECHO "." fi ;; 'stop') $ECHO "Stopping Samba Servers." $KILLALL -15 smbd nmbd browserd lsarpcd netlogond samrd spoolssd srvsvcd svcctld winregd wkssvcd exit 0 ;; *) echo "usage: /etc/init.d/samba {start|stop}" ;; esac From cliff at scs.uiuc.edu Wed Jan 26 17:58:16 2000 From: cliff at scs.uiuc.edu (Clifford Meece) Date: Tue Dec 2 02:28:13 2003 Subject: New startup script Message-ID: <388F35B8.2CF8FB69@scs.uiuc.edu> Hi, I made a minor modification to my start script, and am now reposting it. Lars, would you like to put it on your web page? -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== -------------- next part -------------- #! /bin/sh # # Samba server control # IS_ON=/etc/chkconfig KILLALL=/sbin/killall SAMBA_HOME="/usr/samba/bin" SAMBAD=${SAMBA_HOME}/smbd #SAMBA_OPTS=-d2 NMBD=${SAMBA_HOME}/nmbd BROWSERD=${SAMBA_HOME}/browserd LSARPCD=${SAMBA_HOME}/lsarpcd NETLOGOND=${SAMBA_HOME}/netlogond SAMRD=${SAMBA_HOME}/samrd SPOOLSSD=${SAMBA_HOME}/spoolssd SRVSVCD=${SAMBA_HOME}/srvsvcd SVCCTLD=${SAMBA_HOME}/svcctld WINREGD=${SAMBA_HOME}/winregd WKSSVCD=${SAMBA_HOME}/wkssvcd #NMBD_OPTS=-d1 if test ! -x $IS_ON ; then IS_ON=true fi if $IS_ON verbose ; then ECHO=echo else # For a quiet startup and shutdown ECHO=: fi case $1 in 'start') if $IS_ON samba && test -x $SAMBAD; then $KILLALL -15 smbd nmbd browserd lsarpcd netlogond samrd spoolssd srvsvcd svcctld winregd wkssvcd $ECHO "Samba:\c" $SAMBAD $SAMBA_OPTS -D; $ECHO " smbd\c" $NMBD $NMBD_OPTS -D; $ECHO " nmbd\c" $LSARPCD; $ECHO " lsarpcd\c" $NETLOGOND; $ECHO " netlogond\c" $SAMRD; $ECHO " samrd\c" $SPOOLSSD; $ECHO " spoolssd\c" $SRVSVCD; $ECHO " srvsvcd\c" $SVCCTLD; $ECHO " svcctld\c" $WINREGD; $ECHO " winregd\c" $WKSSVCD; $ECHO " wkssvcd\c" $BROWSERD; $ECHO " browserd\c" $ECHO "." fi ;; 'stop') $ECHO "Stopping Samba Servers." $KILLALL -15 smbd nmbd browserd lsarpcd netlogond samrd spoolssd srvsvcd svcctld winregd wkssvcd exit 0 ;; *) echo "usage: /etc/init.d/samba {start|stop}" ;; esac From fruitbat at netspace.org Wed Jan 26 18:00:21 2000 From: fruitbat at netspace.org (Eric the Fruitbat) Date: Tue Dec 2 02:28:13 2003 Subject: segmentation fault connecting to Samba PDC Message-ID: <200001261800.NAA06705@netspace.org> Hello. I'm a Samba newbie who is managing a mixed network of Windows and Linux machines over a VPN, with a Linux PDC handling domain logins, as follows: network A network B 192.168.1.0 192.168.3.0 192.168.1.2 -----. .----- Win 98 Mandrake/2.2.14 | PDC "badger" | Samba 2.0.6 |-- gateway --- ppp --- 192.168.3.1 --| | SuSE/2.2.7 |----- Win 95 192.168.1.20 ----' Samba 2.0.6 | NT 4.0 sp3 | `----- Win 95 Previously, when I was using development versions of Samba for the PDC, connection from the machines in A worked well, and connections from B (especially the 95 boxes) would sometimes fail or perform poorly. In an effort to straighten everything out once and for all, I installed the latest official release onto the PDC and upgraded 192.168.1.2, as above. Now connections from B work flawlessly, much to the relief of users on that end, but connections from A fail outright. More specifically, although from 192.168.1.2 the command % smbclient -L badger -Ueric%password produces the correct list of shares, servers, and workgroups, the command % smbclient '\\badger\eric' -Ueric%password produces a segfault. When run from the PDC itself the second command produces the smb: \> prompt, as expected. The NT machine has a similar problem: it can see the entire network in its network neighborhood, and can browse machines that have public-access shares, but it can't log into the domain. At least, the problem seems similar to my unlettered mind. Can anyone shed light onto what might be going on here? When I run the smbclient command with -d9, everything seems to work fine up to "tconx ok", and then it just ups and dies, but I don't really know how to read the debug output so I can't be sure. Any help is greatly appreciated, or if there's some documentation that already deals with this issue I'm happy to check it out. Thanks in advance. Eric deRiel -- Bank runs will start in mid 1999. From lkcl at samba.org Wed Jan 26 18:19:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: Panic: Failed to set uid In-Reply-To: <200001261500.QAA05192@prag.fluent.de> Message-ID: hm, i started using the smbrun.c code from 2.0.x. jeremy, are there any conditions regarding the use of smbrun.c from 2.0.x? do you have to be root _Before_ calling smbrun()? On Thu, 27 Jan 2000, Juergen Bock wrote: > Hi everybody, > > I installed a printer on today's tng, but each time I try to print I get > > Failed to set uid privileges to (2034,2034) now set to (0,0) > PANIC: failed to set uid > > in the logfile. The files are generated in the printer directory, I can > print those manually via lpr. > The system is Suse linux 6.3, 2.2.13 with today's tng. Please let > me know if you need more info. > > Did I miss something? Or is this a known problem? > > TIA > Juergen > > > > Juergen Bock jrb@fluent.de > FLUENT Deutschland GmbH Hindenburgstrasse 36 > D-64295 Darmstadt +49-(0)6151-3644-0 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 26 18:20:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: Don't get it (am I stupid?) In-Reply-To: <000f01bf6818$57a66650$54b89ec0@ilse.net> Message-ID: you must run smbpasswd as root. actually, for security reasons you should use rpclclient. On Thu, 27 Jan 2000, Martijn Grendelman wrote: > Hi! > > I am new to this list, new to Samba-TNG and new to CVS-stuff, so I apologize > in advance if my question is really stupid. Today I got the latest > CVS-source for Samba-MAIN and Samba-TNG, to try to experiment a little with > Samba as a PDC. > > I read all the READMEs and I read Lars Kneschke's FAQ, but there MUST be > something I'm missing. When I try to add a machine account for my NT > Workstation by I see: > > martijn@Serv2> pwd > /usr/local/samba/bin > martijn@Serv2> ./smbpasswd -a -m testmg > smbpasswd: illegal option -- a > smbpasswd [options] [password] > options: > -s use stdin for password prompt > -D LEVEL debug level > -U USER remote username > -r MACHINE remote machine > > What's wrong with my "smbpasswd" and how do I get one that works? > > Thanx, > Martijn. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 26 18:43:17 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: New startup script In-Reply-To: <388F35B8.2CF8FB69@scs.uiuc.edu> Message-ID: i put it in the scripts/ directory as samba-init.d-sysv. On Thu, 27 Jan 2000, Clifford Meece wrote: > Hi, > > I made a minor modification to my start script, and am now reposting > it. Lars, would you like to put it on your web page? > > -- > =============================================================== > Cliff Meece \\ Phone: (217) 333-1728 > Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu > School of Chemical Sciences \\ 153 Noyes Lab > University of Illinois \\ > =============================================================== > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From paul.l.allen at boeing.com Wed Jan 26 18:53:14 2000 From: paul.l.allen at boeing.com (Paul Allen) Date: Tue Dec 2 02:28:13 2003 Subject: joining NT4 domain, connection refused Message-ID: <388F429A.453CFB6E@boeing.com> I grabbed the samba-tng sources via CVS on January 13 and have just gotten around to building and testing it. When I attempt to join the local NT domain from my test Solaris 7 Samba server, smbpasswd complains that the connection is refused by the PDC. The PDC is running NT 4, service pack 5. Interestingly, I can join the domain from this machine if I use my old 2.0.4b smbpasswd. Can I just move the *.mac file over into the samba-tng/private directory, or have I got more fundamental problems? Thanks! Paul Allen -- Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964 Unix Technical Support | paul.l.allen@boeing.com Boeing Phantom Works Math & Computing Technology Site Operations, POB 3707 M/S 7L-68, Seattle, WA 98124-2207 From lars at kneschke.de Wed Jan 26 19:03:46 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:13 2003 Subject: New startup script References: Message-ID: <388F4512.1E5E9D87@kneschke.de> Luke Kenneth Casson Leighton wrote: > > i put it in the scripts/ directory as samba-init.d-sysv. > > On Thu, 27 Jan 2000, Clifford Meece wrote: > > > Hi, > > > > I made a minor modification to my start script, and am now reposting > > it. Lars, would you like to put it on your web page? Yes, i could do it. But if Luke puts it in the cvs, i don't need to put it on the webpage. Or what do you think? But you should make a warning! killall on solaris kill's all. Like the name says. >From the manpage: killall terminates all processes with open files so that the mounted file systems will be unbusied and can be unmounted. Cu -- Do you like Samba? Do you know KSamba? Try http://www.kneschke.de/projekte/ksamba!! Or watch our other projects at http://www.kneschke.de/projekte! From lkcl at samba.org Wed Jan 26 19:16:38 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: joining NT4 domain, connection refused In-Reply-To: <388F429A.453CFB6E@boeing.com> Message-ID: if you do, you will also need to move over the private/smbpasswd entry for the workstation as well (assuming that you have two different smbpasswd files) and yes, you probably do have other problems. follow the FAQ instructions. btw a word of warning to people: BACK UP YOUR MACHINE.SID FILE IF YOU EVER INTEND TO RETURN TO USING 2.0.X On Thu, 27 Jan 2000, Paul Allen wrote: > I grabbed the samba-tng sources via CVS on January 13 and have just > gotten around to building and testing it. When I attempt to join > the local NT domain from my test Solaris 7 Samba server, smbpasswd > complains that the connection is refused by the PDC. The PDC is running > NT 4, service pack 5. > > Interestingly, I can join the domain from this machine if I use my > old 2.0.4b smbpasswd. Can I just move the *.mac file over into the > samba-tng/private directory, or have I got more fundamental problems? > > Thanks! > > Paul Allen > -- > Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964 > Unix Technical Support | paul.l.allen@boeing.com > Boeing Phantom Works Math & Computing Technology Site Operations, > POB 3707 M/S 7L-68, Seattle, WA 98124-2207 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From greg at discreet.com Wed Jan 26 20:23:48 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:13 2003 Subject: Don't get it (am I stupid?) In-Reply-To: <000f01bf6818$57a66650$54b89ec0@ilse.net> Message-ID: You must be root to do this. Greg On Thu, 27 Jan 2000, Martijn Grendelman wrote: > Date: Thu, 27 Jan 2000 03:19:25 +1100 > From: Martijn Grendelman > To: Multiple recipients of list SAMBA-NTDOM > Subject: Don't get it (am I stupid?) > > Hi! > > I am new to this list, new to Samba-TNG and new to CVS-stuff, so I apologize > in advance if my question is really stupid. Today I got the latest > CVS-source for Samba-MAIN and Samba-TNG, to try to experiment a little with > Samba as a PDC. > > I read all the READMEs and I read Lars Kneschke's FAQ, but there MUST be > something I'm missing. When I try to add a machine account for my NT > Workstation by I see: > > martijn@Serv2> pwd > /usr/local/samba/bin > martijn@Serv2> ./smbpasswd -a -m testmg > smbpasswd: illegal option -- a > smbpasswd [options] [password] > options: > -s use stdin for password prompt > -D LEVEL debug level > -U USER remote username > -r MACHINE remote machine > > What's wrong with my "smbpasswd" and how do I get one that works? > > Thanx, > Martijn. > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Wed Jan 26 20:36:10 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: [SAMBA_TNG] bug in samr_lookup_names() Message-ID: i hate looking at these, can someone else help track it down? i added a samrlookuprids command, it's easy to repro this problem. do this: rpcclient -S SAMBA_TNG_SERVER -U% -l log [$ ] lsaquery [$ ] samrlookupnames someuser [$ ] samrlookupsids the-rid-returned-from-the-samrlookupname-command this will pause, and pause, and time out. in log.samr, it goes nuts in that damn, irritating, USELESS code that i keep meaning to replace, which converts unix groups to NT groups, and unix groups to NT aliases, and unix users to NT users, except it doesn't, it gets its arse about its tits and goes off into WONDERLAND pretending that unix users are NT groups, and NT groups are unix aliases and goes into infinite recursion mode. ARGH. p.s no, my name's not argh. From cliff at scs.uiuc.edu Wed Jan 26 20:41:50 2000 From: cliff at scs.uiuc.edu (Clifford Meece) Date: Tue Dec 2 02:28:13 2003 Subject: Can't locate PDC + New startup script Message-ID: <388F5C0E.7E406E34@scs.uiuc.edu> Hi, I'm posting for 2 reasons: 1. A new version of my init script (thanks for the info Lars) I've attached a new version of the script that won't completely screw your Solaris box. 2. Small samba problem : I checked out the TNG and HEAD source yesterday, and got it compiled. I had previously been using and old HEAD source that worked but usermanager was failing. Now I get a logon error. It does log me into the system, and it does connect me to my home share, but I get a 'Logon Message' windows that says: A domain controller for your domain could not be contacted. You have been logged on using cached account information. I'm using smbd and nmbd from head and the rest from TNG. What log file should I be looking at to find the problem? -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== -------------- next part -------------- #! /bin/sh # # Samba server control # # Change this to your Samba bin directory: SAMBA_HOME="/usr/samba/bin" KILL=/sbin/kill OS=`uname` case $OS in IRIX*) KILL=/usr/bin/kill echo "$OS\n" IS_ON=/etc/chkconfig if test ! -x $IS_ON ; then IS_ON=true fi if $IS_ON verbose ; then ECHO=echo else # For a quiet startup and shutdown ECHO=: fi ;; Sun*) KILL=/usr/bin/kill echo "$OS\n" ECHO=echo IS_ON=true ;; *) esac SAMBAD=${SAMBA_HOME}/smbd #SAMBA_OPTS=-d2 NMBD=${SAMBA_HOME}/nmbd BROWSERD=${SAMBA_HOME}/browserd LSARPCD=${SAMBA_HOME}/lsarpcd NETLOGOND=${SAMBA_HOME}/netlogond SAMRD=${SAMBA_HOME}/samrd SPOOLSSD=${SAMBA_HOME}/spoolssd SRVSVCD=${SAMBA_HOME}/srvsvcd SVCCTLD=${SAMBA_HOME}/svcctld WINREGD=${SAMBA_HOME}/winregd WKSSVCD=${SAMBA_HOME}/wkssvcd #NMBD_OPTS=-d1 SAMBADPID=`cat ${SAMBA_HOME}/../var/locks/smbd.pid` NMBDPID=`cat ${SAMBA_HOME}/../var/locks/nmbd.pid` BROWSERDPID=`cat ${SAMBA_HOME}/../var/locks/browserd.pid` LSARPCDPID=`cat ${SAMBA_HOME}/../var/locks/lsarpcd.pid` NETLOGONDPID=`cat ${SAMBA_HOME}/../var/locks/netlogond.pid` SAMRDPID=`cat ${SAMBA_HOME}/../var/locks/samrd.pid` SPOOLSSDPID=`cat ${SAMBA_HOME}/../var/locks/spoolssd.pid` SRVSVCDPID=`cat ${SAMBA_HOME}/../var/locks/srvsvcd.pid` SVCCTLDPID=`cat ${SAMBA_HOME}/../var/locks/svcctld.pid` WINREGDPID=`cat ${SAMBA_HOME}/../var/locks/winregd.pid` WKSSVCDPID=`cat ${SAMBA_HOME}/../var/locks/wkssvcd.pid` case $1 in 'start') if $IS_ON samba && test -x $SAMBAD; then $ECHO "Samba:\c" $SAMBAD $SAMBA_OPTS -D; $ECHO " smbd\c" $NMBD $NMBD_OPTS -D; $ECHO " nmbd\c" $LSARPCD; $ECHO " lsarpcd\c" $NETLOGOND; $ECHO " netlogond\c" $SAMRD; $ECHO " samrd\c" $SPOOLSSD; $ECHO " spoolssd\c" $SRVSVCD; $ECHO " srvsvcd\c" $SVCCTLD; $ECHO " svcctld\c" $WINREGD; $ECHO " winregd\c" $WKSSVCD; $ECHO " wkssvcd\c" $BROWSERD; $ECHO " browserd\c" $ECHO "." fi ;; 'stop') $ECHO "Stopping Samba Servers." $KILL -15 $SAMBADPID $NMBDPID $BROWSERDPID $LSARPCDPID $NETLOGONDPID $SAMRDPID $SPOOLSSDPID $SRVSVCDPID $SVCCTLDPID $WINREGDPID $WKSSVCDPID exit 0 ;; *) echo "usage: /etc/init.d/samba {start|stop}" ;; esac From lkcl at samba.org Wed Jan 26 21:57:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: coding volunteers needed for msrpc server-side API conversion In-Reply-To: Message-ID: ok, people, i _really_ need help with this. i estimate that if i work on this full-time it's going to take about... two weeks. i have one volunteer for the samr functions. it's been two days, already, and i'm only half-way through samr. that means, nothing else gets done, and samba-tng current cvs is broken because the _samr_lookup_rids() function goes into an infinite loop on that stupid unix-lookup stuff. so, if i get to it, it will be in over two weeks time, based on current schedules, which means everyone gets to suffer two weeks of email, "i can't get samba-tng to work". i'm intending to replace the broken passdb/*.c and groupdb/*.c code with a proper samr implementation, but _only_ after the samr conversion. to help jean-francois with the spoolss code, i'd like to have spoolss converted over, too. more hands, light work... On Tue, 25 Jan 2000, Luke Kenneth Casson Leighton wrote: > if anyone wants to help with a very boring but basically self-consistent > task, i'd really appreciate it. the goal is, examine rpc_client/cli_*.c > functions, e.g samr_open_domain(), and create a srv_*.c function with > EXACTLY the same paramaters called _samr_open_domain(), for all functions > in rpc_client/cli_*.c and srv_*.c. > > please see samba tng's rpc_server/srv_samr.c and samrd/srv_samr_passdb.c > for examples of the code-conversion in progress. i cut/paste a section of > proto.h from rpc_client/cli_samr.c into the top of samrd/srv_samr_passdb.c > to make this job easier. > > if you want to help out, then please follow these instructions, in order > to avoid duplication of effort: > > 1) EITHER: refer to http://samba.org/listproc/samba-technical and look for > messages with this subject line OR: change your subscription to non-digest > mode on samba-technical. > > 2) post a message to samba-technical in reply to this message (exclude the > text) saying which MSRPC pipe and which functions in that pipe you would > like to volunteer for the conversion. > > 3) wait 20 mins or so, refer to samba-technical, see if anyone else also > volunteered. sort it out between you so as not to duplicate effort. > > 4) examine and follow the example code plus the coding STYLE, please. > put copyright your name 2000 at the top of the file in the GPL header. > istarted out by making 2 copies of rpc_server/srv_samr.c and then go from > there. changes to rpc_parse/parse_*.c::make_r*() functions are sometimes > necessary. changes to rpc_parse/parse_*.c::make_q*() functions are NOT > necessary and should not be done. > > 5) send me a diff -u patch, they're far easier to read before doing patch > -p0 < your_diff. send it as an attachment not inline text because your > emailer or mine may word-wrap anything over 80 chars in length. > > i will be chewing through srv_samr.c from the top: if anyone wants to > start at the bottom and work up, i'll meet you somewhere in the middle :) > please follow the reporting instructions above. > > thx! > > luke > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lars at kneschke.de Wed Jan 26 21:53:32 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:13 2003 Subject: Can't locate PDC + New startup script References: <388F5C0E.7E406E34@scs.uiuc.edu> Message-ID: <388F6CDC.43E5CCAC@kneschke.de> Clifford Meece wrote: > > Hi, > I'm posting for 2 reasons: > 1. A new version of my init script (thanks for the info Lars) > I've attached a new version of the script that won't completely > screw your Solaris box. Thanks! I can't test it now, but it looks like it should work! :-) > 2. Small samba problem : > > I checked out the TNG and HEAD source yesterday, and got it > compiled. I had previously been using and old HEAD source that worked > but usermanager was failing. Now I get a logon error. It does log me > into the system, and it does connect me to my home share, but I get a > 'Logon Message' windows that says: > > A domain controller for your domain could not be contacted. You have > been logged on using cached account information. > > I'm using smbd and nmbd from head and the rest from TNG. What log file > should I be looking at to find the problem? In /var you will find the logfiles. ls -lt *.log will show the files sorted be last change-time. I would watch the latest! :-) Cu -- Do you like Samba? Do you know KSamba? Try http://www.kneschke.de/projekte/ksamba!! Or watch our other projects at http://www.kneschke.de/projekte! From gene_yee at hotmail.com Wed Jan 26 23:34:59 2000 From: gene_yee at hotmail.com (Gene Yee) Date: Tue Dec 2 02:28:13 2003 Subject: Slow Print Server Message-ID: <20000126233459.29019.qmail@hotmail.com> I am running a Samba Linux print server using the RedHat 6.1 distribution. Samba v2.0.5a which comes with RedHat. The server is a Compaq 5000 Quad PP200 w/ 1 gig of ram, the drive array uses a mirrored set of 4 gig drives. Yes, a bit over powered, but this is what was laying around... I am having an issue where sometimes Samba seems to time out for a while. >From a WinNT client I can locate all the print shares right away, but when I hit Properties it often takes up to a minute for the properties page. When I hit Test Print it often takes up to a minute also. Of course, on occasions it is running extremely quick also. This server does NOTHING else and is still in a test enviroment, so during these test I am the only one accessing the server. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From mpc at star.sr.bham.ac.uk Wed Jan 26 23:52:27 2000 From: mpc at star.sr.bham.ac.uk (Mark Cooke) Date: Tue Dec 2 02:28:13 2003 Subject: Slow Print Server In-Reply-To: <20000126233459.29019.qmail@hotmail.com> Message-ID: On Thu, 27 Jan 2000, Gene Yee wrote: > I am running a Samba Linux print server using the RedHat 6.1 distribution. > Samba v2.0.5a which comes with RedHat. Hi Gene, I was having problems with smbclient being very very slow putting files from a redhat 6.1/2.0.5a to windows machines (bytes per second over a pretty quiet 10mbps network). Perhaps you are seeing similar? The solution here was to upgrade to 2.0.6. Write speeds are up into the hundreds of kbytes range now. Regards, Mark +-------------------------------------------------------------------------+ Mark Cooke The views expressed above are mine and are not Systems Programmer necessarily representative of university policy University Of Birmingham URL: http://www.sr.bham.ac.uk/~mpc/ +-------------------------------------------------------------------------+ From anders at aae.wisc.edu Thu Jan 27 00:54:04 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:28:13 2003 Subject: coding volunteers needed for msrpc server-side API conversion In-Reply-To: References: Message-ID: <200001270054.SAA04943@pug.aae.wisc.edu> Ok, I'm currently busy with school, but I could probably spare som hrs. in the weekend. I'm sorry for not "grabbing" one task, as I don't have the source code available where I'm at now (home). But if there is something that you'd like to get done during the weekend, please tell me an I'll spend some time in the weekend helping you out. --Anders Overworked Programmer/Student until the weekend :) Quoting Luke Kenneth Casson Leighton : > ok, people, i _really_ need help with this. i estimate that if i work on > this full-time it's going to take about... two weeks. > > i have one volunteer for the samr functions. it's been two days, already, > and i'm only half-way through samr. > > that means, nothing else gets done, and samba-tng current cvs is broken > because the _samr_lookup_rids() function goes into an infinite loop on > that stupid unix-lookup stuff. so, if i get to it, it will be in over two > weeks time, based on current schedules, which means everyone gets to > suffer two weeks of email, "i can't get samba-tng to work". > > i'm intending to replace the broken passdb/*.c and groupdb/*.c code with a > proper samr implementation, but _only_ after the samr conversion. > > to help jean-francois with the spoolss code, i'd like to have spoolss > converted over, too. > > more hands, light work... From lkcl at samba.org Thu Jan 27 01:21:07 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: coding volunteers needed for msrpc server-side API conversion In-Reply-To: <200001270054.SAA04943@pug.aae.wisc.edu> Message-ID: On Wed, 26 Jan 2000, Anders C. Thorsen wrote: > Ok, I'm currently busy with school, but I could probably > spare som hrs. in the weekend. yaay :) > I'm sorry for not "grabbing" one task, as I don't have > the source code available where I'm at now (home). But > if there is something that you'd like to get done during > the weekend, please tell me an I'll spend some time in > the weekend helping you out. ok, verr' cool! well, by then, me and mr s.striker should have samr nailed. the next one will be spoolss. > --Anders > Overworked Programmer/Student until the weekend :) like at least two others! From mgeddes at xavier.sa.edu.au Thu Jan 27 02:39:22 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:13 2003 Subject: PDC - BDC Trust Message-ID: <388FAFD9.E3C156E2@xavier.sa.edu.au> Hi, How well does the PDC - BDC trust thing work in Samba TNG? I am having a few troubles getting it working between my RedHat 6.0 (PDC) box and RedHat 5.1 (BDC) box. I realise that some things are a pain on RH 5.1, but most other stuff works.... I try to do the rpcclient thing (as per destructions on the Samba TNG faq), using the TNG rpcclient, but the lsaquery command fails (connection refused). If I use the Samba Main version, I can lsaquery, but no createuser command...... Is this a problem with RH 5.1, or is this a Samba trust problem? Anybody? Thanks heap, Matt From lkcl at samba.org Thu Jan 27 02:40:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: PDC - BDC Trust In-Reply-To: <388FAFD9.E3C156E2@xavier.sa.edu.au> Message-ID: are you running lsarpcd? if rpcclient doesn't talk to your samba server, you've got problems! try rpcclient -S sambaserver -U% -l log lsaquery this is a classic anonymous test to verify that your server's up, and its status. On Thu, 27 Jan 2000, Matthew Geddes wrote: > Hi, > How well does the PDC - BDC trust thing work in Samba TNG? I am having a > few troubles getting it working between my RedHat 6.0 (PDC) box and > RedHat 5.1 (BDC) box. I realise that some things are a pain on RH 5.1, > but most other stuff works.... > > I try to do the rpcclient thing (as per destructions on the Samba TNG > faq), using the TNG rpcclient, but the lsaquery command fails > (connection refused). If I use the Samba Main version, I can lsaquery, > but no createuser command...... > > Is this a problem with RH 5.1, or is this a Samba trust problem? > Anybody? > > > Thanks heap, > Matt > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 27 08:36:01 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:13 2003 Subject: spoolss Message-ID: well, i am sitting here in partial-darkness, in a flat where, earlier, flat-mate #1 decided to switch on the t.v (which he keeps on all night: flickerflifliflickernyanyanyah). flat-mate #2 decided a) to invite a guest over b) switch on loud music c) smoke d) forget to remind guest that there are people attempting to sleep (after all, it was only 1:30am). e) have sex. quitely. so, not surprisingly, i got food, computer and telephone cable and carried on working on the spoolss conversion. i just wanted to say, jean-francois, that i am very impressed with your code. i particularly like the sarcastic remarks about having to implement the same spoolss server-side bug-fixes to deal with nt client-side bugs, i think that's hilarious. the thing is, microsoft _has_ to do it that way so as to be backwards-compatible with legacy clients. oh well! From Jean-Francois.Micouleau at dalalu.fr Thu Jan 27 09:48:11 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:13 2003 Subject: spoolss In-Reply-To: Message-ID: On Thu, 27 Jan 2000, Luke Kenneth Casson Leighton wrote: > i just wanted to say, jean-francois, that i am very impressed with your > code. i particularly like the sarcastic remarks about having to implement > the same spoolss server-side bug-fixes to deal with nt client-side bugs, i > think that's hilarious. the thing is, microsoft _has_ to do it that way > so as to be backwards-compatible with legacy clients. As some MS people are reading here, I should confess that the sarcastic remarks are not directed against anybody. It's just that sometimes it was depressing to see _how much_ the design was poor just to have a backward compatible API at the user level. Please don't turn that into a flamewar, there is no reason to. J.F. From icoupeau at unav.es Thu Jan 27 11:22:50 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:28:13 2003 Subject: undefined reference to lookup_sid TNG Message-ID: <38902A8A.362BEAC3@unav.es> I found this error compiling TNG with quotas an wit quotas and ldap: > Linking bin/swat > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > make: *** [bin/swat] Error 1 Some help? Thx, Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From Daniel.Sandmeier at HWK-DO.DE Thu Jan 27 12:35:51 2000 From: Daniel.Sandmeier at HWK-DO.DE (Daniel Sandmeier) Date: Tue Dec 2 02:28:13 2003 Subject: Setting up PDC on two networks References: Message-ID: <38903BA7.FAE4EEDC@hwk-do.de> Hi there, I don't know if I'm on the right way, but I think if you use the parameters "interfaces" and "bind interfaces only", you can tell Samba, that the Box has different IP-Adresses. So, I think it won't be a problem to set it up as a Server for two domains. But I'm not quite sure. [global] interfaces = interface list allowable values: IP addresses separated by spaces default: NULL Sets the interfaces to which Samba will respond. The default is the machine?s primary inter-face only. Recommended on multihomed machines or to override erroneous addresses and netmasks. [global] bind interfaces only = boolean allowable values: YES, NO default: NO If set to YES, shares and browsing will be provided only on interfaces in an interfaces list (see interfaces). New in Samba 1.9.18. If you set this option to YES, be sure to add 127. 0.0.1 to the interfaces list to allow smbpasswd to connect to the local machine to change passwords. This is a convienence option; it does not improve security. MfG DerSandos187 From lk at NetUSE.DE Thu Jan 27 12:57:09 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:13 2003 Subject: Setting up PDC on two networks References: Message-ID: <389040A5.2C3045DC@NetUSE.DE> "Van Drie, Matthew" wrote: > > I'm looking to set up a Samba server to be a PDC to two networks. One network will be the public one > here at my work, the other will be a private network of probably 5 - 6 computers. The server really > will only have to do its PDCing on the private network, but it must also be seen on the company > network. > > Is it possible to do this with Samba now? If so, where might I go for help or howtos on how to do > this? I think so. You need a wins-server in your network, if you have different networks. If you already have a Windows WINS-Server, you can use samba as wins-server. I have tested samba tng, 1 week ago, in such a environment. I had a samba tng server acting as pdc, on a solaris machine with 2 ip numbers from different networks. I could use the samba server from both networks. The samba tng server was also WINS server. You need a WINS server to get a complete browselist. YOu must have a working routing, because the samba server anounces itself to winsserver under his first ip-address. Hope this helps! Beat if i'm wrong. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From kbn at pjat.dk Thu Jan 27 13:18:27 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:13 2003 Subject: Problems compiling Samba-TNG for IRIX References: Message-ID: <389045A3.37CCB9AD@pjat.dk> Greg Dickie wrote: > > Ya, I'm always on the f stream, that could be it. > > Greg > > On 23-Jan-00 Kim Bjoern Nielsen wrote: > > Greg Dickie wrote: > >> > >> nothing special at all, today it just works. What version of irix are you > >> using? I'm on 6.5.4, maybe thats the diff. > > > > I'm using 6.5.6m on an INDY R4400 > > > > I'll try 6.5.6f on an INDY R5000 later (tonight)! been away for a couple of days! I tried 6.5.6f, and got it working on R5000. Great. I'm still fighting with R4400 though: I got the errors: IRIX 1# ./configure --prefix=/usr/samba IRIX 2# gmake Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE="/usr/samba/var" -DSMBLOGFILE="/usr/samba/var/log.smb" -DNMBLOGFILE="/usr/samba/var/log.nmb" -DCONFIGFILE="/usr/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/samba/lib/lmhosts" -DSWATDIR="/usr/samba/swat" -DSBINDIR="/usr/samba/bin" -DLOCKDIR="/usr/samba/var/locks" -DSMBRUN="/usr/samba/bin/smbrun" -DCODEPAGEDIR="/usr/samba/lib/codepages" -DDRIVERFILE="/usr/samba/lib/printers.def" -DBINDIR="/usr/samba/bin" -DFORMSFILE="/usr/samba/lib/ntforms.def" -DNTDRIVERSDIR="/usr/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/samba/bin/smbpasswd" -DSMB_PASSWD_FILE="/usr/samba/private/smbpasswd" -DSMB_PASSGRP_FILE="/usr/samba/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/samba/private/smbgroup" -DSMB_ALIAS_FILE="/usr/samba/private/smbalias" Using LIBS = snip... Compiling lib/util.c with libtool lib/util.c: In function `nametouid': lib/util.c:2081: warning: passing arg 1 of `Get_Pwnam' discards `const' from pointer target type Compiling lib/genrand.c with libtool snip... Compiling rpc_parse/parse_creds.c with libtool rpc_parse/parse_creds.c: In function `create_user_creds': rpc_parse/parse_creds.c:600: warning: assignment discards `const' from pointer target type Compiling rpc_parse/parse_ntlmssp.c with libtool snip... Compiling lib/domain_namemap.c lib/domain_namemap.c: In function `lookup_remote_ntname': lib/domain_namemap.c:914: warning: assignment discards `const' from pointer target type Compiling lib/util_pwdb.c snip... Compiling lib/domain_namemap.c with libtool lib/domain_namemap.c: In function `lookup_remote_ntname': lib/domain_namemap.c:914: warning: assignment discards `const' from pointer target type Linking shared library bin/libsmbpw.la ...and a lot of: ld32: WARNING 85: definition of __deregister_frame_info in bin/.libs/libnmb.so preempts that definition in bin/.libs/libsamba.so. --- Any ideas? Thanks - Kim > > > > Thanks - Kim > > > >> > >> Greg > >> > >> On 23-Jan-00 Kim Bjoern Nielsen wrote: > >> > Greg Dickie wrote: > >> >> > >> >> I'm compiling now. 2.8.1 should work i think... ya thats what I'm using. > >> >> > >> >> Greg > >> > > >> > Thanks Greg, > >> > > >> > I'm confused! I just carried out a full cvs > >> > download/configure/compilation of samba_main. - And tested it. > >> > > >> > It works. > >> > > >> > I still can't get samba_tng to compile - argh! > >> > > >> > Did you make your own changes to src? > >> > Are you using environment settings related to GNU gcc or libs? > >> > > >> > Any ideas much appreciated > >> > > >> > Thanks - Kim > >> > > >> >> > >> >> On 23-Jan-00 Kim Bjoern Nielsen wrote: > >> >> > Greg Dickie wrote: > >> >> >> > >> >> >> Are you using the IRIX C compiler? The TNG branch hasn't compiled with > >> >> >> it > >> >> >> for a > >> >> >> while, I'm using gcc now. You can get it off the sgi free stuff web > >> >> >> site. > >> >> >> The > >> >> >> cvs head branch however still seems to work with the native IRIX make > >> >> >> and > >> >> >> C > >> >> >> compiler. Course I haven't check the logs for a couple of days, maybe > >> >> >> it > >> >> >> doesn't compile... > >> >> >> > >> >> > > >> >> > I'm using the gcc ver. 2.8.1 (fw_gcc-2.8.1-sgipl2.tardist) > >> >> > > >> >> > I have just downloaded fw_egcs-1.1.2.tardist. Maybe that's better? > >> >> > > >> >> > Thanks - Kim > >> >> > > >> >> >> Greg > >> > >> ---------------------------------- > >> Greg Dickie > >> just a guy* > >> *from Discreet (the Logic is gone) > >> ---------------------------------- > > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- From kbn at pjat.dk Thu Jan 27 13:23:04 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:14 2003 Subject: Serious errors? - compiling to IRIX. Message-ID: <389046B8.EF1770AC@pjat.dk> (was - Hi, Compiling to IRIX 6.5 for R4400, using gcc 2.8.1 & gmake 3.76 I get these errors: IRIX 1# ./configure --prefix=/usr/samba snip... IRIX 2# gmake Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE="/usr/samba/var" -DSMBLOGFILE="/usr/samba/var/log.smb" -DNMBLOGFILE="/usr/samba/var/log.nmb" -DCONFIGFILE="/usr/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/samba/lib/lmhosts" -DSWATDIR="/usr/samba/swat" -DSBINDIR="/usr/samba/bin" -DLOCKDIR="/usr/samba/var/locks" -DSMBRUN="/usr/samba/bin/smbrun" -DCODEPAGEDIR="/usr/samba/lib/codepages" -DDRIVERFILE="/usr/samba/lib/printers.def" -DBINDIR="/usr/samba/bin" -DFORMSFILE="/usr/samba/lib/ntforms.def" -DNTDRIVERSDIR="/usr/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/samba/bin/smbpasswd" -DSMB_PASSWD_FILE="/usr/samba/private/smbpasswd" -DSMB_PASSGRP_FILE="/usr/samba/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/samba/private/smbgroup" -DSMB_ALIAS_FILE="/usr/samba/private/smbalias" Using LIBS = snip... Compiling lib/util.c with libtool lib/util.c: In function `nametouid': lib/util.c:2081: warning: passing arg 1 of `Get_Pwnam' discards `const' from pointer target type Compiling lib/genrand.c with libtool snip... Compiling rpc_parse/parse_creds.c with libtool rpc_parse/parse_creds.c: In function `create_user_creds': rpc_parse/parse_creds.c:600: warning: assignment discards `const' from pointer target type Compiling rpc_parse/parse_ntlmssp.c with libtool snip... Compiling lib/domain_namemap.c lib/domain_namemap.c: In function `lookup_remote_ntname': lib/domain_namemap.c:914: warning: assignment discards `const' from pointer target type Compiling lib/util_pwdb.c snip... Compiling lib/domain_namemap.c with libtool lib/domain_namemap.c: In function `lookup_remote_ntname': lib/domain_namemap.c:914: warning: assignment discards `const' from pointer target type Linking shared library bin/libsmbpw.la ...and a lot of (un-important?): ld32: WARNING 85: definition of __deregister_frame_info in bin/.libs/libnmb.so preempts that definition in bin/.libs/libsamba.so. ------ Any ideas? Thanks - Kim From alberto at ace.nl Thu Jan 27 13:38:38 2000 From: alberto at ace.nl (Alberto van der Linden) Date: Tue Dec 2 02:28:14 2003 Subject: Subscribe Message-ID: <38904A5E.751FED16@ace.nl> Subscribe Please add me to your mailinglist. I think your organization is doing a great job and i'm already using samba in our office with great pleasure. -- Regards -- Alberto van der Linden aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Alberto van der Linden email: alberto@ace.nl cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc ACE Consulting bv Van Eeghenstraat 100 tel: +31 20 6646416 1071 GL Amsterdam fax: +31 20 6750389 The Netherlands www: http://www.ace.nl eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee From Elrond at Wunder-Nett.org Thu Jan 27 14:57:23 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:14 2003 Subject: coding volunteers needed for msrpc server-side API conversion In-Reply-To: ; from Luke Kenneth Casson Leighton on Thu, Jan 27, 2000 at 08:59:35AM +1100 References: Message-ID: <20000127155723.A14328@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi, I could do some things with lsarpc on sunday (I'm busy until sunday. Maybe I get some time on friday or today...) Could you create some appropiate starting-point in lsarpcd/, so I have something to start of? I would like to start with lookup_names and lookup_sids, and then (_if_ I get that far) continue at the bottom, so someone else can start at the top? Any comments? Elrond On Thu, Jan 27, 2000 at 08:59:35AM +1100, Luke Kenneth Casson Leighton wrote: > ok, people, i _really_ need help with this. i estimate that if i work on > this full-time it's going to take about... two weeks. > > i have one volunteer for the samr functions. it's been two days, already, > and i'm only half-way through samr. > > that means, nothing else gets done, and samba-tng current cvs is broken > because the _samr_lookup_rids() function goes into an infinite loop on > that stupid unix-lookup stuff. so, if i get to it, it will be in over two > weeks time, based on current schedules, which means everyone gets to > suffer two weeks of email, "i can't get samba-tng to work". > > i'm intending to replace the broken passdb/*.c and groupdb/*.c code with a > proper samr implementation, but _only_ after the samr conversion. > > to help jean-francois with the spoolss code, i'd like to have spoolss > converted over, too. > > more hands, light work... > > > On Tue, 25 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > if anyone wants to help with a very boring but basically self-consistent > > task, i'd really appreciate it. the goal is, examine rpc_client/cli_*.c > > functions, e.g samr_open_domain(), and create a srv_*.c function with > > EXACTLY the same paramaters called _samr_open_domain(), for all functions > > in rpc_client/cli_*.c and srv_*.c. > > > > please see samba tng's rpc_server/srv_samr.c and samrd/srv_samr_passdb.c > > for examples of the code-conversion in progress. i cut/paste a section of > > proto.h from rpc_client/cli_samr.c into the top of samrd/srv_samr_passdb.c > > to make this job easier. > > > > if you want to help out, then please follow these instructions, in order > > to avoid duplication of effort: > > > > 1) EITHER: refer to http://samba.org/listproc/samba-technical and look for > > messages with this subject line OR: change your subscription to non-digest > > mode on samba-technical. > > > > 2) post a message to samba-technical in reply to this message (exclude the > > text) saying which MSRPC pipe and which functions in that pipe you would > > like to volunteer for the conversion. > > > > 3) wait 20 mins or so, refer to samba-technical, see if anyone else also > > volunteered. sort it out between you so as not to duplicate effort. > > > > 4) examine and follow the example code plus the coding STYLE, please. > > put copyright your name 2000 at the top of the file in the GPL header. > > istarted out by making 2 copies of rpc_server/srv_samr.c and then go from > > there. changes to rpc_parse/parse_*.c::make_r*() functions are sometimes > > necessary. changes to rpc_parse/parse_*.c::make_q*() functions are NOT > > necessary and should not be done. > > > > 5) send me a diff -u patch, they're far easier to read before doing patch > > -p0 < your_diff. send it as an attachment not inline text because your > > emailer or mine may word-wrap anything over 80 chars in length. > > > > i will be chewing through srv_samr.c from the top: if anyone wants to > > start at the bottom and work up, i'll meet you somewhere in the middle :) > > please follow the reporting instructions above. > > > > thx! > > > > luke > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lk at NetUSE.DE Thu Jan 27 15:05:33 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:14 2003 Subject: RV: Latest support for PDC, BDC, trusted relationships References: Message-ID: <38905EBD.352CA39C@NetUSE.DE> "Paniagua Moreno, Pedro Luis" wrote: > > Hello: > Is this code (TNG) stable enough as to plan to install on a > production Domain (about 35 users). Should I risk and try or better I wait > till a production release (any date?). I use it every day here at work. (i'am my only user!) I would use it. But luke will have a better overview about his code. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From d.kirschey at eshgmbh.de Thu Jan 27 15:19:55 2000 From: d.kirschey at eshgmbh.de (David Kirschey) Date: Tue Dec 2 02:28:14 2003 Subject: MS Access reacts in two different ways (locking) Message-ID: <000b01bf68d9$f80f2fc0$1500a8c0@david> Hello together, I noticed, when I open a MS Access Database on al local drive (or an MS share) it reacts differently as when started from a smb- share. When I open a database from the local drive, an opened table gets a lock, so that other users can't open the table exclusively until the first user exits from the table. Also when one user opens the table exclusively all other users are denied when trying to open the table. When the mdb- file is located on the smb- share, this is very different: Everyone can open the table, when someone makes an exclusive lock, everyone can access the table anyway. What can I do to make the behaviour of the smb- share more like the "standard" ;-) behaviour? I read a lot of locking in smb, but I did not help. David Kirschey From kevin_myer at elanco.k12.pa.us Thu Jan 27 15:40:31 2000 From: kevin_myer at elanco.k12.pa.us (Kevin M. Myer) Date: Tue Dec 2 02:28:14 2003 Subject: Serving separate domains from single server and NIC? Message-ID: Hello, I have been running what is now the "old" CVS head version of Samba as my PDC for some time now. I am about to add a cluster of 6 point of sale machines for our cafeteria. These machines need a PDC and about a 100Mb file share. Since I already have a Samba server, what I'd like to do is simply add a second IP address to my ethernet card and create a share that is only accessible to those six machines. Looking at the smb.conf pages, it looks like there are the "interfaces" and "bind interfaces" operations to specify which interfaces to bind to, so multiple interfaces shouldn't be a problem. However, I'm not sure how to create a share that is accessible from only the six point of sale machines but not the rest of my NT network. In other words, I don't want students to be able to hack into the share intended for the point of sale machines. I know about invisible shares but I'd prefer to not have that share accessible in any way from the student side of the network. I guess I need something like TCP wrapper support, only on a shared volume basis. Any ideas? Thanks, Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \\ /( )\ ^`~'^ From Angus.Rae at ed.ac.uk Thu Jan 27 15:52:25 2000 From: Angus.Rae at ed.ac.uk (Angus Rae) Date: Tue Dec 2 02:28:14 2003 Subject: Printing from NT Workstation to Samba-TNG - anyone have a quick guide? Message-ID: <389069B9.280B95ED@ed.ac.uk> Hi, After a bit of dragging through the list archives I realised that I didn't really have a clue about how NT to Samba-TNG printing works these days (my last experience with NTDOM was before the NT spooling stuff was added), so I'm hoping that somebody can offer some advice on how to set up printers for NT Workstations. The test server is a CVS download (27/1/2000) of the SAMBA_TNG branch (although I believed the FAQ and downloaded the head branch, and didn't notice the difference until I spotted that "domain group map" wasn't recognised as a command), running on an updated RedHat 6.1 box. The test workstation is NT 4.0 SP6. Domain logons, domain group mappings and so forth all seem to work normally. Here's the settings I've used in an attempt to get printing working, cribbing from quite a few messages on the list... # excerpts from smb.conf # -------- NT PRINTING TEST STUFF ----------- nt forms file = /usr/local/samba/lib/printers/ntforms.def nt printer driver = /usr/local/samba/lib/printers [print$] path = /usr/local/samba/pdriver guest ok = yes writable = yes write list = angus case sensitive = no browseable = yes [ps15] path = /var/spool/samba/ps15 browseable = yes writable = no printable = yes printer driver = Apple LaserWriter Pro 630 # end of excerpt. This seems to _nearly_ work; if I logon as a domain admin, open up Network Neighbourhood/Server/Printers, click "Add Printer", tick the port for the printer (ps15) and choose the printer driver (Apple Laserwriter Pro 630) it does appear to upload it to the server. However, it then fails to print the test page and no printer appears. If I try it again, it detects that the driver is already installed but no matter if I choose "replace" or "use" I then get a crash in EXPLORER.EXE. The files that appear on the server are; in /usr/local/samba/lib/printers: NTdriver_W32X86_Apple LaserWriter Pro 630 NTprinter_ps15 in /usr/local/samba/pdriver: W32X86/APTOLLW1.PPD W32X86/PSCRIPT.DLL W32X86/PSCRIPT.HLP W32X86/PSCRPTUI.DLL I suspect that the problem is I've missed some important stage out somewhere (for example, I don't have any "ntforms.def" file as I have no idea what should be in it). Can anyone help, or point me at where I should be looking? Thanks in advance, Angus -- Angus G Rae Science & Engineering Support Team EUCS, University of Edinburgh From lk at NetUSE.DE Thu Jan 27 16:19:14 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:14 2003 Subject: Serving separate domains from single server and NIC? References: Message-ID: <38907002.E737BEAB@NetUSE.DE> "Kevin M. Myer" wrote: > > Hello, > > I have been running what is now the "old" CVS head version of Samba as my > PDC for some time now. I am about to add a cluster of 6 point of sale > machines for our cafeteria. These machines need a PDC and about a 100Mb > file share. Since I already have a Samba server, what I'd like to do is > simply add a second IP address to my ethernet card and create a share that > is only accessible to those six machines. Looking at the smb.conf pages, > it looks like there are the "interfaces" and "bind interfaces" operations > to specify which interfaces to bind to, so multiple interfaces shouldn't > be a problem. Yes. > However, I'm not sure how to create a share that is accessible from only > the six point of sale machines but not the rest of my NT network. In > other words, I don't want students to be able to hack into the share > intended for the point of sale machines. I know about invisible shares > but I'd prefer to not have that share accessible in any way from the > student side of the network. I guess I need something like TCP wrapper > support, only on a shared volume basis. Any ideas? Have a look at "hosts allow". You can set i pro share. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From mml1000 at cam.ac.uk Thu Jan 27 16:38:04 2000 From: mml1000 at cam.ac.uk (Matthew M Lavy) Date: Tue Dec 2 02:28:14 2003 Subject: Versions of Samba In-Reply-To: <389069B9.280B95ED@ed.ac.uk> Message-ID: Sorry to clutter this list with a boring newbie type question, but I have been using Samba 2.0.5 happily on Debian/slink for some time for a 30 workstation, 400 user system, but now I want to expunge NT entirely and use Samba as PDC. I'm aware the code isn't finished and am prepared to have only partial functionality (although I need stability) and would ultimately be interesting in starting to help bug-spotting, learning how some of the code works etc. However, it seems very hard to get info about which version is what, and which docs go with what. I downloaded the head branch from the cvs server (previously I've used a .deb packaged version) and it doesn't seem to do group or user mapping as expected. Can anyone tell me what I should be using / trying? -- Matthew M Lavy BA MPhil ARCM LTCL Jesus College, Cambridge CB5 8BL Tel: +44 1223 511338 email: mml1000@jesus.cam.ac.uk From Jean-Francois.Micouleau at dalalu.fr Thu Jan 27 16:40:51 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:14 2003 Subject: Printing from NT Workstation to Samba-TNG - anyone have a quick guide? In-Reply-To: <389069B9.280B95ED@ed.ac.uk> Message-ID: On Fri, 28 Jan 2000, Angus Rae wrote: > The test server is a CVS download (27/1/2000) of the SAMBA_TNG branch > (although I believed the FAQ and downloaded the head branch, and didn't > notice the difference until I spotted that "domain group map" wasn't > recognised as a command), running on an updated RedHat 6.1 box. The test > workstation is NT 4.0 SP6. ^^^ > This seems to _nearly_ work; if I logon as a domain admin, open up > Network Neighbourhood/Server/Printers, click "Add Printer", tick the > port for the printer (ps15) and choose the printer driver (Apple > Laserwriter Pro 630) it does appear to upload it to the server. However, > it then fails to print the test page and no printer appears. If I try it > again, it detects that the driver is already installed but no matter if > I choose "replace" or "use" I then get a crash in EXPLORER.EXE. you named it: SP6. The spoolss code doesn't work with SP5 and above. > I suspect that the problem is I've missed some important stage out > somewhere (for example, I don't have any "ntforms.def" file as I have no > idea what should be in it). Nope it's filled automatically, maybe it isn't created,... Try to "touch ntforms.def" J.F. From Angus.Rae at ed.ac.uk Thu Jan 27 17:05:36 2000 From: Angus.Rae at ed.ac.uk (Angus Rae) Date: Tue Dec 2 02:28:14 2003 Subject: Printing from NT Workstation to Samba-TNG - anyone have a quick guide? References: Message-ID: <38907AE0.4F256173@ed.ac.uk> Jean Francois Micouleau wrote: > > The test > > workstation is NT 4.0 SP6. > ... > you named it: SP6. The spoolss code doesn't work with SP5 and above. Rats, and I saw that in a message on the archive too, but thought it was out-of-date info. I had a horrible suspicion that might be the case, actually. Is there any hope of getting it working with SP5 or SP6 in the near future, or has the NT end been made thoroughly incompatible? I'd rather avoid all of those post-SP4 hotfixes if at all possible... :-) > > I suspect that the problem is I've missed some important stage out > > somewhere (for example, I don't have any "ntforms.def" file as I have no > > idea what should be in it). > Nope it's filled automatically, maybe it isn't created,... Try to "touch > ntforms.def" Indeed, it's not created; once SP6 has finished backing out I'll try it again. [later...] Ohh dear - the backout to SP3 just finished, and I tried again (having deleted the NTdriver and NTprinter files from /usr/local/samba/lib/printers, and the W32X86 directory from /usr/local/samba/pdriver). Same symptoms as before (failure to print test page), and when I tried to refresh the "Network NeighbourhoodN\server\Printers" window I got another crash in EXPLORER.EXE. The same files appeared in the same locations and ntforms.def stayed at size 0. So it doesn't look like it was just SP6, either that or backing out SP6 doesn't remove everything to do with SP6 - which wouldn't surprise me. Is there anything else that could be causing this problem? Thanks again, Angus -- Angus G Rae Science & Engineering Support Team EUCS, University of Edinburgh From simsa at acu.edu Thu Jan 27 17:05:46 2000 From: simsa at acu.edu (April Sims) Date: Tue Dec 2 02:28:14 2003 Subject: Thanks for the help Message-ID: <4.2.0.58.20000127110245.00ae29a0@nicanor.acu.edu> Just finished configuring a HYPERNEWS (sort of local newsgroups) running on Apache 1.3.9 authenticating on my NT domain using pam_smb and mod_auth_samba Thanks to everyone for all your help.. It works great. >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< April Sims MCSE, CNE Abilene Christian University Systems Administrator ACU Box 29005 Information Technology Abilene, TX 79699 simsa@nicanor.acu.edu Vx:(915)674-2681 Fx:674-6724 >>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<< From loren at bridgephone.net Thu Jan 27 17:18:05 2000 From: loren at bridgephone.net (Loren Burlingame) Date: Tue Dec 2 02:28:14 2003 Subject: JOIN REQUEST Message-ID: <000801bf68ea$79c45850$6c771acc@bridgephone.net> PLEASE ADD ME TO THE LIST -------------- next part -------------- HTML attachment scrubbed and removed From lkcl at samba.org Thu Jan 27 17:20:29 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:14 2003 Subject: coding volunteers needed for msrpc server-side API conversion In-Reply-To: <20000127155723.A14328@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: i'd suggest starting with lsa_close(). examine wkssvc/srv_wkssvc_nt.c, samr/srv_samr_passdb.c for comments (esp. the ones at the bottom of the samr fn). please remember that the intent is to make lsa_lookup_names() client-side and ALLL other client-side functions take UNICODE strings _not_ char*, so if you see a cli_*.c function with char*, replace with UNISTR2* and maybe you'll have to put UNIHDR* in as well (an artefact of the way i'm doing UNICODE strings: sorry). On Thu, 27 Jan 2000, Elrond wrote: > > Hi, > > I could do some things with lsarpc on sunday (I'm busy > until sunday. Maybe I get some time on friday or today...) > > Could you create some appropiate starting-point in > lsarpcd/, so I have something to start of? > > I would like to start with lookup_names and lookup_sids, > and then (_if_ I get that far) continue at the bottom, so > someone else can start at the top? > > > Any comments? > > > Elrond > > > On Thu, Jan 27, 2000 at 08:59:35AM +1100, Luke Kenneth Casson Leighton wrote: > > ok, people, i _really_ need help with this. i estimate that if i work on > > this full-time it's going to take about... two weeks. > > > > i have one volunteer for the samr functions. it's been two days, already, > > and i'm only half-way through samr. > > > > that means, nothing else gets done, and samba-tng current cvs is broken > > because the _samr_lookup_rids() function goes into an infinite loop on > > that stupid unix-lookup stuff. so, if i get to it, it will be in over two > > weeks time, based on current schedules, which means everyone gets to > > suffer two weeks of email, "i can't get samba-tng to work". > > > > i'm intending to replace the broken passdb/*.c and groupdb/*.c code with a > > proper samr implementation, but _only_ after the samr conversion. > > > > to help jean-francois with the spoolss code, i'd like to have spoolss > > converted over, too. > > > > more hands, light work... > > > > > > On Tue, 25 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > > > if anyone wants to help with a very boring but basically self-consistent > > > task, i'd really appreciate it. the goal is, examine rpc_client/cli_*.c > > > functions, e.g samr_open_domain(), and create a srv_*.c function with > > > EXACTLY the same paramaters called _samr_open_domain(), for all functions > > > in rpc_client/cli_*.c and srv_*.c. > > > > > > please see samba tng's rpc_server/srv_samr.c and samrd/srv_samr_passdb.c > > > for examples of the code-conversion in progress. i cut/paste a section of > > > proto.h from rpc_client/cli_samr.c into the top of samrd/srv_samr_passdb.c > > > to make this job easier. > > > > > > if you want to help out, then please follow these instructions, in order > > > to avoid duplication of effort: > > > > > > 1) EITHER: refer to http://samba.org/listproc/samba-technical and look for > > > messages with this subject line OR: change your subscription to non-digest > > > mode on samba-technical. > > > > > > 2) post a message to samba-technical in reply to this message (exclude the > > > text) saying which MSRPC pipe and which functions in that pipe you would > > > like to volunteer for the conversion. > > > > > > 3) wait 20 mins or so, refer to samba-technical, see if anyone else also > > > volunteered. sort it out between you so as not to duplicate effort. > > > > > > 4) examine and follow the example code plus the coding STYLE, please. > > > put copyright your name 2000 at the top of the file in the GPL header. > > > istarted out by making 2 copies of rpc_server/srv_samr.c and then go from > > > there. changes to rpc_parse/parse_*.c::make_r*() functions are sometimes > > > necessary. changes to rpc_parse/parse_*.c::make_q*() functions are NOT > > > necessary and should not be done. > > > > > > 5) send me a diff -u patch, they're far easier to read before doing patch > > > -p0 < your_diff. send it as an attachment not inline text because your > > > emailer or mine may word-wrap anything over 80 chars in length. > > > > > > i will be chewing through srv_samr.c from the top: if anyone wants to > > > start at the bottom and work up, i'll meet you somewhere in the middle :) > > > please follow the reporting instructions above. > > > > > > thx! > > > > > > luke > > > > > > Luke Kenneth Casson Leighton > > > Samba and Network Development > > > Samba Web site > > > Internet Security Systems, Inc. > > > Macmillan Technical Publishing > > > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 27 17:22:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:14 2003 Subject: RV: Latest support for PDC, BDC, trusted relationships In-Reply-To: <38905EBD.352CA39C@NetUSE.DE> Message-ID: neeh, give it a couple of weeks, at least. there are some big restructures going on, plus the passdb/*.c code is so horrible and unreliable i can't... nngh! i hate it, it's next on my hit-list. On Fri, 28 Jan 2000, Lars Kneschke wrote: > "Paniagua Moreno, Pedro Luis" wrote: > > > > Hello: > > Is this code (TNG) stable enough as to plan to install on a > > production Domain (about 35 users). Should I risk and try or better I wait > > till a production release (any date?). > I use it every day here at work. (i'am my only user!) I would use > it. But luke will have a better overview about his code. From lkcl at samba.org Thu Jan 27 17:34:59 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:14 2003 Subject: Versions of Samba In-Reply-To: Message-ID: matthew, if you are a programmer, i need some "heavy-weight" testing done by getting rpctorture up and running again. i need to simulate several hundred simultaneous logins and-such. if you are not a programmer, please wait until someone (probably me) posts some test results to the lists. rpctorture with 100 processes repeating 100,000 user logins _each_ tends to hammer networks and boxes into the ground for a couple of hours, it's quite fun to watch, especially nt. luke On Fri, 28 Jan 2000, Matthew M Lavy wrote: > > Sorry to clutter this list with a boring newbie type question, but I have > been using Samba 2.0.5 happily on Debian/slink for some time for a 30 > workstation, 400 user system, but now I want to expunge NT entirely and > use Samba as PDC. I'm aware the code isn't finished and am prepared to > have only partial functionality (although I need stability) and would > ultimately be interesting in starting to help bug-spotting, learning how > some of the code works etc. > > However, it seems very hard to get info about which version is what, and > which docs go with what. I downloaded the head branch from the cvs server > (previously I've used a .deb packaged version) and it doesn't seem to do > group or user mapping as expected. Can anyone tell me what I should be > using / trying? > > > -- > Matthew M Lavy BA MPhil ARCM LTCL > Jesus College, Cambridge CB5 8BL > Tel: +44 1223 511338 > email: mml1000@jesus.cam.ac.uk > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From marcel at henselin.de Thu Jan 27 17:04:16 2000 From: marcel at henselin.de (Marcel Henselin) Date: Tue Dec 2 02:28:14 2003 Subject: unsubscribe Message-ID: <003f01bf68e8$8b6a3cc0$1264a8c0@WS1> unsubscribe -------------- next part -------------- HTML attachment scrubbed and removed From gene_yee at hotmail.com Thu Jan 27 17:40:27 2000 From: gene_yee at hotmail.com (Gene Yee) Date: Tue Dec 2 02:28:14 2003 Subject: Slow Print Server Message-ID: <20000127174029.33897.qmail@hotmail.com> Sounds simple enough. I will try it later this week and report the results. >From: Mark Cooke >To: Gene Yee >CC: Multiple recipients of list SAMBA-NTDOM >Subject: Re: Slow Print Server >Date: Wed, 26 Jan 2000 23:52:27 +0000 (GMT) > >On Thu, 27 Jan 2000, Gene Yee wrote: > > > I am running a Samba Linux print server using the RedHat 6.1 >distribution. > > Samba v2.0.5a which comes with RedHat. > >Hi Gene, > >I was having problems with smbclient being very very slow putting >files from a redhat 6.1/2.0.5a to windows machines (bytes per second >over a pretty quiet 10mbps network). Perhaps you are seeing similar? > >The solution here was to upgrade to 2.0.6. Write speeds are up into >the hundreds of kbytes range now. > >Regards, > >Mark > >+-------------------------------------------------------------------------+ >Mark Cooke The views expressed above are mine and are not >Systems Programmer necessarily representative of university policy >University Of Birmingham URL: http://www.sr.bham.ac.uk/~mpc/ >+-------------------------------------------------------------------------+ > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From lkcl at samba.org Thu Jan 27 17:47:56 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:14 2003 Subject: unsubscribe In-Reply-To: <003f01bf68e8$8b6a3cc0$1264a8c0@WS1> Message-ID: aah! nooo! another one! after i posted a message explaining what to do! agh! that does it :) andrew, mr black suggested appending a one-line "how to unsubscribe" to all samba mailing list postings. is this possible? On Fri, 28 Jan 2000, Marcel Henselin wrote: > unsubscribe From gene_yee at hotmail.com Thu Jan 27 19:45:54 2000 From: gene_yee at hotmail.com (Gene Yee) Date: Tue Dec 2 02:28:14 2003 Subject: Slow Print Server Message-ID: <20000127194554.79196.qmail@hotmail.com> After initial tests, appears MUCH faster!! Thanks!! >From: Mark Cooke >To: Gene Yee >CC: Multiple recipients of list SAMBA-NTDOM >Subject: Re: Slow Print Server >Date: Wed, 26 Jan 2000 23:52:27 +0000 (GMT) > >On Thu, 27 Jan 2000, Gene Yee wrote: > > > I am running a Samba Linux print server using the RedHat 6.1 >distribution. > > Samba v2.0.5a which comes with RedHat. > >Hi Gene, > >I was having problems with smbclient being very very slow putting >files from a redhat 6.1/2.0.5a to windows machines (bytes per second >over a pretty quiet 10mbps network). Perhaps you are seeing similar? > >The solution here was to upgrade to 2.0.6. Write speeds are up into >the hundreds of kbytes range now. > >Regards, > >Mark > >+-------------------------------------------------------------------------+ >Mark Cooke The views expressed above are mine and are not >Systems Programmer necessarily representative of university policy >University Of Birmingham URL: http://www.sr.bham.ac.uk/~mpc/ >+-------------------------------------------------------------------------+ > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From mml1000 at cam.ac.uk Thu Jan 27 19:56:51 2000 From: mml1000 at cam.ac.uk (Matthew M Lavy) Date: Tue Dec 2 02:28:14 2003 Subject: Versions of Samba In-Reply-To: Message-ID: Well, I am, but I'm not really a C programmer; the only language I would claim competence with is Java - which doesn't really help here. However, if it's just a question of minor code modifications that require syntactical knowledge and common sense (parameter tweaks for testing etc) I'm more than happy to torture a few machines - I've got a server that I can use for the job. Matthew On Fri, 28 Jan 2000, Luke Kenneth Casson Leighton wrote: > matthew, > > if you are a programmer, i need some "heavy-weight" testing done by > getting rpctorture up and running again. > > i need to simulate several hundred simultaneous logins and-such. > > if you are not a programmer, please wait until someone (probably me) posts > some test results to the lists. > > rpctorture with 100 processes repeating 100,000 user logins _each_ tends > to hammer networks and boxes into the ground for a couple of hours, it's > quite fun to watch, especially nt. > > luke > > On Fri, 28 Jan 2000, Matthew M Lavy wrote: > > > > > Sorry to clutter this list with a boring newbie type question, but I have > > been using Samba 2.0.5 happily on Debian/slink for some time for a 30 > > workstation, 400 user system, but now I want to expunge NT entirely and > > use Samba as PDC. I'm aware the code isn't finished and am prepared to > > have only partial functionality (although I need stability) and would > > ultimately be interesting in starting to help bug-spotting, learning how > > some of the code works etc. > > > > However, it seems very hard to get info about which version is what, and > > which docs go with what. I downloaded the head branch from the cvs server > > (previously I've used a .deb packaged version) and it doesn't seem to do > > group or user mapping as expected. Can anyone tell me what I should be > > using / trying? > > > > > > -- > > Matthew M Lavy BA MPhil ARCM LTCL > > Jesus College, Cambridge CB5 8BL > > Tel: +44 1223 511338 > > email: mml1000@jesus.cam.ac.uk > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > -- Matthew M Lavy BA MPhil ARCM LTCL Jesus College, Cambridge CB5 8BL Tel: +44 1223 511338 email: mml1000@jesus.cam.ac.uk From lkcl at samba.org Thu Jan 27 20:07:10 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:14 2003 Subject: Versions of Samba In-Reply-To: Message-ID: we got a volunteer for the rpctorture update. On Thu, 27 Jan 2000, Matthew M Lavy wrote: > > Well, I am, but I'm not really a C programmer; the only language I would > claim competence with is Java - which doesn't really help here. However, > if it's just a question of minor code modifications that require > syntactical knowledge and common sense (parameter tweaks for testing etc) > I'm more than happy to torture a few machines - I've got a server that > I can use for the job. > > Matthew > > On Fri, 28 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > matthew, > > > > if you are a programmer, i need some "heavy-weight" testing done by > > getting rpctorture up and running again. > > > > i need to simulate several hundred simultaneous logins and-such. > > > > if you are not a programmer, please wait until someone (probably me) posts > > some test results to the lists. > > > > rpctorture with 100 processes repeating 100,000 user logins _each_ tends > > to hammer networks and boxes into the ground for a couple of hours, it's > > quite fun to watch, especially nt. > > > > luke > > > > On Fri, 28 Jan 2000, Matthew M Lavy wrote: > > > > > > > > Sorry to clutter this list with a boring newbie type question, but I have > > > been using Samba 2.0.5 happily on Debian/slink for some time for a 30 > > > workstation, 400 user system, but now I want to expunge NT entirely and > > > use Samba as PDC. I'm aware the code isn't finished and am prepared to > > > have only partial functionality (although I need stability) and would > > > ultimately be interesting in starting to help bug-spotting, learning how > > > some of the code works etc. > > > > > > However, it seems very hard to get info about which version is what, and > > > which docs go with what. I downloaded the head branch from the cvs server > > > (previously I've used a .deb packaged version) and it doesn't seem to do > > > group or user mapping as expected. Can anyone tell me what I should be > > > using / trying? > > > > > > > > > -- > > > Matthew M Lavy BA MPhil ARCM LTCL > > > Jesus College, Cambridge CB5 8BL > > > Tel: +44 1223 511338 > > > email: mml1000@jesus.cam.ac.uk > > > > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > > > -- > Matthew M Lavy BA MPhil ARCM LTCL > Jesus College, Cambridge CB5 8BL > Tel: +44 1223 511338 > email: mml1000@jesus.cam.ac.uk > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From plpm at mapfre.com Thu Jan 27 20:47:29 2000 From: plpm at mapfre.com (Paniagua Moreno, Pedro Luis) Date: Tue Dec 2 02:28:14 2003 Subject: RV: Latest support for PDC, BDC, trusted relationships Message-ID: <00Jan27.174731clst.115209@thebox.cajare.cl> Hello: Is this code (TNG) stable enough as to plan to install on a production Domain (about 35 users). Should I risk and try or better I wait till a production release (any date?). Thankyou. > Pedro Luis Paniagua Moreno > MAPFRE AMERICA > Inform?tica - Area T?cnica > Tel: (+34) 915 81 50 18 > Fax: (+34) 915 81 11 19 > e-mail: plpm@mapfre.com > -----Mensaje original----- De: Lars Kneschke [mailto:lk@NetUSE.DE] Enviado el: mi?rcoles 26 de enero de 2000 9:54 Para: Multiple recipients of list SAMBA-NTDOM Asunto: Re: Latest support for PDC, BDC, trusted relationships "Paniagua Moreno, Pedro Luis" wrote: > > I am trying to guess which is the latest (and, if possible) version I should > have to get to get to this scenario: > domain Master: PDC -> WNT > domain Slave: BDC -> Samba 2.X (linux). This is a resource Domain; > no accounts. This should work with the current samba tng from the cvs. But you need to create useraccounts at the linux bdc for every domainuser, if want to share some files on the linux bdc. > I thing TNG should do it, but i'm confused as how to get it. I have created a webpage which tells you the basic stuff, and how to get it. You can find it under http://www.kneschke.de/projekte/samba_tng. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From abrock at georgefox.edu Thu Jan 27 20:09:03 2000 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:28:14 2003 Subject: Frustrated with browsing, domains, and network logins ... Message-ID: <4.2.0.58.20000127140706.00975ca0@localhost> I apologize if this is not the proper list. However, I attempted to send this to samba@samba.org, and have not yet seen any sign that it was successfully issued. If you have any ideas, I would LOVE to hear them, Tony Brock Forwarded Message: ******************** I'm trying to get cross-network browsing/domain logins working. In brief, I am very frustrated. We thought the initial problem was a browsing problem, but now it does not appear to be that. Even once the workstation can see the servers, it STILL cannot perform a Domain login, although it CAN access resources if I use the Ms Dos prompt and issue a 'net use ...' command. This happens occasionally with some of our machines, and we are not able to get them to work again once it starts. PLEASE help if you know anything! I am desperate! Also, I tried upgrading to Samba-TNG, but then cross-network browsing broke for about half our clients!??? Did something change with the development branch? Anyway, when we down-graded, most workstations that failed started working again... I have no idea if this is an NT, Samba, or Win98/Win95 issue. Any help is GREATLY appreciated (and I have read the browsing.txt file). Details follow: ******************** Basically, our setup is a follows, We have a WINS server located at x.x.4.1 ->dns1 (Samba 2.0.6) We have a Domain PDC for PLANTSERVICES located at x.x.9.61 -> plant_server (NT 4.0 ServicePack 5) We have a workstation that needs to login to PLANTSERVICES at x.x.5.154 -> dherron (Win98) We are using DHCP for the workstation, and the PDC and WINS (which is a samba Work Group Server for another domain) have static IPs. The Win98 workstation was working fine until yesterday morning, when it stopped logging into the network. This is a symptom that has occurred frequently on campus, and we are VERY frustrated once this starts happening. We are not aware of any changes that were made to either the workstation, WINS, or PDC. In trying to trouble-shoot this problem, I used the following command: [abrock@classroom-dhcp abrock]$ nmblookup -B x.x.5.255 -M - Sending queries to x.x.5.255 x.x.5.131 __MSBROWSE__<01> x.x.5.171 __MSBROWSE__<01> x.x.5.29 __MSBROWSE__<01> x.x.5.179 __MSBROWSE__<01> As you can see, x.x.5.154 was not listed. I then tried: [abrock@classroom-dhcp abrock]$ nmblookup -B x.x.5.255 -M PLANTSERVICES Sending queries to x.x.5.255 name_query failed to find name PLANTSERVICES So, I tried: [abrock@classroom-dhcp abrock]$ nmblookup -A x.x.5.154 Sending queries to 198.106.77.255 Looking up status of x.x.5.154 received 6 names DHERRON <00> - M PLANTSERVICES <00> - M num_good_sends=0 num_good_receives=0 When comparing this with another machine, I noticed that there was no entries like: DHERRON <20> - M PLANTSERVICES <1e> - M PLANTSERVICES <1d> - M ..__MSBROWSE__. <01> - M Also, queries to the WINS server reported: [abrock@classroom-dhcp abrock]$ nmblookup -U dns1 -R -S dherron Sending queries to x.x.4.1 x.x.5.154 dherron<00> Looking up status of x.x.5.154 received 2 names DHERRON <00> - M PLANTSERVICES <00> - M num_good_sends=0 num_good_receives=0 [abrock@classroom-dhcp abrock]$ nmblookup -U dns1 -R -S plant_server Sending queries to x.x.4.1 x.x.9.61 plant_server<00> Looking up status of x.x.9.61 received 10 names PLANT_SERVER <00> - M PLANTSERVICES <00> - M PLANTSERVICES <1c> - M PLANT_SERVER <20> - M PLANTSERVICES <1b> - M PLANT_SERVER <03> - M PLANTSERVICES <1e> - M ADMINISTRATOR <03> - M PLANTSERVICES <1d> - M ..__MSBROWSE__. <01> - M num_good_sends=0 num_good_receives=0 At this point, we re-installed the OS in an attempt to fix the problem, since it seems that this machine would HAVE to be a master browser on this network (there are not other members of PLANTSERVICES on this network). No success. After installation, the problem was unchanged, and nmblookup reports were unchanged. So, in a brain-storm, we turned on file and print sharing of the Win98 workstation. Now, the following appears, [abrock@classroom-dhcp abrock]$ nmblookup -U dns1 -R -S dherron Sending queries to x.x.4.1 x.x.5.154 dherron<00> Looking up status of x.x.5.154 received 6 names DHERRON <00> - M PLANTSERVICES <00> - M DHERRON <20> - M PLANTSERVICES <1e> - M PLANTSERVICES <1d> - M ..__MSBROWSE__. <01> - M num_good_sends=0 num_good_receives=0 However, we still have the same problem when trying to login to the PDC. On the other hand, if I turn-off the 'Logon to Windows NT Domain' in Client for Microsoft Networks, I am able to login to the machine, but cannot see any other machines in the domain. If I then open an MS DOS PROMPT, and issue: net use w: \\x.x.9.61\netlogon it will successfully connect! After is successfully connects, I can then see all the servers in the domain, like I am supposed to. However, if I then log off, I STILL can't login to the domain, but the list remains in Network Neighborhood. What is going on? Does anyone have any idea why this workstation cannot login to the domain? How to I get cross-network browsing to work BEFORE issuing the above command? Thanks in advance for any help, Tony Brock ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From greg at discreet.com Fri Jan 28 00:00:36 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:14 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <389045A3.37CCB9AD@pjat.dk> Message-ID: They are just warnings, does it run? Greg On Thu, 27 Jan 2000, Kim Bjoern Nielsen wrote: > Date: Thu, 27 Jan 2000 14:18:27 +0100 > From: Kim Bjoern Nielsen > To: greg@discreet.com > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Problems compiling Samba-TNG for IRIX > > Greg Dickie wrote: > > > > Ya, I'm always on the f stream, that could be it. > > > > Greg > > > > On 23-Jan-00 Kim Bjoern Nielsen wrote: > > > Greg Dickie wrote: > > >> > > >> nothing special at all, today it just works. What version of irix are you > > >> using? I'm on 6.5.4, maybe thats the diff. > > > > > > I'm using 6.5.6m on an INDY R4400 > > > > > > I'll try 6.5.6f on an INDY R5000 later (tonight)! > > been away for a couple of days! > > I tried 6.5.6f, and got it working on R5000. Great. > > I'm still fighting with R4400 though: > > I got the errors: > > IRIX 1# ./configure --prefix=/usr/samba > IRIX 2# gmake > Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper > -DLOGFILEBASE="/usr/samba/var" -DSMBLOGFILE="/usr/samba/var/log.smb" > -DNMBLOGFILE="/usr/samba/var/log.nmb" > -DCONFIGFILE="/usr/samba/lib/smb.conf" > -DLMHOSTSFILE="/usr/samba/lib/lmhosts" -DSWATDIR="/usr/samba/swat" > -DSBINDIR="/usr/samba/bin" -DLOCKDIR="/usr/samba/var/locks" > -DSMBRUN="/usr/samba/bin/smbrun" > -DCODEPAGEDIR="/usr/samba/lib/codepages" > -DDRIVERFILE="/usr/samba/lib/printers.def" -DBINDIR="/usr/samba/bin" > -DFORMSFILE="/usr/samba/lib/ntforms.def" -DNTDRIVERSDIR="/usr/samba/lib" > -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" > -DSMB_PASSWD_PROGRAM="/usr/samba/bin/smbpasswd" > -DSMB_PASSWD_FILE="/usr/samba/private/smbpasswd" > -DSMB_PASSGRP_FILE="/usr/samba/private/smbpassgrp" > -DSMB_GROUP_FILE="/usr/samba/private/smbgroup" > -DSMB_ALIAS_FILE="/usr/samba/private/smbalias" > Using LIBS = > > snip... > > Compiling lib/util.c with libtool > lib/util.c: In function `nametouid': > lib/util.c:2081: warning: passing arg 1 of `Get_Pwnam' discards `const' > from pointer target type > Compiling lib/genrand.c with libtool > > snip... > > Compiling rpc_parse/parse_creds.c with libtool > rpc_parse/parse_creds.c: In function `create_user_creds': > rpc_parse/parse_creds.c:600: warning: assignment discards `const' from > pointer target type > Compiling rpc_parse/parse_ntlmssp.c with libtool > > snip... > > Compiling lib/domain_namemap.c > lib/domain_namemap.c: In function `lookup_remote_ntname': > lib/domain_namemap.c:914: warning: assignment discards `const' from > pointer target type > Compiling lib/util_pwdb.c > > snip... > > Compiling lib/domain_namemap.c with libtool > lib/domain_namemap.c: In function `lookup_remote_ntname': > lib/domain_namemap.c:914: warning: assignment discards `const' from > pointer target type > Linking shared library bin/libsmbpw.la > > ...and a lot of: > > ld32: WARNING 85: definition of __deregister_frame_info in > bin/.libs/libnmb.so preempts that definition in bin/.libs/libsamba.so. > > --- > > Any ideas? > > Thanks - Kim > > > > > > > > Thanks - Kim > > > > > >> > > >> Greg > > >> > > >> On 23-Jan-00 Kim Bjoern Nielsen wrote: > > >> > Greg Dickie wrote: > > >> >> > > >> >> I'm compiling now. 2.8.1 should work i think... ya thats what I'm using. > > >> >> > > >> >> Greg > > >> > > > >> > Thanks Greg, > > >> > > > >> > I'm confused! I just carried out a full cvs > > >> > download/configure/compilation of samba_main. - And tested it. > > >> > > > >> > It works. > > >> > > > >> > I still can't get samba_tng to compile - argh! > > >> > > > >> > Did you make your own changes to src? > > >> > Are you using environment settings related to GNU gcc or libs? > > >> > > > >> > Any ideas much appreciated > > >> > > > >> > Thanks - Kim > > >> > > > >> >> > > >> >> On 23-Jan-00 Kim Bjoern Nielsen wrote: > > >> >> > Greg Dickie wrote: > > >> >> >> > > >> >> >> Are you using the IRIX C compiler? The TNG branch hasn't compiled with > > >> >> >> it > > >> >> >> for a > > >> >> >> while, I'm using gcc now. You can get it off the sgi free stuff web > > >> >> >> site. > > >> >> >> The > > >> >> >> cvs head branch however still seems to work with the native IRIX make > > >> >> >> and > > >> >> >> C > > >> >> >> compiler. Course I haven't check the logs for a couple of days, maybe > > >> >> >> it > > >> >> >> doesn't compile... > > >> >> >> > > >> >> > > > >> >> > I'm using the gcc ver. 2.8.1 (fw_gcc-2.8.1-sgipl2.tardist) > > >> >> > > > >> >> > I have just downloaded fw_egcs-1.1.2.tardist. Maybe that's better? > > >> >> > > > >> >> > Thanks - Kim > > >> >> > > > >> >> >> Greg > > >> > > >> ---------------------------------- > > >> Greg Dickie > > >> just a guy* > > >> *from Discreet (the Logic is gone) > > >> ---------------------------------- > > > > ---------------------------------- > > Greg Dickie > > just a guy* > > *from Discreet (the Logic is gone) > > ---------------------------------- > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From ringram at acpl.lib.wy.us Fri Jan 28 02:27:33 2000 From: ringram at acpl.lib.wy.us (Russel H. Ingram) Date: Tue Dec 2 02:28:14 2003 Subject: Problem adding domain users to local admin group Message-ID: <3890FE95.A5070B87@acpl.lib.wy.us> I recently decided I'd give the TNG branch of Samba a try on a domain that was already running version 2.0.5a (I know ... big mistake). When I found that it wasn't ready for my domain yet I went back only to find that none of the machines were able to login to the domain any longer. I knew how to fix that by either restoring the original SID file or re-adding all machines to the domain. So I re-added all of the machines to the domain because I hadn't made a backup of the original SID file. Anyway, before this whole episode, I was able to see the normal 15 domain users from the User Manager and add them to the local machine admin group. Now I have lost that ability. The error it gives in the User Manager dialog for adding users to the admin group is something like "unable to view users from the domain due to the following error: invalid tag". I'm not sure about the exact wording before the colon but the part after the colon is accurate. Anybody got any ideas? -- Russel Ingram | "In a world without fences, who needs Gates?" Linux.com Support Staff | gargoyle@linux.com | -- Linux Journal From gaurav at carroll.com Fri Jan 28 04:32:19 2000 From: gaurav at carroll.com (G. Naik) Date: Tue Dec 2 02:28:14 2003 Subject: Differences between Samba-MAIN, Samba-TNG Message-ID: Would someone please enlight me...regarding Domain Control for NT Workstations, what does each support. I have both branches, and I was able to use both of them for roaming profiles and authentication (homes). So what does TNG provide, that MAIN cannot. Trust-relationships between servers in the domain? Netlogon? Spoolss? User Manager for Domains? What else? Thanks for your help. -g- --- Gaurav Naik ("g") | C A R R O L L - N E T, Inc. 201-488-1332 | www.carroll.com From lkcl at samba.org Fri Jan 28 06:27:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:14 2003 Subject: [samba-tng] spoolss conversion and others Message-ID: 3 functions left to go. should be done by tomorrow afternoon. that leaves sander striker to do 3 functions in samr (he said tomorrow evening). and elrond to do lsarpcd. there were a couple of other people, if you remember who you are, there's still srvsvc, svcctl and netlogond left to do (out of the biggies). i'd consider netlogond and lsarpcd to be the priorities. netlogond.... yeah, netlogond shouldn't be a problem. i thought it _might_ be due to the referencing of the credential database, but i forgot that i converted that over to use netlogoncreds.tdb, so _that_'s ok. if there are any takers for netlogond (we already have elrond on lsarpcd), then i will get on with designing and writing a srv_samrd_tdb.c. _that's_ going to be fun, i get a chance to cut out all that trash in passdb/*.c and groupdb/*.c, hooray, at last i hear you all say. From Daniel.Sandmeier at HWK-DO.DE Fri Jan 28 06:57:29 2000 From: Daniel.Sandmeier at HWK-DO.DE (Daniel Sandmeier) Date: Tue Dec 2 02:28:14 2003 Subject: JOIN REQUEST References: <000801bf68ea$79c45850$6c771acc@bridgephone.net> Message-ID: <38913DD9.66E3CC49@hwk-do.de> Go to the link below and follow the instructions!! http://www.samba.org/listproc/ MfG DerSandos187 From mhn_amp at yahoo.co.uk Fri Jan 28 07:39:30 2000 From: mhn_amp at yahoo.co.uk (Mohan P) Date: Tue Dec 2 02:28:14 2003 Subject: Subscribe Message-ID: <3.0.6.32.20000128123930.007961f0@pop.mail.yahoo.co.uk> subscribe __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com From iquest at iafrica.com Fri Jan 28 08:40:40 2000 From: iquest at iafrica.com (Fani Mabilane) Date: Tue Dec 2 02:28:14 2003 Subject: Subscription Message-ID: <38915608.92B5C6E@iafrica.com> Hi, My name is Elliot and am staying in South Africa, I would like to be subscribed to mailing list on how to make samba Primary Domain Controller. I am currentlly using samba 2.0 please help. Thanx in advance Elliot Mokoena From jens.skripczynski at igd.fhg.de Fri Jan 28 09:18:48 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:14 2003 Subject: Subscribe In-Reply-To: <3.0.6.32.20000128123930.007961f0@pop.mail.yahoo.co.uk>; from mhn_amp@yahoo.co.uk on Fri, Jan 28, 2000 at 06:14:22PM +1100 References: <3.0.6.32.20000128123930.007961f0@pop.mail.yahoo.co.uk> Message-ID: <20000128101848.A15668@pclinux.igd.fhg.de> Mohan P: > subscribe Go to the link below and follow the instructions!! http://www.samba.org/listproc/ Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From jens.skripczynski at igd.fhg.de Fri Jan 28 09:19:10 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:14 2003 Subject: Subscription In-Reply-To: <38915608.92B5C6E@iafrica.com>; from iquest@iafrica.com on Fri, Jan 28, 2000 at 07:49:24PM +1100 References: <38915608.92B5C6E@iafrica.com> Message-ID: <20000128101910.B15668@pclinux.igd.fhg.de> Fani Mabilane: > Hi, > > My name is Elliot and am staying in South Africa, I would like to be > subscribed to mailing list on how to make samba Primary Domain > Controller. I am currentlly using samba 2.0 please help. Go to the link below and follow the instructions!! http://www.samba.org/listproc/ Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From matthias at waechter.wol.at Fri Jan 28 09:26:45 2000 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:28:14 2003 Subject: Subscribe In-Reply-To: <20000128101848.A15668@pclinux.igd.fhg.de> Message-ID: On Fri, 28 Jan 2000, Jens Skripczynski wrote: > Mohan P: > > subscribe > Go to the link below and follow the instructions!! > > http://www.samba.org/listproc/ Maybe someone can configure/patch the listproc so it will bounce mail with only "subscribe", "join" or "unsubscribe" in one of the first few lines of a message written directly to a list? Sehr Wus, - Matthias -- "Fire! Fire!!! FIRE!!!!! cat?" (from Pleasantville) ----------------------------------------------------------------------------- From lk at NetUSE.DE Fri Jan 28 09:37:47 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:14 2003 Subject: Samba is now a logon server for workgroup ... on subnet127.0.0.1 References: <4.1.20000127133822.00b446f0@shinogi> Message-ID: <3891636B.C848A67F@NetUSE.DE> Mark Tilles wrote: > > I just finished setting up a Linux RedHat 6.1 system with Samba 2.0.5a. I > cannot browse the system from a Windows Nt Domain, but I can browse it just > fine from another Linux samba system... > > The line: > > [2000/01/27 14:41:47, 0] > nmbd/nmbd_logonnames.c:become_logon_server_success(118) > become_logon_server_success: Samba is now a logon server for workgroup > BERKELEY on subnet 127.0.0.1 > > looks suspicious to me. The network I want to browse from is > 198.147.235.0/24 - and this is where the other linux box is as well that > can connect. The following is the output from my log files. Would anyone > care to comment on suggestions why I am having this trouble? > [2000/01/27 14:41:41, 0] libsmb/nmblib.c:send_udp(754) > Packet send failed to 198.147.235.21(137) ERRNO=Invalid argument What is 198.147.235.21? Is that the samba server? Please send the global section from smb.conf too. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at NetUSE.DE Fri Jan 28 09:43:13 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:14 2003 Subject: Head branch with "server = domain", login fails. References: <3890FEB7.FBA6E07F@boeing.com> Message-ID: <389164B1.91BA8FC6@NetUSE.DE> Paul Allen wrote: > The basic networking stuff works, but the PDC is rejecting my password. > With debug level 5, it looks as if it thinks my NT account doesn't > exist. The Samba server is logging a "no such user" error after > having a conversation with the PDC. > > Here's my smb.conf: > > [global] > workgroup = ISS-TECH > server string = Samba Server > security = DOMAIN > encrypt passwords = Yes > password server = iss-tech-f > username map = /usr/local/samba-main/lib/map > log file = /usr/local/samba-main/var/log.%m > max log size = 50 > name resolve order = host lmhosts bcast wins > client code page = 437 > lm announce = True > local master = No > dns proxy = No > wins server = 130.121.5.43 > remote announce = 130.42.151 Looks good for me. Have you created a workstation trust account on the pdc? Have you joined the domain with your sambaserver? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at NetUSE.DE Fri Jan 28 09:52:26 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:14 2003 Subject: Subscription References: <38915608.92B5C6E@iafrica.com> Message-ID: <389166DA.FC86C0E8@NetUSE.DE> Go to the link below and follow the instructions!! http://www.samba.org/listproc/ Fani Mabilane wrote: > > Hi, > > My name is Elliot and am staying in South Africa, I would like to be > subscribed to mailing list on how to make samba Primary Domain > Controller. I am currentlly using samba 2.0 please help. > > Thanx in advance > > Elliot Mokoena -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at NetUSE.DE Fri Jan 28 11:57:16 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:14 2003 Subject: Frustrated with browsing, domains, and network logins ... References: <4.2.0.58.20000127140706.00975ca0@localhost> Message-ID: <3891841C.EDBBAA41@NetUSE.DE> Anthony Brock wrote: > We have a WINS server located at x.x.4.1 ->dns1 (Samba 2.0.6) > We have a Domain PDC for PLANTSERVICES located at x.x.9.61 -> plant_server > (NT 4.0 ServicePack 5) > We have a workstation that needs to login to PLANTSERVICES at x.x.5.154 -> > dherron (Win98) Have you disabled the wins-server on the PDC? Use all clients the same WINS-server? And do all clients and servers use a WINS-server? Which Sambaversion do you use? Can you post the global section from smb.conf? What says log.nmb? Please look who is the local masterbrowser and such things. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From fredrikf at jmeab.se Fri Jan 28 14:43:31 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:28:14 2003 Subject: Logon! Message-ID: <000d01bf699e$0ce5cfc0$0a00a8c0@ml.org> I have a problem... I can join the domain in Win 2k..But after i have reboot and try to logon i get this message: "The system cannot log you on now because the domain REDHAT is not available." When i try to logon from Win 98.. I just ge a message like: You password is wrong.. I have done all from: http://www.kneschke.de/ The Samba-TNG only thing!! .. And i have started all demons in /opt/samba-tng/bin And this works: ./smbpasswd -j redhat Joining Domain as PDC socket connect to /tmp/.smb.0/agent failed: Connection refused error connecting to 192.168.0.1:445 (Connection refused) 2000/01/28 15:41:58 : change_trust_account_password: Changed password for domain REDHAT. Joined domain REDHAT. But that thing on port 445.. I don't know what that is.. Anyone know how to fix this ? From jens.skripczynski at igd.fhg.de Fri Jan 28 14:56:19 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:14 2003 Subject: Logon! In-Reply-To: <000d01bf699e$0ce5cfc0$0a00a8c0@ml.org>; from fredrikf@jmeab.se on Sat, Jan 29, 2000 at 01:52:58AM +1100 References: <000d01bf699e$0ce5cfc0$0a00a8c0@ml.org> Message-ID: <20000128155619.A17654@pclinux.igd.fhg.de> Fredrik Falk: > I have a problem... I can join the domain in Win 2k..But after i have reboot and try to logon i get this message: "The system cannot log you on now because the domain REDHAT is not available." > > When i try to logon from Win 98.. I just ge a message like: You password is wrong.. I have done all from: http://www.kneschke.de/ > > The Samba-TNG only thing!! .. And i have started all demons in /opt/samba-tng/bin As fas as I know is the current cvs TNG Tree broken through some mojor rewriting. But anywas it would be good if you examnine your log files and/or, post your configfile, maybe you overlooked something... Btw. do you use encrypted passwords ? Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From timothy_d_cole at md.northgrum.com Fri Jan 28 16:16:50 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:28:14 2003 Subject: Struggling with RPMs Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631E6@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Richard Sharpe [SMTP:sharpe@ns.aus.com] > Sent: Sunday, January 23, 2000 20:07 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Struggling with RPMs > > Hi, > > I find that the files in source/bin called netlogond, samrd, etc, are > simply scripts that look like they build the final thing, and that the > final binaries seem to end up in source/bin/.libs ... > > Is this correct? > Yes; this is done by libtool. Things are sorted out by libtool --mode=install or whatever it is at install time. From Elrond at Wunder-Nett.org Fri Jan 28 16:43:40 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:14 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: ; from Luke Kenneth Casson Leighton on Fri, Jan 28, 2000 at 05:28:22PM +1100 References: Message-ID: <20000128174339.A14304@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jan 28, 2000 at 05:28:22PM +1100, Luke Kenneth Casson Leighton wrote: > 3 functions left to go. should be done by tomorrow afternoon. that > leaves sander striker to do 3 functions in samr (he said tomorrow > evening). and elrond to do lsarpcd. there were a couple of other people, > if you remember who you are, there's still srvsvc, svcctl and netlogond > left to do (out of the biggies). > > i'd consider netlogond and lsarpcd to be the priorities. netlogond.... > yeah, netlogond shouldn't be a problem. i thought it _might_ be due to > the referencing of the credential database, but i forgot that i converted > that over to use netlogoncreds.tdb, so _that_'s ok. > > if there are any takers for netlogond (we already have elrond on lsarpcd), I hope, I get most done on sunday. > then i will get on with designing and writing a srv_samrd_tdb.c. > _that's_ going to be fun, i get a chance to cut out all that trash in > passdb/*.c and groupdb/*.c, hooray, at last i hear you all say. I hope, there will be some nice tools to modify the database by hand. (I'm one of those admins, who like his editor for doing _many_ things.) Berkeley DB for example has a dump-tool, so one can dump the db out, modify it and convert it back to a DB. I don't know, whether tdbtool has this. (Should realy check myself...) Elrond From JAirey at rnib.org.uk Fri Jan 28 16:46:25 2000 From: JAirey at rnib.org.uk (Airey, John) Date: Tue Dec 2 02:28:14 2003 Subject: I cannot join an NT Domain - help! Message-ID: <39B19660C174D311BB9000A0C9E01C3F137990@corfu.rnib.org.uk> I am getting the following error when trying to join an NT domain smbpasswd -j DOMAIN -r PDC modify_trust_password: machine PDC rejected the session setup. Error was : code 131. 2000/01/28 16:37:00 : change_trust_account_password: Failed to change password for domain DOMAIN. Unable to join domain DOMAIN. I'm using Samba 2.0.5a on a Redhat Linux 6.0 machine. I've been through all the smb.conf settings and checked them against every bit of documentation I can find. The NT server is running SP5. I suspect that SP5 changed the method of communication with an NT server to deny network logon RPC requests on joining a domain. Can anyone confirm this and if so, do you know what registry key on the NT server would fix this? - John Airey Systems Engineer, iSys, Royal National Institute for the Blind, PO BOX 173, Peterborough PE2 6XU Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 375255 jairey@rnib.org.uk From mark.tilles at starquest.com Fri Jan 28 16:45:36 2000 From: mark.tilles at starquest.com (Mark Tilles) Date: Tue Dec 2 02:28:15 2003 Subject: Samba is now a logon server for workgroup ... on subnet127.0.0.1 In-Reply-To: <3891636B.C848A67F@NetUSE.DE> References: <4.1.20000127133822.00b446f0@shinogi> Message-ID: <4.1.20000128084438.00a38d10@shinogi> At 10:37 AM 1/28/00 +0100, Lars Kneschke wrote: >Mark Tilles wrote: >> >> I just finished setting up a Linux RedHat 6.1 system with Samba 2.0.5a. I >> cannot browse the system from a Windows Nt Domain, but I can browse it just >> fine from another Linux samba system... >> >> The line: >> >> [2000/01/27 14:41:47, 0] >> nmbd/nmbd_logonnames.c:become_logon_server_success(118) >> become_logon_server_success: Samba is now a logon server for workgroup >> BERKELEY on subnet 127.0.0.1 >> >> looks suspicious to me. The network I want to browse from is >> 198.147.235.0/24 - and this is where the other linux box is as well that >> can connect. The following is the output from my log files. Would anyone >> care to comment on suggestions why I am having this trouble? > >> [2000/01/27 14:41:41, 0] libsmb/nmblib.c:send_udp(754) >> Packet send failed to 198.147.235.21(137) ERRNO=Invalid argument >What is 198.147.235.21? Is that the samba server? Please send the >global section from smb.conf too. 198.146.235.21 is an NT 4.0 SP5 domain controller which is also the primary domain WINS server. Here's the global section: [global] remote announce = 198.147.235.255/BERKELEY 198.147.235.255/STARQUEST ; workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 ;;;;workgroup = BERKELEY workgroup = BERKELEY ; comment is the equivalent of the NT Description field comment = RedHat6 Samba Server ; volume = used to emulate a CDRom label (can be set on a per share basis) volume = RedHat6 ; printing = BSD or SYSV or AIX, etc. printing = bsd printcap name = /etc/printcap load printers = yes ; Uncomment this if you want a guest account ; guest account = pcguest log file = /var/log/samba-log.%m ; Put a capping on the size of the log files (in Kb) max log size = 50 ; Options for handling file name case sensitivity and / or preservation ; Case Sensitivity breaks many WfW and Win95 apps ; case sensitive = yes short preserve case = yes preserve case = yes ; Security and file integrity related options lock directory = /var/lock/samba locking = yes strict locking = yes ; fake oplocks = yes share modes = yes ; Security modes: USER uses Unix username/passwd, SHARE uses WfW type passwords ; SERVER uses a Windows NT Server to provide authentication services security = SERVER ; Use password server option only with security = server password server = starfire ; Configuration Options ***** Watch location in smb.conf for side-effects ***** ; Where %m is any SMBName (machine name, or computer name) for which a custom ; configuration is desired ; include = /etc/smb.conf.%m ; Performance Related Options ; Before setting socket options read the smb.conf man page!! socket options = IPTOS_LOWDELAY TCP_NODELAY ;;;;socket options = TCP_NODELAY ; Socket Address is used to specify which socket Samba ; will listen on (good for aliased systems) ; socket address = aaa.bbb.ccc.ddd ; Use keep alive only if really needed!!!! ; keep alive = 60 ; Domain Control Options ; OS Level gives Samba the power to rule the roost. Windows NT = 32 ; Any value < 32 means NT wins as Master Browser, > 32 Samba gets it ; os level = 33 ; specifies Samba to be the Domain Master Browser ; domain master = yes ; Use with care only if you have an NT server on your network that has been ; configured at install time to be a primary domain controller. ;domain controller = amelia ; Domain logon control can be a good thing! See [netlogon] share section below! ;;;;domain logons = yes ; run a specific logon batch file per workstation (machine) ; logon script = %m.bat ; run a specific logon batch file per username ; logon script = %u.bat ; Windows Internet Name Serving Support Section ; WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; the default is NO. ; wins support = yes ; WINS Server - Tells the NMBD components of Samba to be a WINS Client ; Note: Samba can be either a WINS Server, or a WINS Client, but NOT both wins server = starfire ; WINS Proxy - Tells Samba to answer name resolution queries on behalf of a non ; WINS Client capable client, for this to work there must be at least one ; WINS Server on the network. The default is NO. ; wins proxy = yes >Cu >-- >Lars Kneschke >NetUSE Kommunikationstechnologie GmbH >Siemenswall, D-24107 Kiel, Germany >Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 ^^^^^^^^^^^^^^^^^^^^^^^ Mark Daniel Tilles Asst Systems Administrator StarQuest Software, Inc. 1288 Ninth Street Berkeley, CA 94710 tel: 510-982-2136 fax: 510-528-2986 web: http://www.starquest.com From Elrond at Wunder-Nett.org Fri Jan 28 16:49:16 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:15 2003 Subject: Problems compiling Samba-TNG for IRIX In-Reply-To: <389045A3.37CCB9AD@pjat.dk>; from Kim Bjoern Nielsen on Fri, Jan 28, 2000 at 12:20:43AM +1100 References: <389045A3.37CCB9AD@pjat.dk> Message-ID: <20000128174916.B14304@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jan 28, 2000 at 12:20:43AM +1100, Kim Bjoern Nielsen wrote: [...] > Compiling lib/domain_namemap.c > lib/domain_namemap.c: In function `lookup_remote_ntname': > lib/domain_namemap.c:914: warning: assignment discards `const' from > pointer target type Ignore those warnings... they're for the developers... [...] > ld32: WARNING 85: definition of __deregister_frame_info in > bin/.libs/libnmb.so preempts that definition in bin/.libs/libsamba.so. [...] __deregister_frame_info sounds like something from gcc. I guess, gcc links its own helperlibs into each shared library, and so this results in these warnings. Unless you mix gcc-versions, that shouldn't hurt. Also I don't know much about irix, so I might be completely off here. From lkcl at samba.org Fri Jan 28 17:39:29 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: <20000128174339.A14304@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > > then i will get on with designing and writing a srv_samrd_tdb.c. > > _that's_ going to be fun, i get a chance to cut out all that trash in > > passdb/*.c and groupdb/*.c, hooray, at last i hear you all say. > > I hope, there will be some nice tools to modify the > database by hand. (I'm one of those admins, who like his > editor for doing _many_ things.) :) rpcclient will be your best friend. > Berkeley DB for example has a dump-tool, so one can dump > the db out, modify it and convert it back to a DB. hmm! > I don't know, whether tdbtool has this. (Should realy check > myself...) kno, it doesn't. From lkcl at samba.org Fri Jan 28 17:40:37 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: Samba is now a logon server for workgroup ... on subnet127.0.0.1 In-Reply-To: <4.1.20000128084438.00a38d10@shinogi> Message-ID: remote announce is highly disruptive. ESPECIALLY when used for the same workgroup that samba is in. > [global] > remote announce = 198.147.235.255/BERKELEY 198.147.235.255/STARQUEST > > ; workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 > ;;;;workgroup = BERKELEY > workgroup = BERKELEY > > ; comment is the equivalent of the NT Description field > comment = RedHat6 Samba Server > > ; volume = used to emulate a CDRom label (can be set on a per share basis) > volume = RedHat6 > > ; printing = BSD or SYSV or AIX, etc. > printing = bsd > printcap name = /etc/printcap > load printers = yes > > ; Uncomment this if you want a guest account > ; guest account = pcguest > log file = /var/log/samba-log.%m > ; Put a capping on the size of the log files (in Kb) > max log size = 50 > > ; Options for handling file name case sensitivity and / or preservation > ; Case Sensitivity breaks many WfW and Win95 apps > ; case sensitive = yes > short preserve case = yes > preserve case = yes > > ; Security and file integrity related options > lock directory = /var/lock/samba > locking = yes > strict locking = yes > ; fake oplocks = yes > share modes = yes > ; Security modes: USER uses Unix username/passwd, SHARE uses WfW type passwords > ; SERVER uses a Windows NT Server to provide authentication services > security = SERVER > ; Use password server option only with security = server > password server = starfire > > ; Configuration Options ***** Watch location in smb.conf for side-effects ***** > ; Where %m is any SMBName (machine name, or computer name) for which a custom > ; configuration is desired > ; include = /etc/smb.conf.%m > > ; Performance Related Options > ; Before setting socket options read the smb.conf man page!! > socket options = IPTOS_LOWDELAY TCP_NODELAY > ;;;;socket options = TCP_NODELAY > ; Socket Address is used to specify which socket Samba > ; will listen on (good for aliased systems) > ; socket address = aaa.bbb.ccc.ddd > ; Use keep alive only if really needed!!!! > ; keep alive = 60 > > ; Domain Control Options > ; OS Level gives Samba the power to rule the roost. Windows NT = 32 > ; Any value < 32 means NT wins as Master Browser, > 32 Samba gets it > ; os level = 33 > ; specifies Samba to be the Domain Master Browser > ; domain master = yes > ; Use with care only if you have an NT server on your network that has been > ; configured at install time to be a primary domain controller. > ;domain controller = amelia > ; Domain logon control can be a good thing! See [netlogon] share section below! > ;;;;domain logons = yes > ; run a specific logon batch file per workstation (machine) > ; logon script = %m.bat > ; run a specific logon batch file per username > ; logon script = %u.bat > ; Windows Internet Name Serving Support Section > ; WINS Support - Tells the NMBD component of Samba to enable it's WINS Server > ; the default is NO. > ; wins support = yes > ; WINS Server - Tells the NMBD components of Samba to be a WINS Client > ; Note: Samba can be either a WINS Server, or a WINS Client, but NOT both > wins server = starfire > ; WINS Proxy - Tells Samba to answer name resolution queries on behalf of a non > ; WINS Client capable client, for this to work there must be at least one > ; WINS Server on the network. The default is NO. > ; wins proxy = yes > > > >Cu > >-- > >Lars Kneschke > >NetUSE Kommunikationstechnologie GmbH > >Siemenswall, D-24107 Kiel, Germany > >Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > > > ^^^^^^^^^^^^^^^^^^^^^^^ > Mark Daniel Tilles > Asst Systems Administrator > StarQuest Software, Inc. > 1288 Ninth Street > Berkeley, CA 94710 > > tel: 510-982-2136 > fax: 510-528-2986 > > web: http://www.starquest.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From Elrond at Wunder-Nett.org Fri Jan 28 17:56:31 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: ; from Luke Kenneth Casson Leighton on Sat, Jan 29, 2000 at 04:39:29AM +1100 References: <20000128174339.A14304@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000128185630.B23242@baerbel.mug.maschinenbau.tu-darmstadt.de> On Sat, Jan 29, 2000 at 04:39:29AM +1100, Luke Kenneth Casson Leighton wrote: > > > then i will get on with designing and writing a srv_samrd_tdb.c. > > > _that's_ going to be fun, i get a chance to cut out all that trash in > > > passdb/*.c and groupdb/*.c, hooray, at last i hear you all say. > > > > I hope, there will be some nice tools to modify the > > database by hand. (I'm one of those admins, who like his > > editor for doing _many_ things.) > > :) rpcclient will be your best friend. Well, I like to do funny things, like comment out users, and create temporary new lines for them and other stuff... Or grabbing crypted pws from nt-boxes and writing them directly into smbpasswd. Yes, I know, one shouldn't do this, but hey, in 99% of the cases, I know, what I do. ;) > > Berkeley DB for example has a dump-tool, so one can dump > > the db out, modify it and convert it back to a DB. > hmm! Some nice guy mailed me in response to my mail and notified me, that apache has a similiar tool for plain dbm. > > I don't know, whether tdbtool has this. (Should realy check > > myself...) > > kno, it doesn't. Would be nice, if it had. From lkcl at samba.org Fri Jan 28 18:00:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: <20000128185630.B23242@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: On Fri, 28 Jan 2000, Elrond wrote: > On Sat, Jan 29, 2000 at 04:39:29AM +1100, Luke Kenneth Casson Leighton wrote: > > > > then i will get on with designing and writing a srv_samrd_tdb.c. > > > > _that's_ going to be fun, i get a chance to cut out all that trash in > > > > passdb/*.c and groupdb/*.c, hooray, at last i hear you all say. > > > > > > I hope, there will be some nice tools to modify the > > > database by hand. (I'm one of those admins, who like his > > > editor for doing _many_ things.) > > > > :) rpcclient will be your best friend. > > Well, I like to do funny things, like comment out users, oo! *wobble* makes me go jittery at the knees just tinking about it. > and create temporary new lines for them and other stuff... > Or grabbing crypted pws from nt-boxes and writing them > directly into smbpasswd. there's alsways rpcclient samsync command for that one, you know :) > Yes, I know, one shouldn't do this, but hey, in 99% of the > cases, I know, what I do. ;) true. and hey, writing a tdbdump can't be _that_ hard! come on, there's dump_data() and its partner, out_data(), and i also added out_struct() because i needed to produce hex dumps and use them in c-code. luke From Elrond at Wunder-Nett.org Fri Jan 28 18:19:36 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: ; from Luke Kenneth Casson Leighton on Sat, Jan 29, 2000 at 05:00:24AM +1100 References: <20000128185630.B23242@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000128191935.E23242@baerbel.mug.maschinenbau.tu-darmstadt.de> On Sat, Jan 29, 2000 at 05:00:24AM +1100, Luke Kenneth Casson Leighton wrote: > On Fri, 28 Jan 2000, Elrond wrote: > > > On Sat, Jan 29, 2000 at 04:39:29AM +1100, Luke Kenneth Casson Leighton wrote: > > > > > then i will get on with designing and writing a srv_samrd_tdb.c. > > > > > _that's_ going to be fun, i get a chance to cut out all that trash in > > > > > passdb/*.c and groupdb/*.c, hooray, at last i hear you all say. > > > > > > > > I hope, there will be some nice tools to modify the > > > > database by hand. (I'm one of those admins, who like his > > > > editor for doing _many_ things.) > > > > > > :) rpcclient will be your best friend. > > > > Well, I like to do funny things, like comment out users, > > oo! *wobble* makes me go jittery at the knees just tinking about it. *grin* You never saw sysadmins adding users by editing /etc/passwd directly? Well... I'm one of these. ;) > > and create temporary new lines for them and other stuff... > > Or grabbing crypted pws from nt-boxes and writing them > > directly into smbpasswd. > > there's alsways rpcclient samsync command for that one, you know :) But that only works on NT Server, doesn't it? I grab the passwords from workstations, so I can migrate those people into the samba-domain. > > Yes, I know, one shouldn't do this, but hey, in 99% of the > > cases, I know, what I do. ;) > > true. > > and hey, writing a tdbdump can't be _that_ hard! come on, there's > dump_data() and its partner, out_data(), and i also added out_struct() > because i needed to produce hex dumps and use them in c-code. > > luke I'll take a look at it, and possibly send Andrew a patch for his tdbtool. ... next week... maybe. Elrond From abrooks at css.tayloru.edu Fri Jan 28 18:49:33 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: <20000128185630.B23242@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > > > Berkeley DB for example has a dump-tool, so one can dump > > > the db out, modify it and convert it back to a DB. > > hmm! > > Some nice guy mailed me in response to my mail and notified > me, that apache has a similiar tool for plain dbm. ypserv uses a similar tool for working with the YP maps. In the Linux RPM distributions this file is located /usr/lib/yp/makedbm. This command with the -u option will dump a gdbm file into text form and create a db file from an input. There are, however, some cautions relating to this. _Some_ db programs ignore certain types of lines (e.g. comments) and any formatting so don't expect that makedbm(A)=B -> makedbm -u(B)=A . makedbm is geared specifically for use with YP files. -Aaron +-------> Aaron D. Brooks, 765.998.5168 Computing Systems Resource Manager Taylor University CSS Department abrooks[SHIFT-2]css.tayloru.edu From GLeblanc at cu-portland.edu Fri Jan 28 18:54:33 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others Message-ID: > -----Original Message----- > From: Elrond [mailto:Elrond@Wunder-Nett.org] > Sent: Friday, January 28, 2000 10:32 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: [samba-tng] spoolss conversion and others > > > On Sat, Jan 29, 2000 at 05:00:24AM +1100, Luke Kenneth Casson > Leighton wrote: > > On Fri, 28 Jan 2000, Elrond wrote: > > > > > On Sat, Jan 29, 2000 at 04:39:29AM +1100, Luke Kenneth > Casson Leighton wrote: > > > > > > then i will get on with designing and writing a > srv_samrd_tdb.c. > > > > > > _that's_ going to be fun, i get a chance to cut out > all that trash in > > > > > > passdb/*.c and groupdb/*.c, hooray, at last i hear > you all say. > > > > > > > > > > I hope, there will be some nice tools to modify the > > > > > database by hand. (I'm one of those admins, who like his > > > > > editor for doing _many_ things.) > > > > > > > > :) rpcclient will be your best friend. > > > > > > Well, I like to do funny things, like comment out users, > > > > oo! *wobble* makes me go jittery at the knees just tinking > about it. > > *grin* > > You never saw sysadmins adding users by editing /etc/passwd > directly? Well... I'm one of these. ;) Wait just a minute, are you saying that there's another way to add users? Greg From petersv at psv.nu Fri Jan 28 18:54:52 2000 From: petersv at psv.nu (Peter Svensson) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: <20000128191935.E23242@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: On Sat, 29 Jan 2000, Elrond wrote: > > > Well, I like to do funny things, like comment out users, > > > > oo! *wobble* makes me go jittery at the knees just tinking about it. > > *grin* > > You never saw sysadmins adding users by editing /etc/passwd > directly? Well... I'm one of these. ;) Isn't that why we use samba instead of NT? :-) (Actually, for us it sort of is the reason - we grew tired of mysterious databases that weren't vi-able) Peter -- Peter Svensson ! Pgp key available by finger, fingerprint: ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF ! ------------------------------------------------------------------------ Remember, Luke, your source will be with you... always... From kevinc at grainsystems.com Fri Jan 28 19:17:17 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others References: Message-ID: <3891EB3D.A0C063B7@grainsystems.com> Peter Svensson wrote: > On Sat, 29 Jan 2000, Elrond wrote: > > > > You never saw sysadmins adding users by editing /etc/passwd > > directly? Well... I'm one of these. ;) > > Isn't that why we use samba instead of NT? :-) > > (Actually, for us it sort of is the reason - we grew tired of > mysterious databases that weren't vi-able) Not to tangent too much, but has everyone seen the KDE "cache-registry" thing? I just glimpsed at it last night in LJ and it looked like they were aiming for the best of both worlds on the flat-file-editing vs. dbms-performace issue. - Kevin Colby kevinc@grainsystems.com From kevinc at grainsystems.com Fri Jan 28 19:20:24 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:28:15 2003 Subject: Subscribe References: Message-ID: <3891EBF8.F43E41C6@grainsystems.com> Matthias W?chter wrote: > > Maybe someone can configure/patch the listproc so it will bounce > mail with only "subscribe", "join" or "unsubscribe" in one of the > first few lines of a message written directly to a list? Better yet, how about not allowing unsubscribed accounts to email the list? Any unsubscribed accounts that email the list could get a standard HOWTO response. - Kevin Colby kevinc@grainsystems.com From timothy_d_cole at md.northgrum.com Fri Jan 28 19:27:25 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631EB@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Elrond [SMTP:Elrond@Wunder-Nett.org] > Sent: Friday, January 28, 2000 13:32 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: [samba-tng] spoolss conversion and others > > On Sat, Jan 29, 2000 at 05:00:24AM +1100, Luke Kenneth Casson Leighton > wrote: > > On Fri, 28 Jan 2000, Elrond wrote: > > > > > On Sat, Jan 29, 2000 at 04:39:29AM +1100, Luke Kenneth Casson Leighton > wrote: > > > > > > then i will get on with designing and writing a srv_samrd_tdb.c. > > > > > > > _that's_ going to be fun, i get a chance to cut out all that > trash in > > > > > > passdb/*.c and groupdb/*.c, hooray, at last i hear you all say. > > > > > > > > > > I hope, there will be some nice tools to modify the > > > > > database by hand. (I'm one of those admins, who like his > > > > > editor for doing _many_ things.) > > > > > > > > :) rpcclient will be your best friend. > > > > > > Well, I like to do funny things, like comment out users, > > > > oo! *wobble* makes me go jittery at the knees just tinking about it. > > *grin* > > You never saw sysadmins adding users by editing /etc/passwd > directly? Well... I'm one of these. ;) > As am I. I even remember to use vipw(8) sometimes. :) From abrooks at css.tayloru.edu Fri Jan 28 19:37:18 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: <20000128191935.E23242@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > You never saw sysadmins adding users by editing /etc/passwd > directly? Well... I'm one of these. ;) :r! perl -e'print crypt("password","/.");' works pretty well for adding the crypt entry in VIM. Who needs anything else? ;) (either that or doing 3DES in one's head can also do the trick.) > > > and create temporary new lines for them and other stuff... > > > Or grabbing crypted pws from nt-boxes and writing them > > > directly into smbpasswd. > > > > there's alsways rpcclient samsync command for that one, you know :) I'm sorry I don't know the details but does samsync pass the SAM as the one big hive file or as a series of records. If you need a program (the code in particular) to read the SAM or any hive file for that matter I have a project that I have been sitting on for about 6 months which reads raw hive files and can dump any info you'd want. It is currently wired to dump out to a REGEDIT4 format. Let me know if this is good or helpful or useful. -Aaron +-------> Aaron D. Brooks, 765.998.5168 Computing Systems Resource Manager Taylor University CSS Department abrooks[SHIFT-2]css.tayloru.edu From swaters at amicus.com Fri Jan 28 20:21:30 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:28:15 2003 Subject: Subscribe References: <3891EBF8.F43E41C6@grainsystems.com> Message-ID: <3891FA4A.7990DD66@amicus.com> Kevin Colby wrote: > Better yet, how about not allowing unsubscribed accounts to > email the list? Any unsubscribed accounts that email the > list could get a standard HOWTO response. that would discourage non-subscribers from issuing bug reports. even requests for install help can end up with bug fixes. the issue has come up on LKML as well and i believe it is best to allow unsubscribed posting. although, it WOULD be nice if we had that nice append-(un)subscribe-info-to-each-email thing... -s From lkcl at samba.org Fri Jan 28 20:48:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: Message-ID: > Isn't that why we use samba instead of NT? :-) > > (Actually, for us it sort of is the reason - we grew tired of mysterious > databases that weren't vi-able) oh. *deflate*. of course. hmm, what am i goung to do, then? From Nicolas.Williams at wdr.com Fri Jan 28 21:06:43 2000 From: Nicolas.Williams at wdr.com (Nicolas Williams) Date: Tue Dec 2 02:28:15 2003 Subject: Two-level of subscription (was Re: Subscribe) In-Reply-To: <3891EBF8.F43E41C6@grainsystems.com> Message-ID: <20000128160642.S3726@sm2p1386swk.wdr.com> On Sat Jan 29 2000, Kevin Colby wrote: > Matthias W?chter wrote: > > > > Maybe someone can configure/patch the listproc so it will bounce > > mail with only "subscribe", "join" or "unsubscribe" in one of the > > first few lines of a message written directly to a list? > > Better yet, how about not allowing unsubscribed accounts to > email the list? Any unsubscribed accounts that email the > list could get a standard HOWTO response. Better yet: have two subscription levels: - get emails from lists AND allow to send to lists - allow to send to lists (but do not forward mails from list to subscriber) I do not subscribe to any Samba lists: I just follow the action from the archive sites. This is very convenient for me. In fact, it was probably at my request that the list archives now include mail headers so that ppl like me can reply without breaking threading (i.e., so we can set In-Reply-To: headers). > - Kevin Colby > kevinc@grainsystems.com Nico -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant permission to distribute- -and copy this message.- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. From swaters at amicus.com Fri Jan 28 21:16:37 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:28:15 2003 Subject: samba FS, NT PDC Message-ID: <38920735.C4639BED@amicus.com> one of my users can't access samba shares though he can access NT PDC shares and other windows shares on the local net. he is using the correct username and password, the only difference is the workgroup/domain. situation: samba 2.0.5a ------relevant smb.conf params------- security = domain password server = ntpdc workgroup = amicus ------------------------------------- user on win98 box workgroup as KILCREASE attempts to access samba box and generates this log.smb: [2000/01/15 15:02:55, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(392) cli_net_sam_logon: NT_STATUS_NO_SUCH_USER [2000/01/15 15:02:55, 0] smbd/password.c:domain_client_validate(1369) domain_client_validate:unable to validate password for user worth in domain KILCREASE to Domain controller NTPDC. Error was NT_STATUS_NO_SUCH_USER. [2000/01/15 15:02:55, 0] passdb/smbpass.c:startsmbfilepwent(50) startsmbfilepwent: unable to open file /usr/local/samba/private/smbpasswd [2000/01/15 15:02:55, 0] passdb/passdb.c:iterate_getsmbpwnam(149) unable to open smb password database. [2000/01/15 15:02:55, 1] smbd/password.c:pass_check_smb(504) Couldn't find user 'worth' in smb_passwd file. Thanks for any help, Stephen Waters Amicus, Inc. From lkcl at samba.org Fri Jan 28 21:17:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: Message-ID: On Sat, 29 Jan 2000, Aaron D. Brooks wrote: > > You never saw sysadmins adding users by editing /etc/passwd > > directly? Well... I'm one of these. ;) > > :r! perl -e'print crypt("password","/.");' works pretty well for adding > the crypt entry in VIM. Who needs anything else? ;) (either that or doing > 3DES in one's head can also do the trick.) > > > > > and create temporary new lines for them and other stuff... > > > > Or grabbing crypted pws from nt-boxes and writing them > > > > directly into smbpasswd. > > > > > > there's alsways rpcclient samsync command for that one, you know :) > > I'm sorry I don't know the details but does samsync pass the SAM as the > one big hive file or as a series of records. If you need a program (the firstly, it's a "pull" not a "push". and it's done as a series of records using an MSRPC function call (it's pretty nifty design, the NETLOGON stuff, i'm actually really impressed with it). > code in particular) to read the SAM or any hive file for that matter I > have a project that I have been sitting on for about 6 months which reads > raw hive files and can dump any info you'd want. It is currently wired to > dump out to a REGEDIT4 format. Let me know if this is good or helpful or > useful. really??? hmmm... i don't think it's useful here, but i do... *click* it takes registry hives? do you have writing-side code as well? have you seen nico's "dosreg" code? does it do security descriptors as well? if so, your code could be used to write a registry implementation. one thing i really, really, really want to be able to do is to be able to shut down an nt PDC, take the *original* registry files, move them to a samba server and just GO. and noone notices the difference. it also means that if your boss said, "i know it's more reliable, but you should have asked first, so please slow the quad-pentium box we spent ten grand on and half a million on nt licenses down again by installing nt on it, not linux", you can say "ok" instead of "errr" From Nicolas.Williams at wdr.com Fri Jan 28 21:27:51 2000 From: Nicolas.Williams at wdr.com (Nicolas Williams) Date: Tue Dec 2 02:28:15 2003 Subject: Gratuitous advice: files vs. DBs & referential integrity Message-ID: <20000128162750.U3726@sm2p1386swk.wdr.com> (was Re: [samba-tng] spoolss conversion and others) I'm a regular Unix sysadmin. Most of my command lines are really KSH inline scripts. I avoid GUIs (except two). I run screen in two xterms. Now for the advice: - passwd/group/netgroup/auto.home/aliases/etc... are like a low-tech relational database. You have to update all of them when making certain changes (such as changing a user's username, or closing an account, and many more such changes). - relational flat-file databases do NOT scale, both in terms of performance AND, most importantly, in terms of cost of administration. If your organization is large enough mistakes are likely to create as much or more work as service requests. So, what I suggest be done: - have a database that implements network semantics or, better yet, and object-oriented database. - have a name service (NIS, LDAP, DNS, tdb, who cares) that is not flat-file based. - have a database->name service(s) system - if you must, have a flat-file->name service data system so you can make urgent changes by hand if your database->name service latency is too high. Possibly have the database->name service system really be more like database->flat files->name services. - structure it all so that a simple change, such as closing an account or changing a username propagate to all the relevant flat files and name services as appropriate. This idea is not far-fetched. Where I work we have implemented a system as above and it has saved us a lot of work. The product we use is no longer available commercially, but there are other alternatives, including Ganymede (open source). So, Luke, to you I suggest that you use TDB for the Samba SAM DB and that you (or someone else) write a TDB dump/load tool so that others (those who complain!) can write their own flat-file->Samba SAM TDB maintenance system, ala NIS. The two GUIs I use? Web browsers and the GUI for the OO DB we use for administration of our name spaces. Discuss. :) :) Nico -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant permission to distribute- -and copy this message.- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. From petersv at psv.nu Fri Jan 28 21:53:58 2000 From: petersv at psv.nu (Peter Svensson) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: Message-ID: On Sat, 29 Jan 2000, Luke Kenneth Casson Leighton wrote: > hmm, what am i goung to do, then? I think all that is needed (provided you want/need the database solution) is some way to dump/load the database in some resonable format. A Nice Touch would be a way to throttle or lock out the normal updates to the database. To do your own magical stuff you would then do: throttle dump vi ;-) load unthrottle By switching to a real database (I assume that is what is being done, I was too quick with the "D"elete at the beginning of the thread) queuing up the incoming changes should be doable if we don't want to stall them until the unthrottle. On an unrelated note: we switched to Main+TNG a week ago and it is oh so fast! Some operations (rebuilding one of our code trees) are almost an order of magnetude faster than using 2.0.5. We only suffered two problems, we lost printing under nt4+sp5 and the few remaining win9x clients don't want to talk to the server at all. The printing problem was solved by swtiching to lpr-based printing with only minor loss of functionallity and the win9x boxen were scheduled for reinstalling anyway. Great work everyone involved! Peter -- Peter Svensson ! Pgp key available by finger, fingerprint: ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF ! ------------------------------------------------------------------------ Remember, Luke, your source will be with you... always... From jeremy at valinux.com Fri Jan 28 22:59:48 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:28:15 2003 Subject: Gratuitous advice: files vs. DBs & referential integrity References: <20000128162750.U3726@sm2p1386swk.wdr.com> Message-ID: <38921F64.7A6A1DC4@valinux.com> Nicolas Williams wrote: > > So, Luke, to you I suggest that you use TDB for the Samba SAM DB and > that you (or someone else) write a TDB dump/load tool so that others > (those who complain!) can write their own flat-file->Samba SAM TDB > maintenance system, ala NIS. Yep - I agree. This is something I've been planning for a bit. I'd like to extend tdb a bit first to allow for checksums on non-atomic updates (so an opener can detect if the tdb db is corrupt). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at samba.org Fri Jan 28 22:03:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: Message-ID: On Fri, 28 Jan 2000, Peter Svensson wrote: > By switching to a real database (I assume that is what is being done, I > was too quick with the "D"elete at the beginning of the thread) queuing up > the incoming changes should be doable if we don't want to stall them > until the unthrottle. weelll..... that's a bit of a pain. by "locking" you will stop EVERYONE from being able to log in, access new shares etc. it's a bit like shutting off the pdc! but if you're happy to have that (netlogond paused; samrd paused; lsarpcd paused) and the consequences (during idle time), then yes, i'd say it's possible. > > On an unrelated note: we switched to Main+TNG a week ago and it is oh so > fast! really??? whoa - that's amazing to hear. i'm so pleased. From lkcl at samba.org Fri Jan 28 22:08:10 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: Gratuitous advice: files vs. DBs & referential integrity In-Reply-To: <38921F64.7A6A1DC4@valinux.com> Message-ID: ohhh. will that be behind the existing tdb api, so i don't have to worry about it? On Sat, 29 Jan 2000, Jeremy Allison wrote: > Nicolas Williams wrote: > > > > So, Luke, to you I suggest that you use TDB for the Samba SAM DB and > > that you (or someone else) write a TDB dump/load tool so that others > > (those who complain!) can write their own flat-file->Samba SAM TDB > > maintenance system, ala NIS. > > Yep - I agree. This is something I've been planning for a > bit. I'd like to extend tdb a bit first to allow for > checksums on non-atomic updates (so an opener can detect > if the tdb db is corrupt). > > Jeremy. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From jeremy at valinux.com Fri Jan 28 23:13:51 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:28:15 2003 Subject: Gratuitous advice: files vs. DBs & referential integrity References: Message-ID: <389222AF.C7434A34@valinux.com> Luke Kenneth Casson Leighton wrote: > > ohhh. will that be behind the existing tdb api, so i don't have to worry > about it? Pretty much. I need to think about it some more though. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From abrooks at css.tayloru.edu Fri Jan 28 22:14:54 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:28:15 2003 Subject: Command line REGEDIT for any platform In-Reply-To: Message-ID: > > code in particular) to read the SAM or any hive file for that matter I > > have a project that I have been sitting on for about 6 months which reads > > raw hive files and can dump any info you'd want. It is currently wired to > > dump out to a REGEDIT4 format. Let me know if this is good or helpful or > > useful. > > really??? REALLY. The WinNT 4.0 registry is one of the most singularly pathetic and backwards files I have ever come across. But hey, that's par for the course. The code currently reads the registry file 100%. I started this in May of 99 and was gearing up to release this after I figured some core redesigns out. Unfortunately, as you may understand, I got horribly swamped and haven't touched it since a week and a half after I started. I'm going to start it as a SourceForge (www.sourceforge.net) project this next week. There are some real problems with MS's methods of creating and manipulating the file which leads to corruption, bloating, and general performance degradation. I am currently reading the file the way that they do. The file is a large raw C data structure dumped from memory with a 4k useless header slapped on the front end. All they do is fopen() and point to it (after a couple of useless checks). > hmmm... > > i don't think it's useful here, but i do... *click* it takes registry > hives? do you have writing-side code as well? have you seen nico's > "dosreg" code? Writing will be fairly trivial, I've already changed the file semi-manually (with the program) with no problem. My appologies to the OpenSource community and the world at large for not being able to get this out sooner. Mea Culpa. nico's "dosreg" code??? Tell me more! > does it do security descriptors as well? Yes and no. Security descripters are kept at the head of the hive in a doubly linked list. I haven't taken the time to look at their contents yet but I can reassign all of the default or any created security descriptors to any keys. > if so, your code could be used to write a registry implementation. I plan on writing a command line REGEDIT.EXE equivalent for any POSIX environment. (NT included ;) This will also be able to fix and optimize trashed or bloated registries. (Think roaming profiles.) > one thing i really, really, really want to be able to do is to be able to > shut down an nt PDC, take the *original* registry files, move them to a > samba server and just GO. > > and noone notices the difference. > > it also means that if your boss said, "i know it's more reliable, but you > should have asked first, so please slow the quad-pentium box we spent ten > grand on and half a million on nt licenses down again by installing nt on > it, not linux", you can say "ok" instead of "errr" I will be releasing the source on SourceForge and FreshMeat in the next week or so. You can download it from there at that time. -Aaron From Nicolas.Williams at wdr.com Fri Jan 28 22:20:33 2000 From: Nicolas.Williams at wdr.com (Nicolas Williams) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: Message-ID: <20000128172032.Y3726@sm2p1386swk.wdr.com> On Sat Jan 29 2000, Luke Kenneth Casson Leighton wrote: > On Fri, 28 Jan 2000, Peter Svensson wrote: > > > By switching to a real database (I assume that is what is being done, I > > was too quick with the "D"elete at the beginning of the thread) queuing up > > the incoming changes should be doable if we don't want to stall them > > until the unthrottle. > > weelll..... that's a bit of a pain. by "locking" you will stop EVERYONE > from being able to log in, access new shares etc. > > it's a bit like shutting off the pdc! Why? Use separate TDBs for SAM, WINs, shares. You've already stated that the DCE/RPC daemons are single-threaded and will continue to be so for a while. So if each DCE/RPC daemon has its own TDB locking those during transaction commits cannot impact any services. Or did you mean that a sysadmin locking a TDB could cause services to hang for the duration of the sysadmin's transaction. Hmmm. Just say "caveat emptor"! :^) It shan't be your problem! But if you really want to avoid that make TDB locking not lock out TDB queries, use a transaction logfile to store all write operations and truly commit them to the TDB at TDB unlock time. Unlocking would briefly lock out TDB queries, sure, but the length of that lockout would be very short, whereas a sysadmin might inadvertently keep writes locked out for a long time. Nico -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant permission to distribute- -and copy this message.- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. From lkcl at samba.org Fri Jan 28 22:26:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: Command line REGEDIT for any platform In-Reply-To: Message-ID: > nico's "dosreg" code??? Tell me more! cvs co dosreg (see http:://samba.org/cvs.html) instead of cvs co samba > > does it do security descriptors as well? > > Yes and no. Security descripters are kept at the head of the hive in a > doubly linked list. I haven't taken the time to look at their contents yet > but I can reassign all of the default or any created security descriptors > to any keys. see samba/source/rpc_parse/parse_sec.c for a way to marshall / unmarshall security descriptors. see rpc_parse/parse_creds.c create_user_creds() for a way (it's 4 lines of code :-) :-) to "flatten" a data structure into a memory buffer. yes, it's really that simple, and so is the reverse process. then you have a system to manipulate security descriptors, too. i suggest that you take a look at the hive SDs and check that they have a uint32 length, sizeis(length) char* sd format. if they do, we're in business. > > > if so, your code could be used to write a registry implementation. > > I plan on writing a command line REGEDIT.EXE equivalent for any POSIX > environment. (NT included ;) This will also be able to fix and optimize > trashed or bloated registries. (Think roaming profiles.) nico's already done this in dosreg.cpp, it compiles under dos. > I will be releasing the source on SourceForge and FreshMeat in the next > week or so. You can download it from there at that time. kkkkkexcellent! you know, if you implement it as conforming to the registry API in the MSDN, i'm going to love you forever. you want to know why? because i will be able to just LITERALLY plug it straight in to the samba source tree without any modifcations, or at worst, some trivial sed-script based ones. From lkcl at samba.org Fri Jan 28 22:28:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: <20000128172032.Y3726@sm2p1386swk.wdr.com> Message-ID: On Sat, 29 Jan 2000, Nicolas Williams wrote: > On Sat Jan 29 2000, Luke Kenneth Casson Leighton wrote: > > On Fri, 28 Jan 2000, Peter Svensson wrote: > > > > > By switching to a real database (I assume that is what is being done, I > > > was too quick with the "D"elete at the beginning of the thread) queuing up > > > the incoming changes should be doable if we don't want to stall them > > > until the unthrottle. > > > > weelll..... that's a bit of a pain. by "locking" you will stop EVERYONE > > from being able to log in, access new shares etc. > > > > it's a bit like shutting off the pdc! > > Why? Use separate TDBs for SAM, WINs, shares. You've already stated that > the DCE/RPC daemons are single-threaded and will continue to be so for a > while. So if each DCE/RPC daemon has its own TDB locking those during > transaction commits cannot impact any services. Or did you mean that a > sysadmin locking a TDB could cause services to hang for the duration of > the sysadmin's transaction. Hmmm. yes. > > Just say "caveat emptor"! :^) > > It shan't be your problem! correct! > But if you really want to avoid that make TDB locking not lock out TDB > queries, use a transaction logfile to store all write operations and > truly commit them to the TDB at TDB unlock time. Unlocking would briefly > lock out TDB queries, sure, but the length of that lockout would be very > short, whereas a sysadmin might inadvertently keep writes locked out for > a long time. urr. that's fairly major, and it's no longer a "trivial data base". hmm... maybe someone should consider writing a "ttdb" transaction trivial data base. any volunteers? From swaters at amicus.com Fri Jan 28 23:56:57 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:28:15 2003 Subject: samba FS, NT PDC References: <38920735.C4639BED@amicus.com> Message-ID: <38922CC9.F19DD14E@amicus.com> i believe the problem is that Samba misunderstands the win98 client... that it should authenticate just the username and password against the NTPDC rather than passing along the domain as well... when the user gets to the remote site, i'm going to have him change his workgroup name to amicus. that will probably work, but it'd be nice if it worked with him in a different workgroup. -s Stephen Waters wrote: > > one of my users can't access samba shares though he can access NT PDC shares > and other windows shares on the local net. he is using the correct username > and password, the only difference is the workgroup/domain. > > situation: > samba 2.0.5a > ------relevant smb.conf params------- > security = domain > password server = ntpdc > workgroup = amicus > ------------------------------------- > > user on win98 box > workgroup as KILCREASE > attempts to access samba box and generates this log.smb: > > [2000/01/15 15:02:55, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(392) > cli_net_sam_logon: NT_STATUS_NO_SUCH_USER > [2000/01/15 15:02:55, 0] smbd/password.c:domain_client_validate(1369) > domain_client_validate:unable to validate password for user worth in domain KILCREASE to Domain controller NTPDC. Error was NT_STATUS_NO_SUCH_USER. > [2000/01/15 15:02:55, 0] passdb/smbpass.c:startsmbfilepwent(50) > startsmbfilepwent: unable to open file /usr/local/samba/private/smbpasswd > [2000/01/15 15:02:55, 0] passdb/passdb.c:iterate_getsmbpwnam(149) > unable to open smb password database. > [2000/01/15 15:02:55, 1] smbd/password.c:pass_check_smb(504) > Couldn't find user 'worth' in smb_passwd file. > > Thanks for any help, > > Stephen Waters > Amicus, Inc. From sam at topic.com.au Fri Jan 28 23:57:40 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:28:15 2003 Subject: Subscribe In-Reply-To: ; from matthias@waechter.wol.at on Fri, Jan 28, 2000 at 08:32:05PM +1100 References: <20000128101848.A15668@pclinux.igd.fhg.de> Message-ID: <20000129105740.B28105@mailhost.topic.com.au> Matthias W?chter wrote: > > Maybe someone can configure/patch the listproc so it will bounce mail with > only "subscribe", "join" or "unsubscribe" in one of the first few lines of > a message written directly to a list? Most mailing list software does this already. If listproc is deficient, then maybe some other software (that will handle administrative requests sent directly to the list) should be used to manage the mailing lists? -- Sam Couter sam@topic.com.au Internet Engineer http://www.topic.com.au/ tSA Consulting From petersv at psv.nu Sat Jan 29 00:24:54 2000 From: petersv at psv.nu (Peter Svensson) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: Message-ID: On Sat, 29 Jan 2000, Luke Kenneth Casson Leighton wrote: > weelll..... that's a bit of a pain. by "locking" you will stop EVERYONE > from being able to log in, access new shares etc. Is write access needed to log in? What I'd like is to stall the write access. The reads need only to be stopped during the "load" phase which should only take a minuscle amount of time. Is writing to the database needed to logon etc? Or perhaps you could queue up the write accesses and not do the acutal updates until the stall has been released so the writes affect the loaded data and not the get overwritten. > it's a bit like shutting off the pdc! > > but if you're happy to have that (netlogond paused; samrd paused; lsarpcd > paused) and the consequences (during idle time), then yes, i'd say it's > possible. > > > > On an unrelated note: we switched to Main+TNG a week ago and it is oh so > > fast! > whoa - that's amazing to hear. > i'm so pleased. Not even close to what I am - the users were getting restless (recompile times went from 15 to 4 minutes). Peter -- Peter Svensson ! Pgp key available by finger, fingerprint: ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF ! ------------------------------------------------------------------------ Remember, Luke, your source will be with you... always... From lkcl at samba.org Sat Jan 29 00:37:52 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:15 2003 Subject: [samba-tng] spoolss conversion and others In-Reply-To: Message-ID: On Sat, 29 Jan 2000, Peter Svensson wrote: > On Sat, 29 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > weelll..... that's a bit of a pain. by "locking" you will stop EVERYONE > > from being able to log in, access new shares etc. > > Is write access needed to log in? hmmm... no, it isn't. hey, that's cool. > Is writing to the database needed to logon etc? nope! > Not even close to what I am - the users were getting restless (recompile > times went from 15 to 4 minutes). wow. From GLeblanc at cu-portland.edu Sat Jan 29 00:51:48 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:15 2003 Subject: "attack" (manage) NT domain using the linux tools? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Say, with all this cool stuff you've been doing lately, can I use some command line utility from TNG or someplace to manage users on an NT 4 controlled domain? Right now I'm doing this with some of the add-on tools for NT, but it's cludgy and I don't get any decent error reporting. Basically, I have a script that creates users, adds them to groups, creates their home directory, sets permissions and creates the share (since NT doesn't implement a [homes] share, dangit). Thanks, Greg -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 for non-commercial use iQA/AwUBOJI5m5LW/u8jW+lnEQJMtQCg21wJqlzqhdh4GvaYpstaEuzNPD8AniDi R+cDSEr94u4Ic4nyoSR5pKNs =laeF -----END PGP SIGNATURE----- From anders at aae.wisc.edu Sat Jan 29 02:34:42 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:28:15 2003 Subject: Subscribe (fwd) Message-ID: <200001290234.UAA28943@pug.aae.wisc.edu> Maybe we should have a "permission-system" where only subscribed or people on a "special" list could send to the list... --Anders From anders at aae.wisc.edu Sat Jan 29 02:40:42 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:28:15 2003 Subject: coding volunteers needed for msrpc server-side API conversion In-Reply-To: from Luke Kenneth Casson Leighton at "Jan 27, 2000 12:21:07 pm" Message-ID: <200001290240.UAA28987@pug.aae.wisc.edu> I saw that spoolss was done.. Is there anything else I should get on with? Bear in mind that i'm not an expert on the samba internals, but want to help out with the basic tasks + I want to learn more about them. --Anders Overworked Programmer/Student (status the same as always..) > On Wed, 26 Jan 2000, Anders C. Thorsen wrote: > > > Ok, I'm currently busy with school, but I could probably > > spare som hrs. in the weekend. > > yaay :) > > > I'm sorry for not "grabbing" one task, as I don't have > > the source code available where I'm at now (home). But > > if there is something that you'd like to get done during > > the weekend, please tell me an I'll spend some time in > > the weekend helping you out. > > ok, verr' cool! well, by then, me and mr s.striker should have samr > nailed. the next one will be spoolss. > > > --Anders > > Overworked Programmer/Student until the weekend :) > > like at least two others! > From jeremy at valinux.com Sat Jan 29 04:15:33 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:28:15 2003 Subject: Samba pre-2.0.7 snapshot available. Message-ID: <38926965.4E0D21C@valinux.com> I have made a tarball snapshot of Samba pre-2.0.7 available at : ftp://ftp.samba.org/pub/samba/alpha/samba-2.0.7pre1.tar.gz The WHATSNEW.txt file is not yet updated with the list of bugfixes, although the man pages should be up to date with the new options. I'm making this pre1 snapshot available so people can test that this release builds correctly on their systems and can get some feedback about the bugs we have left to fix before shipping "official" 2.0.7. If people could download it and test it on (non-production:-) servers I'd be grateful ! Remember this is the "stable" release branch so it doesn't contain any of Luke's NT Domain controller code, but it should be a damn stable fileserver (or I want to hear about it :-). FYI: I'm doing talks at LinuxWorld Paris, Open Source in Physics (Padua, Italy) and then Usenix in Malmo (Sweeden) over the next 2 weeks so my email response will be somewhat spotty, although I'll attempt to monitor all responses to the snapshot. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From dave at bcs.co.nz Sat Jan 29 04:18:05 2000 From: dave at bcs.co.nz (Dave Brooks, BCS Systems) Date: Tue Dec 2 02:28:15 2003 Subject: Win98 access denied to Samba PDC Message-ID: <3.0.5.32.20000129171805.00813270@pop.ihug.co.nz> Hi there, Any hints and tips please... We have just installed a Linux system (Mandrake 6.1) with Samba 2.0.5a acting as a PDC and are trying to get Win98 clients to connect to it. The network consists of the Linux box and Win98 clients. The O'Reilly book "Using SAMBA" has been our 'bible'. 1) All is well if Samba is not setup to be a PDC - the clients can find shares. 2) We then enable the PDC options: domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes and define a [netlogon] share (and create the directory), and setup Win98 to logon to the domain. At logon time we get "The domain password you supplied is not correct, or access to your logon server has been denied." Win98 finds the PDC which then denies access. 'smbclient' allows access to the share (prompting for the password). Help! Many thanks, Dave Brooks From Jim at Morris.net Sat Jan 29 05:19:45 2000 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:28:15 2003 Subject: LDAP support needs ON/OFF switch in smb.conf! References: <38926965.4E0D21C@valinux.com> Message-ID: <38927871.A62DBC8@Morris.net> Hi all! Just though I would ask this of the group... After working with the LDAP support in Samba-MAIN 1999-10-15, it appears that once you have done the configure with the "--with-ldap" flag, LDAP is the *only* authentication mechanism used by Samba. I observed that once I installed Samba, built with the LDAP support, that my Samba server was inaccessible until I got the LDAP server configured, and then added the LDAP options to my smb.conf. All attempts to connect to Samba prior to that ended up with what appeared to be LDAP authentication errors logged in my Samba log files... One would think that it would be a "good idea" to make the use of LDAP configurable via smb.conf. I.e. we need some sort of "ldap support = Yes/No" option, or something along those lines. That way it would be possible to distribute a prebuilt binary for Samba that includes LDAP support - and the user can turn it on if they need to use it... What do you think? Is there a good reason it cannot be turned off once compiled in? Thanks! Jim Morris (Jim@Morris.net) From sharpe at ns.aus.com Fri Jan 28 17:05:46 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:15 2003 Subject: LDAP support needs ON/OFF switch in smb.conf! In-Reply-To: <38927871.A62DBC8@Morris.net> References: <38926965.4E0D21C@valinux.com> Message-ID: <3.0.6.32.20000129030546.009e7d80@203.16.214.248> Hi, At 04:28 PM 1/29/00 +1100, Jim Morris wrote: >Hi all! > >Just though I would ask this of the group... > >After working with the LDAP support in Samba-MAIN 1999-10-15, it appears >that once you have done the configure with the "--with-ldap" flag, LDAP >is the *only* authentication mechanism used by Samba. I observed that >once I installed Samba, built with the LDAP support, that my Samba >server was inaccessible until I got the LDAP server configured, and then >added the LDAP options to my smb.conf. All attempts to connect to Samba >prior to that ended up with what appeared to be LDAP authentication >errors logged in my Samba log files... > >One would think that it would be a "good idea" to make the use of LDAP >configurable via smb.conf. I.e. we need some sort of "ldap support = >Yes/No" option, or something along those lines. That way it would be >possible to distribute a prebuilt binary for Samba that includes LDAP >support - and the user can turn it on if they need to use it... Well, I think that this is a damn good idea ... thinks, only needs the addition of a global ldap support = yes|no|on|off:0:1 Then in the places where LDAP is used for authentication, we would check lp_ldap_support first and if off, fall back to other methods ... It might also be useful to include another parameter: authentication order = LDAP, NIS, passwd To allow for extra flexibility, but it does add complexity to administration, and perhaps nsswitch does this already? >What do you think? Is there a good reason it cannot be turned off once >compiled in? > >Thanks! > >Jim Morris (Jim@Morris.net) > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From snail_talk at yahoo.com Sat Jan 29 06:00:19 2000 From: snail_talk at yahoo.com (Snail Talk) Date: Tue Dec 2 02:28:15 2003 Subject: Samba pre-2.0.7 snapshot available. Message-ID: <20000129060019.26941.qmail@web113.yahoomail.com> hi, cool. i'm willing to test it. but i have a couple of NT workstations with samba 2.0.6 acting as PDC. does 2.0.7 have support for NT PDC, or have you removed them ? --- Jeremy Allison wrote: > I have made a tarball snapshot of Samba pre-2.0.7 > available at : > > ftp://ftp.samba.org/pub/samba/alpha/samba-2.0.7pre1.tar.gz > > The WHATSNEW.txt file is not yet updated with the > list > of bugfixes, although the man pages should be up to > date with the new options. > > I'm making this pre1 snapshot available so people > can > test that this release builds correctly on their > systems > and can get some feedback about the bugs we have > left to > fix before shipping "official" 2.0.7. > > If people could download it and test it on > (non-production:-) > servers I'd be grateful ! Remember this is the > "stable" release > branch so it doesn't contain any of Luke's NT Domain > controller > code, but it should be a damn stable fileserver (or > I want > to hear about it :-). > > FYI: I'm doing talks at LinuxWorld Paris, Open > Source in > Physics (Padua, Italy) and then Usenix in Malmo > (Sweeden) > over the next 2 weeks so my email response will be > somewhat > spotty, although I'll attempt to monitor all > responses to > the snapshot. > > Regards, > > Jeremy Allison, > Samba Team. > > -- > -------------------------------------------------------- > Buying an operating system without source is like > buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- > __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com From Skripi at hrzpub.tu-darmstadt.de Sat Jan 29 08:36:43 2000 From: Skripi at hrzpub.tu-darmstadt.de (Jens Skripczynski) Date: Tue Dec 2 02:28:15 2003 Subject: Win98 access denied to Samba PDC In-Reply-To: <3.0.5.32.20000129171805.00813270@pop.ihug.co.nz>; from dave@bcs.co.nz on Sat, Jan 29, 2000 at 03:20:15PM +1100 References: <3.0.5.32.20000129171805.00813270@pop.ihug.co.nz> Message-ID: <20000129093643.A1207@shadowland.sc> Dave Brooks, BCS Systems: > Hi there, > > Any hints and tips please... > > We have just installed a Linux system (Mandrake 6.1) with Samba 2.0.5a > acting as a PDC and are trying to get Win98 clients to connect to it. First, before anybody else mentions it. This List is contributed to NT clients and SAMBA, As Windows 9x has no PDC funktionality as Domain, trusted Domains, User Rights, File Permissions.... 2nd) It would be better if you paste the whole smb.conf. Do you use encrypted Passwords and have you added each user via smbpasswd ? Do the Win98 Computers see you Linux Box in the Network neighbourhood ? Can you reach your box via Ping ? What do the Logfiles complain about ? Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From skvidal at phy.duke.edu Sat Jan 29 14:58:44 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:28:15 2003 Subject: LDAP support needs ON/OFF switch in smb.conf! In-Reply-To: <3.0.6.32.20000129030546.009e7d80@203.16.214.248> Message-ID: > authentication order = LDAP, NIS, passwd this might be off topic a bit but does anyone have a makefile entry to allow samba to get the smbpasswd file from nis? or is that really much more difficult. than it seems. Until ldap support is happier (both for samba and for all the unixes I'd like it to work for) I'd like to have a single sign-on for a samba controlled NT-workstation-based domain. any ideas? -sv From kbn at pjat.dk Sat Jan 29 16:28:28 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:16 2003 Subject: IRIX 6.5.6f R4400 - Compile Error Message-ID: <3893152C.7C9CC89@pjat.dk> Hi, Still having trouble with R4400 architecture: Latest CVS, gcc 2.8.1, gmake 3.76. compile exits @: snip... Compiling rpc_client/cli_login.c with libtool Compiling rpc_client/cli_netlogon.c with libtool Compiling rpc_client/cli_reg.c with libtool rpc_client/cli_reg.c: In function `reg_connect': rpc_client/cli_reg.c:104: too few arguments to function `register_policy_hnd' gmake: *** [rpc_client/cli_reg.lo] Error 1 IRIX 6# Any ideas? Thanks - Kim Attached screendumb from ./configure (001). -------------- next part -------------- loading cache ./config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -O ) works... yes checking whether the C compiler (gcc -O ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for a BSD compatible install... ./install-sh -c checking for mawk... (cached) nawk checking host system type... mips-sgi-irix6.5 checking target system type... mips-sgi-irix6.5 checking build system type... mips-sgi-irix6.5 checking config.cache system type... same checking for autoconf... (cached) autoconf checking for autoheader... (cached) autoheader checking for inline... (cached) inline checking how to run the C preprocessor... (cached) gcc -E checking for ANSI C header files... (cached) yes checking for dirent.h that defines DIR... (cached) yes checking for opendir in -ldir... (cached) no checking whether time.h and sys/time.h may both be included... (cached) yes checking for sys/wait.h that is POSIX.1 compatible... (cached) yes checking for sys/fcntl.h... (cached) yes checking for sys/select.h... (cached) yes checking for fcntl.h... (cached) yes checking for sys/time.h... (cached) yes checking for sys/unistd.h... (cached) yes checking for sys/param.h... (cached) yes checking for ctype.h... (cached) yes checking for unistd.h... (cached) yes checking for utime.h... (cached) yes checking for grp.h... (cached) yes checking for sys/id.h... (cached) no checking for limits.h... (cached) yes checking for memory.h... (cached) yes checking for net/route.h... (cached) yes checking for net/if.h... (cached) yes checking for compat.h... (cached) no checking for rpc/rpc.h... (cached) yes checking for rpcsvc/yp_prot.h... (cached) yes checking for rpcsvc/ypclnt.h... (cached) yes checking for sys/param.h... (cached) yes checking for ctype.h... (cached) yes checking for sys/wait.h... (cached) yes checking for sys/resource.h... (cached) yes checking for sys/ioctl.h... (cached) yes checking for sys/mode.h... (cached) yes checking for sys/mman.h... (cached) yes checking for sys/filio.h... (cached) yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking for stdlib.h... (cached) yes checking for sys/socket.h... (cached) yes checking for sys/un.h... (cached) yes checking for sys/mount.h... (cached) yes checking for sys/vfs.h... (cached) yes checking for sys/fs/s5param.h... (cached) no checking for sys/filsys.h... (cached) no checking for termios.h... (cached) yes checking for sys/statfs.h... (cached) yes checking for sys/dustat.h... (cached) no checking for sys/statvfs.h... (cached) yes checking for stdarg.h... (cached) yes checking for sys/sockio.h... (cached) yes checking for shadow.h... (cached) yes checking for netinet/tcp.h... (cached) no checking for sys/security.h... (cached) no checking for security/pam_appl.h... (cached) no checking for stropts.h... (cached) yes checking for poll.h... (cached) yes checking for readline.h... (cached) no checking for history.h... (cached) no checking for readline/readline.h... (cached) no checking for readline/history.h... (cached) no checking for sys/capability.h... (cached) yes checking for syscall.h... (cached) no checking for sys/syscall.h... (cached) yes checking for sys/acl.h... (cached) yes checking for sys/cdefs.h... (cached) yes checking for glob.h... (cached) yes checking for mysql.h... (cached) no checking size of int... (cached) 4 checking size of long... (cached) 4 checking size of short... (cached) 2 checking for working const... (cached) yes checking for inline... (cached) inline checking whether byte ordering is bigendian... (cached) yes checking whether char is unsigned... (cached) yes checking for ranlib... (cached) : checking for ld used by GCC... (cached) /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... (cached) no checking for BSD-compatible nm... (cached) /usr/bin/nm -B checking whether ln -s works... (cached) yes loading cache ./config.cache within ltconfig checking for object suffix... o checking for executable suffix... (cached) no checking for gcc option to produce PIC... none checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.lo... yes checking if gcc supports -fno-rtti -fno-exceptions ... yes checking if gcc static flag -static works... none checking if the linker (/usr/bin/ld -n32) is GNU ld... no checking whether the linker (/usr/bin/ld -n32) supports shared libraries... yes checking command to parse /usr/bin/nm -B output... ok checking how to hardcode library paths into programs... immediate checking for /usr/bin/ld -n32 option to reload object files... -r checking dynamic linker characteristics... irix6.5 ld.so checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no checking for objdir... .libs creating libtool loading cache ./config.cache checking return type of signal handlers... (cached) void checking for uid_t in sys/types.h... (cached) yes checking for mode_t... (cached) yes checking for off_t... (cached) yes checking for size_t... (cached) yes checking for pid_t... (cached) yes checking for st_rdev in struct stat... (cached) yes checking for d_off in dirent... (cached) yes checking for ino_t... (cached) yes checking for loff_t... (cached) no checking for offset_t... (cached) no checking for ssize_t... (cached) yes checking for errno in errno.h... (cached) yes checking for setresuid declaration... (cached) no checking for crypt declaration... (cached) yes checking for real setresuid... (cached) no checking for 8-bit clean memcmp... (cached) yes checking for crypt... (cached) yes checking for pam_authenticate... (cached) no checking for pam_authenticate in -lpam... (cached) no checking for connect... (cached) yes checking for waitpid... (cached) yes checking for getcwd... (cached) yes checking for strdup... (cached) yes checking for strtoul... (cached) yes checking for strerror... (cached) yes checking for chown... (cached) yes checking for chmod... (cached) yes checking for chroot... (cached) yes checking for fstat... (cached) yes checking for strchr... (cached) yes checking for utime... (cached) yes checking for utimes... (cached) yes checking for getrlimit... (cached) yes checking for fsync... (cached) yes checking for execl... (cached) yes checking for bzero... (cached) yes checking for memset... (cached) yes checking for memmove... (cached) yes checking for vsnprintf... (cached) yes checking for snprintf... (cached) yes checking for setsid... (cached) yes checking for glob... (cached) yes checking for strpbrk... (cached) yes checking for pipe... (cached) yes checking for crypt16... (cached) no checking for getauthuid... (cached) no checking for strftime... (cached) yes checking for sigprocmask... (cached) yes checking for sigblock... (cached) yes checking for sigaction... (cached) yes checking for innetgr... (cached) yes checking for setnetgrent... (cached) yes checking for getnetgrent... (cached) yes checking for endnetgrent... (cached) yes checking for initgroups... (cached) yes checking for select... (cached) yes checking for rdchk... (cached) no checking for getgrnam... (cached) yes checking for pathconf... (cached) yes checking for setuidx... (cached) no checking for setgroups... (cached) yes checking for mktime... (cached) yes checking for rename... (cached) yes checking for ftruncate... (cached) yes checking for stat64... (cached) yes checking for fstat64... (cached) yes checking for lstat64... (cached) yes checking for fopen64... (cached) yes checking for atexit... (cached) yes checking for grantpt... (cached) yes checking for dup2... (cached) yes checking for lseek64... (cached) yes checking for ftruncate64... (cached) yes checking for fseek64... (cached) yes checking for ftell64... (cached) yes checking for setluid... (cached) no checking for yp_get_default_domain... (cached) yes checking for getpwanam... (cached) no checking for srandom... (cached) yes checking for random... (cached) yes checking for srand... (cached) yes checking for rand... (cached) yes checking for setenv... (cached) no checking for mmap64... (cached) yes checking for syscall... (cached) yes checking for _dup... (cached) yes checking for _dup2... (cached) yes checking for _opendir... (cached) yes checking for _readdir... (cached) yes checking for _seekdir... (cached) yes checking for _telldir... (cached) yes checking for _closedir... (cached) yes checking for __dup... (cached) no checking for __dup2... (cached) no checking for __opendir... (cached) no checking for __readdir... (cached) no checking for __seekdir... (cached) no checking for __telldir... (cached) no checking for __closedir... (cached) no checking for __getcwd... (cached) yes checking for _getcwd... (cached) yes checking for __xstat... (cached) no checking for __fxstat... (cached) no checking for __lxstat... (cached) no checking for _stat... (cached) yes checking for _lstat... (cached) yes checking for _fstat... (cached) yes checking for __stat... (cached) no checking for __lstat... (cached) no checking for __fstat... (cached) no checking for _acl... (cached) no checking for __acl... (cached) no checking for _facl... (cached) no checking for __facl... (cached) no checking for _open... (cached) yes checking for __open... (cached) no checking for _chdir... (cached) yes checking for __chdir... (cached) no checking for _close... (cached) yes checking for __close... (cached) yes checking for _fchdir... (cached) yes checking for __fchdir... (cached) no checking for _fcntl... (cached) yes checking for __fcntl... (cached) no checking for getdents... (cached) yes checking for _getdents... (cached) yes checking for __getdents... (cached) no checking for _lseek... (cached) yes checking for __lseek... (cached) no checking for _read... (cached) yes checking for __read... (cached) no checking for _write... (cached) yes checking for __write... (cached) yes checking for _fork... (cached) yes checking for __fork... (cached) yes checking for _stat64... (cached) yes checking for __stat64... (cached) no checking for _fstat64... (cached) yes checking for __fstat64... (cached) no checking for _lstat64... (cached) yes checking for __lstat64... (cached) no checking for __sys_llseek... (cached) no checking for llseek... (cached) no checking for _llseek... (cached) no checking for __llseek... (cached) no checking for readdir64... (cached) yes checking for _readdir64... (cached) yes checking for __readdir64... (cached) no checking for pread... (cached) yes checking for _pread... (cached) yes checking for __pread... (cached) no checking for pread64... (cached) yes checking for _pread64... (cached) yes checking for __pread64... (cached) no checking for pwrite... (cached) yes checking for _pwrite... (cached) yes checking for __pwrite... (cached) no checking for pwrite64... (cached) yes checking for _pwrite64... (cached) yes checking for __pwrite64... (cached) no checking for open64... (cached) yes checking for _open64... (cached) yes checking for __open64... (cached) no checking for creat64... (cached) yes checking for putprpwnam in -lsecurity... (cached) no checking for putprpwnam... (cached) no checking for putprpwnam in -lsec... (cached) no checking for putprpwnam... (cached) no checking for set_auth_parameters in -lsecurity... (cached) no checking for set_auth_parameters... (cached) no checking for set_auth_parameters in -lsec... (cached) no checking for set_auth_parameters... (cached) no checking for getspnam in -lsecurity... (cached) no checking for getspnam... (cached) yes checking for getspnam in -lsec... (cached) no checking for getspnam... (cached) yes checking for bigcrypt in -lsecurity... (cached) no checking for bigcrypt... (cached) no checking for bigcrypt in -lsec... (cached) no checking for bigcrypt... (cached) no checking for getprpwnam in -lsecurity... (cached) no checking for getprpwnam... (cached) no checking for getprpwnam in -lsec... (cached) no checking for getprpwnam... (cached) no checking whether gcc accepts -fpic... (cached) yes checking for long long... (cached) yes checking for 64 bit off_t... (cached) yes checking for off64_t... (cached) no checking for 64 bit ino_t... (cached) yes checking for ino64_t... (cached) no checking for union semun... (cached) yes checking for unsigned char... (cached) yes checking for sin_len in sock... (cached) no checking whether seekdir returns void... (cached) no checking for __FILE__ macro... (cached) yes checking for __FUNCTION__ macro... (cached) yes checking if gettimeofday takes tz argument... (cached) yes checking for broken readdir... (cached) no checking for utimbuf... (cached) yes checking for kernel oplock type definitions... (cached) yes checking for irix specific capabilities... (cached) yes checking for int16 typedef included by rpc/rpc.h... (cached) no checking for uint16 typedef included by rpc/rpc.h... (cached) no checking for int32 typedef included by rpc/rpc.h... (cached) no checking for uint32 typedef included by rpc/rpc.h... (cached) no checking for test routines... yes checking for ftruncate extend... (cached) yes checking for broken getgroups... (cached) no checking whether getpass should be replaced... (cached) no checking for broken inet_ntoa... (cached) yes checking for root... (cached) yes checking for netmask ifconf... (cached) yes checking for trapdoor seteuid... (cached) no checking for shared mmap... (cached) yes checking for fcntl locking... (cached) yes checking for 64 bit fcntl locking... (cached) yes checking for sysv ipc... (cached) yes checking whether to use libmsrpc... yes checking whether to use libubiqx... yes checking whether to use libsamba... yes checking whether to use libnmb... yes checking whether to use libsmbpw... yes checking whether to use libsmb... yes checking whether to use smbwrapper... no checking whether to use AFS... no checking whether to use DFS auth... no checking whether to use Kerberos IV... no checking whether to use AUTOMOUNT... no checking whether to use SMBMOUNT... no checking whether to use LDAP password database... no checking whether to use NISPLUS password database... no checking whether to use NISPLUS_HOME... no checking whether to use SSL... no checking whether to use MMAP... no checking whether to use syslog logging... no checking whether to use profiling... no checking whether to support netatalk... no checking whether to support disk-quotas... no checking how to get filesystem space usage checking statvfs64 function (SVR4)... (cached) no checking statvfs function (SVR4)... (cached) yes checking configure summary configure OK creating ./config.status creating include/stamp-h creating Makefile creating include/config.h include/config.h is unchanged From kbn at pjat.dk Sat Jan 29 17:04:25 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:16 2003 Subject: Samba pre-2.0.7 snapshot available. References: <38926965.4E0D21C@valinux.com> Message-ID: <38931D99.1404D63@pjat.dk> Hi Jeremy, Jeremy Allison wrote: > > I have made a tarball snapshot of Samba pre-2.0.7 > available at : > > ftp://ftp.samba.org/pub/samba/alpha/samba-2.0.7pre1.tar.gz > > The WHATSNEW.txt file is not yet updated with the list > of bugfixes, although the man pages should be up to > date with the new options. > > I'm making this pre1 snapshot available so people can > test that this release builds correctly on their systems > and can get some feedback about the bugs we have left to > fix before shipping "official" 2.0.7. > > If people could download it and test it on (non-production:-) > servers I'd be grateful ! Remember this is the "stable" release > branch so it doesn't contain any of Luke's NT Domain controller > code, but it should be a damn stable fileserver (or I want > to hear about it :-). I have trouble executing from IRIX 6.5.6f R4400. compiling with no errors (a few warnings though) with gcc 2.8.1 and gmake 3.76. excepts from log.smb: [2000/01/29 09:02:36, 0] locking/shmem_sysv.c:sysv_shm_open(593) ERROR semctl: can't IPC_STAT. Error was Bad address [2000/01/29 09:02:36, 0] locking/locking.c:locking_init(174) ERROR: Failed to initialise share modes [2000/01/29 09:02:36, 0] locking/shmem_sysv.c:sysv_shm_open(593) ERROR semctl: can't IPC_STAT. Error was Bad address [2000/01/29 09:02:36, 0] locking/locking.c:locking_init(174) ERROR: Failed to initialise share modes > > FYI: I'm doing talks at LinuxWorld Paris, Open Source in > Physics (Padua, Italy) and then Usenix in Malmo (Sweeden) > over the next 2 weeks so my email response will be somewhat > spotty, although I'll attempt to monitor all responses to > the snapshot. > > Regards, > > Jeremy Allison, > Samba Team. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- From jeremy at valinux.com Sat Jan 29 21:59:28 2000 From: jeremy at valinux.com (jeremy@valinux.com) Date: Tue Dec 2 02:28:16 2003 Subject: Samba pre-2.0.7 snapshot available. In-Reply-To: <38931D99.1404D63@pjat.dk> from "Kim Bjoern Nielsen" at Jan 29, 2000 06:04:25 PM Message-ID: <200001292159.NAA11802@legion.su.valinux.com> > I have trouble executing from IRIX 6.5.6f R4400. > > compiling with no errors (a few warnings though) with gcc 2.8.1 and > gmake 3.76. > > excepts from log.smb: > > [2000/01/29 09:02:36, 0] locking/shmem_sysv.c:sysv_shm_open(593) > ERROR semctl: can't IPC_STAT. Error was Bad address > [2000/01/29 09:02:36, 0] locking/locking.c:locking_init(174) > ERROR: Failed to initialise share modes > [2000/01/29 09:02:36, 0] locking/shmem_sysv.c:sysv_shm_open(593) > ERROR semctl: can't IPC_STAT. Error was Bad address > [2000/01/29 09:02:36, 0] locking/locking.c:locking_init(174) > ERROR: Failed to initialise share modes This is not specific to 2.0.7pre1. This is actually a known problem with gcc strcture passing conventions and IRIX 6.5.x. Either compile with the SGI compiler or change includes/config.h to use MMAP rather than SYSV shared memory and it should work fine. Bug Herb if you want the full details on this (I'm emailing from my crappy laptop on the road at the moment :-). Regards, Jeremy Allison, Samba Team. From lkcl at samba.org Sun Jan 30 01:04:31 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: "attack" (manage) NT domain using the linux tools? In-Reply-To: Message-ID: yep! rpcclient. there's a man page, even. createuser, setuserinfo user -p newuserpassword, creategroup addgroup, delgroup creategroupmem etc etc it's about 98% all there. On Sat, 29 Jan 2000, Gregory Leblanc wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Say, with all this cool stuff you've been doing lately, can I use > some command line utility from TNG or someplace to manage users on an > NT 4 controlled domain? Right now I'm doing this with some of the > add-on tools for NT, but it's cludgy and I don't get any decent error > reporting. Basically, I have a script that creates users, adds them > to groups, creates their home directory, sets permissions and creates > the share (since NT doesn't implement a [homes] share, dangit). > Thanks, > Greg > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.1 for non-commercial use > > iQA/AwUBOJI5m5LW/u8jW+lnEQJMtQCg21wJqlzqhdh4GvaYpstaEuzNPD8AniDi > R+cDSEr94u4Ic4nyoSR5pKNs > =laeF > -----END PGP SIGNATURE----- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 30 01:11:56 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: coding volunteers needed for msrpc server-side API conversion In-Reply-To: <200001290240.UAA28987@pug.aae.wisc.edu> Message-ID: On Fri, 28 Jan 2000, Anders C. Thorsen wrote: > I saw that spoolss was done.. > Is there anything else I should get on with? > > Bear in mind that i'm not an expert on the samba internals, > but want to help out with the basic tasks + I want to learn more > about them. excellent! ok, i suggest you start with browserd (which contains one function. examine wkssvcd first (comments etc). talk to sean millichamp and sander striker, who are also involved with this [wonderful, boring] task, and well, basically, divide the task between yourselves :) elrond is doing lsarpc. sander wanted to do svcctl because he is also wanting to improve it. that leaves netlogo and srvsvc as the biggies, and i'll leave them up to you as to how you want to tackle those. i'm accepting patches in the form of mods to one-or-two msrpc functions ata time. i suggest you subscribe to samba-cvs so that when you start you know you won;t be duplicating effor, as i will be committing patches and naming the function call converted in the cvs commit message. the other reason is that one-function patches are easier to review. diff -u for preference. thx! > --Anders > Overworked Programmer/Student (status the same as always..) > > > On Wed, 26 Jan 2000, Anders C. Thorsen wrote: > > > > > Ok, I'm currently busy with school, but I could probably > > > spare som hrs. in the weekend. > > > > yaay :) > > > > > I'm sorry for not "grabbing" one task, as I don't have > > > the source code available where I'm at now (home). But > > > if there is something that you'd like to get done during > > > the weekend, please tell me an I'll spend some time in > > > the weekend helping you out. > > > > ok, verr' cool! well, by then, me and mr s.striker should have samr > > nailed. the next one will be spoolss. > > > > > --Anders > > > Overworked Programmer/Student until the weekend :) > > > > like at least two others! > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 30 01:23:32 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: LDAP support needs ON/OFF switch in smb.conf! In-Reply-To: <38927871.A62DBC8@Morris.net> Message-ID: hmm, interesting. use dlopen() modules for authentication... On Sat, 29 Jan 2000, Jim Morris wrote: > One would think that it would be a "good idea" to make the use of LDAP > configurable via smb.conf. I.e. we need some sort of "ldap support = > Yes/No" option, or something along those lines. That way it would be > possible to distribute a prebuilt binary for Samba that includes LDAP > support - and the user can turn it on if they need to use it... > > What do you think? Is there a good reason it cannot be turned off once > compiled in? at the moment, yes! it's #ifdef'd everything else out! From lkcl at samba.org Sun Jan 30 01:31:14 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: IRIX 6.5.6f R4400 - Compile Error In-Reply-To: <3893152C.7C9CC89@pjat.dk> Message-ID: sorry, cvs co -D "2 days ago" samba Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 30 01:30:59 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: IRIX 6.5.6f R4400 - Compile Error In-Reply-To: <3893152C.7C9CC89@pjat.dk> Message-ID: i broke it! do this cvs co "2 days ago" On Sun, 30 Jan 2000, Kim Bjoern Nielsen wrote: > Hi, > > Still having trouble with R4400 architecture: > > Latest CVS, gcc 2.8.1, gmake 3.76. > > compile exits @: > > snip... > > Compiling rpc_client/cli_login.c with libtool > Compiling rpc_client/cli_netlogon.c with libtool > Compiling rpc_client/cli_reg.c with libtool > rpc_client/cli_reg.c: In function `reg_connect': > rpc_client/cli_reg.c:104: too few arguments to function > `register_policy_hnd' > gmake: *** [rpc_client/cli_reg.lo] Error 1 > IRIX 6# > > Any ideas? > > Thanks - Kim > > Attached screendumb from ./configure (001). Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals -------------- next part -------------- loading cache ./config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -O ) works... yes checking whether the C compiler (gcc -O ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for a BSD compatible install... ./install-sh -c checking for mawk... (cached) nawk checking host system type... mips-sgi-irix6.5 checking target system type... mips-sgi-irix6.5 checking build system type... mips-sgi-irix6.5 checking config.cache system type... same checking for autoconf... (cached) autoconf checking for autoheader... (cached) autoheader checking for inline... (cached) inline checking how to run the C preprocessor... (cached) gcc -E checking for ANSI C header files... (cached) yes checking for dirent.h that defines DIR... (cached) yes checking for opendir in -ldir... (cached) no checking whether time.h and sys/time.h may both be included... (cached) yes checking for sys/wait.h that is POSIX.1 compatible... (cached) yes checking for sys/fcntl.h... (cached) yes checking for sys/select.h... (cached) yes checking for fcntl.h... (cached) yes checking for sys/time.h... (cached) yes checking for sys/unistd.h... (cached) yes checking for sys/param.h... (cached) yes checking for ctype.h... (cached) yes checking for unistd.h... (cached) yes checking for utime.h... (cached) yes checking for grp.h... (cached) yes checking for sys/id.h... (cached) no checking for limits.h... (cached) yes checking for memory.h... (cached) yes checking for net/route.h... (cached) yes checking for net/if.h... (cached) yes checking for compat.h... (cached) no checking for rpc/rpc.h... (cached) yes checking for rpcsvc/yp_prot.h... (cached) yes checking for rpcsvc/ypclnt.h... (cached) yes checking for sys/param.h... (cached) yes checking for ctype.h... (cached) yes checking for sys/wait.h... (cached) yes checking for sys/resource.h... (cached) yes checking for sys/ioctl.h... (cached) yes checking for sys/mode.h... (cached) yes checking for sys/mman.h... (cached) yes checking for sys/filio.h... (cached) yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking for stdlib.h... (cached) yes checking for sys/socket.h... (cached) yes checking for sys/un.h... (cached) yes checking for sys/mount.h... (cached) yes checking for sys/vfs.h... (cached) yes checking for sys/fs/s5param.h... (cached) no checking for sys/filsys.h... (cached) no checking for termios.h... (cached) yes checking for sys/statfs.h... (cached) yes checking for sys/dustat.h... (cached) no checking for sys/statvfs.h... (cached) yes checking for stdarg.h... (cached) yes checking for sys/sockio.h... (cached) yes checking for shadow.h... (cached) yes checking for netinet/tcp.h... (cached) no checking for sys/security.h... (cached) no checking for security/pam_appl.h... (cached) no checking for stropts.h... (cached) yes checking for poll.h... (cached) yes checking for readline.h... (cached) no checking for history.h... (cached) no checking for readline/readline.h... (cached) no checking for readline/history.h... (cached) no checking for sys/capability.h... (cached) yes checking for syscall.h... (cached) no checking for sys/syscall.h... (cached) yes checking for sys/acl.h... (cached) yes checking for sys/cdefs.h... (cached) yes checking for glob.h... (cached) yes checking for mysql.h... (cached) no checking size of int... (cached) 4 checking size of long... (cached) 4 checking size of short... (cached) 2 checking for working const... (cached) yes checking for inline... (cached) inline checking whether byte ordering is bigendian... (cached) yes checking whether char is unsigned... (cached) yes checking for ranlib... (cached) : checking for ld used by GCC... (cached) /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... (cached) no checking for BSD-compatible nm... (cached) /usr/bin/nm -B checking whether ln -s works... (cached) yes loading cache ./config.cache within ltconfig checking for object suffix... o checking for executable suffix... (cached) no checking for gcc option to produce PIC... none checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.lo... yes checking if gcc supports -fno-rtti -fno-exceptions ... yes checking if gcc static flag -static works... none checking if the linker (/usr/bin/ld -n32) is GNU ld... no checking whether the linker (/usr/bin/ld -n32) supports shared libraries... yes checking command to parse /usr/bin/nm -B output... ok checking how to hardcode library paths into programs... immediate checking for /usr/bin/ld -n32 option to reload object files... -r checking dynamic linker characteristics... irix6.5 ld.so checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no checking for objdir... .libs creating libtool loading cache ./config.cache checking return type of signal handlers... (cached) void checking for uid_t in sys/types.h... (cached) yes checking for mode_t... (cached) yes checking for off_t... (cached) yes checking for size_t... (cached) yes checking for pid_t... (cached) yes checking for st_rdev in struct stat... (cached) yes checking for d_off in dirent... (cached) yes checking for ino_t... (cached) yes checking for loff_t... (cached) no checking for offset_t... (cached) no checking for ssize_t... (cached) yes checking for errno in errno.h... (cached) yes checking for setresuid declaration... (cached) no checking for crypt declaration... (cached) yes checking for real setresuid... (cached) no checking for 8-bit clean memcmp... (cached) yes checking for crypt... (cached) yes checking for pam_authenticate... (cached) no checking for pam_authenticate in -lpam... (cached) no checking for connect... (cached) yes checking for waitpid... (cached) yes checking for getcwd... (cached) yes checking for strdup... (cached) yes checking for strtoul... (cached) yes checking for strerror... (cached) yes checking for chown... (cached) yes checking for chmod... (cached) yes checking for chroot... (cached) yes checking for fstat... (cached) yes checking for strchr... (cached) yes checking for utime... (cached) yes checking for utimes... (cached) yes checking for getrlimit... (cached) yes checking for fsync... (cached) yes checking for execl... (cached) yes checking for bzero... (cached) yes checking for memset... (cached) yes checking for memmove... (cached) yes checking for vsnprintf... (cached) yes checking for snprintf... (cached) yes checking for setsid... (cached) yes checking for glob... (cached) yes checking for strpbrk... (cached) yes checking for pipe... (cached) yes checking for crypt16... (cached) no checking for getauthuid... (cached) no checking for strftime... (cached) yes checking for sigprocmask... (cached) yes checking for sigblock... (cached) yes checking for sigaction... (cached) yes checking for innetgr... (cached) yes checking for setnetgrent... (cached) yes checking for getnetgrent... (cached) yes checking for endnetgrent... (cached) yes checking for initgroups... (cached) yes checking for select... (cached) yes checking for rdchk... (cached) no checking for getgrnam... (cached) yes checking for pathconf... (cached) yes checking for setuidx... (cached) no checking for setgroups... (cached) yes checking for mktime... (cached) yes checking for rename... (cached) yes checking for ftruncate... (cached) yes checking for stat64... (cached) yes checking for fstat64... (cached) yes checking for lstat64... (cached) yes checking for fopen64... (cached) yes checking for atexit... (cached) yes checking for grantpt... (cached) yes checking for dup2... (cached) yes checking for lseek64... (cached) yes checking for ftruncate64... (cached) yes checking for fseek64... (cached) yes checking for ftell64... (cached) yes checking for setluid... (cached) no checking for yp_get_default_domain... (cached) yes checking for getpwanam... (cached) no checking for srandom... (cached) yes checking for random... (cached) yes checking for srand... (cached) yes checking for rand... (cached) yes checking for setenv... (cached) no checking for mmap64... (cached) yes checking for syscall... (cached) yes checking for _dup... (cached) yes checking for _dup2... (cached) yes checking for _opendir... (cached) yes checking for _readdir... (cached) yes checking for _seekdir... (cached) yes checking for _telldir... (cached) yes checking for _closedir... (cached) yes checking for __dup... (cached) no checking for __dup2... (cached) no checking for __opendir... (cached) no checking for __readdir... (cached) no checking for __seekdir... (cached) no checking for __telldir... (cached) no checking for __closedir... (cached) no checking for __getcwd... (cached) yes checking for _getcwd... (cached) yes checking for __xstat... (cached) no checking for __fxstat... (cached) no checking for __lxstat... (cached) no checking for _stat... (cached) yes checking for _lstat... (cached) yes checking for _fstat... (cached) yes checking for __stat... (cached) no checking for __lstat... (cached) no checking for __fstat... (cached) no checking for _acl... (cached) no checking for __acl... (cached) no checking for _facl... (cached) no checking for __facl... (cached) no checking for _open... (cached) yes checking for __open... (cached) no checking for _chdir... (cached) yes checking for __chdir... (cached) no checking for _close... (cached) yes checking for __close... (cached) yes checking for _fchdir... (cached) yes checking for __fchdir... (cached) no checking for _fcntl... (cached) yes checking for __fcntl... (cached) no checking for getdents... (cached) yes checking for _getdents... (cached) yes checking for __getdents... (cached) no checking for _lseek... (cached) yes checking for __lseek... (cached) no checking for _read... (cached) yes checking for __read... (cached) no checking for _write... (cached) yes checking for __write... (cached) yes checking for _fork... (cached) yes checking for __fork... (cached) yes checking for _stat64... (cached) yes checking for __stat64... (cached) no checking for _fstat64... (cached) yes checking for __fstat64... (cached) no checking for _lstat64... (cached) yes checking for __lstat64... (cached) no checking for __sys_llseek... (cached) no checking for llseek... (cached) no checking for _llseek... (cached) no checking for __llseek... (cached) no checking for readdir64... (cached) yes checking for _readdir64... (cached) yes checking for __readdir64... (cached) no checking for pread... (cached) yes checking for _pread... (cached) yes checking for __pread... (cached) no checking for pread64... (cached) yes checking for _pread64... (cached) yes checking for __pread64... (cached) no checking for pwrite... (cached) yes checking for _pwrite... (cached) yes checking for __pwrite... (cached) no checking for pwrite64... (cached) yes checking for _pwrite64... (cached) yes checking for __pwrite64... (cached) no checking for open64... (cached) yes checking for _open64... (cached) yes checking for __open64... (cached) no checking for creat64... (cached) yes checking for putprpwnam in -lsecurity... (cached) no checking for putprpwnam... (cached) no checking for putprpwnam in -lsec... (cached) no checking for putprpwnam... (cached) no checking for set_auth_parameters in -lsecurity... (cached) no checking for set_auth_parameters... (cached) no checking for set_auth_parameters in -lsec... (cached) no checking for set_auth_parameters... (cached) no checking for getspnam in -lsecurity... (cached) no checking for getspnam... (cached) yes checking for getspnam in -lsec... (cached) no checking for getspnam... (cached) yes checking for bigcrypt in -lsecurity... (cached) no checking for bigcrypt... (cached) no checking for bigcrypt in -lsec... (cached) no checking for bigcrypt... (cached) no checking for getprpwnam in -lsecurity... (cached) no checking for getprpwnam... (cached) no checking for getprpwnam in -lsec... (cached) no checking for getprpwnam... (cached) no checking whether gcc accepts -fpic... (cached) yes checking for long long... (cached) yes checking for 64 bit off_t... (cached) yes checking for off64_t... (cached) no checking for 64 bit ino_t... (cached) yes checking for ino64_t... (cached) no checking for union semun... (cached) yes checking for unsigned char... (cached) yes checking for sin_len in sock... (cached) no checking whether seekdir returns void... (cached) no checking for __FILE__ macro... (cached) yes checking for __FUNCTION__ macro... (cached) yes checking if gettimeofday takes tz argument... (cached) yes checking for broken readdir... (cached) no checking for utimbuf... (cached) yes checking for kernel oplock type definitions... (cached) yes checking for irix specific capabilities... (cached) yes checking for int16 typedef included by rpc/rpc.h... (cached) no checking for uint16 typedef included by rpc/rpc.h... (cached) no checking for int32 typedef included by rpc/rpc.h... (cached) no checking for uint32 typedef included by rpc/rpc.h... (cached) no checking for test routines... yes checking for ftruncate extend... (cached) yes checking for broken getgroups... (cached) no checking whether getpass should be replaced... (cached) no checking for broken inet_ntoa... (cached) yes checking for root... (cached) yes checking for netmask ifconf... (cached) yes checking for trapdoor seteuid... (cached) no checking for shared mmap... (cached) yes checking for fcntl locking... (cached) yes checking for 64 bit fcntl locking... (cached) yes checking for sysv ipc... (cached) yes checking whether to use libmsrpc... yes checking whether to use libubiqx... yes checking whether to use libsamba... yes checking whether to use libnmb... yes checking whether to use libsmbpw... yes checking whether to use libsmb... yes checking whether to use smbwrapper... no checking whether to use AFS... no checking whether to use DFS auth... no checking whether to use Kerberos IV... no checking whether to use AUTOMOUNT... no checking whether to use SMBMOUNT... no checking whether to use LDAP password database... no checking whether to use NISPLUS password database... no checking whether to use NISPLUS_HOME... no checking whether to use SSL... no checking whether to use MMAP... no checking whether to use syslog logging... no checking whether to use profiling... no checking whether to support netatalk... no checking whether to support disk-quotas... no checking how to get filesystem space usage checking statvfs64 function (SVR4)... (cached) no checking statvfs function (SVR4)... (cached) yes checking configure summary configure OK creating ./config.status creating include/stamp-h creating Makefile creating include/config.h include/config.h is unchanged From 102144.2377 at compuserve.com Sun Jan 30 02:07:13 2000 From: 102144.2377 at compuserve.com (Steve Kirkup) Date: Tue Dec 2 02:28:16 2003 Subject: Samba Compatibility with WIn32 Message-ID: <200001292108_MC2-96DC-A83F@compuserve.com> Here is a question for someone on the Samba team, As you attempt to integrate the NT tools with Samba to some degree would this also allow compatibility with the Win32 calls that are used Perl? It is probalbly a stupid question but I am curious enough to ask anyways. Steve K From lkcl at samba.org Sun Jan 30 03:49:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: Samba Compatibility with WIn32 In-Reply-To: <200001292108_MC2-96DC-A83F@compuserve.com> Message-ID: at the moment, only those info levels supported by standard nt tools such as usrmgr, srvmgr, entlog, regedt32 etc etc. later on, when we have idl files, adding extra info levels is going to be trivial. On Sun, 30 Jan 2000, Steve Kirkup wrote: > Here is a question for someone on the Samba team, > > As you attempt to integrate the NT tools with Samba to some > degree would this also allow compatibility with the Win32 calls > that are used Perl? It is probalbly a stupid question but I > am curious enough to ask anyways. > > Steve K > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From schapiro at clerk.pi.huji.ac.il Sun Jan 30 07:07:14 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:28:16 2003 Subject: editable databases In-Reply-To: Message-ID: Hi Folks, the fact that I have smbpasswd as a text file that I can change by hand (or script) is THE ONLY REASON for me to move to Samba. I have to install classrooms with NT WS via imaging and only because I can copy the password hash entrys between workstation accounts I can install my NT classes 100% automatically. Please don't loose that edge over MS ! PS: What I really would like to see is some kind of "collect mode" for workstation accounts, e.g. I set a flag in the PDC and then it accepts all WS logins with the password THEY send ( or the hash value) and keeps it for further logons. Thus registering workstations will be easy, just open up the PDC, boot all clients, lock the PDC and all clients are registered. This will also save us from doing the smbpasswd -a -m WS. I am suggestion this mode not as standard mode of operation, but for bigger installations that have to register many clients automatically. Schlomo On Sat, 29 Jan 2000, Peter Svensson wrote: > On Sat, 29 Jan 2000, Elrond wrote: > > > > > Well, I like to do funny things, like comment out users, > > > > > > oo! *wobble*makes me go jittery at the knees just tinking about it. > > > > *grin* > > > > You never saw sysadmins adding users by editing /etc/passwd > > directly? Well... I'm one of these. ;) > > Isn't that why we use samba instead of NT? :-) > > (Actually, for us it sort of is the reason - we grew tired of mysterious > databases that weren't vi-able) > > Peter > -- > Peter Svensson ! Pgp key available by finger, fingerprint: > ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF > ! > ------------------------------------------------------------------------ > Remember, Luke, your source will be with you... always... > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-85812 email: schapiro@clerk.pi.huji.ac.il From kbn at pjat.dk Sun Jan 30 12:05:45 2000 From: kbn at pjat.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:28:16 2003 Subject: IRIX 6.5.6f R4400 - Compile Error References: Message-ID: <38942919.953E2A1@pjat.dk> Luke Kenneth Casson Leighton wrote: > > i broke it! do this > > cvs co "2 days ago" > OK, that probably brought back other funnies (-: - Are you planning to "unbrake" it back? Meanwhile I updated gcc to 2.95.2, and gmake to 3.78.1 - so now I have no clue to where I am! - pretty lost though (-: Thanks - Kim > On Sun, 30 Jan 2000, Kim Bjoern Nielsen wrote: > > > Hi, > > > > Still having trouble with R4400 architecture: > > > > Latest CVS, gcc 2.8.1, gmake 3.76. > > > > compile exits @: > > > > snip... > > > > Compiling rpc_client/cli_login.c with libtool > > Compiling rpc_client/cli_netlogon.c with libtool > > Compiling rpc_client/cli_reg.c with libtool > > rpc_client/cli_reg.c: In function `reg_connect': > > rpc_client/cli_reg.c:104: too few arguments to function > > `register_policy_hnd' > > gmake: *** [rpc_client/cli_reg.lo] Error 1 > > IRIX 6# > > > > Any ideas? > > > > Thanks - Kim > > > > Attached screendumb from ./configure (001). > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > ------------------------------------------------------------------------ > > log-001.txtName: log-001.txt > Type: Plain Text (TEXT/PLAIN) From Jim at Morris.net Sun Jan 30 20:48:46 2000 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:28:16 2003 Subject: LDAP support needs ON/OFF switch in smb.conf! References: Message-ID: <3894A3AE.C26610A1@Morris.net> Luke Kenneth Casson Leighton wrote: > > > > What do you think? Is there a good reason it cannot be turned off once > > compiled in? > > at the moment, yes! it's #ifdef'd everything else out! Okay! I'll believe that - sure explains my observations! ;-) Definitely need to be changed before Samba 3.0.0 though.... -- /------------------------------------------------\ | Jim Morris | Business: jmorris@rtc-group.com | | | Personal: Jim@Morris.net | |------------------------------------------------| | AOL Instant Messenger: JFM2001 | \------------------------------------------------/ From lkcl at samba.org Sun Jan 30 20:57:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: LDAP support needs ON/OFF switch in smb.conf! In-Reply-To: <3894A3AE.C26610A1@Morris.net> Message-ID: On Sun, 30 Jan 2000, Jim Morris wrote: > Luke Kenneth Casson Leighton wrote: > > > > > > > What do you think? Is there a good reason it cannot be turned off once > > > compiled in? > > > > at the moment, yes! it's #ifdef'd everything else out! > > Okay! I'll believe that - sure explains my observations! ;-) > > Definitely need to be changed before Samba 3.0.0 though.... umm... why? :) i mean, why would you _want_ to have two separate accounts databases. the only secure way to use ldap support at the moment is to use it on loopback (127.0.0.1) because the password hashes are transmitted in-the-clear. the other way is to use ssh tunneling of the ldap port. From hanak at IRIS.osu.cz Sun Jan 30 22:02:49 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:28:16 2003 Subject: UNIX and SAMBA passwd sync Message-ID: Hi all, does anybody know how to synchronize UNIX psswords with SAMBA. From SAMBA to UNIX it works fine (congratulations, SAMBA is a great thing!). But i want to change SAMBA password whenever i change password with UNIX passwd(1). Of course i can wrote my passwd, but i think that better solution already exists. Thanks for any tips. O.H. From lkcl at samba.org Sun Jan 30 22:11:44 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: UNIX and SAMBA passwd sync In-Reply-To: Message-ID: yes, you can use pam_smbpass to do this. if you want to write pam_ntpass i can tell you how. you will need PAMs on your local Unix workstation. On Mon, 31 Jan 2000, Ondrej Hanak wrote: > Hi all, > does anybody know how to synchronize UNIX psswords with SAMBA. From SAMBA > to UNIX it works fine (congratulations, SAMBA is a great thing!). > But i want to change SAMBA password whenever i change password with UNIX > passwd(1). Of course i can wrote my passwd, but i think that better > solution already exists. > Thanks for any tips. > O.H. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From gaurav at carroll.com Sun Jan 30 22:35:35 2000 From: gaurav at carroll.com (G. Naik) Date: Tue Dec 2 02:28:16 2003 Subject: SAMRD Message-ID: I have samba-TNG (cvs from about 2 or 3 days ago), installed on a FreeBSD 3.4 server, with domain logins = yes, roaming profiles, etc... Can someone please tell me what functionality samrd provides. I was thinking, that if i don't need it, I won't use it. I find it is crashing a lot, especially when a user logs in on an NT workstation. === samr.log Getting policy sid=S-1-5-21-4156153-2665413409-1581556546 pnum=2 =============================================================== INTERNAL ERROR: Signal 11 in pid 42986 (TNG-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error === --- Gaurav Naik ("g") | C A R R O L L - N E T, Inc. 201-488-1332 | www.carroll.com From lkcl at samba.org Sun Jan 30 22:49:00 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: SAMRD In-Reply-To: Message-ID: On Mon, 31 Jan 2000, G. Naik wrote: > I have samba-TNG (cvs from about 2 or 3 days ago), installed on a FreeBSD > 3.4 server, with domain logins = yes, roaming profiles, etc... > > Can someone please tell me what functionality samrd provides. I was > thinking, that if i don't need it, I won't use it. I find it is > crashing a lot, especially when a user logs in on an NT workstation. it provides a SAM database interface. Server accounts Manager. if you are configured with "encrypt passwords = no", which you are not, you don't need it. you are using domain logons = yes, therefore you need "enc pw = yes", therefore you need samrd. please follow debug reporting instructions in the samba_tng faq. see source/README. please send report, but i'd prefer it if you'd do a cvs update and recompile, first, i've fixed a lot of stuff. thx! luke > === > samr.log > Getting policy sid=S-1-5-21-4156153-2665413409-1581556546 pnum=2 > =============================================================== > INTERNAL ERROR: Signal 11 in pid 42986 (TNG-prealpha) > Please read the file BUGS.txt in the distribution > =============================================================== > PANIC: internal error > > === > > --- > Gaurav Naik ("g") | C A R R O L L - N E T, Inc. > 201-488-1332 | www.carroll.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From D.Bannon at latrobe.edu.au Sun Jan 30 23:21:50 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:28:16 2003 Subject: UNIX and SAMBA passwd sync In-Reply-To: Message-ID: <3.0.6.32.20000131102150.008e5d10@bioserve.latrobe.edu.au> At 09:02 AM 31/01/2000 +1100, Ondrej Hanak wrote: >Hi all, >does anybody know how to synchronize UNIX psswords with SAMBA. From SAMBA >to UNIX it works fine (congratulations, SAMBA is a great thing!). >But i want to change SAMBA password whenever i change password with UNIX >passwd(1). Of course i can wrote my passwd, but i think that better >solution already exists. >Thanks for any tips. I used to use a modified version of the unix passwd command to do just that. But seems pretty silly now that samba will will do the reverse. I can send you the source if you need, but consider only changing through samba, much safer and cleaner. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From c.bourgois at chrysoft.com Mon Jan 31 00:25:38 2000 From: c.bourgois at chrysoft.com (Christophe BOURGOIS) Date: Tue Dec 2 02:28:16 2003 Subject: Creating a PDC with Samba Message-ID: <3894D682.8FE6D7EC@chrysoft.com> Hi, I can log my workstations (W95 and W98) on the NT Domain, user name and passwords are OK. My problem is this one : I can't share my resources for users, the list of users is not accessible. I think I have to create a PDC but I don't know how. Where can I find the infomation please ? I use Samba version 2.0.3. Thanks. XTophe. From sam at topic.com.au Mon Jan 31 00:58:48 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:28:16 2003 Subject: LDAP support needs ON/OFF switch in smb.conf! In-Reply-To: ; from lkcl@samba.org on Sun, Jan 30, 2000 at 12:28:01PM +1100 References: <38927871.A62DBC8@Morris.net> Message-ID: <20000131115848.C2074@mailhost.topic.com.au> Luke Kenneth Casson Leighton wrote: > hmm, interesting. use dlopen() modules for authentication... Sounds like a job for PAM. -- Sam Couter sam@topic.com.au Internet Engineer http://www.topic.com.au/ tSA Consulting From sam at topic.com.au Mon Jan 31 01:01:44 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:28:16 2003 Subject: UNIX and SAMBA passwd sync In-Reply-To: ; from lkcl@samba.org on Mon, Jan 31, 2000 at 09:15:48AM +1100 References: Message-ID: <20000131120144.D2074@mailhost.topic.com.au> Luke Kenneth Casson Leighton wrote: > yes, you can use pam_smbpass to do this. if you want to write pam_ntpass > i can tell you how. Me, me, tell me! This is something I want for our setup. At the moment I have PAM denying all password changing on workstations, it needs to be done on the server. This is obviously a slight pain. -- Sam Couter sam@topic.com.au Internet Engineer http://www.topic.com.au/ tSA Consulting From lkcl at samba.org Mon Jan 31 03:14:43 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: UNICODE string case-conversion Message-ID: hey, this is probably more of an NT developer question than anything, but um... i need a strlowerW() function. i.e i need a UNICODE function that converts Unidode chatacters to lower case. firstly, does such a function exist, and does it work sensibly on russian etc alphabets, on NT? From Jim at Morris.net Mon Jan 31 03:57:02 2000 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:28:16 2003 Subject: LDAP disables password setting from client? References: <38927871.A62DBC8@Morris.net> <20000131115848.C2074@mailhost.topic.com.au> Message-ID: <3895080E.9DF8ACCC@Morris.net> Okay, here's another question related to the LDAP support in Samba. If LDAP is enabled, does it prevent a Windows client PC from using the change password dialog on the PC to set their network password on the Samba server? The reason I ask is that password setting worked before I switched to LDAP, i.e. when I was storing passwords in the smbpasswd file... Thanks! -- /------------------------------------------------\ | Jim Morris | Business: jmorris@rtc-group.com | | | Personal: Jim@Morris.net | |------------------------------------------------| | AOL Instant Messenger: JFM2001 | \------------------------------------------------/ From lkcl at samba.org Mon Jan 31 04:09:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: LDAP disables password setting from client? In-Reply-To: <3895080E.9DF8ACCC@Morris.net> Message-ID: in samba-tng? no [it does not prevent...] i have no idea (and actually no interest!) what works in 2.0.x On Mon, 31 Jan 2000, Jim Morris wrote: > Okay, here's another question related to the LDAP support in Samba. > > If LDAP is enabled, does it prevent a Windows client PC from using the > change password dialog on the PC to set their network password on > the Samba server? > > The reason I ask is that password setting worked before I switched to > LDAP, i.e. when I was storing passwords in the smbpasswd file... > > Thanks! > > -- > /------------------------------------------------\ > | Jim Morris | Business: jmorris@rtc-group.com | > | | Personal: Jim@Morris.net | > |------------------------------------------------| > | AOL Instant Messenger: JFM2001 | > \------------------------------------------------/ > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From ringram at acpl.lib.wy.us Mon Jan 31 04:47:07 2000 From: ringram at acpl.lib.wy.us (Russel H. Ingram) Date: Tue Dec 2 02:28:16 2003 Subject: Problem with User Manager and latest SAMBA_TNG cvs code Message-ID: <389513CB.90497E17@acpl.lib.wy.us> I just downloaded, compiled, and installed the latest cvs SAMBA_TNG code to run an experimental Samba PDC today. I have successfully joined the domain with both WinNT 4.0 Workstations but can no longer view either the domain users or the local group members. Using the User Manager for Domains I am unable to see the domain groups and users for lack of priviledges. Using the User Manager I am unable to access the groups from even the local administrator account. When trying to access the local groups the User Manager complains of a lost connection to the domain. I compiled it --with-automount --with-quotas --with-profiles on Linux kernel version 2.2.14. I'm running all of the daemons except for spoolssd (no printers setup on the server yet). Below is the global section of my smb.conf. Is this a bug in the code or a problem with my setup? [global] netbios name = ghost workgroup = borg password level = 8 allow hosts = 192.168.1. 127.0.0. 192.168.1.11 interfaces = 192.168.1.100 printcap name = /etc/printcap load printers = YES log file = /var/log/samba-log.%m max log size = 50 short preserve case = YES preserve case = YES locking = NO strict locking = NO os level = 33 security = user encrypt passwords = yes smb passwd file = /usr/local/samba/private/smbpasswd domain master = YES null passwords = true status = YES wins support = YES wins proxy = YES domain logons = yes local master = yes preferred master = yes logon path = "\\%L\%U\profile" logon home = "\\%L\%U" logon drive = h: browseable = YES default case = lower TIA, --Russ Russel Ingram | "In a world without fences, who needs Gates?" Linux.com Support Staff | gargoyle@linux.com | -- Linux Journal From mgeddes at xavier.sa.edu.au Mon Jan 31 06:06:15 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:16 2003 Subject: Problem with User Manager and latest SAMBA_TNG cvs code References: <389513CB.90497E17@acpl.lib.wy.us> Message-ID: <38952657.EA779CA9@xavier.sa.edu.au> "Russel H. Ingram" wrote: > I just downloaded, compiled, and installed the latest cvs SAMBA_TNG code > to run an experimental Samba PDC today. I have successfully joined the > domain with both WinNT 4.0 Workstations but can no longer view either > the domain users or the local group members. Using the User Manager for > Domains I am unable to see the domain groups and users for lack of > priviledges. Using the User Manager I am unable to access the groups > from even the local administrator account. When trying to access the > local groups the User Manager complains of a lost connection to the > domain. I compiled it --with-automount --with-quotas --with-profiles on > Linux kernel version 2.2.14. I'm running all of the daemons except for > spoolssd (no printers setup on the server yet). What do the logs say? I had some problems with the --with-profiles configure option. Luke knows more details. Then again, Luke knows ALL the details about ALL things. Matt From lkcl at samba.org Mon Jan 31 06:06:01 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:16 2003 Subject: Problem with User Manager and latest SAMBA_TNG cvs code In-Reply-To: <38952657.EA779CA9@xavier.sa.edu.au> Message-ID: > What do the logs say? I had some problems with the --with-profiles > configure option. Luke knows more details. Then again, Luke knows ALL the > details about ALL things. eh he. eh he. now you've landed me in it, matthew. i know nothing about unix, race conditions, unix security and the like. plus, i was going to keep quiet on this one until i've finished the samtdb database. From ringram at acpl.lib.wy.us Mon Jan 31 06:11:14 2000 From: ringram at acpl.lib.wy.us (Russel H. Ingram) Date: Tue Dec 2 02:28:16 2003 Subject: Problem with User Manager and latest SAMBA_TNG cvs code References: <389513CB.90497E17@acpl.lib.wy.us> <38952657.EA779CA9@xavier.sa.edu.au> Message-ID: <38952782.4E556ECA@acpl.lib.wy.us> Matthew Geddes wrote: > > "Russel H. Ingram" wrote: > > > I just downloaded, compiled, and installed the latest cvs SAMBA_TNG code > > to run an experimental Samba PDC today. I have successfully joined the > > domain with both WinNT 4.0 Workstations but can no longer view either > > the domain users or the local group members. Using the User Manager for > > Domains I am unable to see the domain groups and users for lack of > > priviledges. Using the User Manager I am unable to access the groups > > from even the local administrator account. When trying to access the > > local groups the User Manager complains of a lost connection to the > > domain. I compiled it --with-automount --with-quotas --with-profiles on > > Linux kernel version 2.2.14. I'm running all of the daemons except for > > spoolssd (no printers setup on the server yet). > > What do the logs say? I had some problems with the --with-profiles > configure option. Luke knows more details. Then again, Luke knows ALL the > details about ALL things. > > Matt Which log should I be looking in and what degug level should samba be set at? --Russ Russel Ingram | "In a world without fences, who needs Gates?" Linux.com Support Staff | gargoyle@linux.com | -- Linux Journal From Skripi at hrzpub.tu-darmstadt.de Mon Jan 31 09:55:25 2000 From: Skripi at hrzpub.tu-darmstadt.de (Jens Skripczynski) Date: Tue Dec 2 02:28:16 2003 Subject: Creating a PDC with Samba In-Reply-To: <3894D682.8FE6D7EC@chrysoft.com>; from c.bourgois@chrysoft.com on Mon, Jan 31, 2000 at 11:31:09AM +1100 References: <3894D682.8FE6D7EC@chrysoft.com> Message-ID: <20000131105525.A1276@shadowland.sc> Christophe BOURGOIS: > Hi, > > I can log my workstations (W95 and W98) on the NT Domain, user name and > passwords are OK. > > My problem is this one : > I can't share my resources for users, the list of users is not > accessible. I think I have to create a PDC but I don't know how. > Where can I find the infomation please ? > > I use Samba version 2.0.3. First Take a look at : http://www.kneschke.de/projekte/samba_tng/index.php3 Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From giulioo at pobox.com Mon Jan 31 12:36:19 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:28:16 2003 Subject: Samba pre-2.0.7 snapshot available. In-Reply-To: <20000129060019.26941.qmail@web113.yahoomail.com> References: <20000129060019.26941.qmail@web113.yahoomail.com> Message-ID: <20000131123638.1891230F9@i3.golden.dom> On Sat, 29 Jan 2000 17:04:59 +1100, hai scritto: >does 2.0.7 have support for NT PDC, or have you >removed them ? 2.0.7 is 2.0.6 plus something. So it should work, however backup your private dir :) -- giulioo@pobox.com From greg at discreet.com Mon Jan 31 12:45:25 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:16 2003 Subject: TNG does not build Message-ID: Hi, I haven't checked the log file in a few days so it might not be new but from the TNG cvs from 4am this morning I get: Compiling lsarpcd/srv_lsa.c Gmake: *** No rule to make target `lsarpcd/srv_lsa_samdb.o', needed by `bin/lsarpcd'. Stop. Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From andrea.modena at telital.com Mon Jan 31 14:29:31 2000 From: andrea.modena at telital.com (Andrea Modena) Date: Tue Dec 2 02:28:16 2003 Subject: Problem with connections a server IRIX with a PDC server Message-ID: <000601bf6bf7$96d5ee80$1e04a8c0@eda.telital.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 996 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000131/4d6537f0/attachment.obj From leborgne at iut.univ-aix.fr Mon Jan 31 16:25:29 2000 From: leborgne at iut.univ-aix.fr (Le Borgne) Date: Tue Dec 2 02:28:16 2003 Subject: No subject Message-ID: <2.2f.32.20000131162529.0063f3a4@mel.iut.univ-aix.fr> Hi I am using the cvs branch 2.1 (september 99) and it works very well. samba is running as a PDC on a linux redhat 6.0. On the net : 65 NT 3.51 workstations. My question is : - Is there a limit in the number of NT stations you can have in your domain (or the number of login) ? I noticed that when the number of 60 smbd was reached(but maybe it is due to something else) , the PDC became lost : - on some nt stations you cannot view the shares of other stations (neither the shares of the PDC) - you get an error message saying your profile is not available ( the profiles are based on machine names).It looks as if the PDC didn't recognize the name of the client machine. I tried today the latest cvs but it doesn't change anything . Any idea ? Thanks Part of my smb.conf : # samba PDC (IP address A.B.C.D) [global] debug level = 0 max log size = 1000 server string = SERVER workgroup = DOMAIN hosts allow = 127.0.0.1 , xxx.xxx.xxx. security = user encrypt passwords = yes printing = sysv printcap name = /etc/printcap socket options = TCP_NODELAY create mask = 0700 directory mask = 0700 unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password:* %n\n *successfull* passwd chat debug = true wins support = yes dns proxy = no domain master = yes local master = yes preferred master = yes os level = 255 domain logons = yes logon path = \\%N\ntprofile\%m.man logon script = debut.bat username map = /usr/local/samba/lib/users.map # unix group that has NT domain admin privileges # note - this changes in samba 2.1 domain group map = /usr/local/samba/lib/domaingroup.map admin users = root domain admin group = adm domain admin users = root [netlogon] comment = Samba Network Logon Service path = /usr/local/samba/netlogon write list = root create mask = 0775 directory mask = 0775 [homes] comment = Home Directory for %U browseable = no writeable = yes [ntprofile] comment = NT Profile parent directory for %U path = /usr/local/samba/profiles browseable = no writeable = no - Mme Dominique Le Borgne - Dept Informatique - IUT - Avenue Gaston Berger - 13625 Aix-en-Provence cedex - tel : (33) 04 42 93 90 42 fax : (33) 04 42 93 90 74 From dbadrak at tco.census.gov Mon Jan 31 16:45:43 2000 From: dbadrak at tco.census.gov (Don Badrak) Date: Tue Dec 2 02:28:16 2003 Subject: Samba pre-2.0.7 snapshot available. In-Reply-To: <200001292159.NAA11802@legion.su.valinux.com> Message-ID: On Sun, 30 Jan 2000 jeremy@valinux.com wrote: > > I have trouble executing from IRIX 6.5.6f R4400. > > > > compiling with no errors (a few warnings though) with gcc 2.8.1 and > > gmake 3.76. > > > > excepts from log.smb: > > > > [2000/01/29 09:02:36, 0] locking/shmem_sysv.c:sysv_shm_open(593) > > ERROR semctl: can't IPC_STAT. Error was Bad address > > [2000/01/29 09:02:36, 0] locking/locking.c:locking_init(174) > > ERROR: Failed to initialise share modes > > [2000/01/29 09:02:36, 0] locking/shmem_sysv.c:sysv_shm_open(593) > > ERROR semctl: can't IPC_STAT. Error was Bad address > > [2000/01/29 09:02:36, 0] locking/locking.c:locking_init(174) > > ERROR: Failed to initialise share modes > > This is not specific to 2.0.7pre1. This is actually a known > problem with gcc strcture passing conventions and IRIX 6.5.x. > > Either compile with the SGI compiler or change includes/config.h > to use MMAP rather than SYSV shared memory and it should work fine. > > Bug Herb if you want the full details on this (I'm emailing from > my crappy laptop on the road at the moment :-). During my compiles of previous versions (2.0.5a and earliers), I put in a quick hack for this. A known problem with gcc on IRIX is in passing structures by value using n32 objects (gcc 2.8 and later). The alignment is wrong. It should be left aligned but ends up right aligned. I use something like this (wherever the struct semun is used, in the semaphore stuff): #ifdef USE_SYSV_IPC +#ifdef SGI_SEMUN_HACK +union semun_hack { + int val; + struct semid_ds *buf; + unsigned short *array; + char __dummy[5]; +}; +#define semun semun_hack +#endif The __dummy[5] forces the alignment left. I then defined -DSGI_SEMUMN_HACK. A better name I suppose would be -DSGI_GCC_HACK_ALIGN, but it works for me. In 2.0.5a, this was in locking/shmem_sysv.c and locking/sysv_ipc.c. I haven't build 2.0.6 or 2.0.7pre1. Might it be possible to add this to the autoconf? Don -- Don Badrak 301.457.8263 work Telecommunications Office 301.457.4438 fax U.S. Bureau of the Census Suitland MD, USA From abrock at georgefox.edu Mon Jan 31 15:12:53 2000 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:28:17 2003 Subject: Frustrated with browsing, domains, and network logins ... In-Reply-To: Message-ID: <4.2.0.58.20000131080145.009769e0@localhost> At 03:59 AM 1/28/00 -0800, lk@NetUSE.DE wrote: >Anthony Brock wrote: > >> We have a WINS server located at x.x.4.1 ->dns1 (Samba 2.0.6) > >> We have a Domain PDC for PLANTSERVICES located at x.x.9.61 -> > >plant_server > >> (NT 4.0 ServicePack 5) > >> We have a workstation that needs to login to PLANTSERVICES at x.x.5.154 > >-> > >> dherron (Win98) >Have you disabled the wins-server on the PDC? Yes, WINS is disabled on both the PDC and BDC. >Use all clients the same WINS-server? And do all clients and >servers use a WINS-server? Currently, all clients use DHCP and are assigned the same WINS server address (x.x.4.1). When I installed the NT PDC, it also was configured with this WINS address (I also added the WINS to the BDC at that time, which was about 4 months ago). >Which Sambaversion do you use? The WINS Server was recently down-graded back to 2.0.6 (since virtually all of our cross-network browsing became VERY unstable when we tried to upgrade to Samba-TNG). >Can you post the global section from smb.conf? # Samba config file created using SWAT # from dns1.georgefox.edu (x.x.4.1) # Date: 1999/12/27 10:47:49 # Global parameters [global] workgroup = IT encrypt passwords = Yes syslog = 0 time server = Yes logon script = startup.bat domain logons = Yes os level = 34 preferred master = Yes domain master = Yes wins support = Yes >What says log.nmb? Please look who is the local masterbrowser and >such things. From the following, I believe the local master browsers are x.x.9.61 and x.x.4.1 (which seems correct). However, since the weekend, it appears that x.x.5.154 is no longer showing up as a local master browser again *sigh*. I checked the other current local master browsers on the x.x.5.x network, and none of them are in the PLANTSERVICES domain. $ nmblookup -B x.x.9.255 -S -M plantservices querying plantservices on x.x.9.255 x.x.9.61 plantservices<1d> Looking up status of x.x.9.61 received 10 names PLANT_SERVER <00> - M PLANTSERVICES <00> - M PLANTSERVICES <1c> - M PLANT_SERVER <20> - M PLANTSERVICES <1b> - M PLANT_SERVER <03> - M PLANTSERVICES <1e> - M ADMINISTRATOR <03> - M PLANTSERVICES <1d> - M ..__MSBROWSE__. <01> - M num_good_sends=0 num_good_receives=0 $ nmblookup -A x.x.4.1 Looking up status of x.x.4.1 received 9 names DNS1 <00> - M DNS1 <03> - M DNS1 <20> - M ..__MSBROWSE__. <01> - M IT <00> - M IT <1b> - M IT <1c> - M IT <1d> - M IT <1e> - M num_good_sends=0 num_good_receives=0 $ nmblookup -B 198.106.75.255 -M - querying __MSBROWSE__ on 198.106.75.255 198.106.75.171 __MSBROWSE__<01> 198.106.75.167 __MSBROWSE__<01> 198.106.75.179 __MSBROWSE__<01> 198.106.75.29 __MSBROWSE__<01> $ nmblookup -A 198.106.75.154 Looking up status of 198.106.75.154 received 3 names DHERRON <00> - M PLANTSERVICES <00> - M DHERRON <03> - M num_good_sends=0 num_good_receives=0 Thanks in advance for any assistance, Tony ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From ralf at is.rice.edu Mon Jan 31 17:33:41 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:28:17 2003 Subject: editable databases In-Reply-To: Message-ID: Schlomo, You have touched a subject I am very interested in: Imaging NT's. I need to be able to remotely image NT's from a unix box. The NT administrator uses PCRDIST to download the image from the unix box, but he swears he has to visit every NT workstation in order to get the imaging process going. I am in charge of making the NT's talk to unix, but I am NOT an NT administrator. I am curious to know what process you use to image the NT's on your network. Samba works great on our installation. The only problem is the imaging process. Even when imaging directly from an NT server, the administrator used the same procedure. I know there has to be a better solution to the imaging process. Our NT base is growing and I definitely need to be able to image the NT's from my unix console. Any help on this would be greatly appreciated! Al Ramos. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Sun, 30 Jan 2000, Schlomo Schapiro wrote: > Hi Folks, > > the fact that I have smbpasswd as a text file that I can change by hand > (or script) is THE ONLY REASON for me to move to Samba. I have to install > classrooms with NT WS via imaging and only because I can copy the password > hash entrys between workstation accounts I can install my NT classes 100% > automatically. Please don't loose that edge over MS ! > > Schlomo > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-85812 > email: schapiro@clerk.pi.huji.ac.il > > From schapiro at clerk.pi.huji.ac.il Mon Jan 31 17:51:14 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: Hi, I'll be glad to help. we have a lab of 20 odd NT workstations (identical hardware). We use Ghost to install the NTs (multicast is a very very good feature), using a NT client (on my desk) for ghost multicast server (Symantec ! Wake up and make a linux ghost server !). After that we use GHOSTWALKER (also from symantec) to change the name and SID of the NT on the file system and the registry WITHOUT changeing anything else (especially machine acocunt passwords). Of course each NT gets a different name, I will soon develop a smart bootdisk that will take this info (WS name) from the DHCP (we use the DHCP to deliver fixed addresses). The NT duplication trick is in that before duplicating the NTs I register the master in the Samba domain and then I copy the password hash values from the master machine account the the to-be-created NT WS accounts (in smbpasswd). Thus the NT clients will be able to re-connect to the domain without problems with their new name (I got scipts for all that) since on the client side ghostwalker changed the name, but not the password, while on the server side I copied the password to the name accordingly. One should register the master just before duplication since otherwise you could get a problem with the life time of the machine passwords and NTs not talking to the domain because the password is too old etc. (Didn't try it though). That's it. Works very smooth (I start the NTs from a diskette, they connect to the multicast server, dump their image, ghostwalker changes the name & SID, the client reboots and is ready for use and registered in the domain. Schlomo PS: I am asking each and every NT admin how to do THAT trick on NT Server but didn't yet get an anwser :-) Looks like there is no solution for automatic re-registration of the NT client in the domain. On Mon, 31 Jan 2000, Alfredo Ramos wrote: > Schlomo, > > You have touched a subject I am very interested in: Imaging NT's. I need > to be able to remotely image NT's from a unix box. The NT administrator > uses PCRDIST to download the image from the unix box, but he swears he has > to visit every NT workstation in order to get the imaging process going. I > am in charge of making the NT's talk to unix, but I am NOT an NT > administrator. I am curious to know what process you use to image the NT's > on your network. Samba works great on our installation. The only problem > is the imaging process. Even when imaging directly from an NT server, the > administrator used the same procedure. I know there has to be a better > solution to the imaging process. Our NT base is growing and I definitely > need to be able to image the NT's from my unix console. Any help on this > would be greatly appreciated! > > Al Ramos. > > --------------------------------------------------------------------------------- > | Alfredo Ramos > This space available for rent. | New Media & Student Computing > Get your product moving. Advertise here! | Rice University. > | Email: ralf@is.rice.edu > --------------------------------------------------------------------------------- > > On Sun, 30 Jan 2000, Schlomo Schapiro wrote: > > > Hi Folks, > > > > the fact that I have smbpasswd as a text file that I can change by hand > > (or script) is THE ONLY REASON for me to move to Samba. I have to install > > classrooms with NT WS via imaging and only because I can copy the password > > hash entrys between workstation accounts I can install my NT classes 100% > > automatically. Please don't loose that edge over MS ! > > > > Schlomo > > > > -- > > Schlomo Schapiro > > Computation Authority > > Hebrew University of Jerusalem > > > > Tel: ++972 / 2 / 65-85812 > > email: schapiro@clerk.pi.huji.ac.il > > > > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 email: schapiro@clerk.pi.huji.ac.il From swaters at amicus.com Mon Jan 31 18:08:15 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:28:17 2003 Subject: editable databases References: Message-ID: <3895CF8F.8B886732@amicus.com> Schlomo Schapiro wrote: > > Hi Folks, > > the fact that I have smbpasswd as a text file that I can change by hand > (or script) is THE ONLY REASON for me to move to Samba. I have to install > classrooms with NT WS via imaging and only because I can copy the password > hash entrys between workstation accounts I can install my NT classes 100% > automatically. Please don't loose that edge over MS ! if there is a database for this information, perhaps something along the lines of pgdump (PostgreSQL dump database command) would be useful... # smbdbdump dump.txt # vi dump.txt # smbdbload dump.txt > PS: What I really would like to see is some kind of "collect mode" for > workstation accounts, e.g. I set a flag in the PDC and then it accepts all > WS logins with the password THEY send ( or the hash value) and keeps it > for further logons. Thus registering workstations will be easy, just open > up the PDC, boot all clients, lock the PDC and all clients are > registered. This will also save us from doing the smbpasswd -a -m WS. I am > suggestion this mode not as standard mode of operation, but for bigger > installations that have to register many clients automatically. > > Schlomo > > On Sat, 29 Jan 2000, Peter Svensson wrote: > > > On Sat, 29 Jan 2000, Elrond wrote: > > > > > > > Well, I like to do funny things, like comment out users, > > > > > > > > oo! *wobble*makes me go jittery at the knees just tinking about it. > > > > > > *grin* > > > > > > You never saw sysadmins adding users by editing /etc/passwd > > > directly? Well... I'm one of these. ;) > > > > Isn't that why we use samba instead of NT? :-) > > > > (Actually, for us it sort of is the reason - we grew tired of mysterious > > databases that weren't vi-able) From ralf at is.rice.edu Mon Jan 31 18:25:00 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: Schlomo, Thanks for the reply. It sounds good. In fact it sounds very similar to what is done here. The difference is in the imaging software used. You use GHOSTWALKER, we use PCRDIST. What I want to get away from is using a boot disk on every machine to jump start the process. Or, maybe I miss- understood your reply. You do get the imaging process going from each NT with a startup disk right? That is what I want to eliminate. Thanks; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Tue, 1 Feb 2000, Schlomo Schapiro wrote: > Hi, > > I'll be glad to help. > > That's it. Works very smooth (I start the NTs from a diskette, they > connect to the multicast server, dump their image, ghostwalker changes the > name & SID, the client reboots and is ready for use and registered in the > domain. > > Schlomo > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-84404 > email: schapiro@clerk.pi.huji.ac.il > > From schapiro at clerk.pi.huji.ac.il Mon Jan 31 18:36:28 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: Yes, I use a bootdisk just now. A different one for EACH computer. Sigh. I am currently working on changing THAT. Our computers are fairly new IBMs that have Wake On LAN. The idea is to switch on the PCs via WOL since then they can boot from a different boot device (a feature of the IBM BIOS). The best would be bootable network cards of course since then you don't need anything at the client itself. If you don't have bootroms everywhere (as we do :-() then I can suggest another solution: (especally if you can't or won't be able to buy ROMs) Put a floppy drive into each computer INTERNALLY (e.g. without access to it for the normal user, or with the opening in a slot etc.) and another floppy (B:) normally (or no floppy if you can use a central computer to download stuff to diskettes). In the BIOS set the boot sequence to HD only and the alternative boot sequence (if started by WOL) to FD only. Thus if you switch on the computers from the net they boot from the bootdisk and install the PC. I'll make an intelligent bootdisk this week that will detect the name to be set automagically. Of course all this is MUCH nicer with boot roms (I have some other classes with bootroms and it works just PERFECT !). Especially newer Intel NICs are great since they have the bootrom builtin :-) Schlomo PS: I would be more than glad to hear other solutions / improvements / ideas in that area. PPS: Is PCRDIST freeware / Linux / multicating ? On Mon, 31 Jan 2000, Alfredo Ramos wrote: > Schlomo, > Thanks for the reply. It sounds good. In fact it sounds very similar to > what is done here. The difference is in the imaging software used. You use > GHOSTWALKER, we use PCRDIST. What I want to get away from is using a boot > disk on every machine to jump start the process. Or, maybe I miss- > understood your reply. You do get the imaging process going from each NT > with a startup disk right? That is what I want to eliminate. > > Thanks; > > Al. > --------------------------------------------------------------------------------- > | Alfredo Ramos > This space available for rent. | New Media & Student Computing > Get your product moving. Advertise here! | Rice University. > | Email: ralf@is.rice.edu > --------------------------------------------------------------------------------- > > On Tue, 1 Feb 2000, Schlomo Schapiro wrote: > > > Hi, > > > > I'll be glad to help. > > > > That's it. Works very smooth (I start the NTs from a diskette, they > > connect to the multicast server, dump their image, ghostwalker changes the > > name & SID, the client reboots and is ready for use and registered in the > > domain. > > > > Schlomo > > > > -- > > Schlomo Schapiro > > Computation Authority > > Hebrew University of Jerusalem > > > > Tel: ++972 / 2 / 65-84404 > > email: schapiro@clerk.pi.huji.ac.il > > > > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 email: schapiro@clerk.pi.huji.ac.il From GLeblanc at cu-portland.edu Mon Jan 31 18:44:39 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Alfredo Ramos [mailto:ralf@is.rice.edu] > Sent: Monday, January 31, 2000 10:28 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: NT Workstation duplication > > > Schlomo, > Thanks for the reply. It sounds good. In fact it sounds very > similar to > what is done here. The difference is in the imaging software > used. You use > GHOSTWALKER, we use PCRDIST. What I want to get away from is > using a boot > disk on every machine to jump start the process. Or, maybe I miss- > understood your reply. You do get the imaging process going > from each NT > with a startup disk right? That is what I want to eliminate. My first instinct is to say use Unix on SPARCs (or some other real hardware), but I'm guessing that there might be a way to do that for NT, although not one that I'd trust. Create a 5 meg partition (or something about that size) with DOS on it, and network bootup things etc, and a copy of your imaging software. Then create an at command to change the default boot to be that DOS partition instead of NT (NT should be the default boot in the image), and reboot the machine. When it boots to dos, it runs the imaging software automagically, and you've got a clean NT machine. Now that I've come up with this idea, I think I'm going to try it out of a couple of machines in our LAB. I don't know how PCrdist works, but it used to be a windows app. We had it run on logout, and you could probably have it run from an AT command as well. Greg -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 for non-commercial use iQA/AwUBOJXYC5LW/u8jW+lnEQJK0wCgwLbVlAtqXkadC4o6oPTPEmkehEYAoMeY jwu+C7wwVCr7B+ish943P9Ha =Ltld -----END PGP SIGNATURE----- From skvidal at phy.duke.edu Mon Jan 31 18:53:00 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: > My first instinct is to say use Unix on SPARCs (or some other real > hardware), but I'm guessing that there might be a way to do that for > NT, although not one that I'd trust. Create a 5 meg partition (or > something about that size) with DOS on it, and network bootup things > etc, and a copy of your imaging software. Then create an at command > to change the default boot to be that DOS partition instead of NT (NT > should be the default boot in the image), and reboot the machine. > When it boots to dos, it runs the imaging software automagically, and > you've got a clean NT machine. Now that I've come up with this idea, > I think I'm going to try it out of a couple of machines in our LAB. > I don't know how PCrdist works, but it used to be a windows app. We > had it run on logout, and you could probably have it run from an AT > command as well. do this same thing with lilo and a small linux partition instead of dos and you're life is even easier. you can do all sorts of crazy things. as well the access to raw devices (ie cp systemimage.file to /dev/hda1) is very nice. -sv From schapiro at clerk.pi.huji.ac.il Mon Jan 31 19:00:52 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: I would LOVE to use Linux. But I did not yet find a program that does the following: - Multicasting - Adapt partition tables & sizes on the fly (since not all disks are 1000% identical) - change NT name & SID (from within Linux, and don't mention dosemu, since then I could already use real DOS) - copy only USED sectors (and not all the empty space) - comression (fast/high) Please, please point me to such a program (ghost for linux ?) and I will immediately use it. Schlomo On Tue, 1 Feb 2000, Seth Vidal wrote: > > My first instinct is to say use Unix on SPARCs (or some other real > > hardware), but I'm guessing that there might be a way to do that for > > NT, although not one that I'd trust.Create a 5 meg partition (or > > something about that size) with DOS on it, and network bootup things > > etc, and a copy of your imaging software.Then create an at command > > to change the default boot to be that DOS partition instead of NT (NT > > should be the default boot in the image), and reboot the machine. > > When it boots to dos, it runs the imaging software automagically, and > > you've got a clean NT machine.Now that I've come up with this idea, > > I think I'm going to try it out of a couple of machines in our LAB. > > I don't know how PCrdist works, but it used to be a windows app.We > > had it run on logout, and you could probably have it run from an AT > > command as well. > > do this same thing with lilo and a small linux partition instead of dos > and you're life is even easier. > > you can do all sorts of crazy things. > > as well the access to raw devices (ie cp systemimage.file to /dev/hda1) is > very nice. > > -sv > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 email: schapiro@clerk.pi.huji.ac.il From skvidal at phy.duke.edu Mon Jan 31 19:06:54 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: > But I did not yet find a program that does the following: > > - Multicasting > - Adapt partition tables & sizes on the fly (since not all disks are > 1000% identical) try this out: sfdisk - scriptable fdisk - useful tool - lets you do all sorts of crazy sizings. or gnu parted - lets you edit and resize parititions > - change NT name & SID (from within Linux, and don't mention dosemu, > since then I could already use real DOS) still a hassle - I'm using newsid after the fact - not very automated yet. > - copy only USED sectors (and not all the empty space) yeah. I know. my workaround small C: on the NT machines (~500mb) (NTFS) large d: on the NT machines - VFAT the vfat drives will copy cleanly from nfs->vfat dirs w/o a problem - then its only used space. copy the whole NTFS drive from an image - (compressed only about 150-200mb transfer) > - comression (fast/high) gzip -9 - nothing but the best. :) (actually its pretty quick on a slow-ass network. > Please, please point me to such a program (ghost for linux ?) and I will > immediately use it. sorry - no program just some hacks. -sv From schapiro at clerk.pi.huji.ac.il Mon Jan 31 19:12:02 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: You see, all these hacks don't compete with complete programs like ghost since they don't integrate all the functions under one roof. In the LAB routine work I of course look much more for stability and clear things than a big collection of hacks. Also every dopey can use ghost while you need a unix pro to maintain the hack-collection. What could be more interesting is the PEXE package for Linux that allows you to make intelligent per-need installations of clients. Schlomo PS: Dear Samba-NTDOM list ! I don't know wether such talk is interesting for you (it could be since most people who look at samba & NT also have to fight the installation problem). If this topic is out of place and annoying, let's move it to private mailings. Luke ? On Mon, 31 Jan 2000, Seth Vidal wrote: > > But I did not yet find a program that does the following: > > > > - Multicasting > > - Adapt partition tables & sizes on the fly (since not all disks are > > 1000% identical) > try this out: > sfdisk - scriptable fdisk - useful tool - lets you do all sorts of crazy > sizings. > > or gnu parted - lets you edit and resize parititions > > > - change NT name & SID (from within Linux, and don't mention dosemu, > > since then I could already use real DOS) > still a hassle - I'm using newsid after the fact - not very automated yet. > > > - copy only USED sectors (and not all the empty space) > yeah. I know. > my workaround > small C: on the NT machines (~500mb) (NTFS) > large d: on the NT machines - VFAT > the vfat drives will copy cleanly from nfs->vfat dirs w/o a problem -then > its only used space. > copy the whole NTFS drive from an image - (compressed only about 150-200mb > transfer) > > > - comression (fast/high) > gzip -9 - nothing but the best. :) (actually its pretty quick on a > slow-ass network. > > > Please, please point me to such a program (ghost for linux ?) and I will > > immediately use it. > > sorry - no program just some hacks. > > -sv > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 email: schapiro@clerk.pi.huji.ac.il From GLeblanc at cu-portland.edu Mon Jan 31 19:20:05 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication Message-ID: > -----Original Message----- > From: Seth Vidal [mailto:skvidal@phy.duke.edu] > Sent: Monday, January 31, 2000 10:56 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: NT Workstation duplication > > > > My first instinct is to say use Unix on SPARCs (or some other real > > hardware), but I'm guessing that there might be a way to do that for > > NT, although not one that I'd trust. Create a 5 meg partition (or > > something about that size) with DOS on it, and network bootup things > > etc, and a copy of your imaging software. Then create an at command > > to change the default boot to be that DOS partition instead > of NT (NT > > should be the default boot in the image), and reboot the machine. > > When it boots to dos, it runs the imaging software > automagically, and > > you've got a clean NT machine. Now that I've come up with > this idea, > > I think I'm going to try it out of a couple of machines in our LAB. > > I don't know how PCrdist works, but it used to be a windows app. We > > had it run on logout, and you could probably have it run from an AT > > command as well. > > do this same thing with lilo and a small linux partition > instead of dos > and you're life is even easier. > > you can do all sorts of crazy things. > > as well the access to raw devices (ie cp systemimage.file to > /dev/hda1) is > very nice. O.K. this is getting WAY offtopic, but how well does a dd imagefile compress with gzip? Greg From ralf at is.rice.edu Mon Jan 31 19:20:06 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: PCRDIST is definitely NOT freeware. It is a PC product. You can check its web page at www.pcrdist.com. There is a comparison to ghost and other imaging products. Will keep looking; Thanks; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Mon, 31 Jan 2000, Schlomo Schapiro wrote: > Yes, I use a bootdisk just now. A different one for EACH computer. Sigh. > > I am currently working on changing THAT. Our computers are fairly new IBMs > that have Wake On LAN. > > The idea is to switch on the PCs via WOL since then they can boot from a > different boot device (a feature of the IBM BIOS). The best would be > bootable network cards of course since then you don't need anything at the > client itself. > > If you don't have bootroms everywhere (as we do :-() then I can suggest > another solution: (especally if you can't or won't be able to buy ROMs) > > Put a floppy drive into each computer INTERNALLY (e.g. without access to > it for the normal user, or with the opening in a slot etc.) and another > floppy (B:) normally (or no floppy if you can use a central computer to > download stuff to diskettes). In the BIOS set the boot sequence to HD only > and the alternative boot sequence (if started by WOL) to FD only. Thus if > you switch on the computers from the net they boot from the bootdisk and > install the PC. I'll make an intelligent bootdisk this week that will > detect the name to be set automagically. > > Of course all this is MUCH nicer with boot roms (I have some other classes > with bootroms and it works just PERFECT !). Especially newer Intel NICs > are great since they have the bootrom builtin :-) > > Schlomo > > PS: I would be more than glad to hear other solutions / improvements / > ideas in that area. > > PPS: Is PCRDIST freeware / Linux / multicating ? > > On Mon, 31 Jan 2000, Alfredo Ramos wrote: > > > Schlomo, > > Thanks for the reply. It sounds good. In fact it sounds very similar to > > what is done here. The difference is in the imaging software used. You use > > GHOSTWALKER, we use PCRDIST. What I want to get away from is using a boot > > disk on every machine to jump start the process. Or, maybe I miss- > > understood your reply. You do get the imaging process going from each NT > > with a startup disk right? That is what I want to eliminate. > > > > Thanks; > > > > Al. > > --------------------------------------------------------------------------------- > > | Alfredo Ramos > > This space available for rent. | New Media & Student Computing > > Get your product moving. Advertise here! | Rice University. > > | Email: ralf@is.rice.edu > > --------------------------------------------------------------------------------- > > > > On Tue, 1 Feb 2000, Schlomo Schapiro wrote: > > > > > Hi, > > > > > > I'll be glad to help. > > > > > > That's it. Works very smooth (I start the NTs from a diskette, they > > > connect to the multicast server, dump their image, ghostwalker changes the > > > name & SID, the client reboots and is ready for use and registered in the > > > domain. > > > > > > Schlomo > > > > > > -- > > > Schlomo Schapiro > > > Computation Authority > > > Hebrew University of Jerusalem > > > > > > Tel: ++972 / 2 / 65-84404 > > > email: schapiro@clerk.pi.huji.ac.il > > > > > > > > > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-84404 > email: schapiro@clerk.pi.huji.ac.il > > From ralf at is.rice.edu Mon Jan 31 19:29:57 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: Greg, You're exactly right! It is a PC product. And that is what I'm trying to get away from. I'm trying to image the NT's from a SPARC machine running Solaris 2.6. Your idea of a DOS boot partition sounds doable. The only problem would be to replace machine names and password hashes on each image. We'll look in that direction! Thanks; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Mon, 31 Jan 2000, Gregory Leblanc wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > -----Original Message----- > > From: Alfredo Ramos [mailto:ralf@is.rice.edu] > > Sent: Monday, January 31, 2000 10:28 AM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: NT Workstation duplication > > > > > > Schlomo, > > Thanks for the reply. It sounds good. In fact it sounds very > > similar to > > what is done here. The difference is in the imaging software > > used. You use > > GHOSTWALKER, we use PCRDIST. What I want to get away from is > > using a boot > > disk on every machine to jump start the process. Or, maybe I miss- > > understood your reply. You do get the imaging process going > > from each NT > > with a startup disk right? That is what I want to eliminate. > > My first instinct is to say use Unix on SPARCs (or some other real > hardware), but I'm guessing that there might be a way to do that for > NT, although not one that I'd trust. Create a 5 meg partition (or > something about that size) with DOS on it, and network bootup things > etc, and a copy of your imaging software. Then create an at command > to change the default boot to be that DOS partition instead of NT (NT > should be the default boot in the image), and reboot the machine. > When it boots to dos, it runs the imaging software automagically, and > you've got a clean NT machine. Now that I've come up with this idea, > I think I'm going to try it out of a couple of machines in our LAB. > I don't know how PCrdist works, but it used to be a windows app. We > had it run on logout, and you could probably have it run from an AT > command as well. > Greg > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.1 for non-commercial use > > iQA/AwUBOJXYC5LW/u8jW+lnEQJK0wCgwLbVlAtqXkadC4o6oPTPEmkehEYAoMeY > jwu+C7wwVCr7B+ish943P9Ha > =Ltld > -----END PGP SIGNATURE----- > From lkcl at samba.org Mon Jan 31 19:32:10 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:17 2003 Subject: TNG does not build In-Reply-To: Message-ID: nnggh! and the portable's at home. dammit! On Mon, 31 Jan 2000, Greg Dickie wrote: > > Hi, > > I haven't checked the log file in a few days so it might not be new but from > the TNG cvs from 4am this morning I get: > > Compiling lsarpcd/srv_lsa.c > Gmake: *** No rule to make target `lsarpcd/srv_lsa_samdb.o', needed by > `bin/lsarpcd'. Stop. > > > Greg > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From greg at discreet.com Mon Jan 31 19:36:57 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: Personally I like this discussion since I too need a solution for this. Its a topic that seems to have no clear solution and pops up on the clearcase users group mailing list quite a lot as well. Maybe a good opportunity for an IPO? ;-) Greg On 31-Jan-00 Schlomo Schapiro wrote: > You see, > > all these hacks don't compete with complete programs like ghost since they > don't integrate all the functions under one roof. In the LAB routine work > I of course look much more for stability and clear things than a big > collection of hacks. Also every dopey can use ghost while you need a unix > pro to maintain the hack-collection. > > What could be more interesting is the PEXE package for Linux that allows > you to make intelligent per-need installations of clients. > > Schlomo > > PS: > > Dear Samba-NTDOM list ! > > I don't know wether such talk is interesting for you (it could be since > most people who look at samba & NT also have to fight the installation > problem). If this topic is out of place and annoying, let's move it to > private mailings. > > Luke ? > > On Mon, 31 Jan 2000, Seth Vidal wrote: > >> > But I did not yet find a program that does the following: >> > >> > - Multicasting >> > - Adapt partition tables & sizes on the fly (since not all disks are >> > 1000% identical) >> try this out: >> sfdisk - scriptable fdisk - useful tool - lets you do all sorts of crazy >> sizings. >> >> or gnu parted - lets you edit and resize parititions >> >> > - change NT name & SID (from within Linux, and don't mention dosemu, >> > since then I could already use real DOS) >> still a hassle - I'm using newsid after the fact - not very automated yet. >> >> > - copy only USED sectors (and not all the empty space) >> yeah. I know. >> my workaround >> small C: on the NT machines (~500mb) (NTFS) >> large d: on the NT machines - VFAT >> the vfat drives will copy cleanly from nfs->vfat dirs w/o a problem -then >> its only used space. >> copy the whole NTFS drive from an image - (compressed only about 150-200mb >> transfer) >> >> > - comression (fast/high) >> gzip -9 - nothing but the best. :) (actually its pretty quick on a >> slow-ass network. >> >> > Please, please point me to such a program (ghost for linux ?) and I will >> > immediately use it. >> >> sorry - no program just some hacks. >> >> -sv >> >> > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-84404 > email: schapiro@clerk.pi.huji.ac.il --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Mon Jan 31 19:44:54 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:17 2003 Subject: TNG does not build In-Reply-To: Message-ID: hey, i just downloaded sav_lsa_samdb.c. greg, do a new cvs co. if it fails, let me know and also report it to andrew because it means the public cvs copy is out-of-sync, again./ On Tue, 1 Feb 2000, Luke Kenneth Casson Leighton wrote: > nnggh! and the portable's at home. > > dammit! > > On Mon, 31 Jan 2000, Greg Dickie wrote: > > > > > Hi, > > > > I haven't checked the log file in a few days so it might not be new but from > > the TNG cvs from 4am this morning I get: > > > > Compiling lsarpcd/srv_lsa.c > > Gmake: *** No rule to make target `lsarpcd/srv_lsa_samdb.o', needed by > > `bin/lsarpcd'. Stop. > > > > > > Greg > > --------------------------------------------------------------------- > > Greg Dickie > > Just A Guy* > > *from discreet (the logic is gone) > > Montreal > > (514) 954-7171 > > greg@discreet.com > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From robert at vps.co.za Mon Jan 31 19:42:08 2000 From: robert at vps.co.za (robert@vps.co.za) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: On Tue, 1 Feb 2000, Gregory Leblanc wrote: > Date: Tue, 1 Feb 2000 06:21:35 +1100 > From: Gregory Leblanc > Subject: RE: NT Workstation duplication > > > -----Original Message----- > > From: Seth Vidal [mailto:skvidal@phy.duke.edu] > > Subject: RE: NT Workstation duplication > > > > do this same thing with lilo and a small linux partition > > instead of dos > > and you're life is even easier. > > > > you can do all sorts of crazy things. > > > > as well the access to raw devices (ie cp systemimage.file to > > /dev/hda1) is > > very nice. > > > O.K. this is getting WAY offtopic, but how well does a dd imagefile compress > with gzip? > Greg > Very badly. You have to take a harddisk and do something like overwrite the disk with zero's to make sure that all the previous information is not there that will foul your compression ratio's. Another comment.. One of the strengths of Unix is that you are not dependent on a single program to solve your problem. Any specific problem can be solved in more that one way by combining a group of simple utilities. It is the most difficult mindset change that Microsoft users have to be used to and the most frustrating thing for a Unix user on a MS System. Robert Sandilands From lkcl at samba.org Mon Jan 31 19:51:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: > Luke ? i don't mind, i just keep hitting save, save, save, save. other people might. speak now or hold you peace. From skvidal at phy.duke.edu Mon Jan 31 19:58:33 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: > Very badly. You have to take a harddisk and do something like overwrite > the disk with zero's to make sure that all the previous information is not > there that will foul your compression ratio's. hmm not true really. I have a 600mb partition that I dd from the device and it compresses (gzip -9) down to 350mb -sv From kevinc at grainsystems.com Mon Jan 31 20:23:21 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication References: Message-ID: <3895EF39.636437F7@grainsystems.com> We're really off topic now. Let's try to wrap this up. Seth Vidal wrote: > > > > Very badly. You have to take a harddisk and do something like > > overwrite the disk with zero's to make sure that all the previous > > information is not there that will foul your compression ratio's. > > hmm not true really. > I have a 600mb partition that I dd from the device and it > compresses (gzip -9) down to 350mb But how much was actually used space? More than 350Mb? If not, that's pretty lousy compression. If you had a program that would force 0's into all unallocated space, your compression ratio on the unused area would be virtually infinite. Couple that with decent data compression, and you could shrink the size of your image immensely. - Kevin Colby kevinc@grainsystems.com From patl at curl.com Mon Jan 31 20:33:06 2000 From: patl at curl.com (Patrick J. LoPresti) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Gregory Leblanc's message of "Tue, 1 Feb 2000 06:23:12 +1100" References: Message-ID: Gregory Leblanc writes: > O.K. this is getting WAY offtopic, but how well does a dd imagefile > compress with gzip? Same as anything else, about 2:1 for typical contents. We are using an imaging solution here which I am just now putting the finishing touches on. I made a custom bootable Linux CD which knows enough about our network to have working autofs mounts through /net. I also made a bootable DOS CD containing Partition Magic and PowerQuest's "sidchngr". To install a new Windows machine, our process goes something like this: 1) Boot from Linux CD, log in as root 2) cd /net/server/images/whatever 3) dd if=boot.b of=/dev/hda (This sets up the boot block and partition table) 4) sfdisk -R /dev/hda (Tells kernel to re-read partition table) 5) zcat image.gz | dd of=/dev/hda1 (Takes 3-7 minutes for us, but we have a 100Mbit network and fast machines) 6a) For Windows 98, use GNU parted to resize partition to occupy entire drive. 6b) For Windows NT, boot Partition Magic CD and use it to resize. 7) (NT only) Run sidchngr 8) Boot system and change hostname Creating the images is a little painful, but I figure I don't have to do it very often. My procedure is to resize the partition down to leave 50-100 megs of free space, then use "dd if=/dev/zero of=zeroes ; sync ; rm zeroes" to clear that space (for better compression). I also delete the swap file first, since both 98 and NT appear to re-create it without fuss. Then I do "dd if=/dev/hda of=boot.b bs=512 count=1" to grab the boot block and partition table, and "dd if=/dev/hda | gzip -9 > image.gz" to create the image. Sure, it's not completely turnkey and it doen'tt have fancy features like multicasting. But it is simple, comprehensible, and does not require you to figure out DOS networking... - Pat From ringram at acpl.lib.wy.us Mon Jan 31 20:53:03 2000 From: ringram at acpl.lib.wy.us (Russel Ingram) Date: Tue Dec 2 02:28:17 2003 Subject: Problem with User Manager and latest SAMBA_TNG cvs code References: <389513CB.90497E17@acpl.lib.wy.us> <38952782.4E556ECA@acpl.lib.wy.us> Message-ID: <3895F62F.82F090E5@acpl.lib.wy.us> "Russel H. Ingram" wrote: > Matthew Geddes wrote: > > > > "Russel H. Ingram" wrote: > > > > > I just downloaded, compiled, and installed the latest cvs SAMBA_TNG code > > > to run an experimental Samba PDC today. I have successfully joined the > > > domain with both WinNT 4.0 Workstations but can no longer view either > > > the domain users or the local group members. Using the User Manager for > > > Domains I am unable to see the domain groups and users for lack of > > > priviledges. Using the User Manager I am unable to access the groups > > > from even the local administrator account. When trying to access the > > > local groups the User Manager complains of a lost connection to the > > > domain. I compiled it --with-automount --with-quotas --with-profiles on > > > Linux kernel version 2.2.14. I'm running all of the daemons except for > > > spoolssd (no printers setup on the server yet). > > > > What do the logs say? I had some problems with the --with-profiles > > configure option. Luke knows more details. Then again, Luke knows ALL the > > details about ALL things. > > > > Matt > > Which log should I be looking in and what degug level should samba be > set at? > > --Russ > > Russel Ingram | "In a world without fences, who needs Gates?" > Linux.com Support Staff | > gargoyle@linux.com | -- Linux Journal Ok, I tried recompiling without the --with-profiles option to see if it made a difference. It didn't. Here is the exact message I get from the User Manager when trying to access the local admin group, "The connection to the domain controller has been disconnected. Either restart User Manager or use the Select Domain menu item to reestablish the connection." Note that this is from the User Manager not User Manager for Domains and it is while being logged in as administrator on the local machine. I have also changed the debug level to 100 in the smb.conf file to see if anything unusual shows up in the logs. All logs simply logged that they were started. Any other ideas? -- Russel Ingram Network Manager Albany County Public Library E-Mail: ringram@will.state.wy.us From sean at compu-aid.com Mon Jan 31 21:06:22 2000 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:28:17 2003 Subject: NT Workstation duplication In-Reply-To: Message-ID: On Tue, 1 Feb 2000, Schlomo Schapiro wrote: > I would LOVE to use Linux. [snip] > Please, please point me to such a program (ghost for linux ?) and I will > immediately use it. > > Schlomo This isn't a finished product yet (actually, it hasn't been started) but there is a proposal for an opensource Ghost clone to be written for Linux at cosource. http://www.cosource.com/cgi-bin/cos.pl/wish/info/215 If you are interested in having a free program to do this you might want to review the proposal and potentially indicate your interest. Note: I'm don't work for/get kickbacks from cosource, blahblah :) Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From gaurav at carroll.com Mon Jan 31 21:11:10 2000 From: gaurav at carroll.com (G. Naik) Date: Tue Dec 2 02:28:17 2003 Subject: Cannot Compile latest Samba-TNG Message-ID: I cvsup-ed to the latest TNG code, and I am getting the following error while doing a make: Compiling rpc_client/cli_login.c with libtool rpc_client/cli_login.c:24: rpc_parse.h: No such file or directory *** Error code 1 Thanks --- Gaurav Naik ("g") | C A R R O L L - N E T, Inc. 201-488-1332 | www.carroll.com From lkcl at samba.org Mon Jan 31 21:15:42 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:17 2003 Subject: Cannot Compile latest Samba-TNG In-Reply-To: Message-ID: fixed. On Tue, 1 Feb 2000, G. Naik wrote: > I cvsup-ed to the latest TNG code, and I am getting the following error > while doing a make: > > Compiling rpc_client/cli_login.c with libtool > rpc_client/cli_login.c:24: rpc_parse.h: No such file or directory > *** Error code 1 > > Thanks > > --- > Gaurav Naik ("g") | C A R R O L L - N E T, Inc. > 201-488-1332 | www.carroll.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mgeddes at xavier.sa.edu.au Mon Jan 31 21:42:10 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:17 2003 Subject: Problem with User Manager and latest SAMBA_TNG cvs code References: <389513CB.90497E17@acpl.lib.wy.us> <3895F62F.82F090E5@acpl.lib.wy.us> Message-ID: <389601B2.A0CBBC4E@xavier.sa.edu.au> > Any other ideas? > Nope. I'd better leave this one to the experts..... Matt From mgeddes at xavier.sa.edu.au Mon Jan 31 21:48:27 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:17 2003 Subject: More Samba-TNG config problems... Message-ID: <3896032B.DF44E0FE@xavier.sa.edu.au> Hi guys, I am having more problems getting NT PDC -> BDC Trust relationship stuff happening between Samba TNG boxes. When I run rpcclient, I get a connection refused on the PDC on port 445. Which daemon is meant to take care of this port? I had the daemons running -d 10, but the logs didn't indicate anything. I can still do an lsaquery and have it return the Domain SID, but if I try to create a trust account (as per Lars Kneschke's TNG FAQ), It complains that it failed..... The createuser thing could be a permissions thing as the log.client file from rpcclient tells me that the password is null (NONE). Any ideas? Thanks, Matt From martinja at ice-works.com Mon Jan 31 21:55:52 2000 From: martinja at ice-works.com (Joseph A. Martin) Date: Tue Dec 2 02:28:17 2003 Subject: Getting Samba TNG Message-ID: <20000131165552.A1047@gr8brdg.net> Hello, I am interested in playing/experimenting with the new PDC/BDC/etc code in Samba. I have not been able to find references on the web site for specifically checking out the samba_tng code or using the TNG functionality. Are there web sites/pages devoted to samba_tng I can look at? What cvs commands do I use to check out the samba_tng code? later, joseph -- the "LaterDude" ICQ: 52640402 martinja@ice-works.com http://www.ice-works.com/personal/LaterDude/ All opinions expressed are my own and not necessarily those of my employer unless otherwise noted. From mgeddes at xavier.sa.edu.au Mon Jan 31 22:13:30 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:17 2003 Subject: Getting Samba TNG References: <20000131165552.A1047@gr8brdg.net> Message-ID: <3896090A.BB028934@xavier.sa.edu.au> "Joseph A. Martin" wrote: > Hello, > I am interested in playing/experimenting with the new > PDC/BDC/etc code in Samba. I have not been able to find references on > the web site for specifically checking out the samba_tng code or using > the TNG functionality. Are there web sites/pages devoted to samba_tng > I can look at? What cvs commands do I use to check out the samba_tng > code? > Lars Knescke's Samba FAQ page! http://www.kneschke.de/projekte/samba_tng (This should help save you from RSI Lars!) Matt From gaurav at carroll.com Mon Jan 31 23:19:07 2000 From: gaurav at carroll.com (G. Naik) Date: Tue Dec 2 02:28:17 2003 Subject: Problem with SAMRD Message-ID: I am logging in with an NT workstation, and upon login, samrd panics and core dumps, it also occurs on a logout. I am using roaming profiles, the PDC is the latest (today's TNG) running on FreeBSD 3.4. A few attempts, later, NT will report that the PDC could not be found. gdb info: --------------- This GDB was configured as "i386-unknown-freebsd"... Core was generated by `samrd'. Program terminated with signal 6, Abort trap. Reading symbols from /usr/local/samba/lib/libsmbpw.so.0...done. Reading symbols from /usr/local/samba/lib/libmsrpc.so.0...done. Reading symbols from /usr/local/samba/lib/libsmb.so.0...done. Reading symbols from /usr/local/samba/lib/libnmb.so.0...done. Reading symbols from /usr/local/samba/lib/libsamba.so.0...done. Reading symbols from /usr/local/samba/lib/libubiqx.so.0...done. Reading symbols from /usr/lib/libreadline.so.3...done. Reading symbols from /usr/lib/libcrypt.so.2...done. Reading symbols from /usr/lib/libpam.so.1...done. Reading symbols from /usr/lib/libcurses.so.2...done. Reading symbols from /usr/lib/libc.so.3...done. Reading symbols from /usr/lib/libtermcap.so.2...done. Reading symbols from /usr/libexec/ld-elf.so.1...done. #0 0x281e2b60 in kill () from /usr/lib/libc.so.3 (gdb) (gdb) where #0 0x281e2b60 in kill () from /usr/lib/libc.so.3 #1 0x28217028 in abort () from /usr/lib/libc.so.3 #2 0x28144e97 in smb_panic (why=0x28152ad5 "internal error") at lib/util.c:2110 #3 0x2813cde1 in fault_report (sig=11) at lib/fault.c:46 #4 0x2813ce38 in sig_fault (sig=11) at lib/fault.c:69 #5 0xbfbfdfcc in ?? () #6 0x8053816 in api_samr_lookup_rids (p=0x806aa00, data=0x806aa00, rdata=0x806aa2c) at rpc_server/srv_samr.c:611 #7 0x8059bab in api_rpc_command (l=0x806aa00, rpc_name=0x805cf30 "api_samr_rpc", api_rpc_cmds=0x8060338) at rpc_server/srv_pipe_srv.c:573 #8 0x8059c2e in api_rpcTNP (l=0x806aa00, rpc_name=0x805cf30 "api_samr_rpc", api_rpc_cmds=0x8060338) at rpc_server/srv_pipe_srv.c:602 #9 0x8053e99 in api_samr_rpc (p=0x806aa00) at rpc_server/srv_samr.c:959 #10 0x80597c4 in api_pipe_request (l=0x806aa00, name=0xbfbfdbc8 "samr", resp=0x806aa88) at rpc_server/srv_pipe_srv.c:391 #11 0x80599be in rpc_redir_local (l=0x806aa00, req=0x806aa5c, resp=0x806aa88, name=0xbfbfdbc8 "samr") at rpc_server/srv_pipe_srv.c:500 #12 0x8059d04 in rpc_local (l=0x806aa00, data=0x8065300 "\005", len=64, name=0xbfbfdbc8 "samr") at rpc_server/srv_pipe_srv.c:629 #13 0x804f795 in process_msrpc (p=0xbfbfdbc8, c=6) at msrpc/msrpcd_process.c:163 #14 0x805007d in msrpcd_process (fn=0x8060314, c=6, p=0xbfbfdbc8) at msrpc/msrpcd_process.c:509 #15 0x804f5f9 in main (argc=2, argv=0xbfbfdcf8) at msrpc/msrpcd.c:567 #16 0x804e909 in _start () ------------------------------------ samr.log ------------------------------------ api_pipe_request: validated auth Doing \PIPE\samr api_rpc_command: api_samr_rpc op 0x12 - api_rpc_command: SAMR_LOOKUP_RIDS 000008 samr_io_q_lookup_rids 000008 smb_io_pol_hnd pol 0008 data: 00 00 00 00 02 00 00 00 00 00 00 00 26 17 96 38 93 20 01 00 001c num_rids1: 00000001 0020 flags : 000003e8 0024 ptr : 00000000 0028 num_rids2: 00000001 002c rid[00] : 00001520 samr_lookup_rids: 1501 Found policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 26 17 96 38 ........ ....&..8 [010] 93 20 01 00 . .. Found policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 26 17 96 38 ........ ....&..8 [010] 93 20 01 00 . .. Getting policy state pnum=2 sid_to_string returning S-1-5-21-4156153-2665413409-1581556546 Getting policy sid=S-1-5-21-4156153-2665413409-1581556546 =============================================================== INTERNAL ERROR: Signal 11 in pid 73875 (TNG-prealpha) Please read the file BUGS.txt in the distribution =============================================================== ------------------------------------------- relevant sections of smb.conf: [global] domain logons = yes domain master = yes preferred master = yes os level = 33 security = user workgroup = STAFF encrypt passwords = yes time server = yes wins support = yes debug level = 100 log file = /usr/local/samba/var/%m.log max log size = 100 socket options = TCP_NODELAY domain group map = /usr/local/samba/private/domaingroup.map -------------------------------------- Thanks Guys! --- Gaurav Naik ("g") | C A R R O L L - N E T, Inc. 201-488-1332 | www.carroll.com From lkcl at samba.org Mon Jan 31 23:23:56 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:17 2003 Subject: Problem with SAMRD In-Reply-To: Message-ID: i literally just spotted this, the arguments are the wrong way round so there are 0x3e8 RIDs being looked up, which is of course wring. On Tue, 1 Feb 2000, G. Naik wrote: > I am logging in with an NT workstation, and upon login, samrd panics and > core dumps, it also occurs on a logout. > > I am using roaming profiles, the PDC is the latest (today's TNG) running > on FreeBSD 3.4. > > A few attempts, later, NT will report that the PDC could not be found. > > gdb info: > --------------- > > This GDB was configured as "i386-unknown-freebsd"... > Core was generated by `samrd'. > Program terminated with signal 6, Abort trap. > Reading symbols from /usr/local/samba/lib/libsmbpw.so.0...done. > Reading symbols from /usr/local/samba/lib/libmsrpc.so.0...done. > Reading symbols from /usr/local/samba/lib/libsmb.so.0...done. > Reading symbols from /usr/local/samba/lib/libnmb.so.0...done. > Reading symbols from /usr/local/samba/lib/libsamba.so.0...done. > Reading symbols from /usr/local/samba/lib/libubiqx.so.0...done. > Reading symbols from /usr/lib/libreadline.so.3...done. > Reading symbols from /usr/lib/libcrypt.so.2...done. > Reading symbols from /usr/lib/libpam.so.1...done. > Reading symbols from /usr/lib/libcurses.so.2...done. > Reading symbols from /usr/lib/libc.so.3...done. > Reading symbols from /usr/lib/libtermcap.so.2...done. > Reading symbols from /usr/libexec/ld-elf.so.1...done. > #0 0x281e2b60 in kill () from /usr/lib/libc.so.3 > (gdb) > (gdb) where > #0 0x281e2b60 in kill () from /usr/lib/libc.so.3 > #1 0x28217028 in abort () from /usr/lib/libc.so.3 > #2 0x28144e97 in smb_panic (why=0x28152ad5 "internal error") > at lib/util.c:2110 > #3 0x2813cde1 in fault_report (sig=11) at lib/fault.c:46 > #4 0x2813ce38 in sig_fault (sig=11) at lib/fault.c:69 > #5 0xbfbfdfcc in ?? () > #6 0x8053816 in api_samr_lookup_rids (p=0x806aa00, data=0x806aa00, > rdata=0x806aa2c) at rpc_server/srv_samr.c:611 > #7 0x8059bab in api_rpc_command (l=0x806aa00, > rpc_name=0x805cf30 "api_samr_rpc", api_rpc_cmds=0x8060338) > at rpc_server/srv_pipe_srv.c:573 > #8 0x8059c2e in api_rpcTNP (l=0x806aa00, rpc_name=0x805cf30 > "api_samr_rpc", > api_rpc_cmds=0x8060338) at rpc_server/srv_pipe_srv.c:602 > #9 0x8053e99 in api_samr_rpc (p=0x806aa00) at rpc_server/srv_samr.c:959 > #10 0x80597c4 in api_pipe_request (l=0x806aa00, name=0xbfbfdbc8 "samr", > resp=0x806aa88) at rpc_server/srv_pipe_srv.c:391 > #11 0x80599be in rpc_redir_local (l=0x806aa00, req=0x806aa5c, > resp=0x806aa88, > name=0xbfbfdbc8 "samr") at rpc_server/srv_pipe_srv.c:500 > #12 0x8059d04 in rpc_local (l=0x806aa00, data=0x8065300 "\005", len=64, > name=0xbfbfdbc8 "samr") at rpc_server/srv_pipe_srv.c:629 > #13 0x804f795 in process_msrpc (p=0xbfbfdbc8, c=6) > at msrpc/msrpcd_process.c:163 > #14 0x805007d in msrpcd_process (fn=0x8060314, c=6, p=0xbfbfdbc8) > at msrpc/msrpcd_process.c:509 > #15 0x804f5f9 in main (argc=2, argv=0xbfbfdcf8) at msrpc/msrpcd.c:567 > #16 0x804e909 in _start () > ------------------------------------ > > samr.log > ------------------------------------ > api_pipe_request: validated auth > Doing \PIPE\samr > api_rpc_command: api_samr_rpc op 0x12 - api_rpc_command: SAMR_LOOKUP_RIDS > 000008 samr_io_q_lookup_rids > 000008 smb_io_pol_hnd pol > 0008 data: 00 00 00 00 02 00 00 00 00 00 00 00 26 17 96 38 93 20 > 01 00 > 001c num_rids1: 00000001 > 0020 flags : 000003e8 > 0024 ptr : 00000000 > 0028 num_rids2: 00000001 > 002c rid[00] : 00001520 > samr_lookup_rids: 1501 > Found policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 26 17 96 38 > ....... ....&..8 > [010] 93 20 01 00 . .. > Found policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 26 17 96 38 > ....... ....&..8 > [010] 93 20 01 00 . .. > Getting policy state pnum=2 > sid_to_string returning S-1-5-21-4156153-2665413409-1581556546 > Getting policy sid=S-1-5-21-4156153-2665413409-1581556546 > =============================================================== > INTERNAL ERROR: Signal 11 in pid 73875 (TNG-prealpha) > Please read the file BUGS.txt in the distribution > =============================================================== > ------------------------------------------- > relevant sections of smb.conf: > [global] > domain logons = yes > domain master = yes > preferred master = yes > os level = 33 > security = user > workgroup = STAFF > encrypt passwords = yes > time server = yes > wins support = yes > debug level = 100 > log file = /usr/local/samba/var/%m.log > max log size = 100 > socket options = TCP_NODELAY > domain group map = /usr/local/samba/private/domaingroup.map > > -------------------------------------- > > Thanks Guys! > > --- > Gaurav Naik ("g") | C A R R O L L - N E T, Inc. > 201-488-1332 | www.carroll.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 31 23:25:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:17 2003 Subject: Problem with SAMRD In-Reply-To: Message-ID: by th way, thx 4 thorough report! From gaurav at carroll.com Mon Jan 31 23:39:54 2000 From: gaurav at carroll.com (G. Naik) Date: Tue Dec 2 02:28:17 2003 Subject: Problem with SAMRD In-Reply-To: Message-ID: Just followed the directions on Lars' page. :0 On Tue, 1 Feb 2000, Luke Kenneth Casson Leighton wrote: > by th way, thx 4 thorough report! > > > --- Gaurav Naik ("g") | C A R R O L L - N E T, Inc. 201-488-1332 | www.carroll.com From luttropp at stud.uni-frankfurt.de Fri Jan 28 22:42:08 2000 From: luttropp at stud.uni-frankfurt.de (David Luttropp) Date: Tue Dec 2 02:29:09 2003 Subject: subscribe Message-ID: <000001bf69e0$e8a9dbe0$0200a8c0@dose> !This mail is plug and play compatible - no jumper settings required! --------------------------------- David Luttropp luttropp@stud.uni-frankfurt.de --------------------------------- -------------- next part -------------- HTML attachment scrubbed and removed