From mg at plum.de Thu Jun 1 07:54:43 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:57 2003 Subject: profile not found in Samba-tng-alpha-2.5.3 References: <200005301125.MAA26063@gromit.quadstone.co.uk> Message-ID: <008a01bfcb9e$a6192400$0201010a@defiant> > > =============================================================== > INTERNAL ERROR: Signal 11 in pid 11877 (TNG-alpha) > Please read the file BUGS.txt in the distribution > =============================================================== > PANIC: internal error > uhm .. this is bad. Do you get this at startdup ? Then you could do a ./configure.developer, later do a "gdb smbd", then "run", and when the programm crashed, do a "bt". That helps a lot to find the bug. The only problem is, that this won't work so easy, when connecting to a share. you have to connect gdb to the new process, and this is quit timing-critical. (inserting sleep(20) in certain places helps a lot ;) regards, Michal From lifo.des at epita.fr Thu Jun 1 02:30:02 2000 From: lifo.des at epita.fr (lifo des bois) Date: Tue Dec 2 02:29:57 2003 Subject: No subject Message-ID: <200006010230.CAA19383@hermes.epita.fr> Pb With Win 2Y Pro in Samba PDC environnement Does anyone know how entering any Samba Domain Controller from any Win2K Workstation? If yes, please, could you explain to me the right way to go ? PS: Sorry for my poor english. -- Lifo. From moser at egu.schule.ulm.de Thu Jun 1 10:55:32 2000 From: moser at egu.schule.ulm.de (Steffen Moser) Date: Tue Dec 2 02:29:57 2003 Subject: References: <200006010230.CAA19383@hermes.epita.fr> Message-ID: <39364123.CF0F5174@egu.schule.ulm.de> Hello, lifo des bois wrote: > Pb With Win 2Y Pro in Samba PDC environnement > > Does anyone know how entering any Samba Domain Controller from any Win2K Workstation? "samba-2.0.x" cannot be used as a PDC for Win2k machines. AFAIK the only solution to your problem is to use "samba-TNG" instead of "samba-2.0.x". > If yes, please, could you explain to me the right way to go ? Have a look at: http://www.kneschke.de/projekte/samba_tng/index.php3 http://www.sambahq.de (German) There you'll find more information about "samba-TNG". Bye, Steffen From cmccoll at visualpurple.com.au Fri Jun 2 03:02:51 2000 From: cmccoll at visualpurple.com.au (Colin McColl) Date: Tue Dec 2 02:29:57 2003 Subject: Subscribe Message-ID: <002201bfcc3f$0d841870$22a7a8c0@visualpurple.com.au> ------------------------------------ Colin McColl Systems Administrator Visual Purple Interactive ------------------------------------ Ph: +613 9429 9755 Fx: +613 9429 9799 ------------------------------------ -------------- next part -------------- HTML attachment scrubbed and removed From jason.michaelson at veritas.com Fri Jun 2 03:21:45 2000 From: jason.michaelson at veritas.com (Jason D. Michaelson) Date: Tue Dec 2 02:29:57 2003 Subject: TNG and Win95/98 Message-ID: <000801bfcc41$ae4e4990$285018ac@michaelson.cx> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Out of curiosity, what is the status of TNG authenticating Win95 and Win98 pseudo-domain logins? Does it work? If not, does anyone have any advice for getting 2.0.x and TNG running simultaneously on one system to handle both W2K logins and W95/8 logins? Thanks, JDM - -------- Jason D. Michaelson | Debian GNU/ o http://www.debian.org micha044@tc.umn.edu | __ ares0@geocities.com | / / __ _ _ _ _ __ __ Jason.Michaelson@veritas.com | / /__ / / / \// //_// \ \/ / | /____/ /_/ /_/\/ /___/ /_/\_\ http://www.tc.umn.edu/ | ~micha044 | ...because lockups are for convicts... Getting a SCSI chain working is perfectly simple if you remember that there must be exactly three terminations: one on one end of the cable, one on the other end, and the goat, terminated over the SCSI chain with a silver-handled knife whilst burning *black* candles. --- Anthony DeBoer -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 Int. for non-commercial use iQA/AwUBOTcoMpiW9tbTl5gYEQL/YwCfcWBbBbiBKyk5DixF8OQJYZIQczkAoNnd /vfWy0+O7/hu1Nhh8LRYOPAu =vh1u -----END PGP SIGNATURE----- From wildman at mediaone.net Fri Jun 2 07:59:10 2000 From: wildman at mediaone.net (Art Wildman) Date: Tue Dec 2 02:29:58 2003 Subject: Userlevel security, Access Rights: User list inaccessable Message-ID: <3937694E.F13715E0@mediaone.net> Hi Folks, not sure if I'm in the right place, but from what I've read so far installing Samba TNG may get me there... I have 3 w98 clients, 1 w95 client and a RH6.1 server currently running Samba2.06 as a pseudo-PDC using encrypt passwds and security=user. My smb shares on the server and a simple login script to map them runs OK. I want the server to authenticate all share access & logins, so what do I have to do to get Samba to return a list of valid users? The message below was posted to linux.samba for quite awhile & never got any response other than the usual usenet spam. Hope ya'll can point me in right direction... Do I really need Samba TNG? or just a better understanding of how to configure Samba 2.06 username mappings? Is there a RH rpm available for Samba TNG? -------- Original Message -------- Subject: Access Rights: User list inaccessable From: Art Wildman Date: 2000/04/26 Newsgroups: linux.samba Hi guys, this is my first attempt to setup a PDC & can't find the cause of this one in my books or the docs. I have successfully created a Samba 2.06 PDC and set sercurity = user. Several shares exist on the samba server & I can logon from a w9x client and browse each. When I try to create a new printer or share on the w95 client, because my Access Rights point to Domain login to NT Server for validation I'm asked to Add Users. Error: You have created a share but not given anyone permission to use it. Do you want to Add Users now? Error: User list inaccessable at this time? It looks like the client is attempting to get a list of Auth Users from the PDC, but I can't figure out where to config this list for new shares on other client/servers. My interpretation of these obvious perameters is for the Samba server side only or doesn't suit this application... valid users = username = username map = Please clarify. Thanks... -- Art Wildman - wildman@mediaone.net "Linux is user-friendly, it's just particular about who it's friends are." From neogenix at xsinet.co.za Fri Jun 2 11:49:36 2000 From: neogenix at xsinet.co.za (--NeogeniX--) Date: Tue Dec 2 02:29:58 2003 Subject: SUBSCRIBE Message-ID: <000801bfcc88$a02a2b80$6501a8c0@XSINET.co.za> -------------- next part -------------- HTML attachment scrubbed and removed From p.mayers at ic.ac.uk Fri Jun 2 11:58:43 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:29:58 2003 Subject: Userlevel security, Access Rights: User list inaccessable Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8142B@icex1.cc.ic.ac.uk> The PDC functionality doesn't full work in 2.0.x, although the actual logon stuff is feature complete for 9x IIRC. The user lists don't work well, and won't be fixed. In theory TNG is what you need, *BUT* Luke hates 9x (understandable) and doesn't own a copy, so TNG is frequently broken when talking to 9x. Others may be able to point you in the direction of a version of TNG that works well, and with 9x. IIRC, version alpha2.5 is "known good". Cheers, Phil -----Original Message----- From: Art Wildman To: Multiple recipients of list SAMBA-NTDOM Sent: 6/2/00 6:01 AM Subject: Userlevel security, Access Rights: User list inaccessable Hi Folks, not sure if I'm in the right place, but from what I've read so far installing Samba TNG may get me there... I have 3 w98 clients, 1 w95 client and a RH6.1 server currently running Samba2.06 as a pseudo-PDC using encrypt passwds and security=user. My smb shares on the server and a simple login script to map them runs OK. I want the server to authenticate all share access & logins, so what do I have to do to get Samba to return a list of valid users? The message below was posted to linux.samba for quite awhile & never got any response other than the usual usenet spam. Hope ya'll can point me in right direction... Do I really need Samba TNG? or just a better understanding of how to configure Samba 2.06 username mappings? Is there a RH rpm available for Samba TNG? -------- Original Message -------- Subject: Access Rights: User list inaccessable From: Art Wildman Date: 2000/04/26 Newsgroups: linux.samba Hi guys, this is my first attempt to setup a PDC & can't find the cause of this one in my books or the docs. I have successfully created a Samba 2.06 PDC and set sercurity = user. Several shares exist on the samba server & I can logon from a w9x client and browse each. When I try to create a new printer or share on the w95 client, because my Access Rights point to Domain login to NT Server for validation I'm asked to Add Users. Error: You have created a share but not given anyone permission to use it. Do you want to Add Users now? Error: User list inaccessable at this time? It looks like the client is attempting to get a list of Auth Users from the PDC, but I can't figure out where to config this list for new shares on other client/servers. My interpretation of these obvious perameters is for the Samba server side only or doesn't suit this application... valid users = username = username map = Please clarify. Thanks... -- Art Wildman - wildman@mediaone.net "Linux is user-friendly, it's just particular about who it's friends are." From mbreuer at siac.com Fri Jun 2 13:30:17 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:58 2003 Subject: TNG and Win95/98 References: <000801bfcc41$ae4e4990$285018ac@michaelson.cx> Message-ID: <3937B6E9.17AFCDD7@siac.com> Work's for me. "Jason D. Michaelson" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Out of curiosity, what is the status of TNG authenticating Win95 and > Win98 pseudo-domain logins? Does it work? If not, does anyone have > any advice for getting 2.0.x and TNG running simultaneously on one > system to handle both W2K logins and W95/8 logins? [snip] From Skripi at hrzpub.tu-darmstadt.de Fri Jun 2 14:39:12 2000 From: Skripi at hrzpub.tu-darmstadt.de (Jens Skripczynski) Date: Tue Dec 2 02:29:58 2003 Subject: Subscribe In-Reply-To: <002201bfcc3f$0d841870$22a7a8c0@visualpurple.com.au>; from cmccoll@visualpurple.com.au on Fri, Jun 02, 2000 at 01:03:23PM +1000 References: <000801bfcc88$a02a2b80$6501a8c0@XSINET.co.za> <002201bfcc3f$0d841870$22a7a8c0@visualpurple.com.au> Message-ID: <20000602163912.A2300@shadowland.sc> see: Mailinglist subscribtion Web Interface: http://samba.org/listproc. Old Mailinglist digest http://us1.samba.org/listproc/samba-ntdom/ SAMBA-TNG FAQ http://www.kneschke.de/projekte/samba_tng/index.php3 SAMBA Bug report "How to" http://www.kneschke.de/projekte/samba_tng/faq/bugreport.php3 SAMBA Bug report template http://www.kneschke.de/projekte/samba_tng/faq/samba-bugreport-template.txt Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From brb at isilver-inc.com Fri Jun 2 18:01:24 2000 From: brb at isilver-inc.com (Ben Blakely) Date: Tue Dec 2 02:29:58 2003 Subject: Win 2000 problem with Samba-TNG 2.5.3 Message-ID: <3937F674.2C1E4BA0@isilver-inc.com> Hi, OS: Linux (Slackware-7.0) 2.2.15 Compiler: egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) CVS-Branch: SAMBA_TNG Version: samba-tng-alpha.2.5.3 (got it as a tarball, not via CVS) Error Type: Reproducable Short Desc: On Win2k client workstation, there's a delay between the time I log in to the domain and the time I can browse or mount shares on the PDC. Long Description: I'm trying to get samba-tng-alpha.2.5.3 working on a server, but I'm running into problems with Windows 2000 (ugh). Testing with win98 workstations have been flawless thus far, so this only applies to my win2k system. I've got the server (which is named ISIS) set up as a PDC with all the settings recommended by the docs on Lars Kneschke's FAQ. My win2k workstation (IS-ZEN) authenticates me when I go to log into the domain, but when it tries to grab my profile and mount my home directory on the server as U:, it's spitting out access denied errors. So I "ok" past the errors, and then when I go into explorer.exe to try and browse over to the server, it's again giving errors and presenting me with a login prompt to make the connection. However, if I walk away and think good thoughts, then 5-10 minutes later I can somehow browse into the server with no problems. If I log out after it's started working, and go to log back in, everything works perfectly (picks up the profile and mounts up the U: drive). Below is the output in log.smb of one of the failures (turned debug level up to 100). If the very concept of me trying to make this work with Windows 2000 is too whacky, I can accept that as an answer, but it seems like a bug since everything appears to work properly after the initial delay. I've included my smb.conf file as an attachment. Oh, and my apologies if this is the wrong place to post this sort of inquiry. Thanks, Ben Blakely Systems Admin I-Silver, Inc. cli_net_req_chal: LSA Request Challenge from \\. to ISIS: E529140D2622BA74 make_q_req_chal: 542 make_q_req_chal: 552 000000 net_io_q_req_chal 0000 undoc_buffer: 00000001 000004 smb_io_unistr2 logon_srv 0004 uni_max_len: 00000004 0008 undoc : 00000000 000c uni_str_len: 00000004 0010 buffer : \.\..... 000018 smb_io_unistr2 logon_clnt 0018 uni_max_len: 00000005 001c undoc : 00000000 0020 uni_str_len: 00000005 0024 buffer : I.S.I.S... 00002e smb_io_chal clnt_chal 002e data: e5 29 14 0d 26 22 ba 74 rpc_con_pipe_req: op_num 4 offset 54 used: 54 rpc_api_pipe_req: start: 0 off: 54 create_rpc_request: opnum: 0x4 data_len: 0x30 create_rpc_request: data_len: 30 auth_len: 0 alloc_hint: 18 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 01 0004 pack_type : 10 00 00 00 prs_set_packtype: bigendian: No 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000002b 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000018 0014 context_id: 0064 0016 opnum : 0004 frag_len: 0x30 data_len: 0x18 data_calc_len: 0x18 create_noauth_pdu: 95 create_noauth_pdu: 102 rpc_api_pipe_req: end: 24 ncalrpc_l_send_prs: data: 0x809df78 len 48 [000] 05 00 00 01 10 00 00 00 30 00 00 00 2B 00 00 00 ........ 0...+... [010] 18 00 00 00 64 00 04 00 01 00 00 00 04 00 00 00 ....d... ........ [020] 00 00 00 00 04 00 00 00 5C 00 5C 00 2E 00 00 00 ........ \.\..... write_socket(12,48) write_socket(12,48) wrote 48 rpc_api_pipe_req: start: 24 off: 54 create_rpc_request: opnum: 0x4 data_len: 0x30 create_rpc_request: data_len: 30 auth_len: 0 alloc_hint: 18 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 00 0004 pack_type : 10 00 00 00 prs_set_packtype: bigendian: No 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000002c 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000018 0014 context_id: 0064 0016 opnum : 0004 frag_len: 0x30 data_len: 0x18 data_calc_len: 0x18 create_noauth_pdu: 95 create_noauth_pdu: 102 rpc_api_pipe_req: end: 48 ncalrpc_l_send_prs: data: 0x809df78 len 48 [000] 05 00 00 00 10 00 00 00 30 00 00 00 2C 00 00 00 ........ 0...,... [010] 18 00 00 00 64 00 04 00 05 00 00 00 00 00 00 00 ....d... ........ [020] 05 00 00 00 49 00 53 00 49 00 53 00 00 00 E5 29 ....I.S. I.S....) write_socket(12,48) write_socket(12,48) wrote 48 rpc_api_pipe_req: start: 48 off: 54 create_rpc_request: opnum: 0x4 data_len: 0x30 create_rpc_request: data_len: 30 auth_len: 0 alloc_hint: 18 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 00 0004 pack_type : 10 00 00 00 prs_set_packtype: bigendian: No 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000002d 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000018 0014 context_id: 0064 0016 opnum : 0004 frag_len: 0x30 data_len: 0x18 data_calc_len: 0x18 create_noauth_pdu: 95 create_noauth_pdu: 102 rpc_api_pipe_req: end: 72 ncalrpc_l_send_prs: data: 0x809df78 len 48 [000] 05 00 00 00 10 00 00 00 30 00 00 00 2D 00 00 00 ........ 0...-... [010] 18 00 00 00 64 00 04 00 14 0D 26 22 BA 74 00 00 ....d... ..&".t.. [020] B0 78 29 40 C1 43 00 00 B0 78 29 40 B0 78 29 40 .x)@.C.. .x)@.x)@ write_socket(12,48) write_socket(12,48) wrote 48 rpc_api_pipe_req: data_end: 72 and offset 54 wrong rpc_con_pipe_req FAILED cli_nt_setup_creds: request challenge failed domain_client_validate: credentials failed (\\.) SMB LM/NT Password did not match! Rejecting user 'brb': authentication failed 32 bit error packet at line 493 cmd=115 (SMBsesssetupX) eclass=c000006d [Error: Unknown error (109,49152)] error string = No such file or directory size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=16384 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=1792 smt_wct=0 smb_bcc=0 -------------- next part -------------- [global] debug level = 100 interfaces = eth0 #NetBIOS name isn't needed if it's the same as the hostname netbios name = ISIS workgroup = ISILVER #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /usr/local/samba/private/domaingroup.map domain alias map = /usr/local/samba/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\ISIS\%U logon path = \\ISIS\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /usr/local/samba/netlogon writable = no guest ok = no comment = PDC netlogon share browseable = no #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /usr/local/samba/profile writeable = yes comment = User profiles create mode = 0600 directory mode = 0700 browsable = no #a public share [public] path = /usr/local/samba/public browseable = yes public = yes comment = Public share From MBrichacek at e-dialog.com Fri Jun 2 18:03:55 2000 From: MBrichacek at e-dialog.com (Matt Brichacek) Date: Tue Dec 2 02:29:58 2003 Subject: Subscribe Message-ID: Hey I can finally get back on the list again and I want back in the fun!! SUBSCIBE ME PLEASE!! Matthew Brichacek Senior UNIX Administrator <<...OLE_Obj...>> 131 Hartwell Avenue Lexington, MA 02421 v: 781-863-3366 f: 781-863-8118 From randyp at ti.com Fri Jun 2 18:05:48 2000 From: randyp at ti.com (Randy Parker) Date: Tue Dec 2 02:29:58 2003 Subject: User Profiles Message-ID: <16865.959969148@cluster> Got a problem with Samba PDC and User Profiles. I hope someone can shed some light on this for me. Environment: Samba 2.0.7 running as a PDC for DFABJ750 domain. A J750 NT-based Integrated Circuit tester as a client in the DFABJ750 domain. A couple of lab NT boxes as test clients in the DFABJ750 domain. History: Samba was initially on a lab Sun box named msptest. We had added a few users and got the basic domain logins working and the smb.conf file set up on msptest. The J750 users stuff was running fine. Since msptest was a lab box we needed to move it to a semi-permanent server box. All Samba functions were moved from msptest to another Sun box named willie. After moving Samba/PDC functions to willie none of the clients could get login information from willie. I eventually discovered that I had to remove all the clients from the DFABJ750 domain and re-add them to DFABJ750 before they could "see" willie as their new PDC. After this, existing "old" user profiles no longer worked, whether they were local or roaming. "Old" users can no longer run their J750 test programs, while "new" users, added since willie was enabled, can run the exact same programs just fine, AND their user profiles work just fine. I suspect the two problems are facets of the same problem, user profiles. Any ideas or suggestions? Regards, Randy Parker Dallas, Texas From ctooley at joslyn.org Fri Jun 2 22:02:38 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:29:58 2003 Subject: Rebooting from netlogon script Message-ID: <39382EFE.96A9681@joslyn.org> Is there a command I can run to get some Win 9x boxes to reboot from a netlogon script? Chris Tooley From jwhamps at ilstu.edu Fri Jun 2 20:49:57 2000 From: jwhamps at ilstu.edu (Jeffrey W. Hampson) Date: Tue Dec 2 02:29:58 2003 Subject: In NT location, Unknown Message-ID: Still attemping to get TNG running. When I do a search for the computer it displays the result as : Name: Location: Redcat Unknown before when I was using 2.07 my configuration worked fine. I could find the domain, logon and everything. Can someone tell me what I am missing. ------------------------------ Jeff Hampson "That which is not explicitly permitted is denied." -------------- next part -------------- HTML attachment scrubbed and removed From steven.rostedt at lmco.com Fri Jun 2 21:03:19 2000 From: steven.rostedt at lmco.com (Rostedt, Steven) Date: Tue Dec 2 02:29:58 2003 Subject: Trusting NT accounts with samba's PDC server Message-ID: <99AA2270B1E6D111BCE10000F805F17F07CCE0AC@emss35m02.owg.fs.lmco.com> I'm trying to set up a Samba domain with one way trust to another domain run by a NT server. I'm trying to have it so that accounts on the NT server domain have access to shares within the Samba domain. This is where am at... I'm using Samba from the CVS tree downloaded from 5/25/2000. I have a NT workstation within my Samba domain. Some important attributes in my smb.conf: [global] workgroup = NA5 netbios name = NEVETS security = SERVER encrypt passwords = Yes map to guest = Bad User null passwords = Yes password server = grouper # this is the name of the NT PDC. domain logons = Yes perferred master = Yes domain master = Yes wins support = Yes # not used guest account = guest [tmp] path = /tmp/samba username = pdctest read only = No I left out log info and misc stuff. My NT workstation in my domain is called dilbert. in my passwd file I have: dilbert$:*:9000:99:Machine:/dev/null:/bin/fakesh pdctest:*:9001:99:PDC test:/dev/null:/bin/fakesh I added dilbert with smbpasswd -m dilbert Note: pdctest is NOT in the smbpasswd file (purposely) What works: I can access resources on dilbert using accounts only on my Samba PDC. So dilbert is in the domain ok. I can access resources on the Samba PDC from dilbert. I can access resources on the Samba PDC from the NT domain using the pdctest account. I've tested with good and bad passwords and everything seems to work. So I believe that the trust between Samba and the NT account is ok. What doesn't work: I cannot access resources on the NT workstation from the NT domain using the pdctest account. I set the debug level to 5 and walked through some of the samba code and I noticed that in srv_netlog.c that it searches through the smbpasswd and if not found that it sets the status. I don't know the samba code that well since I only looked at this today, but this seems to be causing the connection to fail. I figure that if I can get the NT workstation to connect to the Samba box and the samba box to trust the NT domain, I should be able to authenticate the NT workstation by using the NT domain. It just seems to be missing a little code. Am I on the right track? or am I just out there? Any help would be appreciated. Thanks. I'm willing to hack at the code a little too, but I'm warning you I'm not that familiar with the SMB protocol, I only know what I've read in "Using Samba" and "Teach Yourself Samba in 24 hours" (both excellent books!) Thanks Steven Rostedt From jacob.lorensen at e-postboks.dk Fri Jun 2 21:07:20 2000 From: jacob.lorensen at e-postboks.dk (Jacob Bohn Lorensen) Date: Tue Dec 2 02:29:58 2003 Subject: TNG and Win95/98 In-Reply-To: "Jason D. Michaelson"'s message of "Fri, 2 Jun 2000 13:17:15 +1000" References: <000801bfcc41$ae4e4990$285018ac@michaelson.cx> Message-ID: <87g0qv6bcn.fsf@pippin.jblhome.ping.dk> >>>>> "Jason" == Jason D Michaelson writes: Jason> Out of curiosity, what is the status of TNG authenticating Jason> Win95 and Win98 pseudo-domain logins? Does it work? If not, Jason> does anyone have any advice for getting 2.0.x and TNG Jason> running simultaneously on one system to handle both W2K Jason> logins and W95/8 logins? I am currently running SAMBA-TNG 2.5 on FreeBSD performing domain logons of a Win2k and a Windows 98 machine (the same machine, dual booting). I use roving user profiles. It works with no problems so far. Note, however, that this is for my home network / playground etc. so the amount of test/stress etc. is not very big. I have had no serious problems (other than known problems with samba vs. win2k). But I have not had time to test printing, for instance. So I would not recommend the setup in a production environment. But basic functionality seems to be there. Regards. Jacob -- Jacob Lorensen; Mosebuen 33, 1.; DK-2820 Gentofte, Denmark; +45 39560401 PGPid: 0x752EB4DE Fingerprint: F609A0BAFF393EA904F7-F344680F8EED752EB4DE From ZolnOtt at t-online.de Fri Jun 2 20:13:05 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:29:58 2003 Subject: User Profiles In-Reply-To: <16865.959969148@cluster> References: <16865.959969148@cluster> Message-ID: <00060222283701.00375@zolnott> Am Fre, 02 Jun 2000 schrieben Sie: Hi! I hope, I can help you a little bit. Excuse me for my bad english. You can put a Default-User-Profile on the Samba-PDC-Server. ; WinNT.conf: ; 000515 ; Extra-Page to smb.conf ; ; global ; "Startmenue" for Logon logon script = logon_winNT.bat ; Home-Dir logon drive = H: ; Path for Home-Dir logon home = \\%N\%U ; ; Domane [netlogon] ; Path for default-net-logon path = /home/logon writable = no public = no locking = no ; ; end WinNT.conf I hope, it helps you. Bye Michael > Got a problem with Samba PDC and User Profiles. > I hope someone can shed some light on this for > me. > > Environment: > > Samba 2.0.7 running as a PDC for DFABJ750 domain. > > A J750 NT-based Integrated Circuit tester as a client > in the DFABJ750 domain. > > A couple of lab NT boxes as test clients in the DFABJ750 > domain. > > History: > > Samba was initially on a lab Sun box named msptest. We had > added a few users and got the basic domain logins working > and the smb.conf file set up on msptest. The J750 users > stuff was running fine. Since msptest was a lab box we > needed to move it to a semi-permanent server box. All Samba > functions were moved from msptest to another Sun box named > willie. > > After moving Samba/PDC functions to willie none of the > clients could get login information from willie. I eventually > discovered that I had to remove all the clients from the > DFABJ750 domain and re-add them to DFABJ750 before they could > "see" willie as their new PDC. > > After this, existing "old" user profiles no longer worked, whether > they were local or roaming. "Old" users can no longer run their > J750 test programs, while "new" users, added since willie was > enabled, can run the exact same programs just fine, AND their > user profiles work just fine. I suspect the two problems are > facets of the same problem, user profiles. > > Any ideas or suggestions? > > Regards, > Randy Parker > Dallas, Texas From ZolnOtt at t-online.de Fri Jun 2 22:10:57 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:29:58 2003 Subject: Trusting NT accounts with samba's PDC server In-Reply-To: <99AA2270B1E6D111BCE10000F805F17F07CCE0AC@emss35m02.owg.fs.lmco.com> References: <99AA2270B1E6D111BCE10000F805F17F07CCE0AC@emss35m02.owg.fs.lmco.com> Message-ID: <00060300181402.00375@zolnott> Hi! If you read "Teach Yourself Samba in 24 hours", vou can read, that the trust is not implemented. Which whitch version of Samba do you work. Try it with a alpha-version, like samba-tng-2.1 or higher. It can be downloaded from the page www.samba.org. It had try it also with cvs but I became an older version (2.0.4) Bye Michael > Am Fre, 02 Jun 2000 schrieben Sie: > I'm trying to set up a Samba domain with > one way trust to another domain run by a NT server. > I'm trying to have it so that accounts on the NT server domain > have access to shares within the Samba domain. > > This is where am at... > > I'm using Samba from the CVS tree downloaded > from 5/25/2000. > > I have a NT workstation within my Samba domain. > > Some important attributes in my smb.conf: > > [global] > workgroup = NA5 > netbios name = NEVETS > security = SERVER > encrypt passwords = Yes > map to guest = Bad User > null passwords = Yes > password server = grouper # this is the name of the NT PDC. > domain logons = Yes > perferred master = Yes > domain master = Yes > wins support = Yes # not used > guest account = guest > > [tmp] > path = /tmp/samba > username = pdctest > read only = No > > > I left out log info and misc stuff. > > My NT workstation in my domain is called dilbert. > > in my passwd file I have: > > dilbert$:*:9000:99:Machine:/dev/null:/bin/fakesh > pdctest:*:9001:99:PDC test:/dev/null:/bin/fakesh > > I added dilbert with > smbpasswd -m dilbert > > Note: pdctest is NOT in the smbpasswd file (purposely) > > What works: > > I can access resources on dilbert using accounts only on my Samba PDC. > So dilbert is in the domain ok. > > I can access resources on the Samba PDC from dilbert. > > I can access resources on the Samba PDC from the NT domain using > the pdctest account. > I've tested with good and bad passwords and everything seems > to work. So I believe that the trust between Samba and the > NT account is ok. > > What doesn't work: > > I cannot access resources on the NT workstation from the NT domain > using the pdctest account. > > I set the debug level to 5 and walked through some of the samba code > and I noticed that in srv_netlog.c that it searches through the smbpasswd > and if not found that it sets the status. > > I don't know the samba code that well since I only looked at this today, > but this seems to be causing the connection to fail. > > I figure that if I can get the NT workstation to connect to the Samba box > and the samba box to trust the NT domain, I should be able to authenticate > the NT workstation by using the NT domain. It just seems to be missing > a little code. > > Am I on the right track? or am I just out there? > > Any help would be appreciated. Thanks. > I'm willing to hack at the code a little too, but I'm warning you > I'm not that familiar with the SMB protocol, I only know what > I've read in "Using Samba" and "Teach Yourself Samba in 24 hours" > (both excellent books!) > > Thanks > Steven Rostedt From phee at capofind.screaming.net Sat Jun 3 15:09:38 2000 From: phee at capofind.screaming.net (Ralph Cummings) Date: Tue Dec 2 02:29:58 2003 Subject: subscribe Message-ID: <000801bfcd6d$c1558580$0364a8c0@capofind.screaming.net> subscribe -------------- next part -------------- HTML attachment scrubbed and removed From Skripi at hrzpub.tu-darmstadt.de Sun Jun 4 13:21:50 2000 From: Skripi at hrzpub.tu-darmstadt.de (Jens Skripczynski) Date: Tue Dec 2 02:29:58 2003 Subject: subscribe In-Reply-To: <000801bfcd6d$c1558580$0364a8c0@capofind.screaming.net>; from phee@capofind.screaming.net on Sun, Jun 04, 2000 at 01:04:53AM +1000 References: <000801bfcd6d$c1558580$0364a8c0@capofind.screaming.net> Message-ID: <20000604152150.A1431@shadowland.sc> Ralph Cummings: > subscribe see / read Mailinglist subscribtion Web Interface: http://samba.org/listproc. Old Mailinglist digest http://us1.samba.org/listproc/samba-ntdom/ SAMBA-TNG FAQ http://www.kneschke.de/projekte/samba_tng/index.php3 SAMBA Bug report "How to" http://www.kneschke.de/projekte/samba_tng/faq/bugreport.php3 SAMBA Bug report template http://www.kneschke.de/projekte/samba_tng/faq/samba-bugreport-template.txt Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From D.Bannon at latrobe.edu.au Sun Jun 4 22:56:40 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:29:58 2003 Subject: User Profiles In-Reply-To: <16865.959969148@cluster> Message-ID: <3.0.6.32.20000605085640.00867560@bioserve.latrobe.edu.au> At 04:10 AM 03/06/2000 +1000, Randy Parker wrote: > > I had to remove all the clients from the > DFABJ750 domain and re-add them to DFABJ750 before they could > "see" willie as their new PDC. > ..... > After this, existing "old" user profiles no longer worked, I think your problem might be that the profiles will be storing information in them about the domain in which they were created. Things like 'home is \\DFABJ750\user'. I have heard of tools that let you edit the profile, might be easier to delete them and start again. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From jreyes at erols.com Mon Jun 5 00:23:01 2000 From: jreyes at erols.com (Jose Reyes) Date: Tue Dec 2 02:29:58 2003 Subject: Problems with NTWS login In-Reply-To: Message-ID: I am also experiencing this same issue. You can login to the domain but it won't let you browse it or attach to any of the shares, but if I restart the smbd daemon when I am logged in it will let me browse it. Passwords match in Samba/NT. Any ideas?, -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of ?olovi? Igor Sent: Sunday, May 28, 2000 4:28 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Problems with NTWS login I found one strange situation. I will try to explain it. My configuration: NTWS 4.0 SP3 ----- RH 5.2 kernel 2.2.9 i486 UNKNOWN Samba CVS from 28.5.2000 22:00 On NTWS and on Linux I have account cigor. Password is the same for NT and for samba. Till tonight I did not have any problems loging in to samba, but have problems browsing samba server. It prompt me for username ad password. At first I thought that problem is in samba and samba only. But then I changed password on samba to something else, and now I can not login to samba server. The strange thing is that if I use password that is valid on NTWS it let me login, but I can not browse samba server. About att: log1.tar.gz is log(100) when in login dialog I type samba password. log2.tar.gz is log(100) when in login dialog I type local(NTWS) password. P.S. Luke because my configuration is not a production one I can play with it, just tel me what to do. -- Nothing makes a person more productive than the last minute. From fricke at Team.OWL-Online.DE Mon Jun 5 09:04:15 2000 From: fricke at Team.OWL-Online.DE (fricke@Team.OWL-Online.DE) Date: Tue Dec 2 02:29:58 2003 Subject: "hidden" profiles Message-ID: Hi, using Samba 2.06 in production environment with Debian Linux 2.2.x. All works fine but after some month the profiles on the server can?t be loaded from the workstation. Today a user came to me and asks me for his profile. Looking on the share on the the server last access 31 May (last use of profile) But this morning without any crash or something terrible the NT-Doze can?t get his profile from the server I don?t know it works some month and suddenly crashes. Is there a timeout for profiles storinf on a server ;-( -------------------------------------- Mit freundlichen Gr??en Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51-115 ...keep on headbangin? , that rocks!!! From steven.rostedt at lmco.com Mon Jun 5 13:29:44 2000 From: steven.rostedt at lmco.com (Rostedt, Steven) Date: Tue Dec 2 02:29:58 2003 Subject: Trusting NT accounts with samba's PDC server Message-ID: <99AA2270B1E6D111BCE10000F805F17F07CCE0AD@emss35m02.owg.fs.lmco.com> Thanks Michael, Yes, I know it is not currently implemented, but I heard/read that it would be in the 2.1 version (we are about to go to 2.2). So I thought that it might work in the core CVS tree. I've downloaded the tng version now and I'm currently playing with it. My question is... has anyone successfully implemented trusts relations with NT using the CVS version of TNG. All I need is to have a one way trust, where samba can verify users from another domain. I'm asking this so I don't waste time if someone else has tried this and failed. Thanks Steve. > Hi! > > If you read "Teach Yourself Samba in 24 hours", vou can read, that the > trust is > not implemented. > Which whitch version of Samba do you work. Try it with a alpha-version, > like > samba-tng-2.1 or higher. It can be downloaded from the page www.samba.org. > It > had try it also with cvs but I became an older version (2.0.4) > > Bye Michael > > > From ralf at is.rice.edu Mon Jun 5 15:50:24 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:29:58 2003 Subject: Unable to make connection Message-ID: Please help. I have a problem with release-alpha-2.5 running on Solaris 2.6 downloaded two weeks ago. Everything compiles fine, but NT machines can not join the domain. I keep getting the "Check your computer account on the domain" message, so, I know nmbd is working correctly. When I use either rpcclient or samedit to reset the computer account, I get the following: sulphur.is.rice.edu# ./rpcclient -U ralf doing parameter log file = /usr/site/samba-cvs/var/logs/log.%m doing parameter max log size = 100 .. .. .. pm_process() returned Yes added interface ip=128.42.42.19 bcast=128.42.42.255 nmask=255.255.255.0 Enter Password: Server: \\: User: ralf Domain: Connection: cli_establish_connection: SULPHUR<00> connecting to *SMBSERVER<20> (255.255.255.255) - ralf [] with NTLMv1, nopw: No Connecting to 255.255.255.255 at port 445 error connecting to 255.255.255.255:445 (Network is unreachable) Connecting to 255.255.255.255 at port 139 error connecting to 255.255.255.255:139 (Network is unreachable) cli_establish_connection: failed to connect to SULPHUR<00> (255.255.255.255) cli_net_use_add: connection failed FAILED 2000/06/05 10:10:17 client started (version TNG-alpha) [ralf@]$ Port 139 is enabled and accepting connections and defined in /etc/services, but samba cannot seem to be able to make it. I followed Lars' page instructions to create users and computer accounts, but for some reason tng just won't authenticate NT machines. What is causing this problem? Samba-2.0.7 works just fine. Please help!!! Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From tom at picard.ee.ucl.ac.uk Mon Jun 5 16:00:59 2000 From: tom at picard.ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:58 2003 Subject: samba cvs 05/06/00 still doesn't serve shares Message-ID: <200006051601.RAA18209@picard.ee.ucl.ac.uk> Hello, samba cvs 05/06/00 16:00BST Solaris 2.7 Sparc 64 gcc 2.8.1 This does not allow a Win 2k client to access shares. It will allow login, but reject the user on trying to mount the profile or home shares. Log fragment below: [000] 05 00 00 00 10 00 00 00 30 00 00 00 23 00 00 00 ........ 0...#... [010] 18 00 00 00 64 00 04 00 06 00 00 00 00 00 00 00 ....d... ........ [020] 06 00 00 00 53 00 4F 00 4E 00 49 00 43 00 00 00 ....S.O. N.I.C... write_socket(14,48) write_socket(14,48) wrote 48 rpc_api_pipe_req: start: 48 off: 56 create_rpc_request: opnum: 0x4 data_len: 0x30 create_rpc_request: data_len: 30 auth_len: 0 alloc_hint: 18 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 00 0004 pack_type : 10 00 00 00 prs_set_packtype: bigendian: No 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000024 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000018 0014 context_id: 0064 0016 opnum : 0004 rpc_api_pipe_req: end: 72 ncalrpc_l_send_prs: data: e02d0 len 48 [000] 05 00 00 00 10 00 00 00 30 00 00 00 24 00 00 00 ........ 0...$... [010] 18 00 00 00 64 00 04 00 4D 41 E4 BD 08 D6 7C DA ....d... MA....|. [020] 00 00 00 49 00 00 00 00 01 01 00 00 00 00 00 05 ...I.... ........ write_socket(14,48) write_socket(14,48) wrote 48 rpc_api_pipe_req: data_end: 72 and offset 56 wrong rpc_con_pipe_req FAILED cli_nt_setup_creds: request challenge failed domain_client_validate: credentials failed (\\.) SMB LM/NT Password did not match! Rejecting user 'tom': authentication failed 32 bit error packet at line 493 cmd=115 (SMBsesssetupX) eclass=c000006d [Error: Unknown error (109,49152)] error string = No such file or directory size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=16384 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=1985 smt_wct=0 Anyone know what's wrong? Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From zwluxx at chopin.cipic.ucdavis.edu Mon Jun 5 17:18:19 2000 From: zwluxx at chopin.cipic.ucdavis.edu (Zhi-Wei Lu) Date: Tue Dec 2 02:29:58 2003 Subject: Win2K Blue Message-ID: <200006051718.KAA31771@chopin.cipic.ucdavis.edu> I have recently upgraded (?) my NT workstation to Windows 2000 Professional. I am running a samba 2.0.7 PDC on an IRIX 6.5.8m machine. When I try to rejoin the samba domain, I am getting this error message on Win2k machine: The following error occured attempting to join the domain "mydomain": The procedure number is out of range. Does anybody encounter this before? If yes, what is the remedy? Thank you for your help. -- Zhi-Wei Lu CIPIC (Center for Image Processing and Integrated Computing) UC Davis Phone: (530)-752-0494 Davis, CA 95616 Fax: (530)-752-8894 From isyn at isi.wat.waw.pl Mon Jun 5 19:48:10 2000 From: isyn at isi.wat.waw.pl (isyn@isi.wat.waw.pl) Date: Tue Dec 2 02:29:58 2003 Subject: Wins Server... Message-ID: I have one short question. If I have Samba (192.168.4.254) configured to use external wins server. And my Windows 98 clients are configured to use 192.168.4.254 as a Wins Server. Does my Samba forward packets to external WINS server? -- ROBERT MAGIER From James.Nord at cdt.luth.se Mon Jun 5 21:37:42 2000 From: James.Nord at cdt.luth.se (James Nord) Date: Tue Dec 2 02:29:58 2003 Subject: Win2K Blue References: <200006051718.KAA31771@chopin.cipic.ucdavis.edu> Message-ID: <393C1DA6.20D42BC9@cdt.luth.se> Hi, Samba 2.0.7 as a PDC can't cope with Win2000 machines in a domain. (or Win2000 can cope with samba as a PDC ;-) ) If you want this functionality check samba-tng. Note that TNG is alpha code and sometimes doesn't compile and sometimes just doesn't work. /James Zhi-Wei Lu wrote: > > I have recently upgraded (?) my NT workstation to Windows 2000 Professional. > I am running a samba 2.0.7 PDC on an IRIX 6.5.8m machine. When I try to > rejoin the samba domain, I am getting this error message on Win2k machine: > The following error occured attempting to join the domain "mydomain": > The procedure number is out of range. > > Does anybody encounter this before? If yes, what is the remedy? Thank you > for your help. > > -- > Zhi-Wei Lu > CIPIC (Center for Image Processing and Integrated Computing) > UC Davis Phone: (530)-752-0494 > Davis, CA 95616 Fax: (530)-752-8894 From schs at apatity.ru Tue Jun 6 05:18:45 2000 From: schs at apatity.ru (Sergey Shibeko) Date: Tue Dec 2 02:29:58 2003 Subject: Unable to make connection References: Message-ID: <004801bfcf76$c7d0be60$0a02a8c0@SAMBA> > Please help. I have a problem with release-alpha-2.5 running on Solaris > 2.6 downloaded two weeks ago. > > Everything compiles fine, but NT machines can not join the domain. I keep > getting the "Check your computer account on the domain" message, so, I > know nmbd is working correctly. When I use either rpcclient or samedit to > reset the computer account, I get the following: > > sulphur.is.rice.edu# ./rpcclient -U ralf Try ./rpcclient -S . -U root > doing parameter log file = /usr/site/samba-cvs/var/logs/log.%m > doing parameter max log size = 100 > . > . > . > pm_process() returned Yes > added interface ip=128.42.42.19 bcast=128.42.42.255 nmask=255.255.255.0 > Enter Password: > Server: \\: User: ralf Domain: > Connection: cli_establish_connection: SULPHUR<00> connecting to > *SMBSERVER<20> (255.255.255.255) - ralf [] with NTLMv1, nopw: No > Connecting to 255.255.255.255 at port 445 > error connecting to 255.255.255.255:445 (Network is unreachable) > Connecting to 255.255.255.255 at port 139 > error connecting to 255.255.255.255:139 (Network is unreachable) > cli_establish_connection: failed to connect to SULPHUR<00> > (255.255.255.255) > cli_net_use_add: connection failed > FAILED > 2000/06/05 10:10:17 client started (version TNG-alpha) > [ralf@]$ > > Port 139 is enabled and accepting connections and defined in > /etc/services, but samba cannot seem to be able to make it. > > I followed Lars' page instructions to create users and computer accounts, > but for some reason tng just won't authenticate NT machines. > > What is causing this problem? Samba-2.0.7 works just fine. > > Please help!!! > > Al. > > -------------------------------------------------------------------------- ------- > | Alfredo Ramos > This space available for rent. | New Media & Student Computing > Get your product moving. Advertise here! | Rice University. > | Email: ralf@is.rice.edu > -------------------------------------------------------------------------- ------- From gs at ilfb.tuwien.ac.at Tue Jun 6 07:16:06 2000 From: gs at ilfb.tuwien.ac.at (Gerhard Schneider) Date: Tue Dec 2 02:29:58 2003 Subject: W2K Workstation and Samba CVS Current Message-ID: <200006060716.JAA20485@ilfb03.tuwien.ac.at> OS: Linux 2.2 Potato i386 Samba version pre-3.0.0 (CVS of today) Samba is the PDC of the domain test. A Win2000 workstation is not able to join the domain. Entries for the workstation and valid users are in the smbpasswd file Error message (on Win2k): The following error occured attempting to join the domain "test": The system cannot find message text for message number 0x%1 in the message file for %2. Error message in the workstation.log: prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. What do I do wrong? Gerhard Schneider -- Gerhard Schneider e-Mail: gs@ilfb.tuwien.ac.at Institute of Light Weight Structures (E317) Tel.: +43 1 58801 31716 Vienna University of Technology / Austria Fax: +43 1 58801 31799 A-1040 Wien, Gusshausstrasse 27-29 http://ilfb.tuwien.ac.at/~gs/ From mgeddes at mail.xavier.sa.edu.au Tue Jun 6 09:14:01 2000 From: mgeddes at mail.xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:58 2003 Subject: Wins Server... In-Reply-To: References: Message-ID: <200006060914.SAA00837@mail.xavier.sa.edu.au> Quoting isyn@isi.wat.waw.pl: > I have one short question. > If I have Samba (192.168.4.254) configured to use external wins server. > And my Windows 98 clients are configured to use 192.168.4.254 as a Wins > Server. Does my Samba forward packets to external WINS server? I believe that: wins support = yes and wins server = x.x.x.x are mutually exclusive. Check your logs, I think Samba complains when both are in use. Hope it answers you question, Matt Matthew Geddes Network Manager Xavier College Gawler, SA ======================================= Xavier College Gawler, South Australia visit http://www.xavier.sa.edu.au/ --------------------------------------- Xavier College Staff E-mail is Powered by IMP http://www.horde.org/ From a.samardzic at racunari.com Tue Jun 6 12:49:40 2000 From: a.samardzic at racunari.com (Aleksandar B. Samardzic) Date: Tue Dec 2 02:29:58 2003 Subject: Samba as PDC for network containing Windows 2000 Server machine Message-ID: I've tried to accomplish above with several Samba branches (2.0.7, tng-alpha-2.5.3, latest 2.1.0 from CVS) without success, so I would really appreciate if someone could state precisely which Samba version is able to act as PDC for network consisting of several Windows NT 4.0 machines and single Windows 2000 Server machine (what I need from PDC functionality from Samba is to enable domain logons and to host user home directories and profiles). Thanks, Alex From malang at netengine.at Tue Jun 6 13:21:09 2000 From: malang at netengine.at (Oliver Malang) Date: Tue Dec 2 02:29:58 2003 Subject: AW: Samba as PDC for network containing Windows 2000 Server machine In-Reply-To: Message-ID: I'm using tng-2.5 and it works fine for me(domain logons and hosting home directories from W2k and NT). regards, Oliver > -----Urspr?ngliche Nachricht----- > Von: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]Im Auftrag von > Aleksandar B. Samardzic > Gesendet: Dienstag, 6. Juni 2000 14:53 > An: Multiple recipients of list SAMBA-NTDOM > Betreff: Samba as PDC for network containing Windows 2000 Server machine > > > I've tried to accomplish above with several Samba branches (2.0.7, > tng-alpha-2.5.3, latest 2.1.0 from CVS) without success, so I would really > appreciate if someone could state precisely which Samba version is able to > act as PDC for network consisting of several Windows NT 4.0 machines and > single Windows 2000 Server machine (what I need from PDC > functionality from > Samba is to enable domain logons and to host user home directories and > profiles). > > Thanks, > Alex > > From simo.sorce at polimi.it Tue Jun 6 13:41:23 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:29:58 2003 Subject: Samba as PDC for network containing Windows 2000 Server machine References: Message-ID: <393CFF83.2AD9C2D3@polimi.it> "Aleksandar B. Samardzic" wrote: > > I've tried to accomplish above with several Samba branches (2.0.7, > tng-alpha-2.5.3, latest 2.1.0 from CVS) without success, so I would really > appreciate if someone could state precisely which Samba version is able to > act as PDC for network consisting of several Windows NT 4.0 machines and > single Windows 2000 Server machine (what I need from PDC functionality from > Samba is to enable domain logons and to host user home directories and > profiles). > > Thanks, > Alex Samba 2.0.x and The HEAD branch from CVS (will be 3.0.x?) support limited DC functionality with no support for win2000 or BDC. Samba TNG (The Next Generation) is really alpha code but 2.5 seem to work in most environments: this is able to act as pdc for win2000 and will support in time full DC capabilities. So if you need DC with win2000 machine you must test a TNG alpha release. Regards, Simo -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From mailing at lastminutetour.com Tue Jun 6 14:05:30 2000 From: mailing at lastminutetour.com (Mailing Manager) Date: Tue Dec 2 02:29:58 2003 Subject: why oplock is broken??? Message-ID: <20000606160530.A5744@giove.lastminutetour.com> Hi all, i'm runnign 2.07 whti good result, but only for one application (a stupid prgram that ahev several files of data) i ahve problems. The log report the oplocks break, but the only thing tha i know is about blocking locks = no, that is needed fo teh applciation to run,. Th eusers report a wait of some seconds and then an error regarding that the file is openend o locked by another users... [2000/06/06 15:53:40, 0] smbd/oplock.c:oplock_break(976) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file Tbsc/prog/UTV8IU (dev = 803, inode = 424227). [2000/06/06 15:53:40, 0] smbd/oplock.c:oplock_break(1050) oplock_break: client failure in oplock break in file Tbsc/prog/UTV8IU [2000/06/06 15:53:40, 0] smbd/reply.c:reply_lockingX(4163) reply_lockingX: Error : oplock break from client for fnum = 7924 and no oplock granted on this file (Tbsc/prog/UTV8IU). How to solve this??? thanks From samba at cocos-net.de Tue Jun 6 15:07:24 2000 From: samba at cocos-net.de (Dominik Fritz) Date: Tue Dec 2 02:29:58 2003 Subject: No subject In-Reply-To: <20000606160530.A5744@giove.lastminutetour.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Today I tried to upgrade from 2.07 to TNG 2.53. Compiling and installation was no problem. But when I start samedit I get an Error message that session Setup failed. So it is not possible for me to add users and join with my NT Boxes the domain. Does anyone has got an idea what I have to change to get a running TNG 2.53 Dominik zeus:/usr/local/sambaTNG/bin # ./samedit -S 192.168.3.4 -U root doing parameter load printers = no doing parameter security = user doing parameter socket options = TCP_NODELAY doing parameter encrypt passwords = yes doing parameter interfaces = eth0:3 doing parameter bind interfaces only = yes doing parameter local master = yes doing parameter os level = 33 doing parameter domain master = yes doing parameter preferred master = yes doing parameter domain logons = yes doing parameter wins support = yes doing parameter logon drive = u: pm_process() returned Yes added interface ip=192.168.3.4 bcast=192.168.3.255 nmask=255.255.255.0 Enter Password: Server: \\192.168.3.4: User: root Domain: Connection: cli_establish_connection: TNG<00> connecting to *SMBSERVER<20> (192.168.3.4) - root [] with NTLMv1, nopw: No Connecting to 192.168.3.4 at port 445 error connecting to 192.168.3.4:445 (Connection refused) Connecting to 192.168.3.4 at port 139 Sent session request size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=6986 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=19200 (0x4B00) smb_vwv[8]=27 (0x1B) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=53397 (0xD095) smb_vwv[13]=51136 (0xC7C0) smb_vwv[14]=49103 (0xBFCF) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=2303 (0x8FF) smb_bcc=22 server's domain: TESTWG bcc: 22 size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=6986 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=0 failed session setup cli_net_use_add: connection failed FAILED 2000/06/06 16:59:04 client started (version TNG-alpha) [root@192.168.3.4]$ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2 for non-commercial use iQA/AwUBOT0FdxRiNmEIbIaEEQKEbACfU9E4HZVUJiuPT/39W80GKTvAbrgAn1ME dMiN0mcjCcp6AR1K7O8+WamP =Mkwj -----END PGP SIGNATURE----- From ralf at is.rice.edu Tue Jun 6 15:35:22 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:29:58 2003 Subject: Unable to make connection In-Reply-To: <004801bfcf76$c7d0be60$0a02a8c0@SAMBA> Message-ID: Sergey, thanks for the reply but, root gets the same results. I appreciate the response though. Thanks again; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Tue, 6 Jun 2000, Sergey Shibeko wrote: > > Please help. I have a problem with release-alpha-2.5 running on Solaris > > 2.6 downloaded two weeks ago. > > > > Everything compiles fine, but NT machines can not join the domain. I keep > > getting the "Check your computer account on the domain" message, so, I > > know nmbd is working correctly. When I use either rpcclient or samedit to > > reset the computer account, I get the following: > > > > sulphur.is.rice.edu# ./rpcclient -U ralf > Try ./rpcclient -S . -U root > > > doing parameter log file = /usr/site/samba-cvs/var/logs/log.%m > > doing parameter max log size = 100 > > . > > . > > . > > pm_process() returned Yes > > added interface ip=128.42.42.19 bcast=128.42.42.255 nmask=255.255.255.0 > > Enter Password: > > Server: \\: User: ralf Domain: > > Connection: cli_establish_connection: SULPHUR<00> connecting to > > *SMBSERVER<20> (255.255.255.255) - ralf [] with NTLMv1, nopw: No > > Connecting to 255.255.255.255 at port 445 > > error connecting to 255.255.255.255:445 (Network is unreachable) > > Connecting to 255.255.255.255 at port 139 > > error connecting to 255.255.255.255:139 (Network is unreachable) > > cli_establish_connection: failed to connect to SULPHUR<00> > > (255.255.255.255) > > cli_net_use_add: connection failed > > FAILED > > 2000/06/05 10:10:17 client started (version TNG-alpha) > > [ralf@]$ > > > > Port 139 is enabled and accepting connections and defined in > > /etc/services, but samba cannot seem to be able to make it. > > > > I followed Lars' page instructions to create users and computer accounts, > > but for some reason tng just won't authenticate NT machines. > > > > What is causing this problem? Samba-2.0.7 works just fine. > > > > Please help!!! > > > > Al. > > > > -------------------------------------------------------------------------- > ------- > > | Alfredo Ramos > > This space available for rent. | New Media & Student Computing > > Get your product moving. Advertise here! | Rice University. > > | Email: ralf@is.rice.edu > > -------------------------------------------------------------------------- > ------- > > From ctooley at joslyn.org Tue Jun 6 18:17:36 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:29:58 2003 Subject: Rebooting from netlogon script References: <412568F5.00304035.00@caesar.assyst-intl.com> Message-ID: <393D4040.3428DA41@joslyn.org> I tried the shutdown.exe (Thank you Torsten for sending it to me) with Win 9x. Of course it didn't work and I'm still at square one. If anyone has any ideas I would greatly appreciate it. There are a lot of tools out there that reboot via a pretty little gui interface but it seems such a waste to me to do this and make the user reboot their own machine. Chris Tooley Torsten.Werner@assyst-intl.com wrote: > Hi, > the NT resource kit contains a shutdown.exe. I've never tried it with 95, you > should test it. When you put the program in the netlogon share is it accessable > without path in logon scripts. In case yo don't have it, send me a request. > Torsten > > Chris Tooley on 02.06.2000 21:03:14 > > Please respond to ctooley@joslyn.org > > To: Multiple recipients of list SAMBA-NTDOM > cc: (bcc: Torsten Werner/ge/intl/assyst) > > Subject: Rebooting from netlogon script > > Is there a command I can run to get some Win 9x boxes to reboot from a > netlogon script? > > Chris Tooley From jwhamps at ilstu.edu Tue Jun 6 16:30:05 2000 From: jwhamps at ilstu.edu (Jeffrey W. Hampson) Date: Tue Dec 2 02:29:58 2003 Subject: Rebooting from netlogon script In-Reply-To: <393D4040.3428DA41@joslyn.org> Message-ID: is there anything in the Win9x resource kits? else may want to search for something similar in www.download.com sometimes I've found some good freeware that suits my purpose Jeff Hampson -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Chris Tooley Sent: Tuesday, June 06, 2000 11:19 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Rebooting from netlogon script I tried the shutdown.exe (Thank you Torsten for sending it to me) with Win 9x. Of course it didn't work and I'm still at square one. If anyone has any ideas I would greatly appreciate it. There are a lot of tools out there that reboot via a pretty little gui interface but it seems such a waste to me to do this and make the user reboot their own machine. Chris Tooley Torsten.Werner@assyst-intl.com wrote: > Hi, > the NT resource kit contains a shutdown.exe. I've never tried it with 95, you > should test it. When you put the program in the netlogon share is it accessable > without path in logon scripts. In case yo don't have it, send me a request. > Torsten > > Chris Tooley on 02.06.2000 21:03:14 > > Please respond to ctooley@joslyn.org > > To: Multiple recipients of list SAMBA-NTDOM > cc: (bcc: Torsten Werner/ge/intl/assyst) > > Subject: Rebooting from netlogon script > > Is there a command I can run to get some Win 9x boxes to reboot from a > netlogon script? > > Chris Tooley From steven.rostedt at lmco.com Tue Jun 6 16:35:28 2000 From: steven.rostedt at lmco.com (Rostedt, Steven) Date: Tue Dec 2 02:29:58 2003 Subject: Using TNG Message-ID: <99AA2270B1E6D111BCE10000F805F17F07CCE0AF@emss35m02.owg.fs.lmco.com> Hi, I've been using Samba for a while but I'm new to the TNG branch. I checked out the site: http://www.kneschke.de/projekte/samba_tng And it has lots of useful information but it doesn't quite help me to understand everything. For example, is there documentation on all the daemons that are used... lsarpcd, samrd, etc. Also I'm trying to set up trust accounts, and I'm not sure how to use the smb.conf options for this. Is there someplace I can read up on this, without having to read the code. I'm also confused on how to use samedit, since the help doesn't really explain much. Is there a man-page for it? I know this is still in alpha state, and documentation is scarce but I was hoping for something to use. Thanks, Steve. From Jonathan.W.Miner at lmco.com Tue Jun 6 16:42:32 2000 From: Jonathan.W.Miner at lmco.com (JONATHAN W MINER) Date: Tue Dec 2 02:29:58 2003 Subject: Question about security Message-ID: <393D29F8.32AF0209@lmco.com> Someone within my company expressed the follow view: > I was told that Unix servers running SAMBA can display NT passwords in > clear text when they provide file sharing services for NT > workstations. Was a determination ever made if we allow this type of > system to access the enterprise NT domain controllers? Can someone clarify this statement. Here is the [global] section from by smb.conf file if that matters at all. I'm running 2.0.6 on both Solaris and HP-UX boxes. [global] workgroup = DOMAIN security = SERVER password server = ntpdc1 os level = 0 wins server = ntwins1 Thanks alot! -- Jonathan Miner - Lockheed Martin EIS/SAI LM-Xpress: jonathan.w.miner@lmco.com Phone: 603 885 UNIX - Fax: 603 885 3850 USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 From jeremy at valinux.com Tue Jun 6 14:16:27 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:29:58 2003 Subject: Question about security References: <393D29F8.32AF0209@lmco.com> Message-ID: <393D07BB.AA79C210@valinux.com> JONATHAN W MINER wrote: > > Someone within my company expressed the follow view: > > > I was told that Unix servers running SAMBA can display NT passwords in > > clear text when they provide file sharing services for NT > > workstations. Was a determination ever made if we allow this type of > > system to access the enterprise NT domain controllers? > > Can someone clarify this statement. Here is the [global] section from > by smb.conf file if that matters at all. I'm running 2.0.6 on both > Solaris and HP-UX boxes. Whoever said that doesn't understand the authentication they depend upon in their NT network. I hope said person is not in any position of authority w.r.t. your NT network :-) :-). Using your smb.conf setting no plaintext passwords will be seen on the network, only the challenge/response pairs (which will be seen on any NT network also). Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From wilson at coms.com Tue Jun 6 17:29:04 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:29:58 2003 Subject: PDC user authentication Message-ID: <393D34E0.FA4FDC26@coms.com> Dear all Samba Gurus, Recently, I have looked into the possibility of the complete replacement of NT4 server by deploying Samba. As an experiment, I am trying to configure a Linux box running Debian Potato with kernel 2.2.15 as a Samba server, which will eventually emulate a NT PDC. On top of that, I am running NT4 workstation client by using VMware 2.0. I first started with the latest production version 2.0.7a, but encountered some problems when came to the PDC implementation. After consulting some resources from books (e.g. Using Samba, O'Reilly) and several web sites (e.g. http://www.ping.be/linux-and-samba/ ), I decided to get the latest development version from the cvs site of samba.org so as to get the best PDC support. The one I've got is 'release-alpha-2-5-3'. The source codes have been successfully compiled. Although I could make the NT domain logon live, the same problems persist. There are two main problems: 1./ When different users has been logged in and out of the NT client, the late users can actually browse the home directories of the previous ones; 2./ When a user logs in, an error message pops up saying 'The operating system was unable to create profile directory \\mole\Profiles\%U.pds. You will be logged on with a local profile only....'. This looks like something is wrong with the logon path in the [global] section or the path specified in the [Profiles] service. I tried to search the mailing list archive - http://us1.samba.org/listproc/samba-ntdom, but the URL could not be found. Therefore, I decided to subscibe this mailing list to learn more and hopefully someone can give me a helping hand. FYI, my server is called 'mole', my workstation is 'koala' and NT Domain name is 'YAU' Here are the main settings in my smb.conf file: [global] workgroup = YAU netbios name = mole server string = %h (Samba Server %v) guest account = smbguest # Debug Level log level = 2 security = user encrypt passwords = yes unix password sync = false local master = yes os level = 255 domain master = yes preferred master = yes domain logons = yes logon home = \\%L\%U logon path = \\%L\Profiles\%U log file = /usr/local/samba/var/log.%m max log size = 50 [homes] comment = Home Directories browseable = no guest ok = no read only = no create mask = 0700 directory mask = 0700 [Profiles] comment = Windows-User-Profiles path = /usr/local/samba/profiles browseable = no guest ok = yes writeable = yes I have created the /usr/local/samba/profiles directory manually, and it attributes are as follows: drwxr-xr-x 2 root root 4096 Jun 5 14:00 profiles If you need more information, please let me know. Many thanks for your help! Wilson Yau From jbeauchamp at gesinc.com Tue Jun 6 16:53:51 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:29:58 2003 Subject: File Locking Problem Message-ID: <003401bfcfde$c07a67c0$1601a8c0@gesinc.com> Hi everyone: I am using Samba 2.0.7 as a domain login controller under RedHat 6.2 for a small user group (ten people running primarily NT Workstation). I have a share on the Linux box that contains our accounting software. The software is metered for the number of concurrent users. What happens is when a user closes the accounting software (and even logs off the computer ) Samba still maintains a connection to several files from the accounting directory. As a result, no one else can use the software until those files are released. sometimes Samba appears to release the files on its own after about 10-15 minutes, other times I have to go and physically kill the PID. Does anyone know why this is happening, and is there a way to force all files closed when a user exits a share (postexec maybe)? Thanks James -------If you ain't the lead dog, the scenery never changes---------- BE SURE TO REMOVE THE OBVIOUS ANTI-SPAM STUFF IN MY RETURN ADDRESS James W. Beauchamp, P.E. Global Environmental Solutions, Inc. 2621 Sandy Plains Road Suite 102 Marietta, Georgia 30066 Phone - 770-579-6097 Fax - 770-579-6099 Email - jbeauchamp-at-gesinc.com From ctooley at joslyn.org Tue Jun 6 20:06:13 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:29:58 2003 Subject: Rebooting from netlogon script References: Message-ID: <393D59B5.3C0599@joslyn.org> I've done the searching at download.com, winfiles.com, and zdnet and couldn't find anything that worked. However, I don't have the Resource Kit for Win 9x. Is this a free download or a purchase product? Is there anyone out there that could let me know if there is such at thing in the Resource Kit for Win 9x? "Jeffrey W. Hampson" wrote: > is there anything in the Win9x resource kits? > else may want to search for something similar in www.download.com > sometimes I've found some good freeware that suits my purpose > > Jeff Hampson > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Chris Tooley > Sent: Tuesday, June 06, 2000 11:19 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Rebooting from netlogon script > > I tried the shutdown.exe (Thank you Torsten for sending it to me) with Win > 9x. Of > course it didn't work and I'm still at square one. If anyone has any ideas > I would > greatly appreciate it. There are a lot of tools out there that reboot via a > pretty > little gui interface but it seems such a waste to me to do this and make the > user > reboot their own machine. > > Chris Tooley > > Torsten.Werner@assyst-intl.com wrote: > > > Hi, > > the NT resource kit contains a shutdown.exe. I've never tried it with 95, > you > > should test it. When you put the program in the netlogon share is it > accessable > > without path in logon scripts. In case yo don't have it, send me a > request. > > Torsten > > > > Chris Tooley on 02.06.2000 21:03:14 > > > > Please respond to ctooley@joslyn.org > > > > To: Multiple recipients of list SAMBA-NTDOM > > cc: (bcc: Torsten Werner/ge/intl/assyst) > > > > Subject: Rebooting from netlogon script > > > > Is there a command I can run to get some Win 9x boxes to reboot from a > > netlogon script? > > > > Chris Tooley From jwhamps at ilstu.edu Tue Jun 6 18:18:33 2000 From: jwhamps at ilstu.edu (Jeffrey W. Hampson) Date: Tue Dec 2 02:29:59 2003 Subject: Rebooting from netlogon script In-Reply-To: <393D59B5.3C0599@joslyn.org> Message-ID: I'm pretty sure that most of the Win98 cd's have the resource kit on the installation cd itself. It is found under a directory called tools/reskit. I can't remember if Win9x is the same. Jeff -----Original Message----- From: Chris Tooley [mailto:ctooley@joslyn.org] Sent: Tuesday, June 06, 2000 3:06 PM To: jwhamps@ilstu.edu Cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: Rebooting from netlogon script I've done the searching at download.com, winfiles.com, and zdnet and couldn't find anything that worked. However, I don't have the Resource Kit for Win 9x. Is this a free download or a purchase product? Is there anyone out there that could let me know if there is such at thing in the Resource Kit for Win 9x? "Jeffrey W. Hampson" wrote: > is there anything in the Win9x resource kits? > else may want to search for something similar in www.download.com > sometimes I've found some good freeware that suits my purpose > > Jeff Hampson > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Chris Tooley > Sent: Tuesday, June 06, 2000 11:19 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Rebooting from netlogon script > > I tried the shutdown.exe (Thank you Torsten for sending it to me) with Win > 9x. Of > course it didn't work and I'm still at square one. If anyone has any ideas > I would > greatly appreciate it. There are a lot of tools out there that reboot via a > pretty > little gui interface but it seems such a waste to me to do this and make the > user > reboot their own machine. > > Chris Tooley > > Torsten.Werner@assyst-intl.com wrote: > > > Hi, > > the NT resource kit contains a shutdown.exe. I've never tried it with 95, > you > > should test it. When you put the program in the netlogon share is it > accessable > > without path in logon scripts. In case yo don't have it, send me a > request. > > Torsten > > > > Chris Tooley on 02.06.2000 21:03:14 > > > > Please respond to ctooley@joslyn.org > > > > To: Multiple recipients of list SAMBA-NTDOM > > cc: (bcc: Torsten Werner/ge/intl/assyst) > > > > Subject: Rebooting from netlogon script > > > > Is there a command I can run to get some Win 9x boxes to reboot from a > > netlogon script? > > > > Chris Tooley From ed at schernau.com Tue Jun 6 18:40:30 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:29:59 2003 Subject: reboot.com Message-ID: <393D459E.59FB56BA@schernau.com> forget where i got this... -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 -------------- next part -------------- ???? From timothy_d_cole at md.northgrum.com Tue Jun 6 19:14:16 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:29:59 2003 Subject: Question about security Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47097@xcgmd008.md.essd.northgrum.com> Under your configuration, all the Samba ever sees are the LM and NT password hashes, which is no different than what an NT server sees. > -----Original Message----- > From: JONATHAN W MINER [SMTP:Jonathan.W.Miner@lmco.com] > Sent: Tuesday, June 06, 2000 12:44 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Question about security > > Someone within my company expressed the follow view: > > > I was told that Unix servers running SAMBA can display NT passwords in > > clear text when they provide file sharing services for NT > > workstations. Was a determination ever made if we allow this type of > > system to access the enterprise NT domain controllers? > > Can someone clarify this statement. Here is the [global] section from > by smb.conf file if that matters at all. I'm running 2.0.6 on both > Solaris and HP-UX boxes. > > [global] > workgroup = DOMAIN > security = SERVER > password server = ntpdc1 > os level = 0 > wins server = ntwins1 > > Thanks alot! > -- > Jonathan Miner - Lockheed Martin EIS/SAI > LM-Xpress: jonathan.w.miner@lmco.com > Phone: 603 885 UNIX - Fax: 603 885 3850 > USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 From osabmt00 at fht-esslingen.de Tue Jun 6 20:30:46 2000 From: osabmt00 at fht-esslingen.de (Osama Abu-Aish) Date: Tue Dec 2 02:29:59 2003 Subject: Rebooting from netlogon script In-Reply-To: Message-ID: <200006061930.VAA31651@rslx01.fht-esslingen.de> Am 7 Jun 00, um 2:24 Uhr schrieb Jeffrey W. Hampson zum Thema RE: Rebooting from netlogon script: Dazu meine Meinung: > Is there a command I can run to get some Win 9x boxes to reboot from a > netlogon script? You could try the following line: Rundll32.exe user,ExitWindows Note that the command is case-sensitive and no additional spaces are allowed! Hope this helps, Osama --- Fachhochschule f?r Technik Esslingen Au?enstelle Goeppingen From proberts at dubois-king.com Tue Jun 6 20:38:00 2000 From: proberts at dubois-king.com (Phillip C. Roberts) Date: Tue Dec 2 02:29:59 2003 Subject: smbclient test not working Message-ID: <005301bfcff7$1ba827a0$1f00a8c0@daisy> I have set up two Linux servers. When I installed Samba on the one it authenticates users properly to my domain. I have the server set to DOMAIN. When I run the smbclient test it provides the correct response. On my second which will be my new file and print server the smbclient test does not work. It does not give me the added interface response and when I enter my password I receive the following: Session setup failed: ERRSRV - ERRbadpw This is a Dell install of Redhat. Could this be an issue with kerbose? Any help would be greatly appreciated. Phillip C. Roberts CADD Systems Manager DuBois and King, Inc. Voice: 802.728.4113, ext 322 Email: proberts@DuBois-King.com From mg at plum.de Wed Jun 7 20:55:04 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:59 2003 Subject: PDC user authentication References: <393D34E0.FA4FDC26@coms.com> Message-ID: <006301bfd0c2$a83df9d0$0201010a@defiant> > Dear all Samba Gurus, > > Recently, I have looked into the possibility of the complete replacement > of NT4 server by deploying Samba. > > As an experiment, I am trying to configure a Linux box running Debian > Potato with kernel 2.2.15 as a Samba server, which will eventually > emulate a NT PDC. On top of that, I am running NT4 workstation client > by using VMware 2.0. > > I first started with the latest production version 2.0.7a, but > encountered some problems when came to the PDC implementation. After > consulting some resources from books (e.g. Using Samba, O'Reilly) and > several web sites (e.g. http://www.ping.be/linux-and-samba/ ), I decided > to get the latest development version from the cvs site of samba.org so > as to get the best PDC support. The one I've got is > 'release-alpha-2-5-3'. The source codes have been successfully > compiled. Although I could make the NT domain logon live, the same > problems persist. > > There are two main problems: > > 1./ When different users has been logged in and out of the NT client, > the late users can actually browse the home directories of the previous > ones; > > 2./ When a user logs in, an error message pops up saying 'The operating > system was unable to create profile directory \\mole\Profiles\%U.pds. > You will be logged on with a local profile only....'. This looks like > something is wrong with the logon path in the [global] section or the > path specified in the [Profiles] service. > 2.5.3 is known to be broken. The most "stable" TNG version seems to be 2.5, although I got some horrible problems with it (and replaced it back with 2.0.7 ....) (It did never run stable for more than 1 week ... last week no user could log on anymorer, even if I did delete/re-create it, got something like "WARNING: infinite loop in lsarpcd !" in the logfiles.) So .. don't put TNG in a production enviroment. Its not quite ready yet. Regards, Michael From a.samardzic at racunari.com Tue Jun 6 19:57:47 2000 From: a.samardzic at racunari.com (Aleksandar B. Samardzic) Date: Tue Dec 2 02:29:59 2003 Subject: Samba as PDC for network containing Windows 2000 Server machine In-Reply-To: Message-ID: Oliver, thank you very much for you advice; I have now Samba tng-2.5 serving as PDC for Windows 2000 Server machine too. For anyone interested, I'll try to summarize isntallation procedure below. First of all, I had to uninstall previous Samba version. My Linux machine is RedHat 6.2 box, so I did following: rpm -e samba-client rpm -e samba rpm -e samba-common But before deletion, I've saved script /etc/rc.d/init.d/smb in order to be able to run Samba during system initialization. I guess it is not absolutely necessary to delete previous Samba version, but I did it to be sure to avoid side effects. Then I've downloaded tng-2.5 archive from following URL: ftp://ftp.samba.org/pub/samba/alpha/samba-tng-alpha.2.5.tar.bz2 After unpacking it, I did as usually: cd source ./configure make make install Then I changed directory to /usr/local/samba, created private subdirectory there and smbpasswd file in this directory, then changed permissions of this file: mkdir private touch private/smbpasswd chmod 0600 private/smbpasswd Then I've created netlogon and profile subdirectories in /home directory to hold logon scripts and user profiles and changed profile subdirectory permissions as follows: mkdir /home/netlogon mkdir /home/profile chmod 1777 /home/profile Then I've created smb.conf file in lib subdirectory of /usr/local/samba directory. My smb.conf is as follows: ---------- >8 --- [global] workgroup = SIMPLE server string = Samba %v on %L security = user domain logons = yes encrypt passwords = yes os level = 65 domain master = yes preferred master = yes local master = yes wins support = yes time server = yes logon script = login.bat logon drive = U: logon home = \\%L\%U logon path = \\%L\profile\%U hosts allow = 192.168.0. 127.0.0.1 guest ok = no [homes] writable = yes browseable = no comment = Users' home directories [netlogon] path = /home/netlogon writable = no browseable = no comment = PDC netlogon share [profile] path = /home/profile writeable = yes browseable = no comment = PDC profile share [tmp] path = /tmp writeable = yes browseable = yes comment = Temporary disk space ---------- >8 --- Now, I've added items to start and stop all daemons (srvsvcd, wkssvcd, browserd, lsarpcd, netlogond, samrd, winregd and svcctld; along with, of course, smbd and nmbd) to my startup script /etc/rc.d/init.d/smb. Thus, this script is now on my machine as follows: ---------- >8 --- #!/bin/sh # # chkconfig: - 91 35 # description: Starts and stops the Samba smbd and nmbd daemons \ # used to provide SMB network services. # Source function library. .. /etc/rc.d/init.d/functions # Source networking configuration. .. /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 # Check that smb.conf exists. [ -f /usr/local/samba/lib/smb.conf ] || exit 0 RETVAL=0 # See how we were called. case "$1" in start) echo -n "Starting SMB services: " daemon /usr/local/samba/sbin/smbd -D RETVAL=$? echo echo -n "Starting NMB services: " daemon /usr/local/samba/sbin/nmbd -D RETVAL2=$? echo echo -n "Starting other Samba services: " daemon /usr/local/samba/sbin/srvsvcd -D daemon /usr/local/samba/sbin/wkssvcd -D daemon /usr/local/samba/sbin/browserd -D daemon /usr/local/samba/sbin/lsarpcd -D daemon /usr/local/samba/sbin/netlogond -D daemon /usr/local/samba/sbin/samrd -D daemon /usr/local/samba/sbin/winregd -D daemon /usr/local/samba/sbin/svcctld -D echo [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/smb || \ RETVAL=1 ;; stop) echo -n "Shutting down SMB services: " killproc smbd RETVAL=$? echo echo -n "Shutting down NMB services: " killproc nmbd RETVAL2=$? echo echo -n "Shutting down other Samba services: " killproc srvsvcd killproc wkssvcd killproc browserd killproc lsarpcd killproc netlogond killproc samrd killproc winregd killproc svcctld [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/smb echo "" ;; restart) $0 stop $0 start RETVAL=$? ;; reload) echo -n "Reloading smb.conf file: " killproc smbd -HUP RETVAL=$? echo ;; status) status smbd status nmbd RETVAL=$? ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 esac exit $RETVAL ---------- >8 --- I know all daemons should probably be checked for successfull starting or stopping but everything just works fine on my machine so I skip adding these checks to above file. Now I had to add links to this script to appropriate subdirectories of /etc/rc.d directory in order to have Samba to start during system boot and to stop during system shutdown: ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc3.d/S90smb ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc5.d/S90smb ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc0.d/K35smb ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc6.d/K35smb Then I've restarted daemons: /etc/rc.d/init.d/smb restart and later used samedit tool to add Samba users: samedit -S . -U root% -l log and then in samedit prompt: createuser root -p ******* [ ... more users added here ... ] createuser mika$ exit Latest line is to add account for Windows 2000 machine. After leaving samedit I was able to see that appropriate entries are added to /usr/local/samba/private/smbpasswd file. Now I had to switch to Windows 2000 machine and put it into the domain. When asked for username and password, I supplied root as username and corresponding password. Finally, I've created following login.bat file and copied it to the netlogon share: ---------- >8 --- @echo off echo Setting Current Time... net time \\pera /set /yes echo Mapping Network Drives to Samba Server Pera... net use t: \\pera\tmp /persistent:no ---------- >8 --- That's it, now everything should be working fine. Regards, Aleksandar -----Original Message----- From: Oliver Malang [mailto:malang@netengine.at] Sent: Tuesday, June 06, 2000 3:21 PM To: a.samardzic@racunari.com; Multiple recipients of list SAMBA-NTDOM Subject: AW: Samba as PDC for network containing Windows 2000 Server machine I'm using tng-2.5 and it works fine for me(domain logons and hosting home directories from W2k and NT). regards, Oliver From ctooley at joslyn.org Tue Jun 6 23:44:17 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:29:59 2003 Subject: Rebooting from netlogon script References: <200006061930.VAA31651@rslx01.fht-esslingen.de> Message-ID: <393D8CD1.1C0AF27A@joslyn.org> Well, this shuts down the machine at least. Is there somewhere I can learn more about what I can pass to rundll32.exe? BTW the only part that is case sensitive is the "ExitWindows" part. Thank you very much for your help. Chris Tooley Osama Abu-Aish wrote: > Am 7 Jun 00, um 2:24 Uhr schrieb Jeffrey W. Hampson zum Thema RE: Rebooting from netlogon script: > Dazu meine Meinung: > > > Is there a command I can run to get some Win 9x boxes to reboot from a > > netlogon script? > > You could try the following line: > > Rundll32.exe user,ExitWindows > > Note that the command is case-sensitive and no additional spaces > are allowed! > > Hope this helps, > Osama > --- > Fachhochschule f?r Technik Esslingen > Au?enstelle Goeppingen From zen at uninet.net.id Wed Jun 7 03:04:52 2000 From: zen at uninet.net.id (ZEN el GUAY) Date: Tue Dec 2 02:29:59 2003 Subject: Locking problem in configuring TNG-2.5.2 Message-ID: <00060710072903.00705@odin.sphenisci.com> I got this problem with TNG 2.5.2, when doing a standard configure ERROR: No locking available. Running Samba would be unsafe configure: error: summary failure. Aborting config I am using RedHat 6.0, kernel 2.2.12 and PAM... In 2.5.3, I also unable to do samedit against the NT PDC... -- ZEN O->^ (el GUAY) From schapiro at clerk.pi.huji.ac.il Wed Jun 7 04:52:18 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:29:59 2003 Subject: Rebooting from netlogon script In-Reply-To: <393D4040.3428DA41@joslyn.org> Message-ID: Hi, I wrote something that has no GUI. Go to http://shum.cc.huji.ac.il/~schapiro/misc/#exitwin Schlomo On Wed, 7 Jun 2000, Chris Tooley wrote: > I tried the shutdown.exe (Thank you Torsten for sending it to me) with Win 9x.Of > course it didn't work and I'm still at square one.If anyone has any ideas I would > greatly appreciate it.There are a lot of tools out there that reboot via a pretty > little gui interface but it seems such a waste to me to do this and make the user > reboot their own machine. > > Chris Tooley > > Torsten.Werner@assyst-intl.com wrote: > > > Hi, > > the NT resource kit contains a shutdown.exe. I've never tried it with 95, you > > should test it. When you put the program in the netlogon share is it accessable > > without path in logon scripts. In case yo don't have it, send me a request. > > Torsten > > > > Chris Tooley on 02.06.2000 21:03:14 > > > > Please respond to ctooley@joslyn.org > > > > To: Multiple recipients of list SAMBA-NTDOM > > cc: (bcc: Torsten Werner/ge/intl/assyst) > > > > Subject:Rebooting from netlogon script > > > > Is there a command I can run to get some Win 9x boxes to reboot from a > > netlogon script? > > > > Chris Tooley > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From lkcl at samba.org Wed Jun 7 05:25:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:59 2003 Subject: PDC user authentication In-Reply-To: <006301bfd0c2$a83df9d0$0201010a@defiant> Message-ID: On Wed, 7 Jun 2000, Michael Glauche wrote: > although I got some horrible problems with it (and replaced it back with > 2.0.7 ....) > (It did never run stable for more than 1 week ... last week no user could > log on > anymorer, even if I did delete/re-create it, got something like ah - that will be that the trust acount password code is broken, then. From lkcl at samba.org Wed Jun 7 05:26:12 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:59 2003 Subject: PDC user authentication In-Reply-To: <006301bfd0c2$a83df9d0$0201010a@defiant> Message-ID: > 2.0.7 ....) > (It did never run stable for more than 1 week ... last week no user could > log on > anymorer, even if I did delete/re-create it, got something like fix that temporarily by setting the machine password timeout option to a few years. From wildman at mediaone.net Wed Jun 7 08:30:11 2000 From: wildman at mediaone.net (Art Wildman) Date: Tue Dec 2 02:29:59 2003 Subject: Samba as PDC for network containing Windows 2000 Server machine Message-ID: <393E0813.69D9EA8B@mediaone.net> Thanks, just what I needed & a most excelent write-up! ...can we nominate you for the PDC HOWTO? Any luck with 9.x clients creating shares & samba returning auth user lists? This really is awesome... thanks again & let us know how it goes. Art Wildman - wildman@mediaone.net - http://network-this.net "Linux is user-friendly, it's just particular about who it's friends are." -------- Original Message -------- Subject: RE: Samba as PDC for network containing Windows 2000 Server machine Date: Wed, 7 Jun 2000 07:04:52 +1000 From: "Aleksandar B. Samardzic" Reply-To: a.samardzic@racunari.com To: Multiple recipients of list SAMBA-NTDOM Oliver, thank you very much for you advice; I have now Samba tng-2.5 serving as PDC for Windows 2000 Server machine too. For anyone interested, I'll try to summarize isntallation procedure below. First of all, I had to uninstall previous Samba version. My Linux machine is RedHat 6.2 box, so I did following: rpm -e samba-client rpm -e samba rpm -e samba-common But before deletion, I've saved script /etc/rc.d/init.d/smb in order to be able to run Samba during system initialization. I guess it is not absolutely necessary to delete previous Samba version, but I did it to be sure to avoid side effects. Then I've downloaded tng-2.5 archive from following URL: ftp://ftp.samba.org/pub/samba/alpha/samba-tng-alpha.2.5.tar.bz2 After unpacking it, I did as usually: cd source ./configure make make install Then I changed directory to /usr/local/samba, created private subdirectory there and smbpasswd file in this directory, then changed permissions of this file: mkdir private touch private/smbpasswd chmod 0600 private/smbpasswd Then I've created netlogon and profile subdirectories in /home directory to hold logon scripts and user profiles and changed profile subdirectory permissions as follows: mkdir /home/netlogon mkdir /home/profile chmod 1777 /home/profile Then I've created smb.conf file in lib subdirectory of /usr/local/samba directory. My smb.conf is as follows: ---------- >8 --- [global] workgroup = SIMPLE server string = Samba %v on %L security = user domain logons = yes encrypt passwords = yes os level = 65 domain master = yes preferred master = yes local master = yes wins support = yes time server = yes logon script = login.bat logon drive = U: logon home = \\%L\%U logon path = \\%L\profile\%U hosts allow = 192.168.0. 127.0.0.1 guest ok = no [homes] writable = yes browseable = no comment = Users' home directories [netlogon] path = /home/netlogon writable = no browseable = no comment = PDC netlogon share [profile] path = /home/profile writeable = yes browseable = no comment = PDC profile share [tmp] path = /tmp writeable = yes browseable = yes comment = Temporary disk space ---------- >8 --- Now, I've added items to start and stop all daemons (srvsvcd, wkssvcd, browserd, lsarpcd, netlogond, samrd, winregd and svcctld; along with, of course, smbd and nmbd) to my startup script /etc/rc.d/init.d/smb. Thus, this script is now on my machine as follows: ---------- >8 --- #!/bin/sh # # chkconfig: - 91 35 # description: Starts and stops the Samba smbd and nmbd daemons \ # used to provide SMB network services. # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 # Check that smb.conf exists. [ -f /usr/local/samba/lib/smb.conf ] || exit 0 RETVAL=0 # See how we were called. case "$1" in start) echo -n "Starting SMB services: " daemon /usr/local/samba/sbin/smbd -D RETVAL=$? echo echo -n "Starting NMB services: " daemon /usr/local/samba/sbin/nmbd -D RETVAL2=$? echo echo -n "Starting other Samba services: " daemon /usr/local/samba/sbin/srvsvcd -D daemon /usr/local/samba/sbin/wkssvcd -D daemon /usr/local/samba/sbin/browserd -D daemon /usr/local/samba/sbin/lsarpcd -D daemon /usr/local/samba/sbin/netlogond -D daemon /usr/local/samba/sbin/samrd -D daemon /usr/local/samba/sbin/winregd -D daemon /usr/local/samba/sbin/svcctld -D echo [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/smb || \ RETVAL=1 ;; stop) echo -n "Shutting down SMB services: " killproc smbd RETVAL=$? echo echo -n "Shutting down NMB services: " killproc nmbd RETVAL2=$? echo echo -n "Shutting down other Samba services: " killproc srvsvcd killproc wkssvcd killproc browserd killproc lsarpcd killproc netlogond killproc samrd killproc winregd killproc svcctld [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/smb echo "" ;; restart) $0 stop $0 start RETVAL=$? ;; reload) echo -n "Reloading smb.conf file: " killproc smbd -HUP RETVAL=$? echo ;; status) status smbd status nmbd RETVAL=$? ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 esac exit $RETVAL ---------- >8 --- I know all daemons should probably be checked for successfull starting or stopping but everything just works fine on my machine so I skip adding these checks to above file. Now I had to add links to this script to appropriate subdirectories of /etc/rc.d directory in order to have Samba to start during system boot and to stop during system shutdown: ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc3.d/S90smb ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc5.d/S90smb ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc0.d/K35smb ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc6.d/K35smb Then I've restarted daemons: /etc/rc.d/init.d/smb restart and later used samedit tool to add Samba users: samedit -S . -U root% -l log and then in samedit prompt: createuser root -p ******* [ ... more users added here ... ] createuser mika$ exit Latest line is to add account for Windows 2000 machine. After leaving samedit I was able to see that appropriate entries are added to /usr/local/samba/private/smbpasswd file. Now I had to switch to Windows 2000 machine and put it into the domain. When asked for username and password, I supplied root as username and corresponding password. Finally, I've created following login.bat file and copied it to the netlogon share: ---------- >8 --- @echo off echo Setting Current Time... net time \\pera /set /yes echo Mapping Network Drives to Samba Server Pera... net use t: \\pera\tmp /persistent:no ---------- >8 --- That's it, now everything should be working fine. Regards, Aleksandar -----Original Message----- From: Oliver Malang [mailto:malang@netengine.at] Sent: Tuesday, June 06, 2000 3:21 PM To: a.samardzic@racunari.com; Multiple recipients of list SAMBA-NTDOM Subject: AW: Samba as PDC for network containing Windows 2000 Server machine I'm using tng-2.5 and it works fine for me(domain logons and hosting home directories from W2k and NT). regards, Oliver From lkneschke at vater-gmbh.de Wed Jun 7 09:14:15 2000 From: lkneschke at vater-gmbh.de (Lars Kneschke) Date: Tue Dec 2 02:29:59 2003 Subject: Question about security In-Reply-To: <393D29F8.32AF0209@lmco.com> Message-ID: > Someone within my company expressed the follow view: > > > I was told that Unix servers running SAMBA can display NT passwords in > > clear text when they provide file sharing services for NT > > workstations. Was a determination ever made if we allow this type of > > system to access the enterprise NT domain controllers? > > Can someone clarify this statement. Here is the [global] section from > by smb.conf file if that matters at all. I'm running 2.0.6 on both > Solaris and HP-UX boxes. > > [global] > workgroup = DOMAIN > security = SERVER > password server = ntpdc1 > os level = 0 > wins server = ntwins1 > Just to add my comments! :-) There is a option encrypt passwords (G) This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. To use encrypted passwords in Samba see the file ENCRYPTION.txt in the Samba documentation directory docs/ shipped with the source code. In order for encrypted passwords to work correctly smbd must either have access to a local smbpasswd (5) file (see the smbpasswd (8) program for information on how to set up and maintain this file), or set the security= parameter to either "server" or "domain" which causes smbd to authenticate against another server. (The description is from the man page for smb.conf. ) As you can see any current Windows version is using encrypted passwords. No plain text passwords will go over the wire. But this requires a extra file, because the unix password system and the windows password system are different. You need update passwords in two files, if you use encyrypted passwords. "Someone's" statment was correct, if you use plain text passwords. But the Windows workstation deliver this passwords to the samba server. And if you use a sniffer and have plain text passwords, anyone can read the passwords. But the default for any current windows version is to use encrypted passwords. If you are in a domain, the windows workstation must use encrypted passwords anyway, because the windows nt pdc wants that. I hope i dont wrote to much, but i think it is important to give people some background information. Cu -- Lars Kneschke http://www.kneschke.de From hanak at IRIS.osu.cz Wed Jun 7 09:51:44 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:29:59 2003 Subject: Password expiration Message-ID: Hi all, can anybody say something about possibility of setting password expiration feature on SAMBA passwords? Thanks guys. OH From grimmel at additive-net.de Wed Jun 7 09:56:40 2000 From: grimmel at additive-net.de (Andreas Grimmel) Date: Tue Dec 2 02:29:59 2003 Subject: stupid question... Message-ID: <393E1C58.E4B7C328@additive-net.de> Hi Folks, I'm REALLY sorry but I don't know how to unpack that bz2 format... could you please tell me ?? ...being ashamed... ;-)) Thanks Andreas Grimmel From sharpe at ns.aus.com Tue Jun 6 13:04:32 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:29:59 2003 Subject: stupid question... In-Reply-To: <393E1C58.E4B7C328@additive-net.de> Message-ID: <3.0.6.32.20000606220432.009be260@203.16.214.248> At 08:35 PM 6/7/00 +1000, Andreas Grimmel wrote: >Hi Folks, > >I'm REALLY sorry but I don't know how to unpack that bz2 format... could >you please tell me ?? >..being ashamed... ;-)) buzzzzzzz, bzip -d >Thanks > >Andreas Grimmel > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From hanak at IRIS.osu.cz Wed Jun 7 11:05:55 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:29:59 2003 Subject: stupid question... In-Reply-To: <393E1C58.E4B7C328@additive-net.de> Message-ID: :) Try bunzip2 -> man bunzip2. In RH Linux part of distribution... Cheers OH. On Wed, 7 Jun 2000, Andreas Grimmel wrote: > Hi Folks, > > I'm REALLY sorry but I don't know how to unpack that bz2 format... could > you please tell me ?? > ..being ashamed... ;-)) > > Thanks > > Andreas Grimmel > > > From p.mayers at ic.ac.uk Wed Jun 7 11:29:37 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:29:59 2003 Subject: smbclient test not working References: <005301bfcff7$1ba827a0$1f00a8c0@daisy> Message-ID: <393E3221.88DE975@ic.ac.uk> I doubt it (kerberos that is). More information is required - samba versions, contents of the smb.conf files, version of OS (RedHat 6.x?) and hardware (intel). You have joined the second machine to the domain smbpasswd -j DOMAIN Right? Cheers, Phil "Phillip C. Roberts" wrote: > > I have set up two Linux servers. When I installed Samba on the one it > authenticates users properly to my domain. I have the server set to DOMAIN. > When I run the smbclient test it provides the correct response. On my > second which will be my new file and print server the smbclient test does > not work. It does not give me the added interface response and when I enter > my password I receive the following: > > Session setup failed: ERRSRV - ERRbadpw > > This is a Dell install of Redhat. Could this be an issue with kerbose? > > Any help would be greatly appreciated. > > Phillip C. Roberts > CADD Systems Manager > > DuBois and King, Inc. > Voice: 802.728.4113, ext 322 > Email: proberts@DuBois-King.com From randyp at ti.com Wed Jun 7 11:36:32 2000 From: randyp at ti.com (Randy Parker) Date: Tue Dec 2 02:29:59 2003 Subject: PDC user authentication In-Reply-To: Your message of "Wed, 07 Jun 2000 03:32:14 +1000." <393D34E0.FA4FDC26@coms.com> Message-ID: <7875.960377792@cluster> I'm not sure about other stuff, but problem #1 I solved using a suggestion from the John Blair Samba book, page 236. He says set "valid users = %S" in the [homes] definition to keep unauthorized users out of home directories they don't own. It works for me. Regards, Randy Parker Wilson Yau wrote: >Dear all Samba Gurus, > >Recently, I have looked into the possibility of the complete replacement >of NT4 server by deploying Samba. > >As an experiment, I am trying to configure a Linux box running Debian >Potato with kernel 2.2.15 as a Samba server, which will eventually >emulate a NT PDC. On top of that, I am running NT4 workstation client >by using VMware 2.0. > >I first started with the latest production version 2.0.7a, but >encountered some problems when came to the PDC implementation. After >consulting some resources from books (e.g. Using Samba, O'Reilly) and >several web sites (e.g. http://www.ping.be/linux-and-samba/ ), I decided >to get the latest development version from the cvs site of samba.org so >as to get the best PDC support. The one I've got is >'release-alpha-2-5-3'. The source codes have been successfully >compiled. Although I could make the NT domain logon live, the same >problems persist. > >There are two main problems: > >1./ When different users has been logged in and out of the NT client, >the late users can actually browse the home directories of the previous >ones; > >2./ When a user logs in, an error message pops up saying 'The operating >system was unable to create profile directory \\mole\Profiles\%U.pds. >You will be logged on with a local profile only....'. This looks like >something is wrong with the logon path in the [global] section or the >path specified in the [Profiles] service. > >I tried to search the mailing list archive - >http://us1.samba.org/listproc/samba-ntdom, but the URL could not be >found. Therefore, I decided to subscibe this mailing list to learn more >and hopefully someone can give me a helping hand. > > >FYI, my server is called 'mole', my workstation is 'koala' and NT Domain >name is 'YAU' > >Here are the main settings in my smb.conf file: > >[global] > workgroup = YAU > netbios name = mole > server string = %h (Samba Server %v) > guest account = smbguest > ># Debug Level > log level = 2 > > security = user > encrypt passwords = yes > unix password sync = false > > local master = yes > os level = 255 > domain master = yes > preferred master = yes > domain logons = yes > > logon home = \\%L\%U > logon path = \\%L\Profiles\%U > log file = /usr/local/samba/var/log.%m > max log size = 50 > >[homes] > comment = Home Directories > browseable = no > guest ok = no > read only = no > create mask = 0700 > directory mask = 0700 > >[Profiles] > comment = Windows-User-Profiles > path = /usr/local/samba/profiles > browseable = no > guest ok = yes > writeable = yes > > >I have created the /usr/local/samba/profiles directory manually, and it >attributes are as follows: >drwxr-xr-x 2 root root 4096 Jun 5 14:00 profiles > >If you need more information, please let me know. > >Many thanks for your help! > >Wilson Yau > From olivier.wegria at novactiongroup.com Wed Jun 7 12:40:12 2000 From: olivier.wegria at novactiongroup.com (Olivier Wegria) Date: Tue Dec 2 02:29:59 2003 Subject: open files Message-ID: <500C66C7BF87D311A7F400A0C907E8D84AA9A7@NSA4> Hi, How can I know which shared files are currently in use by windows clients on my samba server? I have to restart my samba because it doesn't recognize the changes made to smb.conf but I want first to ask windows users to close files and it would help if I know who is using files. Many thanks for any help Olivier From SRuth at LANDAM.com Wed Jun 7 13:38:09 2000 From: SRuth at LANDAM.com (Ruth, Sven) Date: Tue Dec 2 02:29:59 2003 Subject: open files Message-ID: <6768A16CA846D3119104009027998CC304A44862@LANDE04> smbstatus at the # or $ prompt. you can also use the SWAT interface and click on status from there. Sven -----Original Message----- From: Olivier Wegria [mailto:olivier.wegria@novactiongroup.com] Sent: Wednesday, June 07, 2000 7:40 AM To: Multiple recipients of list SAMBA-NTDOM Subject: open files Hi, How can I know which shared files are currently in use by windows clients on my samba server? I have to restart my samba because it doesn't recognize the changes made to smb.conf but I want first to ask windows users to close files and it would help if I know who is using files. Many thanks for any help Olivier From simo.sorce at polimi.it Wed Jun 7 13:53:32 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:29:59 2003 Subject: open files References: <500C66C7BF87D311A7F400A0C907E8D84AA9A7@NSA4> Message-ID: <393E53DC.E1CC9926@polimi.it> Olivier Wegria wrote: > > Hi, > > How can I know which shared files are currently in use by windows > clients on my samba server? swat has a nice interface for this. > I have to restart my samba because it doesn't recognize the changes > made to smb.conf but I want first to ask windows users to close files and it > would help if I know who is using files. > however to make samba reread the smb.conf file just send it a SIGHUP kill -HUP -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From wilson at coms.com Wed Jun 7 14:06:16 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:29:59 2003 Subject: PDC user authentication References: <7875.960377792@cluster> Message-ID: <393E56D8.C3DE222E@coms.com> Dear Randy, Thanks for your tips. However, adding a line "valid users = %S" in the [homes] section did not help solve the first problem - user authentication. Unexpectedly, this help get rid of the error message mentioned in the second problem - profiles. I've found a new directory "%U" was created by smb.conf (path: /usr/local/samba/profiles/%U), but nothing was inside there. Here I quote some of the log messages by tail -f /usr/local/samba/var/log.koala which could be traced what happened when a user called wilson logged in the NT client. Allowed connection from koala.hq.coms.com (192.168.1.62) Allowed connection from koala.hq.coms.com (192.168.1.62) koala (192.168.1.62) connect to service Profiles as user wilson (uid=1000, gid=1000) (pid 7429) Allowed connection from koala.hq.coms.com (192.168.1.62) koala (192.168.1.62) connect to service netlogon as user wilson (uid=1000, gid=1000) (pid 7429) Regards, Wilson Randy Parker wrote: > I'm not sure about other stuff, but problem #1 I > solved using a suggestion from the John Blair Samba > book, page 236. He says set "valid users = %S" in > the [homes] definition to keep unauthorized users > out of home directories they don't own. It works > for me. > > Regards, > Randy Parker > From ctooley at joslyn.org Wed Jun 7 16:28:04 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:29:59 2003 Subject: 2.0.7 PDC Woes Message-ID: <393E7814.48F94993@joslyn.org> I'm trying to create a new PDC for a bunch of Win 9x clients. I've finally got the conversion from the old machine to the new machine completely automated. However, I now cannot get the new machince to accept logins. Something is obviously wrong with that. I'm using RedHat 6.2 with Software-RAID on the drives. Everything is under / so it shouldn't be out of room (besides theres 19 gig of free space. It's Samba-2.0.7 from the tarball not the RPM. I did no special compiling instructions. I've attached my smb.conf and will attach the log.smb and machine.joslyn.org.log files to another e-mail. If I attach everything to this e-mail I get the message back with a note that it is too big for the mailing list. If anyone can take a look at the problem and let me know what I'm doing wrong I'd greatly appreciate it. From abrock at georgefox.edu Wed Jun 7 14:51:47 2000 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:29:59 2003 Subject: Latest CVS ... Message-ID: <4.2.2.20000607073600.00a8eca0@localhost> Okay, I downloaded the latest CVS version of SAMBA_TNG monday, and found several things improved. This is on a Sun Sparc running Solaris 2.7 (32-bit). 1) When attempting to add a new samba server to the domain, the password entry in the private/smbpasswd file actually shows a change! This is the first time in months that samba appears to do anything to change the password for machines joining the domain. Normally they return a message saying that everything worked, and then we see the following in the logs: process_logon_packet: Logon from XXX.XXX.XXX.10: code = 0x12 process_logon_packet: Logon from XXX.XXX.XXX.10: code = 0x12 process_logon_packet: Logon from XXX.XXX.XXX.10: code = 0x7 Since this update, I am only seeing a single entry with code = 0x7 2) When comparing the smbpasswd file before and after adding a new NT Server to the domain, there are no differences. The old behavior (which used to happen with samba servers as well) still happens (though the server is apparently able to open a connection according to the status page in SWAT). 3) We attempted to load exchange on a server using samba as the PDC, and it failed on Monday with a strange error "Windows NT Error ". 4) All attempts to use User Manager for Domains have met with failure, either saying something about an invalid parameter or access is denied (though I am successfully logged in as DOMAIN\administrator). 5) Testing individual accounts using rpcclient succeeds as expected (using "ntlogin ") but administrator now returns a failure. 6) Yesterday we updated against CVS again, and the exchange server installation failed the first time with the same error message as Monday, but then worked on a second attempt. User Manager for Domains still does not even let me into the domain, and administrator is no longer able to directly access any shares on the PDC (I get prompted for a username and password). Users CAN access resources on the PDC normally. When adding users in Exchange, I get a message that the PDC is unavailable, but it properly displays the accounts from the PDC. Otherwise, stuff appears to work decent. 7) Today, updated against CVS, and now Exchange will not let anyone in. I am unable to add users in Exchange (it states that the domain cannot be contacted). Also, I am unable to login at the NT server's console as any user other than administrator. Let me know if you need more detail/logs. Tony ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From wilson at coms.com Wed Jun 7 14:51:59 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:29:59 2003 Subject: PDC user authentication References: <4.3.2.20000607085403.0238d9e0@mail.digisolv.com> Message-ID: <393E618F.C8E283D5@coms.com> Gerry wrote: > There is some documentation on this issue. See the FAQ > at www.samba.org. You should try to comment out the " logon home = > \\%L\%U " line and see if it soles this problem. The issue revolves > around your shares declarations. > > Dear Gerry, I tried your tips and it works! This somewhat has solved my first problem - user authentication. Now the home directory of the previous user can still be seen by the newly log in user, but ACCESS IS DENIED. When I kept an eyes on the smbstatus, I discovered even a user had logged out, share connection was still maintained for some time (quite long). Is this a problem with Windows or Samba? Can we do anything to 'fix' it? FYI, here I attach the messages given by smbstatus and /usr/local/samba/var/log.koala: When a user called wilson logged in & HAD LOGGED OUT from koala (NT workstation), I got the following: (I) FROM smbstatus: Samba version pre-3.0.0 Service uid gid pid machine ---------------------------------------------- Profiles wilson wilson 7484 koala (192.168.1.62) Wed Jun 7 15:33:16 2000 (II) FROM /usr/local/samba/var/log.koala: Closing connections Allowed connection from koala.hq.coms.com (192.168.1.62) koala (192.168.1.62) connect to service Profiles as user wilson (uid=1000, gid=1000) (pid 7484) Allowed connection from koala.hq.coms.com (192.168.1.62) ---------- Then I logged in as another user called eric: (I) FROM smbstatus: Samba version pre-3.0.0 Service uid gid pid machine ---------------------------------------------- netlogon eric eric 7484 koala (192.168.1.62) Wed Jun 7 15:39:36 2000 Profiles wilson wilson 7484 koala (192.168.1.62) Wed Jun 7 15:33:16 2000 (II) FROM /usr/local/samba/var/log.koala: con't from (II) above: Allowed connection from koala.hq.coms.com (192.168.1.62) koala (192.168.1.62) connect to service netlogon as user eric (uid=1001, gid=1001) (pid 7484) Now when clicking network neighbourhood then mole (samber server), both eric's and wilson's home directory could be seen. Fortunately, after the fix, eric could not open wilson's home directory this time. Many thanks for your help. Wilson P.S. If you have more tricks to enhance this security feature further, please let me know. From jbeauchamp at gesinc.com Wed Jun 7 15:14:04 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:29:59 2003 Subject: 2.0.7 PDC Woes References: <393E7814.48F94993@joslyn.org> Message-ID: <002101bfd093$06af87c0$1601a8c0@gesinc.com> Chris: Send me your smb.conf and I'll take a look at it. make sure you have created valid usernames and passwords in /etc/passwd for all your users. You also have to create machine trust accounts for each of your users in /etc/passwd. Then when you are done, you need to run the shell script mksmbpasswd.sh and have it all copied to /etc/smbpasswd (or wherever you are storing it). Otherwise you can add each user by hand: smbpasswd -a user1 (creates user specific password) smbpasswd -a -m user1 (creates machine account for user1 with initial password of user1$) Hope this helps James ----- Original Message ----- From: "Chris Tooley" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, June 07, 2000 10:28 AM Subject: 2.0.7 PDC Woes > I'm trying to create a new PDC for a bunch of Win 9x clients. I've > finally got the conversion from the old machine to the new machine > completely automated. However, I now cannot get the new machince to > accept logins. Something is obviously wrong with that. I'm using RedHat > 6.2 with Software-RAID on the drives. Everything is under / so it > shouldn't be out of room (besides theres 19 gig of free space. It's > Samba-2.0.7 from the tarball not the RPM. I did no special compiling > instructions. I've attached my smb.conf and will attach the log.smb and > machine.joslyn.org.log files to another e-mail. If I attach everything > to this e-mail I get the message back with a note that it is too big for > the mailing list. > > If anyone can take a look at the problem and let me know what I'm doing > wrong I'd greatly appreciate it. > From wilson at coms.com Wed Jun 7 16:11:10 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:29:59 2003 Subject: PDC user authentication References: <7875.960377792@cluster> Message-ID: <393E741E.5EAFE7B7@coms.com> Dear Randy, I apologise for the incomplete comments of the previous email replying to you. What I've found is the option "valid users = %S" in the [homes] section does help keep unauthorized users out of home directories they don't own. However, it won't work on its own. The following were the tips given by Gerry George: >1./ When different users has been logged in and out of the NT client, >the late users can actually browse the home directories of the previous >ones; There is some documentation on this issue. See the FAQ at www.samba.org. You should try to comment out the " logon home = \\%L\%U " line and see if it soles this problem. The issue revolves around your shares declarations. The above two treatments have to be done in order to fix the authentication problem. They are actually mutual independent. They must go hand-in hand. Do one without doing the other won't solve the problem. I don't understand the mechanism inside. but it's my experience. Please correct me if I'm wrong. If anyone can explain to me this phenomenon, I'd be very grateful. Concerning the second problem, the previous error message appears no more now. However, roaming profiles of individual user still cannot be created. Any clues? Regards, Wilson Randy Parker wrote: > I'm not sure about other stuff, but problem #1 I > solved using a suggestion from the John Blair Samba > book, page 236. He says set "valid users = %S" in > the [homes] definition to keep unauthorized users > out of home directories they don't own. It works > for me. > > Regards, > Randy Parker > > Wilson Yau wrote: > >Dear all Samba Gurus, > > > >Recently, I have looked into the possibility of the complete replacement > >of NT4 server by deploying Samba. > > > >As an experiment, I am trying to configure a Linux box running Debian > >Potato with kernel 2.2.15 as a Samba server, which will eventually > >emulate a NT PDC. On top of that, I am running NT4 workstation client > >by using VMware 2.0. > > > >I first started with the latest production version 2.0.7a, but > >encountered some problems when came to the PDC implementation. After > >consulting some resources from books (e.g. Using Samba, O'Reilly) and > >several web sites (e.g. http://www.ping.be/linux-and-samba/ ), I decided > >to get the latest development version from the cvs site of samba.org so > >as to get the best PDC support. The one I've got is > >'release-alpha-2-5-3'. The source codes have been successfully > >compiled. Although I could make the NT domain logon live, the same > >problems persist. > > > >There are two main problems: > > > >1./ When different users has been logged in and out of the NT client, > >the late users can actually browse the home directories of the previous > >ones; > > > >2./ When a user logs in, an error message pops up saying 'The operating > >system was unable to create profile directory \\mole\Profiles\%U.pds. > >You will be logged on with a local profile only....'. This looks like > >something is wrong with the logon path in the [global] section or the > >path specified in the [Profiles] service. > > > >I tried to search the mailing list archive - > >http://us1.samba.org/listproc/samba-ntdom, but the URL could not be > >found. Therefore, I decided to subscibe this mailing list to learn more > >and hopefully someone can give me a helping hand. > > > > > >FYI, my server is called 'mole', my workstation is 'koala' and NT Domain > >name is 'YAU' > > > >Here are the main settings in my smb.conf file: > > > >[global] > > workgroup = YAU > > netbios name = mole > > server string = %h (Samba Server %v) > > guest account = smbguest > > > ># Debug Level > > log level = 2 > > > > security = user > > encrypt passwords = yes > > unix password sync = false > > > > local master = yes > > os level = 255 > > domain master = yes > > preferred master = yes > > domain logons = yes > > > > logon home = \\%L\%U > > logon path = \\%L\Profiles\%U > > log file = /usr/local/samba/var/log.%m > > max log size = 50 > > > >[homes] > > comment = Home Directories > > browseable = no > > guest ok = no > > read only = no > > create mask = 0700 > > directory mask = 0700 > > > >[Profiles] > > comment = Windows-User-Profiles > > path = /usr/local/samba/profiles > > browseable = no > > guest ok = yes > > writeable = yes > > > > > >I have created the /usr/local/samba/profiles directory manually, and it > >attributes are as follows: > >drwxr-xr-x 2 root root 4096 Jun 5 14:00 profiles > > > >If you need more information, please let me know. > > > >Many thanks for your help! > > > >Wilson Yau > > From Jean-Francois.Micouleau at dalalu.fr Wed Jun 7 16:23:35 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:29:59 2003 Subject: PDC user authentication In-Reply-To: <393E618F.C8E283D5@coms.com> Message-ID: On Thu, 8 Jun 2000, Wilson Yau wrote: > (I) FROM smbstatus: > > Samba version pre-3.0.0 this version is currently completly broken due to macro substitution not being done correctly. J.F. From jwhamps at ilstu.edu Wed Jun 7 21:11:04 2000 From: jwhamps at ilstu.edu (Jeffrey W. Hampson) Date: Tue Dec 2 02:29:59 2003 Subject: guest access different domain Message-ID: I was wondering if I could set up my samba 2.0.7 server to allow users from other domains to access what I would specify as guest accessable. I'm assuming this would involve a trust, and I didn't think that 2.0.7 had trust relationships, but perhaps I am missing something. Thanks for any help, ------------------------------ Jeff Hampson "That which is not explicitly permitted is denied." -------------- next part -------------- HTML attachment scrubbed and removed From rad2921 at cup.edu Wed Jun 7 18:04:55 2000 From: rad2921 at cup.edu (Tim Radigan) Date: Tue Dec 2 02:29:59 2003 Subject: win2k.. Message-ID: <393E8EC7.78346603@cup.edu> i'm not sure if this is the correct mailing list for my question, but if anyone can point me in the right direction, that'd be cool too.. anyways, i just loaded up a machine with win2k.. i'm not sure if win2k is supported by samba yet.. but i'm having problems configuring win2k to log on to the samba domain i have running.. i can logon and see the shares, but my logon script and what have you is not working at all.. i cant even figure out how win2k handles domain logons exactly since win2k is new to me too.. any help would be appreciated.. thanks.. Tim Radigan From samba at cocos-net.de Wed Jun 7 16:48:43 2000 From: samba at cocos-net.de (Dominik Fritz) Date: Tue Dec 2 02:29:59 2003 Subject: After joining Samba Domain access to shares is denied Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi I successfully installed samba TNG 2.53 on my Linux box. Before I joined the domain with my NT box accessing the shares was no problem. But after successfully joining the domain every time I try to access a share on the samba server I get an input box to submit an username and a password. But every username/password fails. Does anyone know what I have to do to get access to my shares Dominik -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2 for non-commercial use iQA/AwUBOT5uxhRiNmEIbIaEEQK/agCgkL7k/t9JZpBbxDoqQ5er+BtV6BcAoKoI LKEH190XcRF0Sae0RAAh0OIR =8EqC -----END PGP SIGNATURE----- From sanjay at inviziblehand.com Thu Jun 8 01:33:21 2000 From: sanjay at inviziblehand.com (Inviziblehand) Date: Tue Dec 2 02:29:59 2003 Subject: samba config Message-ID: <001b01bfd0e9$885432c0$0804030a@barterdog.com> Hi, I have a linux server being used as Primery Domain Controller.It was configured by someone. I need some information on how can I make a DOmain USer the administrator of local machine.When I try to add a user to local domain admin group it does not show me this user.How do I add this user .Please let me know on the samba congug side. Regards, SANJAY -------------- next part -------------- HTML attachment scrubbed and removed From D.Bannon at latrobe.edu.au Thu Jun 8 01:40:33 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:29:59 2003 Subject: samba config In-Reply-To: <001b01bfd0e9$885432c0$0804030a@barterdog.com> Message-ID: <3.0.6.32.20000608114033.00870990@bioserve.latrobe.edu.au> At 11:33 AM 08/06/2000 +1000, Inviziblehand wrote: > Hi, I have a linux server being used as Primery Domain Controller.It >was configured by someone. I need some information on how can I make a >DOmain USer the administrator of local machine.When I try to add a user to >local domain admin group it does not show me this user.How do I add this >user .Please let me know on the samba congug side. Regards, Sanjay, depends on what version of Samba you are have there. If you are using the current TNG see http://www.kneschke.de/projekte/samba_tng/. If its Samba 2.0.x main stream see some notes that I have posted at http://bioserve.latrobe.edu.au/samba and if its the old NTdom head version from last year, its pretty similar to TNG (???). david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From rad2921 at cup.edu Thu Jun 8 07:28:46 2000 From: rad2921 at cup.edu (Tim Radigan) Date: Tue Dec 2 02:29:59 2003 Subject: win2k Message-ID: I forgot I had unsubscribed to the mailing list when I posted that last message, so here it is again. I'm trying to get Win2K to login to my FreeBSD 4.0 server using Samba. I'm not too familiar with Win2K and I'm not too sure if Samba supports Win2K at this point in time. But I would like to know if there is any information I can find on the web relating to Samba and Win2K if there is any. Or, if someone could give me some insight on how to successfully setup Win2K and Samba that would be appreciated too. Any help would be appreciated. Thanks. Tim Radigan From helas at rbg.informatik.tu-darmstadt.de Thu Jun 8 07:30:24 2000 From: helas at rbg.informatik.tu-darmstadt.de (Martin Helas) Date: Tue Dec 2 02:29:59 2003 Subject: After joining Samba Domain access to shares is denied In-Reply-To: Message-ID: On Thu, 8 Jun 2000, Dominik Fritz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi > > I successfully installed samba TNG 2.53 on my Linux box. Before I > joined the domain with my NT box accessing the shares was no problem. > But after successfully joining the domain every time I try to access a > share on the samba server I get an input box to submit an username and > a password. But every username/password fails. > > Does anyone know what I have to do to get access to my shares You are not the only one having this problem. I do have that problem as well. I found a workaround, which works for me but is not very good: just restart all deamons. After that I got access to all shares again. But when you log off on logon again, you have to do it again... So its not suitable for networks with more than one NT box..... Martin > Dominik > > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.0.2 for non-commercial use > > > iQA/AwUBOT5uxhRiNmEIbIaEEQK/agCgkL7k/t9JZpBbxDoqQ5er+BtV6BcAoKoI > LKEH190XcRF0Sae0RAAh0OIR > =8EqC > -----END PGP SIGNATURE----- > > From samba at cocos-net.de Thu Jun 8 09:01:42 2000 From: samba at cocos-net.de (Dominik Fritz) Date: Tue Dec 2 02:29:59 2003 Subject: After joining Samba Domain access to shares is denied In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Martin I got it running. Aleksandar B. Samardzic gave me the hint to use 2.5 instead of 2.53 regards Dominik -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2 for non-commercial use iQA/AwUBOT9S0BRiNmEIbIaEEQInVQCg+dn3NAVtED7ooOs7O0mZjQFvCUgAoP+a 6J3sZkc3Kjki7JCMvizfmz6m =vhEv -----END PGP SIGNATURE----- From gcarter at valinux.com Thu Jun 8 12:44:04 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:29:59 2003 Subject: win2k References: Message-ID: <393F9514.EFFD80AF@valinux.com> Tim Radigan wrote: > > I'm trying to get Win2K to login to my FreeBSD 4.0 server > using Samba. I'm not too familiar with Win2K and I'm not > too sure if Samba supports Win2K at this point in time. Win2k domain logons are only supported by the SAMBA_TNG code branch currently. See the link to Lars' TNG FAQ linked off the top of the Samba NT Domain FAQ (Sorry that my Internet link is messed up right now or I would give you the direct URL). [ps: the Samba NT Domain FAQ is located in the docuemtnation section of the Samba web site] Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From p.mayers at ic.ac.uk Thu Jun 8 13:11:43 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:29:59 2003 Subject: win2k.. References: <393E8EC7.78346603@cup.edu> Message-ID: <393F9B8F.D7011584@ic.ac.uk> Win2k and Samba 2.0.x as a PDC doesn't (and will never be fixed to) work. You need a version of the (incredibly in-flux, alpha code) experimental TNG branch for this. Win2k and Samba 2.0.7+ as a *server* (not PDC) does work, but you must have 2.0.7 or later. This is a VERY-FAQ. Could a huge, mile high banner please be posted on the Samba website to the effect that Samba 2.0.x as a domain controller doesn't work with Win2k? Cheers, Phil Tim Radigan wrote: > > i'm not sure if this is the correct mailing list for my question, but if > anyone can point me in the right direction, that'd be cool too.. > anyways, > > i just loaded up a machine with win2k.. i'm not sure if win2k is > supported by samba yet.. but i'm having problems configuring win2k to > log on to the samba domain i have running.. i can logon and see the > shares, but my logon script and what have you is not working at all.. i > cant even figure out how win2k handles domain logons exactly since win2k > is new to me too.. any help would be appreciated.. thanks.. > > Tim Radigan From Gildas.Boichot at insa-rennes.fr Thu Jun 8 15:08:44 2000 From: Gildas.Boichot at insa-rennes.fr (Gildas Boichot) Date: Tue Dec 2 02:29:59 2003 Subject: Need help for Samba PDC NT Message-ID: <200006081504.RAA29987@gremille.insa-rennes.fr> Hi, I've installed Samba 2.0.6 under Linux RedHat 6.2, as a PDC for Windows NT and 95. I know that I can use encrypted passwd for Windows NT Workstations, but will it work with my Windows 95 PC ? Moreover, before being on my Linux Server, Samba was on a SGI Origin 200, it was Samba v2.0.3. Cause this machine was used for calculating, we decided to move it from this SGI to the new Linux Server. I've created all accounts and configured the smb.conf file as it was before with some modifications. Now, it is like this : # Global parameters [global] allow hosts = 10.1.0.0/255.255.0.0 workgroup = GMA1 server string = Serveur sous Linux du Domaine GMA1 (Samba %v) encrypt passwords = Yes log level = 1 log file = /home/samba/var/log.%m max log size = 50 deadtime = 360 keepalive = 180 read prediction = Yes socket options = TCP_NODELAY printcap name = /etc/printcap username map = /home/samba/domainuser.map (In this file, I have : root="Adminstrateur") #local group map = /home/samba/localgroup.map (how can I do the same under 2.0.6 ?) #domain group map = /home/samba/domaingroup.map (how can I do the same under 2.0.6 ?) logon script = logon.cmd logon path = \\%N\profiles\%U logon drive = H: domain logons = Yes local master = false comment = Samba %v print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j delete veto files = Yes veto files = .rhosts dont descend = /proc, /dev wide links = no getwd cache = Yes max xmit = 32768 read prediction = yes message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s name resolve order = host bcast [Homes] comment = Repertoire Prive de %U sur %h path = %H invalid users = nobody root read only = No create mask = 0755 valid users = %S browseable = no [Web-GMA] comment = Page Web du departement GMA path = /public_html/sitegma guest ok = Yes [commun] comment = Repertoire commun d'echange de fichier path = /home/users/commun read only = No [epl7500] comment = EPSON EPL-7500 v52.3 path = /tmp guest ok = Yes print ok = Yes printer name = print_gma1 printer driver = EPSON EPL-7500 v52.3 printable = Yes writeable = no [netlogon] comment = Utilitaires du loggin path = /home/samba/netlogon read only = No locking = No case sensitive = no preserve case = yes public = no [Reseau] comment = Partages des fichiers reseaux path = /home/samba read only = No [Profiles] comment = Profiles Utilisateurs path = /home/samba/profiles read only = No create mask = 700 directory mask = 700 browseable = no # Fixe correctement les droits dans les profiles postexec = chown -R %u:%g /home/samba/profiles/%u/ [Comptes] comment = Comptes utilisateurs path = /home/users read only = no valid users = root browseable = no I think I put the good rights to all those directories. It is working, but I have some troubleshootings. - I can't log on my domain with the "administrateur'"login, even if I use usename map. - When I log on under my account, each time, I have the "Welcome under Windows NT" message ! - When I log on under my account, the office startup menu tool doesn't load, but it takes all processses of Windows NT - When I log on local on a machine, I can see other PCs from the domain, but when I can't reach them. I always have en arror message like : "bad passwd or unknow user" Could you help me ?? Soory for my bad english, Cheers Gildas Boichot From m.nicolas at hopital-esquirol.fr Thu Jun 8 15:19:21 2000 From: m.nicolas at hopital-esquirol.fr (Michel NICOLAS) Date: Tue Dec 2 02:30:00 2003 Subject: connect samba with NT 4.0 Message-ID: <000601bfd15c$ec4b7db0$0e0a19ac@esquirol> Hello, i am looking for a documentation for connexion behind SAMBA and NT (PDC) Thanks -------------- next part -------------- HTML attachment scrubbed and removed From a.samardzic at racunari.com Thu Jun 8 14:30:29 2000 From: a.samardzic at racunari.com (Aleksandar B. Samardzic) Date: Tue Dec 2 02:30:00 2003 Subject: passwords & smbfs mounting Message-ID: I guess following questions are asked zillion times before, but someone should really fix up this http://us1.samba.org/listproc/samba-ntdom/ link... So: Samba TNG-2.5 on RedHat Linux 6.2 box acting as PDC for network of WinNT/Win2K workstations. 1. How to create samba passwords from /etc/passwd (more than 1000 entries there)? How to achieve synchronization between regular Unix and Samba password later (I know for Samba->Unix password synchronization, but what about reverse side)? Is it possible to change Samba password from Linux box (when I try this now, I receive "The system cannot change your password because the domain MYDOMAIN is not available")? 2. What is necessary to do after clean Samba TNG-2.5 installation in order to be able to mount Windows shares on Linux machine? I suppose that actually something should be done during the installation and I've tried to use --with-smbwrapper and --with-smbmount flags, but in first case compilation failed and in second case seems like nothing changed after applying the flag. Thanks, Aleksandar From mauro at junction.net Thu Jun 8 17:16:52 2000 From: mauro at junction.net (Mauro Incrocci) Date: Tue Dec 2 02:30:00 2003 Subject: samba as wins server Message-ID: I'm using pointopoint tunneling to link two network segments running behind firewalls. The connection between 10.1.1 and 10.1.2 is working and I can access machines on the 10.1.2 network from 10.1.1 The problem is that I cannot view the workstations in network neighbourhood although I can get to them via \\domain\machine1 I'm running RedHat 6.2 and samba 2.0.7. Below is my smb.conf file contents: #======================= Global Settings ===================================== [global] workgroup = workgroup server string = WINS Server hosts allow = 10.1.1. 10.1.2. 127. printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd username map = /etc/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 10.1.1.1/24 10.1.2.1/24 local master = yes os level = 33 domain master = yes preferred master = yes domain logons = yes name resolve order = wins lmhosts hosts bcast wins support = true dns proxy = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes [public] comment = Public Stuff path = /home/samba public = yes writable = yes printable = no write list = @staff From kellermg at potsdam.edu Thu Jun 8 17:30:11 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:30:00 2003 Subject: Slightly OT: Samba nsswitch integration? Message-ID: <393FD823.B3C6CA32@potsdam.edu> I was wondering if anyone had anything to say regarding the availability of a Samba library that hooks into nsswitch, effectively removing the annoying/mundane chore of maintaining a passwd entry for all of the users. Tridge discussed this @ LinuxWorld, and I know *I* drooled over it. :) Thanks all -- Matthew Keller Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From sam at topic.com.au Thu Jun 8 17:47:28 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:30:00 2003 Subject: Slightly OT: Samba nsswitch integration? In-Reply-To: <393FD823.B3C6CA32@potsdam.edu>; from kellermg@potsdam.edu on Fri, Jun 09, 2000 at 03:33:13AM +1000 References: <393FD823.B3C6CA32@potsdam.edu> Message-ID: <20000609034728.D523@topic.com.au> Matthew Keller wrote: > > I was wondering if anyone had anything to say regarding the > availability of a Samba library that hooks into nsswitch, effectively > removing the annoying/mundane chore of maintaining a passwd entry for > all of the users. Tridge discussed this @ LinuxWorld, and I know *I* > drooled over it. :) There's something floating around called "winbind", which is meant to be a plugin for the nsswitch library. A search for "winbind samba" on google turned up some interesting stuff, but no downloads or code that I could see. :( -- Sam Couter | Internet Engineer | http://www.topic.com.au/ sam@topic.com.au | tSA Consulting | PGP key available on key servers PGP key fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000609/65ef6a49/attachment.bin From gcarter at valinux.com Thu Jun 8 17:56:07 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:00 2003 Subject: Slightly OT: Samba nsswitch integration? References: <393FD823.B3C6CA32@potsdam.edu> <20000609034728.D523@topic.com.au> Message-ID: <393FDE37.B38F3A1C@valinux.com> Sam Couter wrote: > > There's something floating around called "winbind", which is meant > to be a plugin for the nsswitch library. > > A search for "winbind samba" on google turned up some > interesting stuff, but no downloads or code that I could see. :( winbind will be included with Samba 3.0. You can access it via anonymous CVS right now. It is stored with the HEAD samba code branch. See http://www.samba.org/cvs.html for information on getging Samba code via CVS. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From olivier.wegria at novactiongroup.com Thu Jun 8 18:12:01 2000 From: olivier.wegria at novactiongroup.com (Olivier Wegria) Date: Tue Dec 2 02:30:00 2003 Subject: rpc error Message-ID: <500C66C7BF87D311A7F400A0C907E8D84AABF8@NSA4> Hi , I am using samba 2.0.6 on a redhat 6.2 i386 linux. Everything works fine except that when I do a samba restart, I get a rpc error in the windows (nt4 & 2000) explorer when I dbl click on my samba server. But if I map a shared drive by typing all the path \\server\share it works. It is probably because when I restart samba, the open links between windows and samba are broken. Is that normal and what can I do to avoid this? Can I ask windows to refresh its information? When you add a new share in the smb.conf, is "restarting samba" the only way to get the new share to work? thanks for any help Olivier From SRuth at LANDAM.com Thu Jun 8 18:20:10 2000 From: SRuth at LANDAM.com (Ruth, Sven) Date: Tue Dec 2 02:30:00 2003 Subject: rpc error Message-ID: <6768A16CA846D3119104009027998CC304A44874@LANDE04> you can force samba to reread the smb.conf file by sending a SIGHUP to the original smbd process. Otherwise, the share should show up within a couple of minutes. # kill -SIGHUP process number Sven -----Original Message----- From: Olivier Wegria [mailto:olivier.wegria@novactiongroup.com] Sent: Thursday, June 08, 2000 1:13 PM To: Multiple recipients of list SAMBA-NTDOM Subject: rpc error Hi , I am using samba 2.0.6 on a redhat 6.2 i386 linux. Everything works fine except that when I do a samba restart, I get a rpc error in the windows (nt4 & 2000) explorer when I dbl click on my samba server. But if I map a shared drive by typing all the path \\server\share it works. It is probably because when I restart samba, the open links between windows and samba are broken. Is that normal and what can I do to avoid this? Can I ask windows to refresh its information? When you add a new share in the smb.conf, is "restarting samba" the only way to get the new share to work? thanks for any help Olivier From mauro at junction.net Thu Jun 8 19:19:59 2000 From: mauro at junction.net (Mauro Incrocci) Date: Tue Dec 2 02:30:00 2003 Subject: samba as wins server In-Reply-To: <393FED53.750F5115@siac.com> Message-ID: I added the following lines and restarted samba via /sbin/samba restart. Same symptoms. Below is the sl0 interface from ifconfig. # Cause this host to announce itself to local subnets here remote announce = 10.1.1.67/workgroup 10.1.2.77/workgroup sl0 Link encap:VJ Serial Line IP inet addr:10.1.1.67 P-t-P:10.1.2.77 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:84277 errors:0 dropped:0 overruns:70850 frame:0 compressed:0 TX packets:87117 errors:0 dropped:0 overruns:71466 carrier:0 collisions:24 compressed:0 txqueuelen:10 -----Original Message----- From: Michael Breuer Sent: Thursday, June 08, 2000 12:01 PM To: mauro@junction.net Subject: Re: samba as wins server Try remote announce. Mauro Incrocci wrote: > I'm using pointopoint tunneling to link two network segments running behind > firewalls. The connection between 10.1.1 and 10.1.2 is working and I can > access machines on the 10.1.2 network from 10.1.1 The problem is that I > cannot view the workstations in network neighbourhood although I can get to > them via \\domain\machine1 I'm running RedHat 6.2 and samba 2.0.7. Below > is my smb.conf file contents: > > #======================= Global Settings > ===================================== > [global] > > workgroup = workgroup > > server string = WINS Server > > hosts allow = 10.1.1. 10.1.2. 127. > > printcap name = /etc/printcap > > load printers = yes > > log file = /var/log/samba/log.%m > > max log size = 50 > > security = user > > encrypt passwords = yes > > smb passwd file = /etc/smbpasswd > > username map = /etc/smbusers > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > interfaces = 10.1.1.1/24 10.1.2.1/24 > > local master = yes > > os level = 33 > > domain master = yes > > preferred master = yes > > domain logons = yes > > name resolve order = wins lmhosts hosts bcast > > wins support = true > > dns proxy = no > > #============================ Share Definitions > ============================== > [homes] > comment = Home Directories > browseable = no > writable = yes > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > # Set public = yes to allow user 'guest account' to print > guest ok = no > writable = no > printable = yes > > [public] > comment = Public Stuff > path = /home/samba > public = yes > writable = yes > printable = no > write list = @staff From p.mayers at ic.ac.uk Thu Jun 8 22:42:05 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:30:00 2003 Subject: Slightly OT: Samba nsswitch integration? Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8143B@icex1.cc.ic.ac.uk> It's called winbind, and the code is in the current TNG and HEAD branches. It's not compiled by default - try "make bin/nsswitch", which I think it correct. It's highly cool - you get $> ls -l /tmp total 740 -rw-r--r-- 1 DOM\user DOM\group 277001 Jun 1 00:52 a drwxr-xr-x 5 DOM\user DOM\group 4096 May 30 23:59 dev -rwxr--r-- 1 DOM\user DOM\group 310 Jun 1 02:15 getscr All very neat. I don't know the Samba integration stage, but I suspect it's relatively seamless for the single domain model. I suggest downloading the (self-documented :o) code. Cheers, Phil -----Original Message----- From: Matthew Keller To: Multiple recipients of list SAMBA-NTDOM Sent: 6/8/00 6:32 PM Subject: Slightly OT: Samba nsswitch integration? I was wondering if anyone had anything to say regarding the availability of a Samba library that hooks into nsswitch, effectively removing the annoying/mundane chore of maintaining a passwd entry for all of the users. Tridge discussed this @ LinuxWorld, and I know *I* drooled over it. :) Thanks all -- Matthew Keller Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From ggeorge at digisolv.com Thu Jun 8 22:33:58 2000 From: ggeorge at digisolv.com (Gerry George) Date: Tue Dec 2 02:30:00 2003 Subject: Username in environment variable Message-ID: <4.3.2.20000608183348.02ddbd80@mail.digisolv.com> I seem to recall reading something about this, but can't find it from the archives. How does one get the username? I wish to set the environment variable USERNAME to use it for various applications and scripts. This would be set in the login script. The standard Samba variables do not work as the Windows client, where the login script executes, is unaware of any Samba variables. Thanks. Gerry George Gerry E. George Information Technology Specialist, DigiSolv, Inc. http://www.digisolv.com .. From D.Bannon at latrobe.edu.au Thu Jun 8 23:55:12 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:00 2003 Subject: Need help for Samba PDC NT In-Reply-To: <200006081504.RAA29987@gremille.insa-rennes.fr> Message-ID: <3.0.6.32.20000609095512.00869210@bioserve.latrobe.edu.au> At 01:13 AM 09/06/2000 +1000, Gildas Boichot wrote: >Hi, > >I've installed Samba 2.0.6 under Linux RedHat 6.2, as a PDC for Windows NT >and 95......use encrypted with my Windows 95 PC ? Yep. > #domain group map = /home/samba/domaingroup.map (how can I do the >same under 2.0.6 ?) domain admin group = @adm Grants domain admin rights to every member of the unix group adm (for example). See http:\\bioserve.latrobe.edu.au\samba for more detail. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From johan.ostensson at orebro.lantmen.se Fri Jun 9 06:38:56 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:30:00 2003 Subject: Outlook 2000 Message-ID: <20000609063950Z25799704-9459+1583@samba.org> This is mayby a bit OT, but hey - you could always flame me (not!) ;) Just ignore this if you aren't using Outlook 2000... The problem is this maillist; Is it possible to add a prefix to the subject of every mail (something like "SAMBA-NTDOM: ")? Outlook 2000 which I'm forced to use at work (yuck!) doesn't have the capabilities to sort my mail correcly otherwise... Or does anyone have a solution for this? best regards /johan johan.ostensson@orebro.lantmen.se (work) johan.ostensson@swipnet.se (home) From p.grimmerink at home.nl Fri Jun 9 08:25:51 2000 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:30:00 2003 Subject: Outlook 2000 In-Reply-To: <20000609063950Z25799704-9459+1583@samba.org> Message-ID: > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Johan ?stensson > Sent: vrijdag 9 juni 2000 9:12 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Outlook 2000 > The problem is this maillist; Is it possible to add a prefix to > the subject > of every mail (something like "SAMBA-NTDOM: ")? Outlook 2000 which I'm > forced to use at work (yuck!) doesn't have the capabilities to > sort my mail > correcly otherwise... Or does anyone have a solution for this? Yes, just filter using the sender, which always is: samba-ntdom@samba.org Best regards, Pieter From p.hannent at travel-market.co.uk Fri Jun 9 09:02:53 2000 From: p.hannent at travel-market.co.uk (Philip Hannent) Date: Tue Dec 2 02:30:00 2003 Subject: Outlook 2000 Message-ID: Hello, Johan ?stensson wrote: >This is mayby a bit OT, but hey - you could always flame me (not!) ;) >Just ignore this if you aren't using Outlook 2000... >The problem is this maillist; Is it possible to add a prefix to the subject >of every mail (something like "SAMBA-NTDOM: ")? Outlook 2000 which I'm >forced to use at work (yuck!) doesn't have the capabilities to sort my mail >correcly otherwise... Or does anyone have a solution for this? >best regards It sure is off topic, this being a Samba mailing list. There is nothing wrong with Outlook 2000. It is a great PIM and I have evaluated my fair share of them. You need to look at the documentation of the product in question. When using the rules wizard in outlook you can tell the software that you want emails from a specific email address to be moved to a certain folder. Don't go asking stupid questions. RTFM. Philip From lluisma at osi-technologies.com Fri Jun 9 10:43:31 2000 From: lluisma at osi-technologies.com (llu) Date: Tue Dec 2 02:30:00 2003 Subject: samba as wins server References: Message-ID: <3940CA53.5B56F085@osi-technologies.com> I think broadcast is not going thru your tunnel. If your windows client is type hybrid(meaning use WINS first then broadcast) it may be failing to access WINS and so it broadcast and got nothing, despite that you were able to map drives manually. I experience this problem in a different setting. I set up DHCP server on RH62 box. I specified type=2 (no broadcast, just WINS) and the windows client couldn't log onto the domain. I changed back DHCP server and specified type=8(WINS then broadcast), then it worked. It seems to me that disabling broadcast makes it fail to work. Try to run tcpdump on your samba server and capture packets originating from your windows client and post it here. LLU Mauro Incrocci wrote: > > I'm using pointopoint tunneling to link two network segments running behind > firewalls. The connection between 10.1.1 and 10.1.2 is working and I can > access machines on the 10.1.2 network from 10.1.1 The problem is that I > cannot view the workstations in network neighbourhood although I can get to > them via \\domain\machine1 I'm running RedHat 6.2 and samba 2.0.7. Below > is my smb.conf file contents: > > #======================= Global Settings > ===================================== > [global] > > workgroup = workgroup > > server string = WINS Server > > hosts allow = 10.1.1. 10.1.2. 127. > > printcap name = /etc/printcap > > load printers = yes > > log file = /var/log/samba/log.%m > > max log size = 50 > > security = user > > encrypt passwords = yes > > smb passwd file = /etc/smbpasswd > > username map = /etc/smbusers > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > interfaces = 10.1.1.1/24 10.1.2.1/24 > > local master = yes > > os level = 33 > > domain master = yes > > preferred master = yes > > domain logons = yes > > name resolve order = wins lmhosts hosts bcast > > wins support = true > > dns proxy = no > > #============================ Share Definitions > ============================== > [homes] > comment = Home Directories > browseable = no > writable = yes > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > # Set public = yes to allow user 'guest account' to print > guest ok = no > writable = no > printable = yes > > [public] > comment = Public Stuff > path = /home/samba > public = yes > writable = yes > printable = no > write list = @staff From simo.sorce at polimi.it Fri Jun 9 10:49:18 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:00 2003 Subject: samba as wins server References: Message-ID: <3940CBAE.23D4E5DE@polimi.it> what about clients setup? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From lee.taylor at scania.co.za Fri Jun 9 12:00:19 2000 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:30:00 2003 Subject: PDC & 2.0.7 ... References: <007501d3ff93$464d68f0$0b00000a@evolution> Message-ID: <0b3c01bfd20a$49bb97c0$89640107@LeeTaylor> Hi ... I know that this has been ask time & time again in one form or another, I know because I have been recieveing messgesa from this list for a year and have saved most of the messges ( over 5000 ), but I am unable to answer my question going through them or the documentation I have been able to find. We ran Samba 2.0.5 then upgraded to 2.0.6 and then to 2.0.7 without any problems and have been very happy with what we have been able to do with our system, up until now. We are install two NT 4.0 Server. One to run SQL 7 and the other to Run Terminal Server on. Now this is not the problem, but I don't want to move our user base onto either of these server. I would like to have authentication still to be run from the Samba server and not ether NT server so that I still have control of the user password for other functions like e-mail and so on. Is it possible for me to get my 2.0.7 Samba server to auth for all my systems like a PDC or am I going to have to try and run TNG and 2.0.7 together. TNG for PDC functions and 2.0.7 for File/Printer services? ... One other question, is there a way to get NT to stop reporting that Samba's LIC stuff is not running ... I keep getting messges in the evenviewer. Thanks in advance for all your replys. Mailed C.Lee Taylor From ctooley at joslyn.org Fri Jun 9 14:41:14 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:00 2003 Subject: Outlook 2000 References: <20000609063950Z25799704-9459+1583@samba.org> Message-ID: <3941020A.C102F664@joslyn.org> I used to use Outlook 2000 and I just told it that any mail coming from samba-ntdom@samba.org went to my Samba-NTDOM mail folder. It's in the organize settings. As I don't use Outlook anymore I don't remember exactly how to do it step by step, but it's easy never the less. Johan ?stensson wrote: > > This is mayby a bit OT, but hey - you could always flame me (not!) ;) > Just ignore this if you aren't using Outlook 2000... > > The problem is this maillist; Is it possible to add a prefix to the subject > of every mail (something like "SAMBA-NTDOM: ")? Outlook 2000 which I'm > forced to use at work (yuck!) doesn't have the capabilities to sort my mail > correcly otherwise... Or does anyone have a solution for this? > > best regards > > /johan > johan.ostensson@orebro.lantmen.se (work) > johan.ostensson@swipnet.se (home) From ctooley at joslyn.org Fri Jun 9 15:11:14 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:00 2003 Subject: Update Rebooting from Netlogon Script Message-ID: <39410912.A7A86E1@joslyn.org> I was just wanting to pass on the knowledge I gained from this experience. 1) Rebooting Windows 9x is a terrible pain in the butt, but it can be done. I'm pretty sure that having a command called reboot that "reboot"s the system, would be WAY too difficult for them to understand. 2) I got a response from Osama Abu-Aish that told me to use Rundll32.exe and this is correct. There are some shell32 options you can pass to this command that do a number of things (although the options are passed in a very unconventional way. I have listed a small number of them below. rundll32.exe shell32,SHExitWindowsEx X where the last "X" is a number. 0 - LOGOFF 1 - SHUTDOWN 2 - REBOOT 4 - FORCE 8 - POWEROFF Or any combination thereof, by adding the values together, giving 16 possible shutdown/restart sequences. I wish there was a better place to document something like this as it's obvious that Microsoft isn't offering it up very readily. Chris Tooley From lindi at spindletop.tamu.edu Fri Jun 9 13:20:38 2000 From: lindi at spindletop.tamu.edu (Lindi) Date: Tue Dec 2 02:30:00 2003 Subject: Joining the Domain Message-ID: I've tried getting to the nt-dom faq and archives on samba's site, but the link is still not fixed. I am sure my question has been asked before, but I am having trouble getting the NT machine to see my samba domain controller. It can find one of our other domain controllers (winnt server sp 3), but can't find the samba domain controller. I've gotten the latest samba code as well as trying the tng branch, but nothing seems to be working. I have created both unix and samba user accounts for both the machines and the users. Thanks in advance for your help. Lindi Horton Student Technician Department of Petroleum Engineering Texas A&M University From iainr at civ.hw.ac.uk Fri Jun 9 13:58:27 2000 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:30:00 2003 Subject: syslog patches for 2.0.7 Message-ID: <3940F803.18FEE92D@civ.hw.ac.uk> hi all, possibly my mind is playing tricks on me but I'd thought I'd seen a post from someone about a patch for the syslog code that comes with 2.0.7, I thought I'd saved it for future perusal but I cant find it and the mail archives are..... so can someone tell me if I'm going mad or point me at the patch? -- Iain Rae Computing Officer Dept. Civil & Offshore Engineering Heriot-Watt University From owensc at enc.edu Fri Jun 9 14:02:25 2000 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:30:00 2003 Subject: Username in environment variable References: <4.3.2.20000608183348.02ddbd80@mail.digisolv.com> Message-ID: <3940F8F1.FC18A055@enc.edu> Gerry George wrote: > I seem to recall reading something about this, but can't find it from the > archives. > > How does one get the username? I wish to set the environment variable > USERNAME to use it for various applications and scripts. This would be set > in the login script. The standard Samba variables do not work as the > Windows client, where the login script executes, is unaware of any Samba > variables. The technique that I use is to set up the netlogon share such that it calls a perl script as the connection is being setup (specified via the preexec directive). This script dynamically generates a client-specific logon script which includes DOS commands to * set environment variables * set up drive and printer mappings (via the net use command) * call other scripts that perform standard functions Per-client configuration information is maintained in a NIS map that the script queries to determine how to build the script. We've been using this technique for about four years with good success. At some point I plan to move the configuration info into an LDAP directory and do other enhancements (e.g. NT/W2K support). I'd be happy to share the script as is (kinda crufty) if there is interest. Here's the pertinent parts of smb.conf: [globals] ... domain logons = yes logon script = scripts\dynamic\%d.bat ... [netlogon] path = /user/canaan/smb/netlogon browseable = no writeable = no force user = nobody preexec = /usr/local/tenet/sbin/mklogscript %d %U %M %m %a postexec = /bin/rm /user/canaan/smb/netlogon/scripts/dynamic/%d.bat -- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From jbeauchamp at gesinc.com Fri Jun 9 14:10:08 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:30:00 2003 Subject: Windows Archive Bit Message-ID: <000f01bfd21c$6c214460$1601a8c0@gesinc.com> Hi: Does anyone know how to handle setting and clearing the archive bit for files sitting on a samba server. I have RH 6.2 with Samba 2.0.7 as a file server to windoze clients. I also have a Windoze machine that is my backup device. THe problem is that I don't know how to clear the archive bit on the files on the Linux box. As a result, every night when my backup job runs, It backs up all files instead of just the new and changed files. Any ideas. James -------If you ain't the lead dog, the scenery never changes---------- BE SURE TO REMOVE THE OBVIOUS ANTI-SPAM STUFF IN MY RETURN ADDRESS James W. Beauchamp, P.E. Global Environmental Solutions, Inc. 2621 Sandy Plains Road Suite 102 Marietta, Georgia 30066 Phone - 770-579-6097 Fax - 770-579-6099 Email - jbeauchamp-at-gesinc.com From green at UMDNJ.EDU Fri Jun 9 14:19:59 2000 From: green at UMDNJ.EDU (Cliff Green) Date: Tue Dec 2 02:30:00 2003 Subject: Update Rebooting from Netlogon Script In-Reply-To: <39410912.A7A86E1@joslyn.org> Message-ID: On Fri, 9 Jun 2000, Chris Tooley wrote: CT> I was just wanting to pass on the knowledge I gained from this CT> experience. CT> CT> 1) Rebooting Windows 9x is a terrible pain in the butt, but it can be CT> done. [munch] CT> rundll32.exe shell32,SHExitWindowsEx X [munch] CT> I wish there was a better place to document something like this as it's CT> obvious that Microsoft isn't offering it up very readily. Well, it's not laid out like a rug, but you could check http://msdn.microsoft.com/library/psdk/sysmgmt/shutdown_3ago.htm for some info on ExitWindowsEx, or http://msdn.microsoft.com/library/psdk/portals/win32start_1n6t.htm for info on the Win32 API. c -- Clifford Green Internet - green@umdnj.edu Academic Computing Services UMDNJ-IST If at first you do succeed, try not to look astonished. From Gildas.Boichot at insa-rennes.fr Fri Jun 9 14:36:03 2000 From: Gildas.Boichot at insa-rennes.fr (Gildas Boichot) Date: Tue Dec 2 02:30:00 2003 Subject: sys - Domain Admins Message-ID: <200006091431.QAA16511@gremille.insa-rennes.fr> Hi, Sure this question have already be posted... How can I make a correspondence between the "sys" group of Linux and the "Domain Admins" group of Samba ? I 'have a file domainuser.map where I have placed root="adminstrateur" and another file domaingroup.map where i have placed sys = "Domain Admins" for the first file, in my smb.conf I use : username map = domainuser.map But I don't know what to use for the second file. Is anybody has a solution ? Gildas From Meerwaldt at t-online.de Fri Jun 9 13:45:04 2000 From: Meerwaldt at t-online.de (Frederik Meerwaldt) Date: Tue Dec 2 02:30:01 2003 Subject: PDC & 2.0.7 ... In-Reply-To: <0b3c01bfd20a$49bb97c0$89640107@LeeTaylor> Message-ID: Hi! > We ran Samba 2.0.5 then upgraded to 2.0.6 and then to 2.0.7 without any > problems and have been very happy with what we have been able to do with our > system, up until now. We are install two NT 4.0 Server. One to run SQL 7 > and the other to Run Terminal Server on. Now this is not the problem, but I > don't want to move our user base onto either of these server. I would like > to have authentication still to be run from the Samba server and not ether > NT server so that I still have control of the user password for other > functions like e-mail and so on. > > Is it possible for me to get my 2.0.7 Samba server to auth for all my > systems like a PDC or am I going to have to try and run TNG and 2.0.7 > together. TNG for PDC functions and 2.0.7 for File/Printer services? ... I don't really know what you mean, but if you want your Samba station to act as a PDC, this is possible with 2.0.7, and if you want to authenticate users for your samba shares from another PDC, this is also possible. But both of this is documented. Just search. Regards, Freddy From lee.taylor at scania.co.za Fri Jun 9 15:17:07 2000 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:30:01 2003 Subject: PDC & 2.0.7 ... References: Message-ID: <0b8001bfd225$c7286740$89640107@LeeTaylor> > > We ran Samba 2.0.5 then upgraded to 2.0.6 and then to 2.0.7 without any > > problems and have been very happy with what we have been able to do with our > > system, up until now. We are install two NT 4.0 Server. One to run SQL 7 > > and the other to Run Terminal Server on. Now this is not the problem, but I > > don't want to move our user base onto either of these server. I would like > > to have authentication still to be run from the Samba server and not ether > > NT server so that I still have control of the user password for other > > functions like e-mail and so on. > > > > Is it possible for me to get my 2.0.7 Samba server to auth for all my > > systems like a PDC or am I going to have to try and run TNG and 2.0.7 > > together. TNG for PDC functions and 2.0.7 for File/Printer services? ... > > I don't really know what you mean, but if you want your Samba station to > act as a PDC, this is possible with 2.0.7, and if you want to authenticate > users for your samba shares from another PDC, this is also possible. > > But both of this is documented. Just search. mmm ... seems that I have not stated my concerns ... Yes, my Win9x clients are authing against 2.0.7, so it's been used as PDC for Win9x, but if I understand it, WinNT servers can't auth client connections, so clients attaching to WinNT need to have accounts on NT server ... right? ... Mailed C.Lee Taylor From kevinc at grainsystems.com Fri Jun 9 15:28:39 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:01 2003 Subject: Username in environment variable References: <4.3.2.20000608183348.02ddbd80@mail.digisolv.com> <3940F8F1.FC18A055@enc.edu> Message-ID: <39410D27.E7966D1A@grainsystems.com> Just for the record, it is also possible to setup a batch file that does the dynamic-logon-script thing as well. You have to get a better 'SET' command such as ASET, or do some coding yourself, but it can be done. - Kevin Colby kevinc@grainsystems.com "Charles N. Owens" wrote: > > Gerry George wrote: > > > I seem to recall reading something about this, but can't find it from the > > archives. > > > > How does one get the username? I wish to set the environment variable > > USERNAME to use it for various applications and scripts. This would be set > > in the login script. The standard Samba variables do not work as the > > Windows client, where the login script executes, is unaware of any Samba > > variables. > > The technique that I use is to set up the netlogon share such that it calls a > perl script as the connection is being setup (specified via the preexec > directive). This script dynamically generates a client-specific logon script > which includes DOS commands to > > * set environment variables > * set up drive and printer mappings (via the net use command) > * call other scripts that perform standard functions > > Per-client configuration information is maintained in a NIS map that the script > queries to determine how to build the script. > > We've been using this technique for about four years with good success. At > some point I plan to move the configuration info into an LDAP directory and do > other enhancements (e.g. NT/W2K support). I'd be happy to share the script as > is (kinda crufty) if there is interest. > > Here's the pertinent parts of smb.conf: > [globals] > ... > domain logons = yes > logon script = scripts\dynamic\%d.bat > ... > > [netlogon] > path = /user/canaan/smb/netlogon > browseable = no > writeable = no > force user = nobody > preexec = /usr/local/tenet/sbin/mklogscript %d %U %M %m %a > postexec = /bin/rm /user/canaan/smb/netlogon/scripts/dynamic/%d.bat > > -- > ------------------------------------------------------------------------- > Charles N. Owens Email: owensc@enc.edu > http://www.enc.edu/~owensc > Network & Systems Administrator > Information Technology Services "Outside of a dog, a book is a man's > Eastern Nazarene College best friend. Inside of a dog it's > too dark to read." - Groucho Marx > ------------------------------------------------------------------------- From ogyland at online.no Fri Jun 9 15:35:45 2000 From: ogyland at online.no (=?iso-8859-1?Q?=D8ystein?= Gyland) Date: Tue Dec 2 02:30:01 2003 Subject: PDC & 2.0.7 ... References: <0b8001bfd225$c7286740$89640107@LeeTaylor> Message-ID: <39410ED1.508C5F1B@online.no> "C.Lee Taylor" wrote: > mmm ... seems that I have not stated my concerns ... Yes, my Win9x > clients are authing against 2.0.7, so it's been used as PDC for Win9x, but > if I understand it, WinNT servers can't auth client connections, so clients > attaching to WinNT need to have accounts on NT server ... right? ... Correct, unless you use Samba TNG (The Next Generation) Alpha versions. -- ?ystein From a.samardzic at racunari.com Fri Jun 9 16:23:52 2000 From: a.samardzic at racunari.com (Aleksandar B. Samardzic) Date: Tue Dec 2 02:30:01 2003 Subject: smbfs mount Message-ID: What is necessary to do after clean Samba TNG-2.5 installation in order to be able to mount Windows shares on Linux machine? I suppose that actually something should be done during the installation and I've tried to use --with-smbwrapper and --with-smbmount flags, but in first case compilation failed and in second case seems like nothing changed after applying the flag. Environment: Samba TNG-2.5 on RedHat Linux 6.2 box acting as PDC for network of WinNT/Win2K workstations. Thanks, Aleksandar From a.samardzic at racunari.com Fri Jun 9 16:23:51 2000 From: a.samardzic at racunari.com (Aleksandar B. Samardzic) Date: Tue Dec 2 02:30:01 2003 Subject: passwords Message-ID: Once again: 1. How to create samba passwords from /etc/passwd (more than 1000 entries there)? 2. How to achieve synchronization between regular Unix and Samba password later (I know for Samba->Unix password synchronization, but what about reverse side)? 3. Is it possible to change Samba password from Windows box (when I try this now, I receive "The system cannot change your password because the domain MYDOMAIN is not available")? Environment: Samba TNG-2.5 on RedHat Linux 6.2 box acting as PDC for network of WinNT/Win2K workstations. Thanks, Aleksandar From ZolnOtt at t-online.de Fri Jun 9 18:47:23 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:01 2003 Subject: Windows Archive Bit In-Reply-To: <000f01bfd21c$6c214460$1601a8c0@gesinc.com> References: <000f01bfd21c$6c214460$1601a8c0@gesinc.com> Message-ID: <00060920532200.00390@zolnott> Hi James! I hope, that I can help you. if you want set or clear an archive bit, you can use: setmode [[+|-]] [r|s|h|a] +: setting -: clearing a: archive r: read-only s: system h: hidden You must use smbclient. Bye, Michael > Hi: > Does anyone know how to handle setting and clearing the archive bit for > files sitting on a samba server. I have RH 6.2 with Samba 2.0.7 as a file > server to windoze clients. I also have a Windoze machine that is my backup > device. THe problem is that I don't know how to clear the archive bit on > the files on the Linux box. As a result, every night when my backup job > runs, It backs up all files instead of just the new and changed files. > > Any ideas. > > James > > -------If you ain't the lead dog, the scenery never changes---------- > BE SURE TO REMOVE THE OBVIOUS ANTI-SPAM STUFF IN MY RETURN ADDRESS > > James W. Beauchamp, P.E. > Global Environmental Solutions, Inc. > 2621 Sandy Plains Road > Suite 102 > Marietta, Georgia 30066 > Phone - 770-579-6097 > Fax - 770-579-6099 > Email - jbeauchamp-at-gesinc.com From ZolnOtt at t-online.de Fri Jun 9 19:01:35 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:01 2003 Subject: sys - Domain Admins In-Reply-To: <200006091431.QAA16511@gremille.insa-rennes.fr> References: <200006091431.QAA16511@gremille.insa-rennes.fr> Message-ID: <00060921044201.00390@zolnott> Hi Gildas! It does not work with username map! First, you have to organize a higher version of your samba (like tng-2.1) Than you must use domain group map and domain user map I hope, that I can help you a little bit Michael > Hi, > > Sure this question have already be posted... > > How can I make a correspondence between the "sys" group of Linux and the > "Domain Admins" group of Samba ? > > I 'have a file domainuser.map where I have placed root="adminstrateur" > and another file domaingroup.map where i have placed sys = "Domain Admins" > > for the first file, in my smb.conf I use : > > username map = domainuser.map > > But I don't know what to use for the second file. > Is anybody has a solution ? > > Gildas From ZolnOtt at t-online.de Fri Jun 9 19:06:56 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:01 2003 Subject: passwords In-Reply-To: References: Message-ID: <00060921253402.00390@zolnott> Hi, I hope, that I can help you. At first: You want to much to know for a e-mail. The best way is, that you buy a book like "Teach Yourself Samba in 24 Hours cat /etc/passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd Than you must put this two lines into smb.conf: update encrypted = yes encrypt passwd = no > 1. How to create samba passwords from /etc/passwd (more than 1000 entries > there)? > > 2. How to achieve synchronization between regular Unix and Samba > password later (I know for Samba->Unix password synchronization, but what > about reverse side)? > look at (smb.conf): unix passwd sync passwd chat passwd chat debug > 3. Is it possible to change Samba password from Windows box (when I try this > now, I receive "The system cannot change your password because the domain > MYDOMAIN is not available")? > > Environment: Samba TNG-2.5 on RedHat Linux 6.2 box acting as PDC for network > of > WinNT/Win2K workstations. > > Thanks, > Aleksandar Bye Michael From David.Bear at asu.edu Fri Jun 9 21:37:16 2000 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:30:01 2003 Subject: Using copying time vice file time (fwd) Message-ID: here's some strangeness regarding file data/time stamps. We're using 2.0.7.. The file copy operation is done from an NT 4 machine using explorer.. Any thoughts? ============= I copied the file 2305plat.cdr to P:\schneid-A\2305 and instead of using the date/time of the file (5/8/2000 1:35) it became 6/9/2000 1:39, the time I copied it. I backed up some other files to Schneid-I\2730 three of which were named 2730book.vp (6/9/2000 9:21), selfig02.cdr (6/9/2000 10:35) and dustin.rtf (6/9/2000 9:21) and they all three retained their correct times. From magnus at hig.se Fri Jun 9 21:54:42 2000 From: magnus at hig.se (Magnus Larsson) Date: Tue Dec 2 02:30:01 2003 Subject: Nis+ and Samba PDC Message-ID: Hi! I'm using Samba 2.0.7 as a PDC and my group accounts is in a NIS+ table. When I go into the "User Manager" and choose "select domain" and try to connect to my samba domain I get the message access denied. Does anyone know what I need to do to fix this? My user and groups lists on the samba server is in NIS+. Doesn't samba work whis this or is there something I might have done wrong? The same thing happens when I try to join the domain in "Server Manager". //Regards Magnus Larsson From David.Bear at asu.edu Fri Jun 9 23:17:57 2000 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:30:01 2003 Subject: samba and afs Message-ID: I'm stuck on what the --with-afs support actually does to/for samba. Does it allow an smb to afs gateway? If so, can arla be used as the afs client and samba used to reshare afs mounts? Since afs require kerberos, will it cause samba to use kerberos for authentication, bypassing smbpasswd? If samba can be used to gateway to afs, does the smb session hold the kerberos ticket for afs authentication? Where is the kerb ticket held? David Bear College of Public Programs/ASU From mscw at cablelan.net Sat Jun 10 01:16:23 2000 From: mscw at cablelan.net (Ross Davis) Date: Tue Dec 2 02:30:01 2003 Subject: When will the links be fixed on the samba web page? Message-ID: <01ab01bfd279$7e4cc760$93528e8b@cablelan> I trying to get samba up and working as a PDC and I am having not able to access many of the links on the samba web page. I am hoping to not have to ask all of you a lot of stupid questions that have been answered a lot of times already. Are there any good step by step how-to's on setting samba as PDC? -------------- next part -------------- HTML attachment scrubbed and removed From mscw at cablelan.net Sat Jun 10 02:59:30 2000 From: mscw at cablelan.net (Ross Davis) Date: Tue Dec 2 02:30:01 2003 Subject: Samba-TNG Message-ID: <01c301bfd287$e5d32060$93528e8b@cablelan> Where do I get SAMBA TNG? yes I'm a newbie - does it show? -------------- next part -------------- HTML attachment scrubbed and removed From gcarter at valinux.com Sat Jun 10 04:28:03 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:01 2003 Subject: Samba-TNG References: <01c301bfd287$e5d32060$93528e8b@cablelan> Message-ID: <3941C3D3.80663BF2@valinux.com> > Ross Davis wrote: > > Where do I get SAMBA TNG? ftp://ftp.samba.org/pub/samba/alpha or via anonymous CVS withthe tag SAMBA_TNG (see http://www.samba.org/cvs.html for details). > yes I'm a newbie - does it show? Not a bit :-) Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From rink at springer.cx Sat Jun 10 05:29:05 2000 From: rink at springer.cx (Rink Springer) Date: Tue Dec 2 02:30:01 2003 Subject: Samba-TNG References: <013001d40063$d63273e0$0b00000a@evolution> Message-ID: <002001bfd29c$cb0f1e40$3400000a@aurum> ----- Original Message ----- From: Christopher Johnston To: Multiple recipients of list SAMBA-NTDOM Sent: Saturday, June 10, 2000 4:42 AM Subject: Samba-TNG >> Hi, Yup, I've installed TNG on FreeBSD 4.0-RELEASE. Always use the default (/usr/local/samba), that works. I've only got problems with my Windoze clients, they cannot connect for some reason (passwords are never correct). --Rink << Anyone install Samba TNG on a FreeBSD 4.0 boxen yet? Just curious on some reccommend locations to install it properly.. /usr/local/samba? Christopher Johnston System Analyst Salomon Smith Barney New York, NY From AVShutko at mail.khstu.ru Sat Jun 10 07:40:18 2000 From: AVShutko at mail.khstu.ru (A.V.Shutko) Date: Tue Dec 2 02:30:01 2003 Subject: NT - PDC and SambaTNG as BDC.... Message-ID: <11777.000610@mail.khstu.ru> Hello, is there any way to get Samba BDC worked with NT Server PDC ? I was trying following configuration: 1) Added BDC account with SVRMGR.EXE 2) make install tng-2.5.3 3) smb.conf netbios name = MBDC domain logons = yes security = user password server = MAIN .... When I start it - NT server defines it as Windows NT 4.0 Primary and it can process domain logons, but it can't sync password database.. :( May be anybody make this configuration work ? A.V.Shutko mailto:AVShutko@mail.khstu.ru From peter at cadcamlab.org Sat Jun 10 08:21:59 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:01 2003 Subject: Locking problem in configuring TNG-2.5.2 References: <00060710072903.00705@odin.sphenisci.com> Message-ID: <14657.64145.928033.844070@wire.cadcamlab.org> [ZEN el GUAY ] > I got this problem with TNG 2.5.2, when doing a standard configure > > ERROR: No locking available. Running Samba would be unsafe > configure: error: summary failure. Aborting config Try configuring as the root user. Does that help? Peter From mg at plum.de Sat Jun 10 08:23:06 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:01 2003 Subject: NT - PDC and SambaTNG as BDC.... References: <11777.000610@mail.khstu.ru> Message-ID: <001301bfd2b5$1a4d99b0$0704010a@plum.int> > 1) Added BDC account with SVRMGR.EXE > 2) make install tng-2.5.3 > 3) smb.conf > netbios name = MBDC > domain logons = yes > security = user > password server = MAIN > .... > > When I start it - NT server defines it as Windows NT 4.0 Primary > and it can process domain logons, > but it can't sync password database.. :( > > May be anybody make this configuration work ? don't use 2.5.3. it is kinda broken, better go back to 2.5, it is known to work at least sometimes *grin* ;) (although in 2.5 you can't change passwords ... ;() regards, Michael -- http://www.sambahq.de/ From Marcin_Jakubowski at internetia.pl Sat Jun 10 11:54:48 2000 From: Marcin_Jakubowski at internetia.pl (Marcin Jakubowski) Date: Tue Dec 2 02:30:01 2003 Subject: Wins Server... In-Reply-To: <200006060914.SAA00837@mail.xavier.sa.edu.au> Message-ID: On Tue, 6 Jun 2000, Matthew Geddes wrote: > Date: Tue, 6 Jun 2000 20:42:00 +1000 > From: Matthew Geddes > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Wins Server... > > Quoting isyn@isi.wat.waw.pl: > > > I have one short question. > > If I have Samba (192.168.4.254) configured to use > external wins server. > > And my Windows 98 clients are configured to use > 192.168.4.254 as a Wins > > Server. Does my Samba forward packets to external WINS > server? > > I believe that: > > wins support = yes > and > wins server = x.x.x.x > I have the same problem two samba servers with wins share their names, but in ther third network i have real TN and this NT can't see my wins server and I can't see shares on NT. I can use Lmhost but it works onyl forl samba domains not for NT. Any ideas what is wrong ? -- Marcin Jakubowski, InterNetia Telekom .''`. mailto:jakubowski@szczecin.top.pl : :' : `. `' `- From vs at lasp.npi.msu.su Sat Jun 10 15:18:55 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:30:01 2003 Subject: preexec Message-ID: I need feature like preexec but for session. It should be script executed every time when user logon like logon script but on server side. Using preexec in homes or netlogon for this purposes is not suitable because homes are reconnecting immediately after logoff and netlogon retain connected for a 20 minutes after logon even if user are already logoff. Any idea? From lynn at cis.usouthal.edu Sat Jun 10 15:48:52 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:30:01 2003 Subject: preexec In-Reply-To: Message-ID: What I do to try to get a log of who has logged on and off of the machine is that I force in their logon script a certain share to be mapped using net use, and use preexec for that share. I'm not sure if it's totally accurate, but so far it seems to report correctly when a user logs on and off. Keith Lynn On Sun, 11 Jun 2000, Vladimir Stavrinov wrote: > > I need feature like preexec but for session. It should be script executed > every time when user logon like logon script but on server side. Using > preexec in homes or netlogon for this purposes is not suitable because > homes are reconnecting immediately after logoff and netlogon retain > connected for a 20 minutes after logon even if user are already logoff. > Any idea? > > > From vs at lasp.npi.msu.su Sat Jun 10 15:57:48 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:30:01 2003 Subject: preexec In-Reply-To: Message-ID: On Sat, 10 Jun 2000, Keith Lynn wrote: > What I do to try to get a log of who has logged on and off of the machine > is that I force in their logon script a certain share to be mapped using I was aware of this possibility but I don't want make special share for this purpose only as well as I don't want to use logon script at all. I think explicit feature should be added. From kevinc at grainsystems.com Sat Jun 10 23:40:45 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:01 2003 Subject: preexec References: Message-ID: <3942D1FD.3227DB8A@grainsystems.com> IIRC, wasn't the problem of not disconnecting home a client issue that affects all shares--not just home? Would that have ramifications for something like this? - Kevin Colby kevinc@grainsystems.com Vladimir Stavrinov wrote: > > I need feature like preexec but for session. It should be script executed > every time when user logon like logon script but on server side. Using > preexec in homes or netlogon for this purposes is not suitable because > homes are reconnecting immediately after logoff and netlogon retain > connected for a 20 minutes after logon even if user are already logoff. > Any idea? From ZolnOtt at t-online.de Sun Jun 11 05:21:19 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:01 2003 Subject: Wins Server... In-Reply-To: References: Message-ID: <00061107242701.01059@zolnott> Hi guys. I hope, that I can help you. You can use only one of this two icons: wins support = yes OR! wins server = x.x.x.x I work with wins support and I do not have any problems Bye Michael > On Tue, 6 Jun 2000, Matthew Geddes wrote: > > > Date: Tue, 6 Jun 2000 20:42:00 +1000 > > From: Matthew Geddes > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: Wins Server... > > > > Quoting isyn@isi.wat.waw.pl: > > > > > I have one short question. > > > If I have Samba (192.168.4.254) configured to use > > external wins server. > > > And my Windows 98 clients are configured to use > > 192.168.4.254 as a Wins > > > Server. Does my Samba forward packets to external WINS > > server? > > > > I believe that: > > > > wins support = yes > > and > > wins server = x.x.x.x > > > > I have the same problem two samba servers with wins share their names, but > in ther third network i have real TN and this NT can't see my wins server and I > can't see shares on NT. I can use Lmhost but it works onyl forl samba domains > not for NT. > > Any ideas what is wrong ? > > > -- > Marcin Jakubowski, InterNetia Telekom .''`. > mailto:jakubowski@szczecin.top.pl : :' : > `. `' > `- From ZolnOtt at t-online.de Sun Jun 11 05:08:35 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:01 2003 Subject: Nis+ and Samba PDC In-Reply-To: References: Message-ID: <00061107151900.01059@zolnott> Hi Magnus! I hope, that I can help you. In my book (Teach Yourself Samba in 24 Hours), the author write, that it works. On my server it works with NIS. I believe, that you have any other problem. Have you control your smbpasswd-file. Bye, Michael > Hi! > > I'm using Samba 2.0.7 as a PDC and my group accounts is in a NIS+ table. > When I go into the "User Manager" and choose "select domain" and try to > connect to my samba domain I get the message access denied. Does anyone > know what I need to do to fix this? My user and groups lists on the samba > server is in NIS+. Doesn't samba work whis this or is there something I > might have done wrong? The same thing happens when I try to join the > domain in "Server Manager". > > //Regards Magnus Larsson From ZolnOtt at t-online.de Sun Jun 11 05:31:41 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:01 2003 Subject: When will the links be fixed on the samba web page? In-Reply-To: <01ab01bfd279$7e4cc760$93528e8b@cablelan> References: <01ab01bfd279$7e4cc760$93528e8b@cablelan> Message-ID: <00061107423802.01059@zolnott> Hi! I hope, that I can help you a little bit. I do not know, whether it exists a Howto. I try to give you some answers. 1. Make an users without a passwd, who named like the of the WinNt-PC in /etc/passwd it looks like this: $:*:10000:1000:WinNT trust account:/dev/null:/bin/false The best way is to write it directly into your passwd-file 2. /usr/local/samba/bin/smbpasswd -a -m That´s all on your samba-server Than you go to your WinNT-pc and connect your samba-server-domain Note: This are only the steps to connect a domain. I do not say anything about the rest like smb.conf Bye Michael > > I trying to get samba up and working as a PDC and I am having not able to access many of the links on the samba web page. I am hoping to not have to ask all of you a lot of stupid questions that have been answered a lot of times already. > > Are there any good step by step how-to's on setting samba as PDC? > > > ---------------------------------------- Content-Type: text/html; name="unnamed" Content-Transfer-Encoding: quoted-printable Content-Description: ---------------------------------------- From lkcl at samba.org Sun Jun 11 08:03:52 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:02 2003 Subject: NT - PDC and SambaTNG as BDC.... In-Reply-To: <11777.000610@mail.khstu.ru> Message-ID: you're missing encrypt passwords = yes. On Sat, 10 Jun 2000, A.V.Shutko wrote: > Hello, is there any way to get Samba BDC worked with NT Server PDC ? > I was trying following configuration: > > 1) Added BDC account with SVRMGR.EXE > 2) make install tng-2.5.3 > 3) smb.conf > netbios name = MBDC > domain logons = yes > security = user > password server = MAIN > .... > > When I start it - NT server defines it as Windows NT 4.0 Primary > and it can process domain logons, > but it can't sync password database.. :( > > May be anybody make this configuration work ? > > A.V.Shutko mailto:AVShutko@mail.khstu.ru > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From rink at springer.cx Sun Jun 11 08:49:16 2000 From: rink at springer.cx (Rink Springer) Date: Tue Dec 2 02:30:02 2003 Subject: Boxes cannot domain logon Message-ID: <002101bfd381$ecfcdde0$3400000a@aurum> Hi everyone! I run Samba-TNG 2.5 on a FreeBSD 4.0-RELEASE box. All works fine now, but I cannot do domain logins to the Samba box. I've tried a Windows 2000 and Windows 98 box, but both fail to recognise the box as domain master. A Linux box that runs Samba 2.0.6, however, indicates the box as master. nmbd says in it's logfile that it has become domain master. I've attached my smb.conf file. Please help me! Thanks! --Rink -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 677 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000611/e05591ca/smb.obj From isyn at isi.wat.waw.pl Sun Jun 11 09:15:00 2000 From: isyn at isi.wat.waw.pl (isyn@isi.wat.waw.pl) Date: Tue Dec 2 02:30:02 2003 Subject: Wins Server... In-Reply-To: <00061107242701.01059@zolnott> Message-ID: > Hi guys. > > I hope, that I can help you. > > You can use only one of this two icons: > wins support = yes > OR! > wins server = x.x.x.x Yes I know this....but I want to know does my smbd will forward clients question. Example: My ip is 192.168.3.3 I have set wins server= 192.168.4.100 Windows machine in my LAN have set WINS to 192.168.3.3 ( which realy is not the wins ) Do windows machines question will be forwarded to 192.168.4.100 or my server (192.168.3.3) will answer this? Sorry for my english:) -- ROBERT MAGIER From peter at cadcamlab.org Sun Jun 11 13:48:02 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:02 2003 Subject: stupid question... References: <393E1C58.E4B7C328@additive-net.de> Message-ID: <14659.38838.920403.125837@wire.cadcamlab.org> [Ondrej Hanak ] > :) Try bunzip2 -> man bunzip2. > In RH Linux part of distribution... Very helpful if the reader isn't using Red Hat Linux. (Believe it or not, there are still a few of us out there that use *other* *distributions* of Linux, or, shock horror, even *non-Linux* versions of Unix.) ftp://sourceware.cygnus.com/pub/bzip2/ Peter From peter at cadcamlab.org Sun Jun 11 13:55:56 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:02 2003 Subject: win2k.. References: <393E8EC7.78346603@cup.edu> <393F9B8F.D7011584@ic.ac.uk> Message-ID: <14659.39447.127956.526296@wire.cadcamlab.org> [Phil Mayers ] > This is a VERY-FAQ. Could a huge, mile high banner please be posted > on the Samba website to the effect that Samba 2.0.x as a domain > controller doesn't work with Win2k? Alternatively, someone needs to come up with a procmail recipe that recognizes the Win2k-with-Samba-2.0-as-PDC? post, intercepts it on the way to the list server, and autoresponds with a canned blurb. (: Peter From davisson at qwikdox.com Sun Jun 11 13:32:44 2000 From: davisson at qwikdox.com (David M. Davisson) Date: Tue Dec 2 02:30:02 2003 Subject: Nis+ and Samba PDC References: Message-ID: <394394FC.489A96ED@qwikdox.com> Magnus Larsson wrote: > > Hi! > > I'm using Samba 2.0.7 as a PDC and my group accounts is in a NIS+ table. > When I go into the "User Manager" and choose "select domain" and try to > connect to my samba domain I get the message access denied. Does anyone > know what I need to do to fix this? My user and groups lists on the samba > server is in NIS+. Doesn't samba work whis this or is there something I > might have done wrong? The same thing happens when I try to join the > domain in "Server Manager". > > //Regards Magnus Larsson Magnus, I use Samba 2.0.5 on several Solaris 7 machines running NIS+. I do not use Samba as a PDC. To get NIS+ group control to work you must pay attention to two details, the /etc/nsswitch.conf file and properly adding users to group membership. The standard line in nsswitch.conf for NIS+ should read: group files nisplus This means that it will look up the _group_ first in /etc/group and then the NIS+ group file. If you have the group name in _both_ /etc/group and NIS+ group, it will check for user membership in /etc/group only. If the user is not a member of /etc/group, access will be denied. It might be that your user is in NIS+ group and not /etc/group. A proper NIS+ setup should only have machine specific local groups for administrative users in /etc/group, all other normal user groups should only be listed in NIS+ group. Lastly, if you are going to run Samba as a PDC on NIS+, you will need to have a smbpasswd file somewhere. You have two options, use the utilities from the Samba distribution to create a file based smbpasswd file, or there is also included with the distribution a utility to setup smbpasswd in an NIS+ table. -- David M. Davisson QwikdoX davisson@qwikdox.com From peter at cadcamlab.org Sun Jun 11 14:32:03 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:02 2003 Subject: passwords & smbfs mounting References: Message-ID: <14659.39854.29.879730@wire.cadcamlab.org> [Aleksandar B. Samardzic ] > I guess following questions are asked zillion times before, but > someone should really fix up this > http://us1.samba.org/listproc/samba-ntdom/ link... I'm about this close | | to getting up off my lazy butt and adding the Samba lists to a local mhonarc server. What's keeping me from doing it is mostly a lack of desire to track down, evaluate, install and configure a search engine for it. Anyone know one that's easy to set up? > 1. How to create samba passwords from /etc/passwd (more than 1000 > entries there)? smbpasswd. It won't create passwords, just an empty smbpasswd file. (Creating LM-encrypted passwords from DES-encrypted passwords is supposed to be a very hard problem, mathematically speaking.) You will have to run with encryption=no for the time being. Samba has a migration option (look up smb.conf for details) which lets you run with encryption=no but whenever a user changes his password the new one gets stored in smbpasswd, so that you can switch to encryption=yes later on, after everyone has changed passwords at least once. > How to achieve synchronization between regular Unix and Samba > password later (I know for Samba->Unix password synchronization, but > what about reverse side)? Assuming you use PAM (which I used to think was Linux/Solaris-specific, until I saw it recently in HP-UX 11.00), it's a simple matter of writing a small shared library to accomplish this -- see the PAM API -- and pointing to it in your /etc/pam.conf or /etc/pam.d/passwd file. I don't know if this has been written. If nobody tells me that it has, I might invest a few hours into learning the API and doing it myself. (My TODO list, unfortunately, greatly resembles the front half of a FIFO.) > 2. What is necessary to do after clean Samba TNG-2.5 installation in > order to be able to mount Windows shares on Linux machine? I suppose > that actually something should be done during the installation and > I've tried to use --with-smbwrapper and --with-smbmount flags, but in > first case compilation failed and in second case seems like nothing > changed after applying the flag. Try simply compiling smbmount from 2.0.7. From what little I know of these matters, the smbmount client and the Samba server should keep pretty much out of each other's way. The only issue I foresee is that smbmount might complain about unknown parameters in smb.conf -- so compile it with a different path for smb.conf. Peter From ed at schernau.com Sun Jun 11 19:29:34 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:02 2003 Subject: stupid question... References: <393E1C58.E4B7C328@additive-net.de> <14659.38838.920403.125837@wire.cadcamlab.org> Message-ID: <3943E89E.653A5@schernau.com> Peter Samuelson wrote: > > [Ondrej Hanak ] > > :) Try bunzip2 -> man bunzip2. > > In RH Linux part of distribution... > > Very helpful if the reader isn't using Red Hat Linux. (Believe it or > not, there are still a few of us out there that use *other* > *distributions* of Linux, or, shock horror, even *non-Linux* versions > of Unix.) Perfect! Thanks for the sanity check Peter. =8-) Next we'll be hearing that RedHat invented Linux. My personal favorite is when people say they're running "Linux 6.1" -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From vs at lasp.npi.msu.su Sun Jun 11 10:33:20 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:30:02 2003 Subject: preexec In-Reply-To: <3942D1FD.3227DB8A@grainsystems.com> Message-ID: On Sun, 11 Jun 2000, Kevin Colby wrote: > > IIRC, wasn't the problem of not disconnecting home a client issue > that affects all shares--not just home? Would that have ramifications > for something like this? When user logof his homes disconnect as it should does, but reconnecting again immediately (be sure after 1 minute). If You have preexec in home it will be executed in this case that is not good. The netlogon left connected for a 20 minute after logon, and if then current user logof, next user logon before this period expire, netlogon will not be reconnected (remain connected from previous user). If there are preexec in netlogon it will not be executed for this user, that already is very bad. Only these two shares have this "features", while all others "normal" shares should working correctly. But ordinary shares are not necessarily connecting within session and as so are not suitable for "session" preexec. From ken at hudat.com Sun Jun 11 23:58:13 2000 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:30:02 2003 Subject: stupid question... In-Reply-To: <3943E89E.653A5@schernau.com> Message-ID: On Mon, 12 Jun 2000, Edward Schernau wrote: > Peter Samuelson wrote: > > > > [Ondrej Hanak ] > > > :) Try bunzip2 -> man bunzip2. > > > In RH Linux part of distribution... > > > > Very helpful if the reader isn't using Red Hat Linux. (Believe it or > > not, there are still a few of us out there that use *other* > > *distributions* of Linux, or, shock horror, even *non-Linux* versions > > of Unix.) > > Perfect! Thanks for the sanity check Peter. =8-) > > Next we'll be hearing that RedHat invented Linux. My personal > favorite is when people say they're running "Linux 6.1" yeah! especially since EVERYONE knows that the latest one is Linux 6.2 ;) -peace --- BEGIN GEEK CODE BLOCK ------------+----------- GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree." O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake y*(+) ------ END GEEK CODE BLOCK -----+ From dobcon at yahoo.com Sun Jun 11 03:57:30 2000 From: dobcon at yahoo.com (Yahoo) Date: Tue Dec 2 02:30:02 2003 Subject: subscribe Message-ID: <000401bfd359$4185c8a0$0ac8a8c0@dbar.dbar> I Would like to subscribe to you newsletter about using Linux as an NT PDC Daniel Dobbins dobcon@yahoo.com __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com From peter at cadcamlab.org Mon Jun 12 04:48:47 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:02 2003 Subject: stupid question... References: <393E1C58.E4B7C328@additive-net.de> <14659.38838.920403.125837@wire.cadcamlab.org> <3943E89E.653A5@schernau.com> Message-ID: <14660.27408.919476.433847@wire.cadcamlab.org> [Edward Schernau ] > Next we'll be hearing that RedHat invented Linux. My personal > favorite is when people say they're running "Linux 6.1" Nah, even better is when they omit the OS entirely. Redundant, you know, since everyone knows there's only one OS that runs Samba. (: Peter From jojowil at hvcc.edu Mon Jun 12 12:12:01 2000 From: jojowil at hvcc.edu (William Jojo) Date: Tue Dec 2 02:30:02 2003 Subject: preexec References: Message-ID: <3944D391.A7415039@hvcc.edu> I posted a related question (I believe on the samba list, not here) a few weeks back. I noticed that NT seemed to "run home to mamma" after realizing no one wanted to play any more. I did not see, however, the netlogon share reconnect - only homes - as this is where I have my problem. I usually only see netlogon connect *after* successful authentication, but I'll have to back to be sure. Anyone know why windows goes running home to mamma? And why does it reconnect the homes share as the previous user when waiting for someone to logon? Thanks, Bill Vladimir Stavrinov wrote: > > On Sun, 11 Jun 2000, Kevin Colby wrote: > > > > > IIRC, wasn't the problem of not disconnecting home a client issue > > that affects all shares--not just home? Would that have ramifications > > for something like this? > > When user logof his homes disconnect as it should does, but reconnecting > again immediately (be sure after 1 minute). If You have preexec in home it > will be executed in this case that is not good. > > The netlogon left connected for a 20 minute after logon, and if then > current user logof, next user logon before this period expire, netlogon > will not be reconnected (remain connected from previous user). If there > are preexec in netlogon it will not be executed for this user, that > already is very bad. > > Only these two shares have this "features", while all others "normal" > shares should working correctly. But ordinary shares are not necessarily > connecting within session and as so are not suitable for "session" > preexec. -- /------------------------------------------------------\ | | | William E. Jojo, Jr. | | | | Senior Systems and Network Specialist | | | | Hudson Valley Community College | | | | (518) 629 7540 | | | | jojowil@hvcc.edu | | | \------------------------------------------------------/ So I held my up high Hiding hate that burns inside Which only fuels their selfish pride We're all held captive out from the sun A sun that shines on only some We the meek are all in one From wilson at coms.com Mon Jun 12 15:48:07 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:30:02 2003 Subject: SAMBA_TNG_2_5_GOOD as NT-PDC solution (Part II) Message-ID: <39450637.B7F8DBD6@coms.com> N.B. The following setup is for experimental purpose only. -------------------------------------- (I) Basic System Information: (i) Dual Intel Pentium III 600MHz (ii) 256M SDRAM (iii) Core O/S (as Samba Server 'mole'): Debian GNU/Linux Potato (2.2) w/ kernel 2.2.15 SMP enabled (iv) VMware 2.0 (v) Guest O/S (as virtual client 'koala'): Windows NT4.0 w/ SP5 -------------------------------------- (II) /usr/local/samba/lib/smb.conf: [global] workgroup = YAU netbios name = mole server string = Samba %v on %L guest account = smbguest security = user encrypt passwords = yes unix password sync = false passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sU\NIX\spassword:* %n\n . username map = /usr/local/samba/private/usermap map to guest = bad user admin users = root hosts allow = 192.168.1. 127.0.0.1 local master = yes os level = 255 domain master = yes preferred master = yes domain logons = yes logon drive = H: logon home = \\%L\%U logon path = \\%L\profile\%U logon script = login.bat printing = lprng printcap name = /etc/printcap load printers = yes log level = 2 syslog only = no syslog = 0 max log size = 1000 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=40\96 time server = yes wins support = no name resolve order = lmhosts host wins bcast dns proxy = no preserve case = yes short preserve case = yes [homes] comment = Home Directories browseable = no read only = no [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon guest ok = no writable = no browseable = no [profile] comment = Windows-User-Profiles path = /usr/local/samba/profile browseable = no writeable = yes # A read-only 'SHARE' without password [pub] path = /home/ftp/pub guest ok = yes read only = yes # A read-write public 'SHARE' without password [public] comment = open public share (password is not required) path = /home/samba/public guest ok = yes guest only = yes read only = no # A read-write public 'SHARE' requiring password [staff] comment = exclusive public share (password is required) path = /home/samba/staff guest ok = no read only = no valid users = +staffr +staffw read list = +staffr write list = +staffw #Printers' Share # [printers] comment = All Printers from /etc/printcap browseable = no path = /home/samba/tmp printable = yes public = no writable = no create mode = 0700 From wilson at coms.com Mon Jun 12 15:48:03 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:30:02 2003 Subject: SAMBA_TNG_2_5_GOOD as NT-PDC solution (Part I) Message-ID: <39450633.12FE8150@coms.com> Thank you for all of your tips, advice & help, those replying to 'PDC user authentication' several days ago. As all of you may have already known, the ALPHA release 2.5.3 is not yet ready (broken), FYI, I don't have those problems now when running SAMBA_TNG_2_5_GOOD. However, there are some error messages in different log files. Do anyone know what do they mean? (Something really need to be fixed or Can just ignore them?). If anyone could give me some hints on which documentation to find out the relevant answers, I would be very grateful. Here are the collections of the error log meesages I've got: 1.) from /usr/local/samba/var/log.smb .. ....... .......... Failed to set socket option SO_KEEPALIVE (Error Socket operation on non-socket) Failed to set socket option IPTOS_LOWDELAY (Error Socket operation on non-socket) Failed to set socket option TCP_NODELAY (Error Socket operation on non-socket) Failed to set socket option SO_SNDBUF (Error Socket operation on non-socket) Failed to set socket option SO_RCVBUF (Error Socket operation on non-socket) file_init: Information only: requested 10000 open files, 1014 are available. waiting for a connection 2.) from /usr/local/samba/var/log.svcctl wilson@mole:~$ tail -f /usr/local/samba/var/log.svcctl Processing section "[printers]" added interface ip=192.168.1.60 bcast=192.168.1.255 nmask=255.255.255.0 added interface ip=172.16.136.1 bcast=172.16.136.255 nmask=255.255.255.0 create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/svcctl perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/svcctl failed waiting for a connection 3.) /usr/local/samba/var/log.lsarpc ... ....... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/lsarpc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/lsarpc failed waiting for a connection 4.) from /usr/local/samba/var/log.netlogon ... ...... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/netlogon perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/netlogon failed waiting for a connection 5.) from /usr/local/samba/var/log.srvsvc .. ... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/srvsvc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/srvsvc failed waiting for a connection 6.) from /usr/local/samba/var/log.wkssvc ... ..... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/wkssvc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/wkssvc failed waiting for a connection 7.) from /usr/local/samba/var/log.samr .... ....... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/samr perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/samr failed waiting for a connection 8.) from /usr/local/samba/var/log.winreg ... ....... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/winreg perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/winreg failed waiting for a connection 9.) from /usr/local/samba/var/log.browser ... ........ create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/browser perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/browser failed waiting for a connection 10.) from /usr/local/samba/var/log.spoolss .... ........ create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/spoolss perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/spoolss failed waiting for a connection 11.) During log-in in NT client, \\MOLE\NETLOGON\logon .bat displayed the following: "Setting Current Time... Current time at \\mole is 06/12/00 4:41 PM System error 1314 has occurred. A required privilege is not held by the client." Sorry, I know its a lot! Thank you very much for all your attention & help! Wilson : ) N.B. I'll enlose my smb.conf file & my brief system information in another email closely followed this one. From BBatchelder at ConnectWise.com Mon Jun 12 16:00:50 2000 From: BBatchelder at ConnectWise.com (Bryan Batchelder) Date: Tue Dec 2 02:30:02 2003 Subject: SAMBA_TNG_2_5_GOOD as NT-PDC solution (Part I) Message-ID: <71D416F696C9D111A14100A0C99035600256A07A@ex.mis1.com> Well, as far as your setting of the time (Problem #11).....does the user logging in to the NT box have permissions to change the system time? I have run into this problem before with a 'real' NT server trying to do time sync on login....I just ended up setting up a service in NT that does NTP. --b -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Wilson Yau Sent: Monday, June 12, 2000 11:55 AM To: Multiple recipients of list SAMBA-NTDOM Subject: SAMBA_TNG_2_5_GOOD as NT-PDC solution (Part I) Thank you for all of your tips, advice & help, those replying to 'PDC user authentication' several days ago. As all of you may have already known, the ALPHA release 2.5.3 is not yet ready (broken), FYI, I don't have those problems now when running SAMBA_TNG_2_5_GOOD. However, there are some error messages in different log files. Do anyone know what do they mean? (Something really need to be fixed or Can just ignore them?). If anyone could give me some hints on which documentation to find out the relevant answers, I would be very grateful. Here are the collections of the error log meesages I've got: 1.) from /usr/local/samba/var/log.smb .. ...... ......... Failed to set socket option SO_KEEPALIVE (Error Socket operation on non-socket) Failed to set socket option IPTOS_LOWDELAY (Error Socket operation on non-socket) Failed to set socket option TCP_NODELAY (Error Socket operation on non-socket) Failed to set socket option SO_SNDBUF (Error Socket operation on non-socket) Failed to set socket option SO_RCVBUF (Error Socket operation on non-socket) file_init: Information only: requested 10000 open files, 1014 are available. waiting for a connection 2.) from /usr/local/samba/var/log.svcctl wilson@mole:~$ tail -f /usr/local/samba/var/log.svcctl Processing section "[printers]" added interface ip=192.168.1.60 bcast=192.168.1.255 nmask=255.255.255.0 added interface ip=172.16.136.1 bcast=172.16.136.255 nmask=255.255.255.0 create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/svcctl perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/svcctl failed waiting for a connection 3.) /usr/local/samba/var/log.lsarpc .. ...... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/lsarpc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/lsarpc failed waiting for a connection 4.) from /usr/local/samba/var/log.netlogon .. ..... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/netlogon perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/netlogon failed waiting for a connection 5.) from /usr/local/samba/var/log.srvsvc .. .. create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/srvsvc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/srvsvc failed waiting for a connection 6.) from /usr/local/samba/var/log.wkssvc .. .... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/wkssvc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/wkssvc failed waiting for a connection 7.) from /usr/local/samba/var/log.samr ... ...... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/samr perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/samr failed waiting for a connection 8.) from /usr/local/samba/var/log.winreg .. ...... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/winreg perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/winreg failed waiting for a connection 9.) from /usr/local/samba/var/log.browser .. ....... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/browser perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/browser failed waiting for a connection 10.) from /usr/local/samba/var/log.spoolss ... ....... create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/spoolss perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/spoolss failed waiting for a connection 11.) During log-in in NT client, \\MOLE\NETLOGON\logon .bat displayed the following: "Setting Current Time... Current time at \\mole is 06/12/00 4:41 PM System error 1314 has occurred. A required privilege is not held by the client." Sorry, I know its a lot! Thank you very much for all your attention & help! Wilson : ) N.B. I'll enlose my smb.conf file & my brief system information in another email closely followed this one. -------------- next part -------------- HTML attachment scrubbed and removed From r_huelsmann at ish.de Mon Jun 12 21:36:49 2000 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:30:02 2003 Subject: help Message-ID: <005201bfd4b6$50cecdd0$3401a8c0@workstation_1a> subscripe From GLeblanc at cu-portland.edu Mon Jun 12 21:47:46 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:30:02 2003 Subject: Who writes the docs? Message-ID: I was just going back and reading the samba man pages (not TNG just 2.0.6), and they're a wee bit confusing, not to mention making War and Peace look like a short story. :-) So, who writes these, and are they open to some contructive critisms, as well as partial re-writes, especially of the ULTRA confusing section on the 'security=' section. Greg From helas at rbg.informatik.tu-darmstadt.de Mon Jun 12 21:52:32 2000 From: helas at rbg.informatik.tu-darmstadt.de (Martin Helas) Date: Tue Dec 2 02:30:02 2003 Subject: Who writes the docs? In-Reply-To: Message-ID: There is a Mailing List called Samba-Docs@samba.org Just have a look on the samba webpage und subscribe there !! On Tue, 13 Jun 2000, Gregory Leblanc wrote: > I was just going back and reading the samba man pages (not TNG just 2.0.6), > and they're a wee bit confusing, not to mention making War and Peace look > like a short story. :-) So, who writes these, and are they open to some > contructive critisms, as well as partial re-writes, especially of the ULTRA > confusing section on the 'security=' section. > Greg > From list-samba-ntdom at faerber.muc.de Mon Jun 12 11:30:00 2000 From: list-samba-ntdom at faerber.muc.de (=?ISO-8859-1?Q?Claus_F=E4rber?=) Date: Tue Dec 2 02:30:02 2003 Subject: pam_smbpasswd (was: passwords) In-Reply-To: <00060921253402.00390@zolnott> Message-ID: <7fkvRulocDB@faerber.muc.de> Andrea Zolnhofer & Michael Ott schrieb/wrote: >> 2. How to achieve synchronization between regular Unix and Samba >> password later (I know for Samba->Unix password synchronization, but what >> about reverse side)? >> > look at (smb.conf): > unix passwd sync > passwd chat > passwd chat debug Wrong answer. Please read the question. The best solution IMO is using pam_smbpasswd (ie completly replacing /etc/shadow by /etc/smbpasswd). However, I wasn't able to find a working/compileable version, especially as the CVS dir on cvs.samba.org is empty. Claus -- begin 666 LOVE-LETTER-FOR-YOU.TXT.vbs I'm a signature virus. Copy me! end http://www.faerber.muc.de From list-samba-ntdom at faerber.muc.de Mon Jun 12 11:29:00 2000 From: list-samba-ntdom at faerber.muc.de (=?ISO-8859-1?Q?Claus_F=E4rber?=) Date: Tue Dec 2 02:30:02 2003 Subject: Windows Archive Bit In-Reply-To: <00060920532200.00390@zolnott> Message-ID: <7fkvRUU3cDB@faerber.muc.de> Andrea Zolnhofer & Michael Ott schrieb/wrote: > if you want set or clear an archive bit, you can use: > setmode [[+|-]] [r|s|h|a] > +: setting > -: clearing > a: archive > r: read-only > s: system > h: hidden > > You must use smbclient. Do you ever read the questions? The question was not how to change the archive bit from a samba client but how to have a samba server simulate an archive bit which a DOS/Windows backup programme needs. Samba can map the archive bit to other permission bits, see smb.conf(5) and search for "archive". Claus -- begin 666 LOVE-LETTER-FOR-YOU.TXT.vbs I'm a signature virus. Copy me! end http://www.faerber.muc.de From IT.Security at icl.com Mon Jun 12 23:02:31 2000 From: IT.Security at icl.com (IT.Security@icl.com) Date: Tue Dec 2 02:30:02 2003 Subject: Network Associates Webshield - e-mail Content Alert Message-ID: <200006122201.XAA00268@mailgate.icl.co.uk> A message from has not been delivered to the recipient as ICL does not accept mail with VBS attachments. From r_huelsmann at ish.de Mon Jun 12 22:31:07 2000 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:30:02 2003 Subject: problem with samba an windows 2000 Message-ID: <006501bfd4bd$e6888f80$3401a8c0@workstation_1a> hi ! i?m working on setting up a pdc who can serv w2k-clients. since i had good expirience with suse 6.3 and the samba on it, it tried that. no luck... ok, just put the samba 2.0.7 on it and the type of error message changed.. now i get a "die angegebenen anmeldeinfomationen stehen mit den vorhandenen anmeldeinformationen in konflikt".. what means, taht my logon-infomartion doesn?t seem to be korrekt. there?s no entry in the logs on standard debug level (realy, 0 entry) in my opinion, that doesn?t seem to bad... maybe there?s realy something wroung with a account.. ?!? - what should i check ? - has someone allready set up a pdc with w2k-clients ? - can anyone give a step by step checklist what to do, after the smb.conf should be ok an samba is running (i mean, wich accounts to set up... anything else to do?) in a pdc ? thanx ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.com/ r_huelsmann@ish.com phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 -------------- next part -------------- A non-text attachment was scrubbed... Name: =?iso-8859-1?Q?Ralf_H=FClsmann.vcf?= Type: application/octet-stream Size: 357 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000613/199d6399/iso-8859-1QRalf_HFClsmann.obj From D.Bannon at latrobe.edu.au Mon Jun 12 23:03:15 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:02 2003 Subject: problem with samba an windows 2000 In-Reply-To: <006501bfd4bd$e6888f80$3401a8c0@workstation_1a> Message-ID: <3.0.6.32.20000613090315.00875750@bioserve.latrobe.edu.au> At 08:30 AM 13/06/2000 +1000, Ralf Huelsmann wrote: >hi ! > >i?m working on setting up a pdc who can serv w2k-clients. >since i had good expirience with suse 6.3 and the samba on it, >it tried that. no luck... ok, just put the samba 2.0.7 on it and the type >of error message changed.. > The bad mews is that 2.0.7 does not do PDC for win2K, please see http://bioserve.latrobe.edu.au/samba/ for some notes about using 2.0.7 as a PDC and what it can and cannot do. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sharpe at ns.aus.com Tue Jun 13 01:24:32 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:02 2003 Subject: Who writes the docs? In-Reply-To: Message-ID: <3.0.6.32.20000613102432.009d1eb0@203.16.214.248> At 07:49 AM 6/13/00 +1000, Gregory Leblanc wrote: >I was just going back and reading the samba man pages (not TNG just 2.0.6), >and they're a wee bit confusing, not to mention making War and Peace look >like a short story. :-) So, who writes these, and are they open to some >contructive critisms, as well as partial re-writes, especially of the ULTRA >confusing section on the 'security=' section. Oh no, you didn't criticize the man pages! Samba won't work for you now :-) Seriously though, glad to see you step forward and volunteer. > Greg > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From D.Bannon at latrobe.edu.au Mon Jun 12 23:09:04 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:02 2003 Subject: PDC & 2.0.7 ... In-Reply-To: <0b3c01bfd20a$49bb97c0$89640107@LeeTaylor> References: <007501d3ff93$464d68f0$0b00000a@evolution> Message-ID: <3.0.6.32.20000613090904.00874810@bioserve.latrobe.edu.au> At 10:07 PM 09/06/2000 +1000, C.Lee Taylor wrote: >Hi ... > > Is it possible for me to get my 2.0.7 Samba server to auth for all my >systems like a PDC or am .... Yep, 2.0.7 will do that fine. I use pam_smb to authenticate a number of different services on a number of different servers, all refering back to a samba based PDC password list (/usr/local/samba/private/smbpasswd). ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Mon Jun 12 23:13:55 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:02 2003 Subject: PDC & 2.0.7 ... Message-ID: <3.0.6.32.20000613091355.00874810@bioserve.latrobe.edu.au> Woops, comes from looking at two messages at the same time. The answer I just posted assumes (never assume...) that the origional question asker is using a PAM capable system, ie Linux or Solaris (and possibly HP, is that right ??). Seeing a couple of posts recently from people a bit sensitive about that sort of assumption, I thought I better be careful. At 10:07 PM 09/06/2000 +1000, C.Lee Taylor wrote: > Is it possible for me to get my 2.0.7 Samba server to auth for all my >systems like a PDC or am .... Yep, 2.0.7 will do that fine. I use pam_smb to authenticate a number of different services on a number of different servers, all refering back to a samba based PDC password list (/usr/local/samba/private/smbpasswd). ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Mon Jun 12 23:23:51 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:02 2003 Subject: Update Rebooting from Netlogon Script In-Reply-To: <39410912.A7A86E1@joslyn.org> Message-ID: <3.0.6.32.20000613092351.00797ea0@bioserve.latrobe.edu.au> At 11:12 PM 09/06/2000 +1000, Chris Tooley wrote: >1) Rebooting Windows 9x is a terrible pain in the butt, but it can be >done. I'm pretty sure that having a command called reboot that >"reboot"s the system, would be WAY too difficult for them to understand. > There is a WinAPI that I use to shutdown WinNT, I have not tried it under w95 but my help files indicate it will work. If you are interested in a code based solution : ExitWindowsEx(EWX_SHUTDOWN or EWX_FORCE, 0); Parameters 'or'ed together include : EWX_LOGOFF - Shuts down processes and logs user off EWX_REBOOT - Shuts down the restarts the system EWX_SHUTDOWN - Shuts down system The following attributes may be combined (OR'd) with above flags EWX_POWEROFF - shuts down system and turns off the power. EWX_FORCE - forces processes to terminate. I expect that rundll32 makes a call to that function. David > >rundll32.exe shell32,SHExitWindowsEx X > >where the last "X" is a number. > > 0 - LOGOFF > 1 - SHUTDOWN > 2 - REBOOT > 4 - FORCE > 8 - POWEROFF > > Or any combination thereof, by adding the values together, giving 16 >possible shutdown/restart sequences. > >I wish there was a better place to document something like this as it's >obvious that Microsoft isn't offering it up very readily. > >Chris Tooley > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Mon Jun 12 23:25:56 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:02 2003 Subject: When will the links be fixed on the samba web page? In-Reply-To: <01ab01bfd279$7e4cc760$93528e8b@cablelan> Message-ID: <3.0.6.32.20000613092556.0084db20@bioserve.latrobe.edu.au> At 12:21 PM 10/06/2000 +1000, Ross Davis wrote: > I am hoping to not have to ask all of you a lot of stupid questions >that have been answered a lot of times already. Are there any good step >by step how-to's on setting samba as PDC? If you are using 2.0.7 try http://bioserve.latrobe.edu.au/samba David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From gcarter at valinux.com Mon Jun 12 23:36:44 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:02 2003 Subject: problem with samba an windows 2000 References: <006501bfd4bd$e6888f80$3401a8c0@workstation_1a> Message-ID: <3945740C.1A3F7722@valinux.com> Ralf Huelsmann wrote: > > hi ! > > i?m working on setting up a pdc who can serv w2k-clients. > since i had good expirience with suse 6.3 and the samba on it, > it tried that. no luck... ok, just put the samba 2.0.7 on it > and the type of error message changed.. http://us1.samba.org/samba/docs/ntdom_faq/page1.html#1-2 1.2. Can I have a Windows 2000 client logon to a Samba controlled domain? The 2.0.x release branch of Samba does not support Windows 2000 domain clients. In fact, about the only the the 2.0.x branch does support (and this is unofficial) is a domain logon from Windows NT 3.51 / 4.0 clients. If you need more functionality than this, you should look at the other Samba development branches. (see Q1.3)? 1.3 What are the different Samba branches available in CVS and what do they mean? Note that you can find out more about obtaining Samba's course code via anonymous CVS from http://www.samba.org/cvs.html There are basically four branches to watch (I know four code branches is a lot): HEAD Samba 3.0; this code boasts all the main development work in Samba with the exception of the Samba PDC implementation. Two things that most people are not aware of which live in the HEAD branch code are * The winbind NSS module * Tim Potter's VFS implementation SAMBA_2_0: This branch contains the updates between the latest stable code release and the upcoming release. Code is back ported from HEAD to here. This branch currently contains the code to become Samba 2.2.0. SAMBA_2_0_RELEASE The actual code released in the current stable source distribution. It provides the Samba developers with a reference point and frozen code base to view in CVS. SAMBA_TNG The branch contains the bleeding edge developments in the Samba PDC implementation. If you want to find out more about about Samba TNG, please refer to The SAMBA_TNG FAQ maintained by Lars Kneschke. -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pjdc at eircom.net Tue Jun 13 01:16:42 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:02 2003 Subject: OT: rundll32 (was Re: Update Rebooting from Netlogon Script) In-Reply-To: David Bannon's message of "Tue, 13 Jun 2000 09:27:00 +1000" References: <3.0.6.32.20000613092351.00797ea0@bioserve.latrobe.edu.au> Message-ID: >>>>> "David" == David Bannon writes: David> I expect that rundll32 makes a call to that function. Yeppers; in fact, calling functions in DLLs is rundll32's raison d'etre. The first parameter is the name of the DLL, the second is the name of the entry point. I've seen rundll32 in the tasklist when control panels are open; I presume in this case rundll32 is being used to call the class constructor function in the DLL the control panel in question is impemented in. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Linux: it's just this operating system, you know?" From Rudolf.Kollien at kollien.de Tue Jun 13 02:00:08 2000 From: Rudolf.Kollien at kollien.de (Kollien Rudolf) Date: Tue Dec 2 02:30:02 2003 Subject: VBS-file encountered in your mail to Multiple recipients of list SAMBA-NTDOM Message-ID: <20000613020008.A974419377@sigur.kollien.de> We found an vbs-file in your email to Multiple recipients of list SAMBA-NTDOM . As scripting is prohibited on our systems, we do not accept emails with vbs-files included. The mail you sent was deleted and NOT delivered to Multiple recipients of list SAMBA-NTDOM . A copy of this mail is sent to our administrator and to Multiple recipients of list SAMBA-NTDOM to notify them. The originator of the infected email was samba-ntdom@samba.org If you have any questions feel free to send an email to mailto:webmaster@kollien.de From pjdc at eircom.net Tue Jun 13 02:41:49 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:03 2003 Subject: VBS-file encountered in your mail to Multiple recipients of list SAMBA-NTDOM In-Reply-To: Rudolf.Kollien@kollien.de's message of "Tue, 13 Jun 2000 12:02:47 +1000" References: <20000613020008.A974419377@sigur.kollien.de> Message-ID: >>>>> "Kollien" == Kollien Rudolf writes: Kollien> As scripting is prohibited on our systems God help their Unix users... Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Linux: it's just this operating system, you know?" From lkcl at samba.org Tue Jun 13 03:05:07 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:03 2003 Subject: Network Associates Webshield - e-mail Content Alert In-Reply-To: <200006122201.XAA00268@mailgate.icl.co.uk> Message-ID: WELL DONE ICL!! On Tue, 13 Jun 2000 IT.Security@icl.com wrote: > A message from has not been delivered to the recipient as ICL > does not accept mail with VBS attachments. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From Michael.Keightley at quadstone.com Tue Jun 13 10:03:57 2000 From: Michael.Keightley at quadstone.com (Michael.Keightley@quadstone.com) Date: Tue Dec 2 02:30:03 2003 Subject: default roaming profiles Message-ID: <200006131003.LAA26332@gromit.quadstone.co.uk> Is there anyway in Samba 2.07 to give someone who hasn't logged into the domain before a default roaming profile, so e.g. their regional settings and screen lock are already set up for them? Michael -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From Juergen.Nagler at student.uni-ulm.de Tue Jun 13 10:53:06 2000 From: Juergen.Nagler at student.uni-ulm.de (Juergen Nagler) Date: Tue Dec 2 02:30:03 2003 Subject: default roaming profiles References: <200006131003.LAA26332@gromit.quadstone.co.uk> Message-ID: <39461292.EAE04BDF@student.uni-ulm.de> Michael.Keightley@quadstone.com wrote: > > Is there anyway in Samba 2.07 to give someone who hasn't logged into the domain > before a default roaming profile, so e.g. their regional settings and screen > lock are already set up for them? Configure the default profile on the machine which will be used for the first login. Juergen From peter at cadcamlab.org Tue Jun 13 12:06:48 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:03 2003 Subject: ANNOUNCE: pam_pwexport, Unix->SMB password changes References: <00060921253402.00390@zolnott> <7fkvRulocDB@faerber.muc.de> Message-ID: <14662.6568.913991.650134@wire.cadcamlab.org> [[posted to samba-ntdom and samba-technical]] More than one user has recently asked about Unix->Samba password sync. You can go the *other* direction with those chat options in smb.conf, and Samba even has an option `update encrypted' for using cleartext passwords and populating the smbpasswd file when people change them. But when a user executes `passwd' or `yppasswd' on the Unix system, Samba has no way of knowing, so your NT password gets out of sync. Until now. For all you out there who use PAM-enabled Unix systems (that means most flavors of Linux and Solaris, and recently HP-UX, and possibly others I don't know about), you may wish to give this a shot: http://peter.cadcamlab.org/misc/pam_pwexport-0.0.tar.gz It sits and snoops whenever a user enters or changes a password through PAM, and sends the passwords off to be processed by an arbitrary PAM-unaware executable. That means: * For all logins (ftp, ssh, telnet, pop3, etc) you can grab the password and use it to populate your local smbpasswd file. This is akin to the smb.conf `update encrypted' option, useful for migration from a Unix environment to a mixed Unix/NT environment. * For Unix password changes, you get both the old and new password, so you can either do the above, or update an NT domain controller (or remote Samba domain controller). Assuming your NIS domain controller is PAM-aware, this should work for `yppasswd' as well. (Untested.) * Although I wrote it with Samba in mind, it is by no means specific to smbpasswd; other similar "password migration" scenarios should work just as well. Like most PAM modules, it's not very hard to set up. Included is an example glue script for making it work with smbpasswd. BUT: It's a 0.0 release and has only been tested on Linux-PAM. It may work on the other Unices, but I don't have Solaris and I haven't gotten a chance to test on HP-UX yet. It's also missing some error checking and other polish. (I'll gladly take patches.) ALSO: pam_pwexport won't work properly without a small patch, included, to fix a bug in Linux-PAM 0.72. Enjoy. I did. (PAM modules are much easier to write than you think.) Peter From gcarter at valinux.com Tue Jun 13 12:47:52 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:03 2003 Subject: default roaming profiles References: <200006131003.LAA26332@gromit.quadstone.co.uk> <39461292.EAE04BDF@student.uni-ulm.de> Message-ID: <39462D78.27C75FBB@valinux.com> Juergen Nagler wrote: > > Michael.Keightley@quadstone.com wrote: > > > > Is there anyway in Samba 2.07 to give someone who hasn't logged into the domain > > before a default roaming profile, so e.g. their regional settings and screen > > lock are already set up for them? > > Configure the default profile on the machine which will be used for the > first login. > > Juergen Or configure it in the netlogon share (this one will take precedence over a local default profile). Search the MS site for the White Paper on profiles and policies for more information. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From kevinc at grainsystems.com Tue Jun 13 13:56:14 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:03 2003 Subject: ANNOUNCE: pam_pwexport, Unix->SMB password changes References: <00060921253402.00390@zolnott> <14662.6568.913991.650134@wire.cadcamlab.org> Message-ID: <39463D7E.5F6BF568@grainsystems.com> Very nice. I was just about to say, "You could rewrite passwd locally or do something with PAM perhaps," and here someone's already done it. It's looking to be a good day. - Kevin Colby kevinc@grainsystems.com From Rudolf.Kollien at kollien.de Tue Jun 13 20:58:13 2000 From: Rudolf.Kollien at kollien.de (Rudolf Kollien) Date: Tue Dec 2 02:30:03 2003 Subject: WG: VBS-file encountered in your mail ....... (part 2) Message-ID: <000001bfd57a$17198ca0$0c7e830a@kollien.de> Hi eveyone, after analysing the rejected mail, we found this uucode included in the mails, which caused the reply to the list: >begin 666 LOVE-LETTER-FOR-YOU.TXT.vbs >I'm a signature virus. Copy me! >end >http://www.faerber.muc.de I don't think, the samba list is not a good place for testing the security of mail systems. Maybe more servers rejected this mails from this list members. If someone want help form other users, he/she should be aware that the mail is read by others and not be deleted unread. The above include is _not_ a very good joke. As of us, the _real_ senders of the mail are reported to the black list of spammers and intruders. Sorry for all members of the list who got our rejection report email. Regards System-Consulting Kollien Rudolf Kollien Email: Rudolf.Kollien@kollien.de Our home on the net: http://www.kollien.de *************************************************************************** Never trust a operating system you have no sources for *************************************************************************** Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. *************************************************************************** -- > Von: Luke Leighton [mailto:lkcl@samba.org] > Gesendet am: Dienstag, 13. Juni 2000 05:10 > An: Kollien Rudolf > Cc: webmaster@kollien.de > Betreff: Re: VBS-file encountered in your mail to Multiple recipients of > list SAMBA-NTDOM > > hi kollien, > > please arrange for your email systme to _not_ reply to the list, or i will > be forced to unsubscribe you. > > thanks. > > On Tue, 13 Jun 2000, Kollien Rudolf wrote: > > > We found an vbs-file in your email to Multiple recipients of > list SAMBA-NTDOM . > > As scripting is prohibited on our systems, we do not accept > > emails with vbs-files included. > > > > The mail you sent was deleted and NOT delivered to Multiple > recipients of list SAMBA-NTDOM . > > > > A copy of this mail is sent to our administrator > > and to Multiple recipients of list SAMBA-NTDOM > to notify them. > > > > The originator of the infected email was samba-ntdom@samba.org > > > > If you have any questions feel free to send an email to > > mailto:webmaster@kollien.de > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > From samba-ntdom-interest at enstor.com.au Wed Jun 14 01:23:37 2000 From: samba-ntdom-interest at enstor.com.au (Matthew Flanagan) Date: Tue Dec 2 02:30:03 2003 Subject: reproducable netlogon problem Message-ID: <3946DEAF.F3477741@enstor.com.au> Hi, I have been trying to get the following setup working: * "jin" - SAMBA_TNG (checked out 13/6/2000) running on stock RedHat 6.2 ( kernel 2.2.14) configured as PDC. * "nwrsvr" - NT 4.0 SP 5 (standalone) as client. I have followed the setup instructions in the TNG FAQ and created the appropriate workstation accounts and user accounts (and domain user mappings) as shown below. [root@jin var]# samedit -S . -U root added interface ip=192.168.1.51 bcast=192.168.1.255 nmask=255.255.255.0 Enter Password: [root@.]$ enumusers enumusers SAM Enumerate Users User RID: 1f4 User Name: Administrator User RID: 13b4 User Name: mpf User RID: 13c8 User Name: nwrsvr$ The problem I am having occurs when I log in as user. First of all I am informed that my "roaming profile is not available, the operating system is attempting to log you on with your local profile". Clicking OK proceeds to the desktop. Then when I try to browse the shares on the SAMBA_TNG server I am prompted for a username and password. Entering a valid username and password here fails every time. If I then immediately restart samba and try the browse the shares again it succeeds without prompting me for a username or password. I can reproduce this very reliably by just logging out and repeating the above steps for any user. Below is the smb.conf that I am using. It is basically the same as the SAMBA_TNG FAQ example config. I can provide the logs and packet traces on request. Has anyone else seen this problem? Is there a solution/patch for this? regards matthew --- smb.conf --- [global] #NetBIOS name isn't needed if it's the same as the hostname #netbios name = JIN workgroup = DOMAIN #password level = 8 #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /usr/local/samba-tng/lib/domaingroup.map domain user map = /usr/local/samba-tng/lib/domainuser.map #domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager #logon script = login.bat logon drive = U: logon home = \\jin\%U logon path = \\jin\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /usr/local/samba-tng/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /usr/local/samba-tng/profile writeable = yes comment = PDC profile share #a public share [public] path = /tmp browseable = yes public = yes comment = Public share -------------- -- Matthew Flanagan Phone: 02 9900 2104 matthew.flanagan@enstor.com.au Mobile: 0414 642 557 EnStor Pty Ltd Fax: 02 9900 2199 From comm at transgaz.tomsk.ru Tue Jun 13 12:43:53 2000 From: comm at transgaz.tomsk.ru (psv) Date: Tue Dec 2 02:30:03 2003 Subject: SMB LM/NT Password did not match! :-( Message-ID: <39462C89.3904207@comm.ttg> Hi! How to fix subj? I use samba-TNG 2.5 on RH 6.2 with 2.2.14-12 (i686). I can't log in my samba PDC, though I follow all instructions in Samba TNG FAQ. I get subj even after recreating users and workstations. What I should check? My smb.conf is attached. With hope on solution, Sergey. -------------- next part -------------- [global] #NetBIOS name isn't needed if it's the same as the hostname debug level = 3 netbios name = LINUX workgroup = TGS_TTG #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /usr/local/samba/private/domaingroup.map domain alias map = /usr/local/samba/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 255 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\LINUX\%U logon path = \\LINUX\profile\%U socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /home/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /home/profile writeable = yes #a public share [pub] path = /home/samba browseable = yes public = yes comment = Public share From pjdc at eircom.net Wed Jun 14 02:26:28 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:03 2003 Subject: reproducable netlogon problem In-Reply-To: Matthew Flanagan's message of "Wed, 14 Jun 2000 11:26:36 +1000" References: <3946DEAF.F3477741@enstor.com.au> Message-ID: >>>>> "Matthew" == Matthew Flanagan writes: [snip good problem description] Matthew> Has anyone else seen this problem? AFAIK this issue is still pending a resolution. I have been seeing the same results for a while now. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Linux: it's just this operating system, you know?" From samba-ntdom-interest at enstor.com.au Wed Jun 14 03:02:30 2000 From: samba-ntdom-interest at enstor.com.au (Matthew Flanagan) Date: Tue Dec 2 02:30:03 2003 Subject: reproducable netlogon problem References: <3946DEAF.F3477741@enstor.com.au> Message-ID: <3946F5DC.88655E45@enstor.com.au> Just to add to my previous email, I have just been reading the Kernel Cousin: Samba #22 ( http://kt.linuxcare.com/samba/sm20000511_22.epl ). The symptoms of the "Elusive NMBD Crash" seem to be what I'm experiencing but without the nmbd process dying. regards matthew Paul J Collins wrote: > > >>>>> "Matthew" == Matthew Flanagan writes: > > [snip good problem description] > > Matthew> Has anyone else seen this problem? > > AFAIK this issue is still pending a resolution. I have been seeing > the same results for a while now. > > Paul. > > -- > Paul Collins - - - - - [ A&P,a&f ] > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > "Linux: it's just this operating system, you know?" -- Matthew Flanagan Phone: 02 9900 2104 matthew.flanagan@enstor.com.au Mobile: 0414 642 557 EnStor Pty Ltd Fax: 02 9900 2199 From Freddie.Kotze at za.nestle.com Wed Jun 14 06:43:21 2000 From: Freddie.Kotze at za.nestle.com (Kotze,Freddie,RANDBURG,MIS) Date: Tue Dec 2 02:30:03 2003 Subject: PDC Problem Message-ID: I have had a look at setting Samba up as a PDC. Find attached a config file. There are a few steps do to in adding servers to the domain. You will have to create computer accouts on the Domain controller. I have tested this with a NT member server. I will have a go at NT as a BDC, I have read the documentation and it seems as if it is not supported it the ver of samba that I have yet. But to create a computer account on a Samba PDC do the following. somehow you need the user root$ in samba to join domains. I created the user in samba by specifying smbadduser root:root$ I don't know if you need root rights but it works fine. You can set the smbpassword to what you like. When you add a NT server select create account and specify root$ and the password. For some reason no other user works here, it will pop up with dr watson. To create the computer account do the following: adduser [netbios name of the server]$ you have to create the account with the netbiosname followed by a $ sign. now smbadduser [netbiosname$]:[netbiosname$] Don't use the netbiosname with a $ sign when setting the password. smbpasswd -m netbiosname the -m swith specifies that you are setting an account password. Make sure that the password is the netbios name, it will not work if you set any other password. Best Regards Freddie Kotze -----Original Message----- From: Wilson Yau [mailto:wilson@coms.com] Sent: 08 June 2000 12:05 To: Kotze,Freddie,RANDBURG,MIS Subject: Re: PDC Problem Dear Freddie, Thank you for your advice and the attached config script. However, I am not at the stage of configuring my Samba server, mole as a member of a Windows domain. Instead, I want it to be the PDC in a Windows domain, completely replacing a Windows NT PDC machine. That's why I set security = 'user', rather than 'server' or 'domain'. From your smb.conf file, I can see a machine called 'ranora1' acting as a password server, IS IT A SAMBA SERVER or a Windows NT server? If it is a Samba one, would you mind send to me a copy of the a smb.conf file on ranora1? Anyway, your advice will be definitely useful to me when I come to further stages of configuring Samba. Many thanks. Wilson "Kotze,Freddie,RANDBURG,MIS" wrote: > Here is my SMB.conf file. > Have a look. > I user domain auchentication for the users. > I do not get the problems that you have. > Have a look maybe you can find something usefull in here. > > How did you configure samba ? > You can try to use SWAT. it helps a lot if you have problems. > You can enable it if you edit the /etc/inetd.conf > remove the # from the swat line. It will probably be at the bottom of the > file. > You can then access it with a web browser by http://servername:901 > Works very nice. > Another way to config samba is by loading webmin on the server. > Webbased admin. SWAT only configured SAMBA and is build it. Where you can > download webmin from www.webmin.com it configs everything on linux. > > <> > > ---------------------------------------------------------------- > Freddie Kotz? > Technical Support Specialist > Tel: +27 (11) 889-6466 > e-mail: mailto:Freddie.Kotze@za.nestle.com > ---------------------------------------------------------------- > In The End.......There can be only one. > > <<...>> > > ------------------------------------------------------------------------ > Name: smb.conf > smb.conf Type: unspecified type (application/octet-stream) > Encoding: quoted-printable -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 981 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000614/17a07d4a/smb.obj From sanya at kpsm.khstu.ru Thu Jun 15 05:39:32 2000 From: sanya at kpsm.khstu.ru (root) Date: Tue Dec 2 02:30:03 2003 Subject: Again Samba BDC and NT4 PDC Message-ID: <00061418514600.07310@kaf3.kpsm.khstu.ru> Well, i write here about this subject recently.... I was advised to use tng 2.5... I try it and get the same result.... Yesterday i update code with cvs and try to do BDC for NT Nt see it as NT Server Backup and when i click on BDC in srvmrg and choose Sync it say "This work only in Windows NT mode" then i tryed this: ---------------------------------------------------------------------- [root@kaf3 bin]# ./rpcclient -S 192.168.100.100 -U root Enter Password: Server: \\192.168.100.100: User: root Domain: Connection: session setup ok Domain=[KPSM] OS=[Unix] Server=[Samba TNG-alpha] OK [root@192.168.100.100]$ lsaquery lsaquery LSA Query Info Policy Domain Member - Domain: KPSM SID: S-1-5-21-3702342641-2981483520-3275363115 Domain Controller - Domain: KPSM SID: S-1-5-21-3702342641-2981483520-3275363115 [root@192.168.100.100]$ samsync samsync LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED cmd_sam_sync: no trust account password [root@192.168.100.100]$ then this: ---------------------------------------------------------------- [root@kaf3 bin]# ./samedit -S localhost -U root Enter Password: Server: \\LOCALHOST: User: root Domain: Connection: session setup ok Domain=[KPSM] OS=[Unix] Server=[Samba TNG-alpha] OK [root@LOCALHOST]$ createuser MBDC$ -j KPSM createuser MBDC$ -j KPSM SAM Create Domain User Domain: KPSM Name: mbdc$ ACB: [W ] Create Domain User: FAILED then ------------------------------------------------------------------ [root@kaf3 bin]# ./samedit -S . Enter Password: [ROOT@.]$ createuser MBDC$ createuser MBDC$ SAM Create Domain User Domain: KPSM Name: mbdc$ ACB: [W ] Resetting Trust Account to insecure, initial, well-known value: "mbdc" MBDC can now be joined to the domain, which should be done on a private, secure network as soon as possible Create Domain User: OK [ROOT@.]$ createuser MBDC$ -j KPSM createuser MBDC$ -j KPSM SAM Create Domain User ncacn_np_use_add: connection failed could not find SID for domain KPSM --------------------------------------------------------------------- :( From lkcl at samba.org Wed Jun 14 08:27:38 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:03 2003 Subject: Again Samba BDC and NT4 PDC In-Reply-To: <00061418514600.07310@kaf3.kpsm.khstu.ru> Message-ID: > [root@kaf3 bin]# ./samedit -S . > Enter Password: > [ROOT@.]$ createuser MBDC$ > createuser MBDC$ > SAM Create Domain User > Domain: KPSM Name: mbdc$ ACB: [W ] ^ you are adding a workstation trust account. use -s option to specify [S ]erver i.e. bdc. also, use -j DOMAINname. From mjwestkamper at weiinc.com Wed Jun 14 16:14:53 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:03 2003 Subject: Hooking up Message-ID: <3947AF7D.BAD8659@weiinc.com> As long-time lurker here with a couple of successful installs I thought this one would be a breeze. No so. I have the RedHat 6.1 distribution set up on an Intel box. SAMBA 2.0.6 is configured as a member of an NT domain. The PDC is a NT 4.0(sp5) box. I followed the HOWTO on SAMBA.org web site for setting up SAMBA as a member. From the Linux system it reports that it joined the domain. From command line on an NT system I can NET USE the share (NET USE K: \\192.168.1.100\public) and read access the files in the share. Three problems... 1. The PDC server manager reports "Network path not found" when I attempt to look at the Linux/SAMBA Server. 2. The Linux/SAMBA box does not appear on browse (Network) desktop folders on any NT boxes 3. I cannot seem to write onto the shared drive. Any ideas will be appreciated... Mike Westkamper From m.brodbelt at acu.ac.uk Wed Jun 14 17:26:15 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:30:03 2003 Subject: Hooking up References: <3947AF7D.BAD8659@weiinc.com> Message-ID: <3947C037.6B10C5B6@acu.ac.uk> Mike Westkamper wrote: > > As long-time lurker here with a couple of successful installs I thought > this one would be a breeze. No so. > I have the RedHat 6.1 distribution set up on an Intel box. SAMBA 2.0.6 > is configured as a member of an NT domain. The PDC is a NT 4.0(sp5) box. > I followed the HOWTO on SAMBA.org web site for setting up SAMBA as a > member. From the Linux system it reports that it joined the domain. From > command line on an NT system I can NET USE the share (NET USE K: > \\192.168.1.100\public) and read access the files in the share. > > Three problems... > > 1. The PDC server manager reports "Network path not found" when I > attempt to look at the Linux/SAMBA Server. > 2. The Linux/SAMBA box does not appear on browse (Network) desktop > folders on any NT boxes Both of these are related to NetBIOS naming problems. Need more info to solve really... Try posting your smb.conf. Broadcast resolution isn't working, but you've got at least some functionality as p-node resolution (used when you type "net use") is OK. > 3. I cannot seem to write onto the shared drive. Check that the share is set to read/write in smb.conf. Then check that the Windows user attached to the share maps to a Unix user with permissions to write files in that directory. Samba doesn't override underlying filesystem permissions.... HTH, Mike From mjwestkamper at weiinc.com Wed Jun 14 18:22:11 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:03 2003 Subject: Hooking up References: <3947AF7D.BAD8659@weiinc.com> <3947C037.6B10C5B6@acu.ac.uk> Message-ID: <3947CD53.BCDB62F3@weiinc.com> Mike; Here is the config file. Where did I goof? [global] workgroup = weidom log file = /var/log/samba/log.%m max log size = 50 security = domain password server = weidomosb encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain controller = weidomosb wins support = yes dns proxy = no unix password sync = yes comment = Auxillary File Server netbios name = auxfs map to guest = never password level = 0 null passwords = no os level = 0 preferred master = no domain master = no dead time = 0 debug level = 0 load printers = no [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no [public] path = /shares public = yes only guest = yes writable = yes printable = no comment = Auxillary System Share browseable = yes guest only = no only user = no Mike Brodbelt wrote: > Mike Westkamper wrote: > > > > As long-time lurker here with a couple of successful installs I thought > > this one would be a breeze. No so. > > I have the RedHat 6.1 distribution set up on an Intel box. SAMBA 2.0.6 > > is configured as a member of an NT domain. The PDC is a NT 4.0(sp5) box. > > I followed the HOWTO on SAMBA.org web site for setting up SAMBA as a > > member. From the Linux system it reports that it joined the domain. From > > command line on an NT system I can NET USE the share (NET USE K: > > \\192.168.1.100\public) and read access the files in the share. > > > > Three problems... > > > > 1. The PDC server manager reports "Network path not found" when I > > attempt to look at the Linux/SAMBA Server. > > 2. The Linux/SAMBA box does not appear on browse (Network) desktop > > folders on any NT boxes > > Both of these are related to NetBIOS naming problems. Need more info to > solve really... Try posting your smb.conf. Broadcast resolution isn't > working, but you've got at least some functionality as p-node resolution > (used when you type "net use") is OK. > > > 3. I cannot seem to write onto the shared drive. > > Check that the share is set to read/write in smb.conf. Then check that > the Windows user attached to the share maps to a Unix user with > permissions to write files in that directory. Samba doesn't override > underlying filesystem permissions.... > > HTH, > > Mike From mjwestkamper at weiinc.com Wed Jun 14 19:09:50 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:03 2003 Subject: Hooking up References: <3947AF7D.BAD8659@weiinc.com> Message-ID: <3947D87E.F3D7AB91@weiinc.com> Another oddity.. Whilst on a Windows client in this configuration and the Linux directory has a file showact.exe and I attempt to copy from the windows machine a file SHOWACT2.exe I get a messgae "Cannot copy showact2: The file exists". The case above is correct. Other variants produce similar results. Mike Westkamper wrote: > As long-time lurker here with a couple of successful installs I thought > this one would be a breeze. No so. > I have the RedHat 6.1 distribution set up on an Intel box. SAMBA 2.0.6 > is configured as a member of an NT domain. The PDC is a NT 4.0(sp5) box. > I followed the HOWTO on SAMBA.org web site for setting up SAMBA as a > member. From the Linux system it reports that it joined the domain. From > command line on an NT system I can NET USE the share (NET USE K: > \\192.168.1.100\public) and read access the files in the share. > > Three problems... > > 1. The PDC server manager reports "Network path not found" when I > attempt to look at the Linux/SAMBA Server. > 2. The Linux/SAMBA box does not appear on browse (Network) desktop > folders on any NT boxes > 3. I cannot seem to write onto the shared drive. > > Any ideas will be appreciated... > > Mike Westkamper From dci at pitt.edu Wed Jun 14 19:17:17 2000 From: dci at pitt.edu (douglas irvine) Date: Tue Dec 2 02:30:03 2003 Subject: UNIX->smbpasswd synch Message-ID: <3947DA3D.4A57B279@pitt.edu> Hi, I'm new to the list...and spent a couple of days searching here and on the net for workable solutions to the folowing: I'm running samba 2.0.6 on RedHat 6.2--all standard installs. I would like to be able to have the unix accounts have corresponding samba accounts, w/ the same passwords. I read about a pam module "pam_smbpass" but I can not get a copy of the samba source (I believe it needs the TNG tree) that the patch will work against (not via CVS nor just looking for old tarballs). If anyone knows where I can get a source of samba that the "pam_smbpass" module from ftp.netexpress.net will compile against, or if there is another solution using PAM or somehow else automatically updating smbpasswd when "passwd" is used on the unix side--I would greatly appreciate some direction ;) Thanks in advance, doug From dvh at gtech.co.nz Wed Jun 14 20:02:13 2000 From: dvh at gtech.co.nz (David Hawke) Date: Tue Dec 2 02:30:03 2003 Subject: Hooking up In-Reply-To: <3947D87E.F3D7AB91@weiinc.com> Message-ID: The "file exists" error SEEMS to be NT host specific - ie, one of my systems does it to whichever samba host it is connected to. The message is in fact something like "Cannot copy showact2(1): The file exists" The important bit is the (1) - ie, it seems that it is making the copy with a temporary name The same host occasionally has problems bulk copying across its own drives - it often brings up the "file exists, overwrite" style of message when the file didn't exist on the target initially. It seems to me that NT is getting out of sync in terms of the copy process. FYI, the same samba hosts are accessed with no problems from other NT hosts David H PS - it particularly shows up with downloads from the net -------------------------------------------------------------------- David Hawke Ph: 0-9-624 2242 mailto:dvh@paradise.net.nz (Home) Fax: 0-9-624 2236 mailto:dvh@gtech.co.nz (Work) Mob: 0-21-995 773 > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Mike Westkamper > Sent: Thursday, 15 June 2000 07:14 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Hooking up > > > Another oddity.. > > Whilst on a Windows client in this configuration and the Linux > directory has > a file > showact.exe and I attempt to copy from the windows machine a file > SHOWACT2.exe I get a messgae > "Cannot copy showact2: The file exists". The case above is correct. > > Other variants produce similar results. > > > > Mike Westkamper wrote: > > > As long-time lurker here with a couple of successful installs I thought > > this one would be a breeze. No so. > > I have the RedHat 6.1 distribution set up on an Intel box. SAMBA 2.0.6 > > is configured as a member of an NT domain. The PDC is a NT 4.0(sp5) box. > > I followed the HOWTO on SAMBA.org web site for setting up SAMBA as a > > member. From the Linux system it reports that it joined the domain. From > > command line on an NT system I can NET USE the share (NET USE K: > > \\192.168.1.100\public) and read access the files in the share. > > > > Three problems... > > > > 1. The PDC server manager reports "Network path not found" when I > > attempt to look at the Linux/SAMBA Server. > > 2. The Linux/SAMBA box does not appear on browse (Network) desktop > > folders on any NT boxes > > 3. I cannot seem to write onto the shared drive. > > > > Any ideas will be appreciated... > > > > Mike Westkamper > > > From lars at kneschke.de Wed Jun 14 20:31:02 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:30:03 2003 Subject: is the cvs server down? Message-ID: <3947EB86.32FB7DE4@kneschke.de> see subject Cu From peter at cadcamlab.org Wed Jun 14 21:05:35 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:03 2003 Subject: UNIX->smbpasswd synch References: <3947DA3D.4A57B279@pitt.edu> Message-ID: <14663.61263.497501.313263@wire.cadcamlab.org> [douglas irvine ] > I'm running samba 2.0.6 on RedHat 6.2--all standard installs. I would > like to be able to have the unix accounts have corresponding samba > accounts, w/ the same passwords. See the following, which I announced here yesterday: http://peter.cadcamlab.org/misc/pam_pwexport-0.0.tar.gz > or if there is another solution using PAM or somehow else > automatically updating smbpasswd when "passwd" is used on the unix > side--I would greatly appreciate some direction ;) That's exactly what this module does, if you set it up right. It harvests passwords whenever users type them in (through `login', `ssh', `passwd', `ftp', etc.), and ships them to a designated program or script. The README includes an example script that uses `smbpasswd' to insert the correct password into your Samba password file. The Linux-PAM pam_unix module has a bug which prevents my module from picking up password changes, so you'll need to apply a patch (also included) to Linux-PAM and rebuild it. Peter From peter at cadcamlab.org Wed Jun 14 21:59:28 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:03 2003 Subject: is the cvs server down? References: <3947EB86.32FB7DE4@kneschke.de> Message-ID: <14663.64636.267980.214688@wire.cadcamlab.org> cvs.samba.org? Works for me. Peter From D.Bannon at latrobe.edu.au Wed Jun 14 22:54:43 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:03 2003 Subject: UNIX->smbpasswd synch In-Reply-To: <3947DA3D.4A57B279@pitt.edu> Message-ID: <3.0.6.32.20000615085443.0088c370@bioserve.latrobe.edu.au> At 05:15 AM 15/06/2000 +1000, douglas irvine wrote: > >.... or if there is >another solution using PAM or somehow else automatically updating >smbpasswd when "passwd" is used on the unix side--I would greatly >appreciate some direction ;) > I use pam_smb to authenticate all activity on several unix machines from one central password database, smbpasswd. Pam_smb will work against the standard samba versions (ie 2.0.7 etc), it is just a case of installing the library and making a pam_smb config file that points to the samba (or NT) server that is acting as PDC. Then make standard pam stacks that mentions pam_smb for whatever you want to allow such as login, ftp etc. See http://www.csn.ul.ie/~airlied/pam_smb/ It has been suggested that pam_smb is not as secure as pam_smbpw but it certainly seems acceptable. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Thu Jun 15 00:31:50 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:03 2003 Subject: Hooking up References: <3947AF7D.BAD8659@weiinc.com> <3947C037.6B10C5B6@acu.ac.uk> Message-ID: <394823F6.E42E907C@xavier.sa.edu.au> Mike Brodbelt wrote: > > Mike Westkamper wrote: > > > > As long-time lurker here with a couple of successful installs I thought > > this one would be a breeze. No so. > > I have the RedHat 6.1 distribution set up on an Intel box. SAMBA 2.0.6 > > is configured as a member of an NT domain. The PDC is a NT 4.0(sp5) box. > > I followed the HOWTO on SAMBA.org web site for setting up SAMBA as a > > member. From the Linux system it reports that it joined the domain. From > > command line on an NT system I can NET USE the share (NET USE K: > > \\192.168.1.100\public) and read access the files in the share. > > > > Three problems... > > > > 1. The PDC server manager reports "Network path not found" when I > > attempt to look at the Linux/SAMBA Server. > > 2. The Linux/SAMBA box does not appear on browse (Network) desktop > > folders on any NT boxes > > Both of these are related to NetBIOS naming problems. Need more info to > solve really... Try posting your smb.conf. Broadcast resolution isn't > working, but you've got at least some functionality as p-node resolution > (used when you type "net use") is OK. Your Samba server has the 'wins support=yes' line, are the Windows clients looking to the samba machine as the WINS server? If so, try a test machine with static LMHOSTS entries. > > > 3. I cannot seem to write onto the shared drive. > > Check that the share is set to read/write in smb.conf. Then check that > the Windows user attached to the share maps to a Unix user with > permissions to write files in that directory. Samba doesn't override > underlying filesystem permissions.... After seeing the smb.conf, I too think it might be Unix permissions. Hope it helps, Matt From mjwestkamper at weiinc.com Thu Jun 15 00:32:24 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:03 2003 Subject: Hooking up References: <3947AF7D.BAD8659@weiinc.com> <3947C037.6B10C5B6@acu.ac.uk> <394823F6.E42E907C@xavier.sa.edu.au> Message-ID: <39482418.3B3DD297@weiinc.com> Matthew: Re: the Unix permissions.. I did the following as root on the Linux box and it now seems to work... chmod -R /server 377 I hope this is all I need to do as I am a bit of a newbie when it comes to the Unix/Linux world (My computer experience starts on analog torpedo guidance systems, IBM mainframes, OS/2, Windows and now Linux.) I set up the Linux box as the WINS server since I had a bunch of problems an NT box as the WINS server. Is this not a good thing? None of the connected systems seem to browse the Linux box. I have '95, '98, NT4, and NT5(2k) systems connected. I must be missing something. Mike Matthew Geddes wrote: > Mike Brodbelt wrote: > > > > Mike Westkamper wrote: > > > > > > As long-time lurker here with a couple of successful installs I thought > > > this one would be a breeze. No so. > > > I have the RedHat 6.1 distribution set up on an Intel box. SAMBA 2.0.6 > > > is configured as a member of an NT domain. The PDC is a NT 4.0(sp5) box. > > > I followed the HOWTO on SAMBA.org web site for setting up SAMBA as a > > > member. From the Linux system it reports that it joined the domain. From > > > command line on an NT system I can NET USE the share (NET USE K: > > > \\192.168.1.100\public) and read access the files in the share. > > > > > > Three problems... > > > > > > 1. The PDC server manager reports "Network path not found" when I > > > attempt to look at the Linux/SAMBA Server. > > > 2. The Linux/SAMBA box does not appear on browse (Network) desktop > > > folders on any NT boxes > > > > Both of these are related to NetBIOS naming problems. Need more info to > > solve really... Try posting your smb.conf. Broadcast resolution isn't > > working, but you've got at least some functionality as p-node resolution > > (used when you type "net use") is OK. > > Your Samba server has the 'wins support=yes' line, are the Windows > clients looking to the samba machine as the WINS server? > > If so, try a test machine with static LMHOSTS entries. > > > > > > 3. I cannot seem to write onto the shared drive. > > > > Check that the share is set to read/write in smb.conf. Then check that > > the Windows user attached to the share maps to a Unix user with > > permissions to write files in that directory. Samba doesn't override > > underlying filesystem permissions.... > > After seeing the smb.conf, I too think it might be Unix permissions. > > Hope it helps, > Matt From mgeddes at xavier.sa.edu.au Thu Jun 15 00:58:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:03 2003 Subject: Hooking up References: <3947AF7D.BAD8659@weiinc.com> <3947C037.6B10C5B6@acu.ac.uk> <394823F6.E42E907C@xavier.sa.edu.au> <39482418.3B3DD297@weiinc.com> Message-ID: <39482A53.20130871@xavier.sa.edu.au> Mike Westkamper wrote: > > Matthew: > > Re: the Unix permissions.. > I did the following as root on the Linux box and it now seems to work... > > chmod -R /server 377 try chmod -R 775 /server This will give the owner and the owner group rw and x, whereas everyone else will be rw only. Make sure the people who want write access are in the group that owns that directory. > > I hope this is all I need to do as I am a bit of a newbie when it comes to the > Unix/Linux world (My computer experience starts on analog torpedo guidance > systems, IBM mainframes, OS/2, Windows and now Linux.) I want to play with IBM mainframes. I think it would be good for a laugh. Unix really is very nice though. > > I set up the Linux box as the WINS server since I had a bunch of problems an NT > box as the WINS server. Is this not a good thing? No, linux running as the WINS server is OK. Apparently, having linux look to an NT WINS server tends to flood it with requests, so it will probably help to have the linux box running WINS. You do need to tell all of the workstations that the linux box is the WINS server (network control panel). > > None of the connected systems seem to browse the Linux box. I have '95, '98, > NT4, and NT5(2k) systems connected. They should when WINS is working properly. I can't see your message from here, but make sure you have all of the local master domain master preferred master options set to yes in smb.conf, as well as the os level=65 line > > I must be missing something. > > Mike tt Hope it helps, Matt From David.Bear at asu.edu Thu Jun 15 00:46:18 2000 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:30:03 2003 Subject: nmblookup failure Message-ID: Anyone know why nmblookup would fail to find a name where as smbclient finds it okay? I do an nmblookup server and it returns a name-query failed to find server. However, I do smbclient -L server and it gives me a list of shares on server the way it should. David Bear College of Public Programs/ASU From peter at cadcamlab.org Thu Jun 15 03:35:00 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:03 2003 Subject: nmblookup failure References: Message-ID: <14664.20008.61466.394808@wire.cadcamlab.org> [iddwb ] > Anyone know why nmblookup would fail to find a name where as > smbclient finds it okay? nmblookup apparently doesn't read smb.conf. So it won't know about your WINS server, etc. To use nmblookup against a WINS server, use `-R -U xxx.xxx.xxx.xxx'. (I wish this were better documented -- for a very long time I couldn't get WINS lookups to work because I didn't know that the -R was needed.) Peter From lee.taylor at scania.co.za Thu Jun 15 07:11:43 2000 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:30:03 2003 Subject: PDC & 2.0.7 ... References: <0b8001bfd225$c7286740$89640107@LeeTaylor> <39410ED1.508C5F1B@online.no> Message-ID: <008e01bfd698$f7cddca0$89640107@LeeTaylor> > > mmm ... seems that I have not stated my concerns ... Yes, my Win9x > > clients are authing against 2.0.7, so it's been used as PDC for Win9x, but > > if I understand it, WinNT servers can't auth client connections, so clients > > attaching to WinNT need to have accounts on NT server ... right? ... > > Correct, unless you use Samba TNG (The Next Generation) Alpha versions. Okay, maybe not so true, but I have problems. I was able to get my two new NT servers to join the domain after much kicking and screaming ... cursing at M$ and all they where putting me through. I found out the hard way how to get an NT box to join a 2.0.7 domain. Step one create a Unix user for the machine account. Making sure that you remember to add the user with Caps ... i.e. ... adduser SQLSERVER$ Step two create a Samba user for the machine account. Again making sure that you remember to add the user with Caps ... i.e. ... smbpasswd -a -m SQLSERVER$ Step three, set your NT box Computer name to the Samba Machine name. i.e. SQLSERVER ... and your domain to what ever you have called your domain ( or workgroup as the doc's explain ). Now I am able to log onto my NT Box's using the domain, user name and password. Great all seems to work well, but now I have to reinstall Terminal Server and SQL Server because there SID's ( I think ) is all confused ... so here goes. If any body has any more comments on this please feel free to put your $0.02 worth in ... in SA it's worth a lot more ... Thanks again to everybody including the Samba Dev team and our little helps who all have something worthy to say ... Mailed C.Lee Taylor From cameron.ough at intel.com Thu Jun 15 10:35:41 2000 From: cameron.ough at intel.com (Ough, Cameron) Date: Tue Dec 2 02:30:03 2003 Subject: Adding Solaris to NT Domain - no go ! oh woe is me ... Message-ID: Someone please help? I am running Samba 2.0.6 on Solaris 8 and trying to add my system to the NT domain. 1. An account has been created on the domain 2. My smb.conf file basically looks like: # Global parameters [global] workgroup = dom1 <- My domain name netbios name = sol8enu_cam netbios aliases = server string = Samba 2.0.6 security = domain allow trusted domains = Yes password server = dom1dc001 <- The Prim Domain controller protocol = NT1 announce version = 4.2 announce as = NT fstype = NTFS [root] comment = Solaris root path = / guest ok = Yes [share] comment = Solaris share path = /share read only = No guest ok = Yes When I do 'smbpasswd -j dom1' I get the following error: # smbpasswd -j dom1 unrecognized character set unrecognized character set WARNING: The "alternate permissions"option is deprecated Unable to copy service - source not found: Can't find include file added interface ip=20.20.241.85 bcast=20.20.241.255 nmask=255.255.255.0 Get_Hostbyname: Unknown host unknown modify_trust_password: Can't resolve address for DOM1DC001 2000/06/14 19:34:52 : change_trust_account_password: Failed to change password for domain dom1. Unable to join domain dom1. Can someone help? Thanks, Cam From Volker.Lendecke at SerNet.DE Thu Jun 15 12:17:34 2000 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:30:03 2003 Subject: nmblookup failure In-Reply-To: <14664.20008.61466.394808@wire.cadcamlab.org> References: <14664.20008.61466.394808@wire.cadcamlab.org> Message-ID: On Thu, Jun 15, 2000 at 01:36:44PM +1000, Peter Samuelson wrote: > nmblookup apparently doesn't read smb.conf. So it won't know about > your WINS server, etc. nmblookup does read smb.conf, it only ignores the 'name resolve order' which smbclient does respect. Volker From dci at pitt.edu Thu Jun 15 13:50:31 2000 From: dci at pitt.edu (douglas irvine) Date: Tue Dec 2 02:30:04 2003 Subject: UNIX->smbpasswd synch References: <3947DA3D.4A57B279@pitt.edu> <14663.61263.497501.313263@wire.cadcamlab.org> Message-ID: <3948DF27.5C26A952@pitt.edu> I saw your module and am playing around with it now... it looks like it will work, once I get around the SUID complaints of smbpasswd...I have to remember how to set that for the script that pam_pwexport is running so as it isnot run as suid-root. Doug Irvine Peter Samuelson wrote: > [douglas irvine ] > > I'm running samba 2.0.6 on RedHat 6.2--all standard installs. I would > > like to be able to have the unix accounts have corresponding samba > > accounts, w/ the same passwords. > > See the following, which I announced here yesterday: > > http://peter.cadcamlab.org/misc/pam_pwexport-0.0.tar.gz > > > or if there is another solution using PAM or somehow else > > automatically updating smbpasswd when "passwd" is used on the unix > > side--I would greatly appreciate some direction ;) > > That's exactly what this module does, if you set it up right. It > harvests passwords whenever users type them in (through `login', `ssh', > `passwd', `ftp', etc.), and ships them to a designated program or > script. The README includes an example script that uses `smbpasswd' to > insert the correct password into your Samba password file. > > The Linux-PAM pam_unix module has a bug which prevents my module from > picking up password changes, so you'll need to apply a patch (also > included) to Linux-PAM and rebuild it. > > Peter -- With Windows Millenium MS was able to get the boot time down to 25 seconds. That's almost as short as it's uptime. From Juergen.Nagler at student.uni-ulm.de Thu Jun 15 16:51:17 2000 From: Juergen.Nagler at student.uni-ulm.de (Juergen Nagler) Date: Tue Dec 2 02:30:04 2003 Subject: Samba becomes no domain master browser Message-ID: <39490985.14627A95@student.uni-ulm.de> Hi, running Samba 2.0.6 on a SuSE 6.4 distrib we are not able to register our Samba PDC as domain master browser at a WINS-Server outside our subnet. The relevant entries of our smb.conf should be ok (have read all docs like BROWSING.txt): [global] wins support = no domain master = yes os level = 65 preferred master = yes local master = yes wins server = yyy.yyy.yyy.yyy Now I always see a become_domain_master_query_fail. I try it with various WINS-Server (NT and Samba), but got always the same result. Any ideas what goes wrong? TIA, Juergen [2000/06/15 10:12:49, 0] nmbd/nmbd_logonnames.c:add_logon_names(159) add_domain_logon_names: Attempting to become logon server for workgroup MEDIEN on subnet xxx.xxx.xxx.xxx [2000/06/15 10:12:49, 0] nmbd/nmbd_logonnames.c:add_logon_names(159) add_domain_logon_names: Attempting to become logon server for workgroup MEDIEN on subnet UNICAST_SUBNET [2000/06/15 10:12:49, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(342) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup MEDIEN, subnet UNICAST_SUBNET. [2000/06/15 10:12:49, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(357) become_domain_master_browser_wins: querying WINS server at IP yyy.yyy.yyy.yyy for domain master browser name MEDIEN<1b> on workgroup MEDIEN [2000/06/15 10:12:49, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(118) become_logon_server_success: Samba is now a logon server for workgroup MEDIEN on subnet UNICAST_SUBNET [2000/06/15 10:12:53, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(118) become_logon_server_success: Samba is now a logon server for workgroup MEDIEN on subnet xxx.xxx.xxx.xxx [2000/06/15 10:13:10, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_fail(262) become_domain_master_query_fail: Error 0 returned when querying WINS server for name MEDIEN<1b>. [2000/06/15 10:13:12, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) ***** Samba name server NATHAN2 is now a local master browser for workgroup MEDIEN on subnet xxx.xxx.xxx.xxx ***** [2000/06/15 10:13:33, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(362) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MEDIEN<1b> for the workgroup MEDIEN. Unable to sync browse lists in this workgroup. From mhinzke at hinzke.de Thu Jun 15 18:38:58 2000 From: mhinzke at hinzke.de (Magnus Hinzke) Date: Tue Dec 2 02:30:04 2003 Subject: samba-2.0.7-20000425 as PDC Message-ID: <966739661.20000615203858@hinzke.de> Hello, I'm tring to configure my samba to act as PDC. At the moment all works fine, but I have a big problem to set an domain admin or to set domain users to an Windows NT Group. In my book "Using samba" is talked about the option "domain group map" and so on, but these option aren't working in my smb.conf I can only use the options: domain groups domain admin group etc. But I couldn't find any documentation on that options ... Can anyone help me out about the syntax of these options or tell my how to do it right. In the Samba NT Domain FAQ is also talked about the map files ... Hope somebody understand me (*g*) and can help me! Gruss Magnus Hinzke LINUX, weils Betriebssystem eben ned wurscht ist! -- Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de ------------------------------------------------------------------- Mitglied im Wirtschaftsverband Kopie und Medientechnik http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From dci at pitt.edu Thu Jun 15 18:49:14 2000 From: dci at pitt.edu (douglas irvine) Date: Tue Dec 2 02:30:04 2003 Subject: UNIX->smbpasswd synch References: <3947DA3D.4A57B279@pitt.edu> <14663.61263.497501.313263@wire.cadcamlab.org> Message-ID: <3949252A.AA05750B@pitt.edu> OK, I setup the executable script exactly like your readme says, but I'm getting a "smbpasswd must *NOT* be run setuid root" I can't figure a way around this...Ideas? doug Peter Samuelson wrote: > [douglas irvine ] > > I'm running samba 2.0.6 on RedHat 6.2--all standard installs. I would > > like to be able to have the unix accounts have corresponding samba > > accounts, w/ the same passwords. > > See the following, which I announced here yesterday: > > http://peter.cadcamlab.org/misc/pam_pwexport-0.0.tar.gz > > > or if there is another solution using PAM or somehow else > > automatically updating smbpasswd when "passwd" is used on the unix > > side--I would greatly appreciate some direction ;) > > That's exactly what this module does, if you set it up right. It > harvests passwords whenever users type them in (through `login', `ssh', > `passwd', `ftp', etc.), and ships them to a designated program or > script. The README includes an example script that uses `smbpasswd' to > insert the correct password into your Samba password file. > > The Linux-PAM pam_unix module has a bug which prevents my module from > picking up password changes, so you'll need to apply a patch (also > included) to Linux-PAM and rebuild it. > > Peter -- With Windows Millenium MS was able to get the boot time down to 25 seconds. That's almost as short as it's uptime. From ctooley at joslyn.org Thu Jun 15 20:52:14 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:04 2003 Subject: Windows 95 Original Passwords References: <39490985.14627A95@student.uni-ulm.de> Message-ID: <394941FE.5F4C12E7@joslyn.org> I know that there has been a lot of discussion about 95 original not using encrypted passwords, but I was wondering if anyone knew of a hack that would allow them to send encrypted passwords. Chris Tooley From gcarter at valinux.com Thu Jun 15 19:07:53 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:04 2003 Subject: Windows 95 Original Passwords References: <39490985.14627A95@student.uni-ulm.de> <394941FE.5F4C12E7@joslyn.org> Message-ID: <39492989.A945FC87@valinux.com> Chris Tooley wrote: > > I know that there has been a lot of discussion about 95 > original not using encrypted passwords, but I was wondering > if anyone knew of a hack that would allow them to > send encrypted passwords. Win95 retail release will send encrypted passwords. The change was that later versions would not send a plain text password if the server did not support encryption. All windows clients that I know of support the challenge/response authentication. jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From athena at spindletop.tamu.edu Thu Jun 15 19:06:53 2000 From: athena at spindletop.tamu.edu (Test profile) Date: Tue Dec 2 02:30:04 2003 Subject: Samba-TNG acting as a BDC Message-ID: I am quite new to samba and am not sure this is the list I should be posting to. I have installed samba-tng branch on rh 6.2 and have configured it using the smb.conf file attached, however, I can not seem to get my nt machines to see the domain. I get the error that the domain controller can not be found. I'm sure it is something silly that I have overlooked. Thanks in advance for your help. Lindi Student Technician Education is an admirable thing, but it is as well to remember that nothing is worth knowing can be taught. - Oscar Wilde -------------- next part -------------- [global] #NetBIOS name isn't needed if it's the same as the hostname netbios name = MYBDC workgroup = MYBDC #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /opt/samba-tng/private/domaingroup.map domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need #encrypted passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #we need to specify the PDC on the BDC password server = MYPDC #we don't need to win browser elections if there is a PDC os level = 20 domain master = no preferred master = no local master = no #WINS is the equivalent of DNS for NetBIOS. #There can only be one WINS server i a samba controlled domain wins support = no time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = Z: logon home = \\fileserver\%U logon path = \\fileserver\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba-tng/netlogon writable = no guest ok = no comment = BDC netlogon share From gcarter at valinux.com Thu Jun 15 19:12:52 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:04 2003 Subject: samba-2.0.7-20000425 as PDC References: <966739661.20000615203858@hinzke.de> Message-ID: <39492AB4.42C6E868@valinux.com> Magnus Hinzke wrote: > > But I couldn't find any documentation on that options ... > Can anyone help me out about the syntax of these options or tell > my how to do it right. In the Samba NT Domain FAQ is also talked > about the map files ... They are not implemented in 2.0.x. See the smb.conf man page in 2.0.x for 'domain admin users' and 'domain admin group' Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Juergen.Nagler at student.uni-ulm.de Thu Jun 15 19:13:41 2000 From: Juergen.Nagler at student.uni-ulm.de (Juergen Nagler) Date: Tue Dec 2 02:30:04 2003 Subject: Hooking up References: <3947AF7D.BAD8659@weiinc.com> <3947C037.6B10C5B6@acu.ac.uk> <394823F6.E42E907C@xavier.sa.edu.au> <39482418.3B3DD297@weiinc.com> <39482A53.20130871@xavier.sa.edu.au> Message-ID: <39492AE5.4F616097@student.uni-ulm.de> > They should when WINS is working properly. I can't see your message from > here, but make sure you have all of the > > local master > domain master > preferred master > > options set to yes in smb.conf, as well as the os level=65 line I don't remember if you have an NT as PDC but if so it isn't a good idea to make samba the domain master (IIRC BROWSING.txt of 2.0.6). The same for local and preferred master if the Samba is on the same subnet as the NT-PDC. Juergen From mclaughj at aurora.sunyocc.edu Thu Jun 15 19:48:12 2000 From: mclaughj at aurora.sunyocc.edu (Jennie R. McLaughlin) Date: Tue Dec 2 02:30:04 2003 Subject: No subject Message-ID: I am running Red Hat Linux 6.0. I installed pam_smb and smb 2.0.7. Everything seems to be going well except on the pam_smb site there says there us a bug when you telnet from a host whose IP address is not resolvable to a hostname. It causes login to crash. We are having this problem exactly. It suggested to download the SRPMS for util-linux-2.9.o-13, which I did. Goes fine untill I run patch -p0 "Jennie R. McLaughlin" wrote: > > > > My boss met you at STC and asked me to write you. > > Jennie, > Yes, Paul and I talked for quite a bit. Given your environment, I don't > think you need any extra coding. > > If you don't have it already, I highly recommend the book "Using Samba" > (published by O'Reilly's). I may make some page references to this book. > Also, I highly recommend a tool called webmin ( > http://www.webmin.com/webmin ) for administering you Linux/UNIX box(es). > It is free, and a godsend (you can also configure Samba with it. :) > > I recommend (based on the environment/needs you outlined) using PAM > (pluggable authentication modules). There are a couple good ones for NT > authentication: (NOTE: You'll need to compile Samba with the --with-pam > option to use PAM for Samba authentication (pages 36 and 179) > PAM_NTDOM http://us1.samba.org/samba/ftp/pam_ntdom/ > PAM_SMB http://us1.samba.org/samba/ftp/pam_smb/ > PAM will allow you to have multiple services on the same host share the > same authentication mechanism, eliminating the need for password > synchronization, per se. The only caveat is that the account must exist > in the /etc/passwd file - and the password disabled (a '*' in the > password field). This will not be necessary in near-future versions of > Samba and its sister PAM modules, but is for now. > I also recommend staying "up" on the latest release of Samba (currently > 2.0.7) ( http://us1.samba.org/samba/ftp/samba-latest.tar.gz ) - Yes, > Samba is still "under development", but it is very very usable, and > quite usable in most all environments. > > If you still feel you need code for your solution, let me know, and > I'll send it on. I'll be up front that it is not commented, and quite > obfuscated. The NT programming was all done in Visual BASIC/C++ and the > UNIX-side is all in Perl. > If you're still having problems, feel free to e-mail me- I'm more than > happy to help- If push comes to shove, I can give you a few hours of my > time on-site. > > > Enjoy! > -- > > Matthew Keller > Lead Programmer/Analyst > Distributed Computing/Telemedia > Information Services Division > State University of New York at Potsdam > > Website: http://mattwork.potsdam.edu/ > PGP: http://mattwork.potsdam.edu/crypto/ > Webcam: http://webcam.mattwork.potsdam.edu:85/ > -------------- next part -------------- *************** *** 354,381 **** *p = 0; hostname = optarg; { - struct hostent *he = gethostbyname(hostname); - if (he) { - if(he->h_addr_list) { - - int x=0,y=0; - - while(he->h_addr_list[x]!=NULL) x++; - - memcpy(&hostaddress, he, sizeof(hostaddress)); - - hostaddress.h_addr_list = (char **) malloc (sizeof (char *) * x); - - while (yh_addr_list[y], hostaddress.h_length); - y++; - } } - } else { - memset(&hostaddress, 0, sizeof(hostaddress)); - } } break; --- 354,365 ---- *p = 0; hostname = optarg; { + struct hostent *he = gethostbyname(hostname); + if (he) { + memcpy(&hostaddress, he, sizeof(hostaddress)); + } else { + memset(&hostaddress, 0, sizeof(hostaddress)); } } break; From ggeorge at digisolv.com Thu Jun 15 19:48:06 2000 From: ggeorge at digisolv.com (Gerry George) Date: Tue Dec 2 02:30:04 2003 Subject: NT Domain to establish Trust with SAMBA Message-ID: <4.3.2.20000615154630.04094780@mail.digisolv.com> I have one ( and soon to have many more) SAMBA networks established. It is connected via a WAN link to a NT-Based domain (NT4). Some of my Samba users need to access the NT domain. I need to establish a one-way trust from Samba to the NT domain so that my users can be authenticated against the NT domain. I am NOT using the CVS branch. Is this possible or do I need CVS? Note that there is no need for me to trust them (NT). Optionally, can I simply choose to synchronize usernames & passwords (yeech!) to achieve similar results? G. George Gerry E. George Information Technology Specialist, DigiSolv, Inc. http://www.digisolv.com .. From ZolnOtt at t-online.de Thu Jun 15 07:17:24 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:04 2003 Subject: Hooking up In-Reply-To: <3947CD53.BCDB62F3@weiinc.com> References: <3947AF7D.BAD8659@weiinc.com> <3947C037.6B10C5B6@acu.ac.uk> <3947CD53.BCDB62F3@weiinc.com> Message-ID: <00061509235700.00354@zolnott> Hallo Mike! I hope, that i can help you First question: Do you use testparm for your smb.conf > Mike; > > Here is the config file. Where did I goof? > > [global] > workgroup = weidom > log file = /var/log/samba/log.%m > max log size = 50 > security = domain > password server = weidomosb > encrypt passwords = yes > smb passwd file = /etc/smbpasswd > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > domain controller = weidomosb > wins support = yes > dns proxy = no > unix password sync = yes > comment = Auxillary File Server > netbios name = auxfs > map to guest = never > password level = 0 > null passwords = no > os level = 0 > preferred master = no > domain master = no > dead time = 0 > debug level = 0 > load printers = no > > [homes] > comment = Home Directories > browseable = no > writable = yes > > [netlogon] > comment = Network Logon Service > path = /home/netlogon > guest ok = yes > writable = no > share modes = no > > [public] > path = /shares > public = yes > only guest = yes > writable = yes > printable = no > comment = Auxillary System Share > browseable = yes > guest only = no > only user = no Only guest and guest only are the same. One time you say no and the other you say yes. I work with only guest = no. See 3 in your first Hooking-up-Mail. Perhaps you have problems, because you use guest only > > Mike Brodbelt wrote: > > > Mike Westkamper wrote: > > > > > > As long-time lurker here with a couple of successful installs I thought > > > this one would be a breeze. No so. > > > I have the RedHat 6.1 distribution set up on an Intel box. SAMBA 2.0.6 > > > is configured as a member of an NT domain. The PDC is a NT 4.0(sp5) box. > > > I followed the HOWTO on SAMBA.org web site for setting up SAMBA as a > > > member. From the Linux system it reports that it joined the domain. From > > > command line on an NT system I can NET USE the share (NET USE K: > > > \\192.168.1.100\public) and read access the files in the share. > > > > > > Three problems... > > > > > > 1. The PDC server manager reports "Network path not found" when I > > > attempt to look at the Linux/SAMBA Server. > > > 2. The Linux/SAMBA box does not appear on browse (Network) desktop > > > folders on any NT boxes > > > > Both of these are related to NetBIOS naming problems. Need more info to > > solve really... Try posting your smb.conf. Broadcast resolution isn't > > working, but you've got at least some functionality as p-node resolution > > (used when you type "net use") is OK. > > > > > 3. I cannot seem to write onto the shared drive. > > > > Check that the share is set to read/write in smb.conf. Then check that > > the Windows user attached to the share maps to a Unix user with > > permissions to write files in that directory. Samba doesn't override > > underlying filesystem permissions.... > > > > HTH, > > > > Mike From pjdc at eircom.net Thu Jun 15 22:01:13 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:04 2003 Subject: samba-2.0.7-20000425 as PDC In-Reply-To: Gerald Carter's message of "Fri, 16 Jun 2000 05:18:08 +1000" References: <966739661.20000615203858@hinzke.de> <39492AB4.42C6E868@valinux.com> Message-ID: >>>>> "Gerald" == Gerald Carter writes: Gerald> Magnus Hinzke wrote: >> >> But I couldn't find any documentation on that options ... >> Can anyone help me out about the syntax of these options or tell >> my how to do it right. In the Samba NT Domain FAQ is also talked >> about the map files ... Gerald> They are not implemented in 2.0.x. See the smb.conf man page Gerald> in 2.0.x for 'domain admin users' and 'domain admin group' For completeness, please note that the map options *are* in Samba TNG. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Linux: it's just this operating system, you know?" From pilsl at goldfisch.atat.at Thu Jun 15 22:16:54 2000 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:30:04 2003 Subject: UID <-> ntuser.dat Message-ID: <20000616001654.E4814@goldfisch.atat.at> samba 2.06a as domainserver for nt4-clients. I run into the problem that I unfortunately gave the same uid to a machine and a user, so I changed the uid of the user and changed the perms of all the user-files to its new uid and also thought of changing the uid in the smbpasswd-file. when the user logged on again, his profile was readonly (no writing to the registry) and windows tried to initialize the account at each logon. (welcome to window, ie4-setup etc.) I finally had to create a new profile for this user. what went wrong ? thanks, peter -- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl@max.mail.at pgp-key available From D.Bannon at latrobe.edu.au Thu Jun 15 22:59:44 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:04 2003 Subject: samba-2.0.7-20000425 as PDC In-Reply-To: <966739661.20000615203858@hinzke.de> Message-ID: <3.0.6.32.20000616085944.008774e0@bioserve.latrobe.edu.au> At 04:41 AM 16/06/2000 +1000, Magnus Hinzke wrote: >Hello, > > I'm tring to configure my samba to act as PDC..... Please look at some notes I have written on the differences between the samba versions on http://bioserve.latrobe.edu.au/samba. I think your questions are answered there. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Thu Jun 15 23:11:23 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:04 2003 Subject: UNIX->smbpasswd synch In-Reply-To: <3949252A.AA05750B@pitt.edu> References: <3947DA3D.4A57B279@pitt.edu> <14663.61263.497501.313263@wire.cadcamlab.org> Message-ID: <3.0.6.32.20000616091123.0087a4d0@bioserve.latrobe.edu.au> At 04:46 AM 16/06/2000 +1000, douglas irvine wrote: >OK, I setup >the executable script exactly like your readme says, but I'm getting a >"smbpasswd must *NOT* be run setuid root" > >I can't figure a way around this...Ideas? > I have not looked at this new pam_export programme but do remember something about smbpasswd and this messsage. The background might help people working on it. Early versions of the programme smbpasswd were run suid, when Luke (?) changed that for security reasons he decided to make sure that everyone realised that it should no longer be suid and put a couple of line in that detect if it is. Unfortunatly, it also detects when smbpasswd is called by an other programme that is suid itself ! The code that does the detection is easily found in smbpasswd and disabled, its not really required now that virtually no one has such an old version of samba that they would be running smbpasswd as suid. I had some notes on how to change the source (to allow it to work with a programme that would write to smbpasswd whenever people changed their unix passwd). I'll dig it out if anyone wants it. David > >Peter Samuelson wrote: > >> [douglas irvine ] >> > I'm running samba 2.0.6 on RedHat 6.2--all standard installs. I would >> > like to be able to have the unix accounts have corresponding samba >> > accounts, w/ the same passwords. >> >> See the following, which I announced here yesterday: >> >> http://peter.cadcamlab.org/misc/pam_pwexport-0.0.tar.gz >> >> > or if there is another solution using PAM or somehow else >> > automatically updating smbpasswd when "passwd" is used on the unix >> > side--I would greatly appreciate some direction ;) >> >> That's exactly what this module does, if you set it up right. It >> harvests passwords whenever users type them in (through `login', `ssh', >> `passwd', `ftp', etc.), and ships them to a designated program or >> script. The README includes an example script that uses `smbpasswd' to >> insert the correct password into your Samba password file. >> >> The Linux-PAM pam_unix module has a bug which prevents my module from >> picking up password changes, so you'll need to apply a patch (also >> included) to Linux-PAM and rebuild it. >> >> Peter > >-- >With Windows Millenium MS was able to get the boot time down to 25 seconds. >That's almost as short as it's uptime. > > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Thu Jun 15 23:15:03 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:04 2003 Subject: samba-2.0.7-20000425 as PDC In-Reply-To: <39492AB4.42C6E868@valinux.com> References: <966739661.20000615203858@hinzke.de> Message-ID: <3.0.6.32.20000616091503.0087ea40@bioserve.latrobe.edu.au> At 05:18 AM 16/06/2000 +1000, Gerald Carter wrote: >Magnus Hinzke wrote: >> >> But I couldn't find any documentation on that options ... >> Can anyone help me out about the syntax of these options or tell >> my how to do it right. In the Samba NT Domain FAQ is also talked >> about the map files ... > >They are not implemented in 2.0.x. See the smb.conf man page >in 2.0.x for 'domain admin users' and 'domain admin group' Gerald, unless I am mistaken, the entry in smb.conf man pages tell the reader to join this mailing list. Thats why I put a couple of web pages together on the subject. See : http://bioserve.latrobe.edu.au/samba ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From peter at cadcamlab.org Thu Jun 15 23:16:50 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:04 2003 Subject: UNIX->smbpasswd synch References: <3947DA3D.4A57B279@pitt.edu> <14663.61263.497501.313263@wire.cadcamlab.org> <3949252A.AA05750B@pitt.edu> Message-ID: <14665.24558.728188.31740@wire.cadcamlab.org> [douglas irvine ] > OK, I setup the executable script exactly like your readme says, but > I'm getting a "smbpasswd must *NOT* be run setuid root" Umm, I did not actually test my smbpasswd script, because I don't have the right setup handy. Sorry about that. Try this (still untested): - /usr/local/samba/bin/smbpasswd -s -r "$ntserver" -U "$u" + su "$u" -c "/usr/local/samba/bin/smbpasswd -s -r '$ntserver' -U '$u'" Peter From magnus at hig.se Thu Jun 15 23:42:41 2000 From: magnus at hig.se (Magnus Larsson) Date: Tue Dec 2 02:30:04 2003 Subject: Read USERS from NIS+ Message-ID: Hi! I have what I think anyway a small problem. I have samba 2.0.7 running as PDC and NT machines that connects to the domain. When I do this I can connect to the domain with the Server Manager, but when I try to do the same in the User Manager it tries to do it with low speed connection. But when it does it with Low Speed Connection I can administrate the users and groups. I think that this is because I have so many users so that it takes to long time. Is there any settings in samba I can do to solve this problem so that I can read the users even if it takes long time without the NT machine going down to Low Speed Connection? //Magnus Larsson From gcarter at valinux.com Thu Jun 15 23:49:48 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:04 2003 Subject: samba-2.0.7-20000425 as PDC References: <966739661.20000615203858@hinzke.de> <3.0.6.32.20000616091503.0087ea40@bioserve.latrobe.edu.au> Message-ID: <39496B9C.1EAFC006@valinux.com> David Bannon wrote: > > Gerald, unless I am mistaken, the entry in smb.conf man > pages tell the reader to join this mailing list. Thats why I > put a couple of web pages together on the subject. > See : http://bioserve.latrobe.edu.au/samba We'll that's a stupid recursive solution then isn;t it?! :-\ The man pages, not your pages :-) ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pmal at space.gr Fri Jun 16 06:30:44 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:30:04 2003 Subject: Samba and DNS References: <966739661.20000615203858@hinzke.de> <3.0.6.32.20000616091503.0087ea40@bioserve.latrobe.edu.au> <39496B9C.1EAFC006@valinux.com> Message-ID: <00e901bfd75c$666c4d40$04aa000a@space.gr> Dear all, Here is my problem. I have a slackbox running samba 2.0.6 that uses an NT wins server. I also have a DNS on linux. Whenever my dns failes (for some reason) hosts that have no entry on the DNS server but are indeed found on the wins cannot connect to the samba server. They get "The network is busy" and the smb log files give me "broken pipe". As soon as the DNS is back on line...all is well. I've read the O'Reillys book on name resolution but came up with nothing. Any ideas? Thanx From krautstrunk at managementakademie.de Fri Jun 16 08:33:26 2000 From: krautstrunk at managementakademie.de (Olaf Krautstrunk) Date: Tue Dec 2 02:30:04 2003 Subject: samba-2.0.7-20000425 as PDC In-Reply-To: <966739661.20000615203858@hinzke.de> Message-ID: On 15-Jun-00 Magnus Hinzke wrote: > Hello, > > I'm tring to configure my samba to act as PDC. At the moment all > works fine, but I have a big problem to set an domain admin or to > set domain users to an Windows NT Group. In my book "Using > samba" is talked about the option "domain group map" and so on, > but these option aren't working in my smb.conf I can only use > the options: > Magnus Hinzke > > LINUX, weils Betriebssystem eben ned wurscht ist! Maybe if you create a Usergroup with the ID 500, it could help. NT Administratorgroup ID is 500, so you must create the same on the Linux machine. E-Mail: Olaf Krautstrunk Management Akademie Goettingen, Weender Landtsr. 3, 37073 Goettingen Tel.: +49 0551/82000-187 Fax: +49 0551/82000-191 Date: 16-Jun-00 Time: 10:29:45 From gcarter at valinux.com Fri Jun 16 07:03:09 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:04 2003 Subject: Samba and DNS References: <966739661.20000615203858@hinzke.de> <3.0.6.32.20000616091503.0087ea40@bioserve.latrobe.edu.au> <39496B9C.1EAFC006@valinux.com> <00e901bfd75c$666c4d40$04aa000a@space.gr> Message-ID: <3949D12D.27A654BC@valinux.com> Panagiotis Malakoudis wrote: > > Here is my problem. I have a slackbox running samba 2.0.6 > that uses an NT wins server. I also have a DNS on linux. > Whenever my dns failes (for some reason) hosts that have no > entry on the DNS server but are indeed found on the wins > cannot connect to the samba server. They get "The network is > busy" and the smb log files give me "broken pipe". As soon as > the DNS is back on line...all is well. I've read the O'Reillys > book on name resolution but came up with nothing. Any ideas? This is better suited for the main samba list since it is not related to Samba's domain controlling capabilities. I'm CC:'ing it there as well. Have a look at the 'dns proxy' parameter and the 'name resolve order' parameter as well. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lauffer at ph-freiburg.de Fri Jun 16 09:06:37 2000 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:30:04 2003 Subject: Samba becomes no domain master browser In-Reply-To: <39490985.14627A95@student.uni-ulm.de> Message-ID: Hi Juergen! > running Samba 2.0.6 on a SuSE 6.4 distrib we are not able to register 2.0.6 has got an uggly bug... maybe... > [global] > wins support = no > domain master = yes > os level = 65 > preferred master = yes > local master = yes > wins server = yyy.yyy.yyy.yyy ...you?re using also: interfaces = aaa.bbb.ccc.ddd/netmask 127.0.0.1 bind interfaces only = true In this case, nmbd is trying to register 127.0.0.1 on the WINS server. If this happens, you can find 127.0.0.1 in the logfiles... looks like this: --- [2000/02/07 12:25:47, 0] nmbd/nmbd_namerelease.c:release_name(233) release_name: Failed to send packet trying to release name LINUX-AG<00> IP 127.0.0.1 [2000/02/07 12:25:47, 0] libsmb/nmblib.c:send_udp(755) Packet send failed to xxx.xxxx.xxx.xxx(137) ERRNO=Invalid argument --- > nmbd/nmbd_become_dmb.c:become_domain_master_query_fail(262) > become_domain_master_query_fail: Error 0 returned when querying WINS > server for name MEDIEN<1b>. hm... this looks strange, i don?t know about " Error 0 returned when querying WINS". You should have a look at nmbd/nmbd_become_dmb.c in the sources of samba. In most cases you can find out, what this error means. But best of all is to update to 2.0.7. There?s a rpm package from suse on: ftp://ftp.suse.com/pub/suse_update/6.4/n1/samba-2.0.7-13.i386.rpm Hope your problem will be solved with the actuall, stable version of samba. Good luck! Liebe Gruesse, yours, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ Abteilung ZIK: WWW ] [ Tel.: 0761 - 682 459 Mobil: 0172 - 7145 197 ] From m.brodbelt at acu.ac.uk Fri Jun 16 09:59:13 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:30:04 2003 Subject: Hooking up References: <3947AF7D.BAD8659@weiinc.com> <3947C037.6B10C5B6@acu.ac.uk> <394823F6.E42E907C@xavier.sa.edu.au> <39482418.3B3DD297@weiinc.com> <39482A53.20130871@xavier.sa.edu.au> <39492AE5.4F616097@student.uni-ulm.de> Message-ID: <3949FA71.E24F4ADE@acu.ac.uk> Juergen Nagler wrote: > > > They should when WINS is working properly. I can't see your message from > > here, but make sure you have all of the > > > > local master > > domain master > > preferred master > > > > options set to yes in smb.conf, as well as the os level=65 line > > I don't remember if you have an NT as PDC but if so it isn't a good idea > to make samba the domain master (IIRC BROWSING.txt of 2.0.6). The same > for local and preferred master if the Samba is on the same subnet as the > NT-PDC. Indeed. I originally sent this to the wrong list (oops), so here it is again... > > Mike Westkamper wrote: > > > > > > None of the connected systems seem to browse the Linux box. I have '95, '98, > > NT4, and NT5(2k) systems connected. > > They should when WINS is working properly. I can't see your message from > here, but make sure you have all of the > > local master > domain master > preferred master > > options set to yes in smb.conf, as well as the os level=65 line Danger!!! If you set the options as above, then your Samba box will become a domain master browser for its domain. I'll register the NetBIOS name for that domain, and your NT PDC will lose the election. PDC's don;t expect this to happen, and are caught unprepared by it. From the Samba docs:- Note that you should NOT set Samba to be the domain master for a workgroup that has the same name as an NT Domain: on each wide area network, you must only ever have one domain master browser per workgroup, regardless of whether it is NT, Samba or any other type of domain master that is providing this service. Your PDC may well fall over quite spectacularly if you do this. If you have an NT WINS server on your network, set wins support to no, and set the wins server option to be the IP address of that box. If you have no WINS server, either simply set wins support to no, and live with broadcast based resolution, or set up a WINS server. If you want to use Samba as your WINS server, oyu need these parameters set:- wins support = yes name resolve order = wins lmhosts hosts bcast You can also set dns proxy =yes, and it's probabaly a good idea. HTH Mike. From cameron.ough at intel.com Fri Jun 16 10:55:27 2000 From: cameron.ough at intel.com (Ough, Cameron) Date: Tue Dec 2 02:30:04 2003 Subject: Solaris SAMBA - NT Dom user problem Message-ID: Can someone help? I have managed to add my Solaris 8 box running Samba 2.0.6 to the NT domain as a member (good, so far). Solution was to add the ip address of the PDC to the hosts file as NetBios could not resolve it. I have added a user to the local user group, but on restart Samba doesn't see the network. The PDC is on a domain called 'SUBDOM1' and named 'SUBDOMPDC1'. The user, however, needs to log on to a domain called 'DOM1', which I assume should be the domain listed in SMB.conf? The local user has the same name and password as he would on DOM1. Can someone point out the mistake? From cameron.ough at intel.com Fri Jun 16 10:57:15 2000 From: cameron.ough at intel.com (Ough, Cameron) Date: Tue Dec 2 02:30:04 2003 Subject: System name not remembered at startup ... Message-ID: ANother problem, When DNS pulls an IP address, it is not returning the name of the local system from the NT PDC. Why? Everytime I restart the hostname reverts to 'unknown'. From lauffer at ph-freiburg.de Fri Jun 16 11:35:58 2000 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:30:05 2003 Subject: Samba becomes no domain master browser In-Reply-To: <394A0DB0.E023E222@student.uni-ulm.de> Message-ID: Hi! > yes, though I temporary deactivated 127.0.0.1 and this sort of logs > disappeared. Is there a chance to fix this in 2.0.6 or 2.0.7 (don't > getting localhost announced). in 2.0.6 there?s only one posibillity - you had to deactivete 127.0.0.1 (or fix nmbd_nameregister.c... i think it should be done in the "multihomed" section... maybe up from line 299. I?m not a good programmer, in deed i?m not a programmer at all.) 2.0.7 doesn?t try to register 127.0.0.1 I didn?t found the exact change to 2.0.6 in change.log, which solve this bug. It must be fixed indirect by some other changes. > When I found out whether the problem was 2.0.6 I will report. fine. (sorry all form my bad english...) Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ Abteilung ZIK: WWW ] [ Tel.: 0761 - 682 459 Mobil: 0172 - 7145 197 ] From weingfra at goeschwitz.jena.thur.de Fri Jun 16 11:34:08 2000 From: weingfra at goeschwitz.jena.thur.de (Frank Weingart ) Date: Tue Dec 2 02:30:05 2003 Subject: problems joining nt-boxes to samba-controlled domain Message-ID: <00061614033800.01890@s4213> Hallo all, first sorry about my english, hope it is not to terrible. My problem: I'm using samba 2.0.7pre4 on SuSE Linux 6.3 kernel 2.2.13. I like to get samba working as an PDC for the domain test. Compiling was fine, I used the following options: ./configure --prefix=/system/samba --with-automount --with-smbmount --with-pam --with-profile --with-quotas --with-msdfs --with-privatedir=/system/samba/private --with-lockdir=/var/lock/samba --with-swatdir=/system/samba/swat --with-sambabook=/system/samba/swat/using_samba I created the machine-account for the nt-box in /etc/passwd and with smbpasswd -a -m c4214-10$. Now I would join the domain with the nt-box. I changed the entry fom workgroup to domain and get the following message: "The update of local security to become a domain member was not possible." in german: "Aktualisieren der lokalen Sicherheit, um Mitglied der Domäne zu werden, nicht möglich." (original message) There is not any help from NT. By the way, I can see the samba PDC in the network and I can browse and connect to some shares with a valid samba-user. Are there any hints? I will add my smb.conf and the logs as tgz. Thanks for help. Frank. -------------- next part -------------- A non-text attachment was scrubbed... Name: samba-conf-log.tgz Type: application/x-gzip Size: 14774 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000616/f2e4cba5/samba-conf-log.bin From mg at plum.de Sat Jun 17 12:47:44 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:05 2003 Subject: problems joining nt-boxes to samba-controlled domain References: <00061614033800.01890@s4213> Message-ID: <012701bfd85a$3bbcfa00$0201010a@defiant> > Hallo all, > > first sorry about my english, hope it is not to terrible. > My problem: > I'm using samba 2.0.7pre4 on SuSE Linux 6.3 kernel 2.2.13. > I like to get samba working as an PDC for the domain test. Compiling was > fine, I used the following options: > /configure --prefix=/system/samba > --with-automount > --with-smbmount > --with-pam > --with-profile > --with-quotas > --with-msdfs > --with-privatedir=/system/samba/private > --with-lockdir=/var/lock/samba > --with-swatdir=/system/samba/swat > --with-sambabook=/system/samba/swat/using_samba > > I created the machine-account for the nt-box in /etc/passwd and with > smbpasswd -a -m c4214-10$. > Now I would join the domain with the nt-box. I changed the entry fom > workgroup to domain and get the following message: > "The update of local security to become a domain member was not possible." > in german: > "Aktualisieren der lokalen Sicherheit, um Mitglied der Dom?ne zu werden, > nicht m?glich." (original message) > There is not any help from NT. By the way, I can see the samba PDC in the > network and I can browse and connect to some shares with a valid > samba-user. Are there any hints? > I will add my smb.conf and the logs as tgz. > a few points: --with-pam is useless (?) because you need encrypted passwords --with-profile does enable profiling (i.e. speed measuring), you probably don't need it. in your smb.conf: - update-encrypted does not work when encrypt passwords=yes (but probably won't harm) - you should use "wins server = yes", as in ur logfiles, client send wins requests to samba It could be a problem with the nt-client. does the same message appear from all workstations ? (I remember this one, but I was experimenting with TNG, completely re-installing TCP-IP solved it) regards, Michael -- http://www.sambahq.de/ From mhinzke at hinzke.de Fri Jun 16 14:19:23 2000 From: mhinzke at hinzke.de (Magnus Hinzke) Date: Tue Dec 2 02:30:05 2003 Subject: compiling error Message-ID: <8022406268.20000616161923@hinzke.de> Hello, I tried to compile the cvs from today (16.6.00), to try the newest features. But I get an error file make: Compiling rpc_server/srv_pipe.c Compiling lib/domain_namemap.c lib/domain_namemap.c:179: conflicting types for `map_wk_name_to_sid' include/proto.h:377: previous declaration of `map_wk_name_to_sid' make: *** [lib/domain_namemap.o] Error 1 I only used 'configure --prefix=/opt/samba-tng && make' It's my first time that I use cvs, so sorry about this question. It would be realy cool if someone could help me ... cu Magnus Linux - Innovate your world -- Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de ------------------------------------------------------------------- Mitglied im Wirtschaftsverband Kopie und Medientechnik http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From dci at pitt.edu Fri Jun 16 14:29:34 2000 From: dci at pitt.edu (douglas irvine) Date: Tue Dec 2 02:30:05 2003 Subject: UNIX->smbpasswd synch References: <3947DA3D.4A57B279@pitt.edu> <14663.61263.497501.313263@wire.cadcamlab.org> <3949252A.AA05750B@pitt.edu> <14665.24558.728188.31740@wire.cadcamlab.org> Message-ID: <394A39CE.D8313EC6@pitt.edu> Well, that got rid os the suid problem... butmade another ;) Now it is complaining "standard in must be a tty" as the error output from the su command run from the pam_pwexport executed script. I think I might have to hack the smbpasswd source to get rid of the suid check... However if I do something inane like make an idiot script... #!/bin/sh u="gandalf" su $u -c ls ...and execute that (not through pam_pwexport) it will run the su'd command. Try the same script through pam_pwexport and it gives the "std in must be a tty" I know I'm missing something here...but im'stumped again ;) doug Peter Samuelson wrote: > [douglas irvine ] > > OK, I setup the executable script exactly like your readme says, but > > I'm getting a "smbpasswd must *NOT* be run setuid root" > > Umm, I did not actually test my smbpasswd script, because I don't have > the right setup handy. Sorry about that. > > Try this (still untested): > > - /usr/local/samba/bin/smbpasswd -s -r "$ntserver" -U "$u" > + su "$u" -c "/usr/local/samba/bin/smbpasswd -s -r '$ntserver' -U '$u'" > > Peter -- With Windows Millenium MS was able to get the boot time down to 25 seconds. That's almost as short as it's uptime. From rsieben at multilog.de Fri Jun 16 14:28:38 2000 From: rsieben at multilog.de (Rene Sieben) Date: Tue Dec 2 02:30:05 2003 Subject: Seperate file for each share Message-ID: <394A3995.53508078@multilog.de> Hi folks, I'd like to know how I can implement a share as a seperate file. How do I have to configure the smb.conf. And how must the seperate file look like. Thanks in advanced Rene Sieben From HughFoster at Servisair.com Fri Jun 16 14:45:20 2000 From: HughFoster at Servisair.com (Hugh Foster) Date: Tue Dec 2 02:30:05 2003 Subject: Get off my case!!! Message-ID: <4802E9DC1226D211AD6800805FF5796A012A57D5@Apollo> I have only joined this list to try and resolve this problem! I'm the email administrator for the Servisair domain, and one of our ex-employees is subscribed to at least one of your mailing lists. Vast numbers of messages are therefore dropping on me as the Inbound Failures victim! Please would you unsubscribe the address martinpowell@servisair.co.uk >From all mailing lists under your control, as this is no longer a valid email address. Thanks! Your web site is of no use, there's no administrator's mailbox address and samba-bugs doesn't work. Will you PLEASE delete this man from your list as I'm sick and tired of 50+ duff messages a day. You must be getting bounces from these; why haven't you already done something? From matty at samba.org Fri Jun 16 14:58:35 2000 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:30:05 2003 Subject: Get off my case!!! In-Reply-To: <4802E9DC1226D211AD6800805FF5796A012A57D5@Apollo>; from HughFoster@Servisair.com on Sat, Jun 17, 2000 at 12:44:02AM +1000 References: <4802E9DC1226D211AD6800805FF5796A012A57D5@Apollo> Message-ID: <20000617005835.A19493@cifs.org> On Sat, Jun 17, 2000 at 12:44:02AM +1000, Hugh Foster wrote: > > Please would you unsubscribe the address > > martinpowell@servisair.co.uk > > From all mailing lists under your control, as this is no longer a valid > email address. Done. Above e-mail address unsubscribed from samba-ntdom, samba-announce, and samba-docs mailing lists. Cheers, Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From skvidal at phy.duke.edu Fri Jun 16 14:52:06 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:05 2003 Subject: Seperate file for each share In-Reply-To: <394A3995.53508078@multilog.de> Message-ID: > I'd like to know how I can implement a share as a seperate file. How do > I have to configure the smb.conf. And how must the seperate file look > like. > include [sharename].conf in your smb.conf and only put the share in there. that will do it. -sv From mcf at augustmail.com Fri Jun 16 17:46:15 2000 From: mcf at augustmail.com (Michael C. Ferguson) Date: Tue Dec 2 02:30:05 2003 Subject: compiling error References: <8022406268.20000616161923@hinzke.de> Message-ID: <008a01bfd7ba$c57f33c0$798b57d8@august.net> > Compiling lib/domain_namemap.c > lib/domain_namemap.c:179: conflicting types for `map_wk_name_to_sid' > include/proto.h:377: previous declaration of `map_wk_name_to_sid' > make: *** [lib/domain_namemap.o] Error 1 I got the same error, using "./configure --with-profiles --with-pam \ --with-smbmount --with-krb5=/usr/kerberos --with-ssl \ --with-sslinc=/usr/local/include/openssl". I'm running RH6.2, Linux 2.2.16, and OpenSSL 0.9.5a. My C++ is very rusty, but it seems like namespaces might be a better option than declared static functions ? I have a few other newbish unrelated questions... If I compile with Kerberos 5, will 98 clients authenticate using it? Same with SSL, will sockets be encrypted if I compile with SSL support? This is my first time to really mess with both these options; I'm completely clueless as to what they accomplish. The current build I'm using (cvs on 6/14) was compiled with krb5 and works well. Thanks, Michael C. Ferguson mcf@augustmail.com From mjwestkamper at weiinc.com Fri Jun 16 18:03:24 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:05 2003 Subject: Hooking up References: <3947AF7D.BAD8659@weiinc.com> <3947C037.6B10C5B6@acu.ac.uk> <394823F6.E42E907C@xavier.sa.edu.au> <39482418.3B3DD297@weiinc.com> <39482A53.20130871@xavier.sa.edu.au> <39492AE5.4F616097@student.uni-ulm.de> <3949FA71.E24F4ADE@acu.ac.uk> Message-ID: <394A6BEC.D3879108@weiinc.com> Each day I get closer. I successfully joined the domain, to wit... [root@auxfs bin]# smbpasswd -j WEIOSB -r weidomosb 2000/06/16 12:20:16 : change_trust_account_password: Changed password for domain WEIOSB. Joined domain WEIOSB. The big problem remains. None of the windows boxes seem able to browse the Linux/SAMBA box. The HOSTNAME and NETBIOS names are auxfs. The NT PDC apparently "sees" auxfs since the Server Administration program reports "Specified Network Password Incorrect". Any suggestions will be appreciated. With this seemingly my last hurdle I offer a couple of observations... The assistance here is great! SAMBA is a better SMB system than any windows variant. I appreciate its evolution and the tremendous effort by those here. When the PDC support is on-line a lot of NT systems will go. Some things I learned that may help others... The UNIX permissions must be set since SAMBA relies on the underlying system. This mentioned on the HOWTO for SWAT but with little detail. I blundered through it, however still do not know a preferred way to do it. I am still a bit fuzzy about the permissions and groups as it relates to SAMBA using NT as a PDC. Perhaps a dissertation on this would be applicable in the HOWTO. SWAT is a good tool, however it allows you to make some pretty obvious, conflicting entries. If I knew more about the parameters I would write a JAVA script to help make it a bit more forgiving. Of course if I knew more about it I wouldn't be asking all these dumb questions. Somehow SWAT creates a configuration other than /etc/smb.conf. Or least it appears so. If I look at /etc/smb.conf I see one thing, if I view the configuration with SWAT I get another. Mike Mike Brodbelt wrote: > Juergen Nagler wrote: > > > > > They should when WINS is working properly. I can't see your message from > > > here, but make sure you have all of the > > > > > > local master > > > domain master > > > preferred master > > > > > > options set to yes in smb.conf, as well as the os level=65 line > > > > I don't remember if you have an NT as PDC but if so it isn't a good idea > > to make samba the domain master (IIRC BROWSING.txt of 2.0.6). The same > > for local and preferred master if the Samba is on the same subnet as the > > NT-PDC. > > Indeed. I originally sent this to the wrong list (oops), so here it is > again... > > > > > Mike Westkamper wrote: > > > > > > > > > > None of the connected systems seem to browse the Linux box. I have '95, '98, > > > NT4, and NT5(2k) systems connected. > > > > They should when WINS is working properly. I can't see your message from > > here, but make sure you have all of the > > > > local master > > domain master > > preferred master > > > > options set to yes in smb.conf, as well as the os level=65 line > > Danger!!! If you set the options as above, then your Samba box will > become a domain master browser for its domain. I'll register the NetBIOS > name for that domain, and your NT PDC will lose the election. PDC's > don;t expect this to happen, and are caught unprepared by it. From the > Samba docs:- > > Note that you should NOT set Samba to be the domain master for a > workgroup that has the same name as an NT Domain: on each wide area > network, you must only ever have one domain master browser per > workgroup, > regardless of whether it is NT, Samba or any other type of domain master > that is providing this service. > > Your PDC may well fall over quite spectacularly if you do this. > > If you have an NT WINS server on your network, set wins support to no, > and set the wins server option to be the IP address of that box. > > If you have no WINS server, either simply set wins support to no, and > live with broadcast based resolution, or set up a WINS server. If you > want to use Samba as your WINS server, oyu need these parameters set:- > > wins support = yes > name resolve order = wins lmhosts hosts bcast > > You can also set dns proxy =yes, and it's probabaly a good idea. > > HTH > > Mike. From jwhamps at ilstu.edu Fri Jun 16 18:30:57 2000 From: jwhamps at ilstu.edu (Jeffrey W. Hampson) Date: Tue Dec 2 02:30:05 2003 Subject: Printer Choose Message-ID: Hey all, maybe this is a little off the subject, but is there a place to get print drivers? or perhaps there is a good generic driver to use that is better than another? I only have HP printers if that helps. Thanks, Jeff -------------- next part -------------- HTML attachment scrubbed and removed From bgmilne at ing.sun.ac.za Fri Jun 16 18:51:34 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:30:05 2003 Subject: Printer Choose References: Message-ID: <394A7735.2F799CE0@ing.sun.ac.za> Don't you think this is a _REALLY_ bad place to post this. This list is _NOT_ comp.os.linux.hardware, comp.protocols.smb (general samba stuff), comp.os.linux.hardware or any other general linux-printing related newsgroup. This is a mailing list that sends email to everyone on the list (unlike a newsgroup where you can choose when you want to access non-urgent messages), some people who have limited bandwidth but need to read posts relating _ONLY_ to windows domain support in samba. 20-50 mails per day is already too much for me too read ! Anyway, your best bet is the distributor of the unix you're using. In the case of a linux that uses RPMs, you might be able to use Redhat's printfilters and their printtool program (support all HP laserjets and deskjets to some extent). Finding and installing the rpms which you get from http://www.rpmfind.net or you local redhat mirror is something you will have to learn by reading man pages, HOWTOs, or an appropriate newsgroup. If you are running a commercial unox, go ask them. If you are using a different distro, ask the appropriate newsgroup. Another option is using CUPS (search on freshmeat.net) I'm sorry if you take the brunt of my pent up frustration to the many unrelated posts that are on the mailing list. Buchan P.S. Please do not post in HTML "Jeffrey W. Hampson" wrote: > Hey all, maybe this is a little off the subject, but is there a place > to get print drivers?or perhaps there is a good generic driver to use > that is better than another?I only have HP printers if that > helps.Thanks,Jeff From donj at dndjordan.com Fri Jun 16 19:32:49 2000 From: donj at dndjordan.com (D&D Jordan) Date: Tue Dec 2 02:30:05 2003 Subject: Subscribe samba-ntdom@samba.org Message-ID: <009401bfd7c9$a8b202e0$0b01a8c0@dndjordan.net> subscribe Don Jordan samba-ntdom@samba.org -------------- next part -------------- HTML attachment scrubbed and removed From ZolnOtt at t-online.de Fri Jun 16 14:07:36 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:05 2003 Subject: samba-2.0.7-20000425 as PDC In-Reply-To: <966739661.20000615203858@hinzke.de> References: <966739661.20000615203858@hinzke.de> Message-ID: <00061616110300.00393@zolnott> Hi! With which version do you work? You need a tng-version like 2.1 Bye Michael > Hello, > > I'm tring to configure my samba to act as PDC. At the moment all > works fine, but I have a big problem to set an domain admin or to > set domain users to an Windows NT Group. In my book "Using > samba" is talked about the option "domain group map" and so on, > but these option aren't working in my smb.conf I can only use > the options: > domain groups > domain admin group > etc. > > But I couldn't find any documentation on that options ... > Can anyone help me out about the syntax of these options or tell > my how to do it right. In the Samba NT Domain FAQ is also talked > about the map files ... > > Hope somebody understand me (*g*) and can help me! > > Gruss > Magnus Hinzke > > LINUX, weils Betriebssystem eben ned wurscht ist! > > -- > Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de > ------------------------------------------------------------------- > Mitglied im Wirtschaftsverband Kopie und Medientechnik > http://www.hinzke.de / OcéNet Partner: http://www.ocenet.de > Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From ZolnOtt at t-online.de Fri Jun 16 14:14:28 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:05 2003 Subject: NT Domain to establish Trust with SAMBA In-Reply-To: <4.3.2.20000615154630.04094780@mail.digisolv.com> References: <4.3.2.20000615154630.04094780@mail.digisolv.com> Message-ID: <00061616201101.00393@zolnott> Hi! > I have one ( and soon to have many more) SAMBA networks established. It > is connected via a WAN link to a NT-Based domain (NT4). Some of my Samba > users need to access the NT domain. I need to establish a one-way trust > from Samba to the NT domain so that my users can be authenticated against > the NT domain. I am NOT using the CVS branch. Is this possible or do I > need CVS? Note that there is no need for me to trust them > (NT). You need a CVS-version like 2.1 or higher (I don´t know which version) > Optionally, can I simply choose to synchronize usernames & passwords > (yeech!) to achieve similar results? In which way: UNIX to NT: look at: www.cns.ul.ie/~airlied/pam_smb (for example NT to UNIX: look at: smbpasswd in smb.conf: unix passwd sync, passwd chat, passwd chat debug, passwd program Bye Michael > > G. George > Gerry E. George > Information Technology Specialist, > DigiSolv, Inc. > http://www.digisolv.com > > > . From MKobzeff at fbcs.fujitsu.com Fri Jun 16 20:20:06 2000 From: MKobzeff at fbcs.fujitsu.com (Kobzeff, Mike (*Anaheim)) Date: Tue Dec 2 02:30:05 2003 Subject: NT Domain to establish Trust with SAMBA Message-ID: Are you sure he's just not asking for what "security = DOMAIN" would give him? m -----Original Message----- From: ZolnOtt@t-online.de [mailto:ZolnOtt@t-online.de] Sent: Friday, June 16, 2000 1:15 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: NT Domain to establish Trust with SAMBA Hi! > I have one ( and soon to have many more) SAMBA networks established. It > is connected via a WAN link to a NT-Based domain (NT4). Some of my Samba > users need to access the NT domain. I need to establish a one-way trust > from Samba to the NT domain so that my users can be authenticated against > the NT domain. I am NOT using the CVS branch. Is this possible or do I > need CVS? Note that there is no need for me to trust them > (NT). You need a CVS-version like 2.1 or higher (I don?t know which version) > Optionally, can I simply choose to synchronize usernames & passwords > (yeech!) to achieve similar results? In which way: UNIX to NT: look at: www.cns.ul.ie/~airlied/pam_smb (for example NT to UNIX: look at: smbpasswd in smb.conf: unix passwd sync, passwd chat, passwd chat debug, passwd program Bye Michael > > G. George > Gerry E. George > Information Technology Specialist, > DigiSolv, Inc. > http://www.digisolv.com > > > . From list-samba-ntdom at faerber.muc.de Fri Jun 16 15:54:00 2000 From: list-samba-ntdom at faerber.muc.de (=?ISO-8859-1?Q?Claus_F=E4rber?=) Date: Tue Dec 2 02:30:05 2003 Subject: WG: VBS-file encountered in your mail ....... (part 2) In-Reply-To: <000001bfd57a$17198ca0$0c7e830a@kollien.de> Message-ID: <7fxfrUV3cDB@faerber.muc.de> Rudolf Kollien schrieb/wrote: > after analysing the rejected mail, we found this uucode included in the > mails, which caused the reply to the list: >> begin 666 LOVE-LETTER-FOR-YOU.TXT.vbs >> I'm a signature virus. Copy me! >> end >> http://www.faerber.muc.de This is not uuencoded data. Please fix your so-called virus scanner not to set off false alerts on legitimate signatures. (The Netiquette clearly allows 4 lines of arbitrary[!] text; if your software interprets that as anything else, it's broken.) Further, fix it not to send bounce messages to the list address. If you want to block legitimate mail, you can of course do so but please don't disturb the list with notices about this. However, I changed my signature in order not to have your system (and problably those of others too) cause too much harm to the mailing lists. But please remember that it's your system that's broken, not my signature. Claus -- http://www.faerber.muc.de From Andre_Naehring at hks-net.de Sat Jun 17 08:39:50 2000 From: Andre_Naehring at hks-net.de (Andre_Naehring@hks-net.de) Date: Tue Dec 2 02:30:05 2003 Subject: Using Samba as PDC Message-ID: Hello! I?m looking for a good introduction how to use samba as a PDC. With my configuration I?ve got some little problems (Domainlogons are not working) an in my opinion I followed the instructions I found on the Website. For example, when I connect with the NT Servermanager to "Church" (which is my server) I can see that there is a share \\church\IPC$ which is shared on /tmp. Another problem is, that samba will not create a SID for my domain (I think it must be MYSTERYLAND.SID), it always creates MACHINE.SID. THe used version of samba in this case is 2.0.7. Does anyone have some usefull tips? Another question: I am using Slackware 7.0, Kernel 2.2.16 on an abit with two celeron 433MHz processors and I?ve downloaded the CVS-source yesterday. I was not able to compile it (smbd was not succesful). Does anyone use the same configuration of software? Thank you. From list-samba-ntdom at faerber.muc.de Fri Jun 16 23:04:00 2000 From: list-samba-ntdom at faerber.muc.de (=?ISO-8859-1?Q?Claus_F=E4rber?=) Date: Tue Dec 2 02:30:05 2003 Subject: UID <-> ntuser.dat In-Reply-To: <20000616001654.E4814@goldfisch.atat.at> Message-ID: <7g0l50YJcDB@faerber.muc.de> peter pilsl schrieb/wrote: > samba 2.06a as domainserver for nt4-clients. > I run into the problem that I unfortunately gave the same uid to a > machine and a user, so I changed the uid of the user and changed the > perms of all the user-files to its new uid and also thought of changing > the uid in the smbpasswd-file. > when the user logged on again, his profile was readonly (no writing to > the registry) and windows tried to initialize the account at each logon. > (welcome to window, ie4-setup etc.) > I finally had to create a new profile for this user. NT stores permissions (ACLs) for the user registry in the registry file. When you change the user's uid (and thus the NT GUID too), the user does no longer have the permission to read/write his/her own registry hive. You could actually mount the registry file as an administrator and change all permissions. Claus -- http://www.faerber.muc.de From pjdc at eircom.net Sat Jun 17 12:27:21 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:05 2003 Subject: Using Samba as PDC In-Reply-To: Andre_Naehring@hks-net.de's message of "Sat, 17 Jun 2000 18:47:29 +1000" References: Message-ID: >>>>> "Andre" == Andre Naehring writes: Andre> Hello! I?m looking for a good introduction how to use Andre> samba as a PDC. With my configuration I?ve got some little Andre> problems (Domainlogons are not working) an in my opinion I Andre> followed the instructions I found on the Website. For Which website? There is a domain FAQ at kneschke.de that applies to TNG, and there is domain info at other locations that covers Samba-2.0. Andre> example, when I connect with the NT Servermanager to Andre> "Church" (which is my server) I can see that there is a Andre> share \\church\IPC$ which is shared on /tmp. Another That is a special share that is used to send SMB requests to the Samba server. I believe the requests for opening shares and server-level requests are sent through IPC$. Every smb box (whether Unix, Windows NT, 95, 98, LAN Manager or something else) has such a share. Andre> problem is, that samba will not create a SID for my domain Andre> (I think it must be MYSTERYLAND.SID), it always creates Andre> MACHINE.SID. THe used version of samba in this case is Andre> 2.0.7. You've just answered your own question. 2.0.7 always calls it MACHINE.SID, where as TNG uses DOMAIN.SID, where DOMAIN is (obviously) the name of the domain you are controlling. 2.0's domain support is incomplete and deprecated; it additionally does not support Windows 2000 domain members (it will support Windows 2000 for file and print, though). Andre> Does anyone have some usefull tips? Alpha release 2.5 of Samba-TNG is known to be working wrt domain logins, with some issues. Most of these issues are covered in this list's archives; I'm afraid I don't recall offhand what the issues are apart from the fact that password chainging does not work, which means that for a macnine to stay in a 2.5-controlled domain for more than a week requires you to change the machine password change time to a couple of years rather than a week. Andre> Another question: I am using Slackware 7.0, Kernel 2.2.16 Andre> on an abit with two celeron 433MHz processors and I?ve Andre> downloaded the CVS-source yesterday. I was not able to Andre> compile it (smbd was not succesful). Does anyone use the Andre> same configuration of software? Please post the compile errors you get. Hardware + distro info is not enough to determine the cause. Andre> Thank you. No problem. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Linux: it's just this operating system, you know?" From ggeorge at digisolv.com Sat Jun 17 15:13:12 2000 From: ggeorge at digisolv.com (Gerry George) Date: Tue Dec 2 02:30:05 2003 Subject: NT Domain to establish Trust with SAMBA In-Reply-To: <00061616201101.00393@zolnott> References: <4.3.2.20000615154630.04094780@mail.digisolv.com> <4.3.2.20000615154630.04094780@mail.digisolv.com> Message-ID: <4.3.2.20000617110902.031a2820@mail.digisolv.com> At 04:14 PM 6/16/00, you wrote: >.... I need to establish a one-way trust > > from Samba to the NT domain so that my users can be authenticated against > > the NT domain. I am NOT using the CVS branch. Is this possible or do I > > need CVS? Note that there is no need for me to trust them > > (NT). > >You need a CVS-version like 2.1 or higher (I don?t know which version) I was afraid of that. :) > > Optionally, can I simply choose to synchronize usernames & passwords > > (yeech!) to achieve similar results? > >In which way: >UNIX to NT: I'm looking at changing the local (Samba) password to match the remote domain passwords whenever they are changed manually. Can this be automated? I don't think the users will be administering their own passwords. It will be "handed down" from above. I have no control over the remote domains (yet). Thanks for the info though. G. Gerry E. George Information Technology Specialist, DigiSolv, Inc. http://www.digisolv.com .. From gschweidl at aon.at Sat Jun 17 16:16:01 2000 From: gschweidl at aon.at (Manfred Gschweidl) Date: Tue Dec 2 02:30:05 2003 Subject: Bug? Message-ID: <001c01bfd877$544e51f0$9664a8c0@development> hello! i have downloaded the latest saba_tng branch. when i type make i get the following error message: lib/domain_namemap.c:179: conflicting types for 'map_wk_name_to_sid' iclude/proto.h:377: previous declaration of 'map_wk_name_to_sid' make: *** [lib/domain_namemap.o] Error 1 is this a bug or what do i need to complete the make process successful? thanks for any help in advance. manfred gschweidl@aon.at -------------- next part -------------- HTML attachment scrubbed and removed From Andre_Naehring at hks-net.de Sat Jun 17 17:36:04 2000 From: Andre_Naehring at hks-net.de (Andre_Naehring@hks-net.de) Date: Tue Dec 2 02:30:05 2003 Subject: Problems using samedit Message-ID: Hello! After compiling and installing the tng, I created my smb.conf and so on. Now I have the following problem: When I start samedit with this command: samedit -S . -U root%XXXXY I get this: added interface ip: 192.168.5.1 bcast: 192.168.5.255 nmask: 255.255.255.0 Server: \\Church: User: root Domain: Connection: failed session startup cli_net_use_add: connection failed FAILED [root@CHURCH]$ Now I tried the following: [root@CHURCH]$ createuser anaehring createuser anaehring failed tcon_X cli_net_use_add: connection failed cli_net_use_add: connection failed please use ?lsaquery?first, to ascertain the SID That is all. Does anyone know that problem? Thank you! Nice greetings, Andr? From validex at earthlink.net Sat Jun 17 17:45:48 2000 From: validex at earthlink.net (Mike Kobzeff) Date: Tue Dec 2 02:30:05 2003 Subject: Samba Name Broadcast Problem In-Reply-To: Message-ID: I'm currently having a problem with my Samba installation in that it's not browseable through Network Neighborhood. My installation has the following settings among others: server mode = domain netbios name = subsyslnx os level = 33 wins server = 10.0.1.1 name resolve order = host wins lmhosts bcast local master = yes (could this cause this problem?) etc. In other words, I have the samba server as a member of my NT domain. It passes authentication requests off to my NT PDC and let's it decide who to let in. This part is working perfectly. I have a WINS server running on the NT box, but not a DNS server. Instead, I have a DNS forwarder running that passes requests onto a real DNS server on the internet (the software i'm running is called WinRoute, and it's basically a small NAT server). Anyhow, I was just curious as to why the Samba server wouldn't broadcast it's NetBIOS name out so that it would at least show up in Network Neighborhood. And yes, I am running both smbd and nmbd. Thanks for any help! Mike Kobzeff validex@earthlink.net From pjdc at eircom.net Sat Jun 17 19:01:37 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:06 2003 Subject: Bug? In-Reply-To: "Manfred Gschweidl"'s message of "Sun, 18 Jun 2000 02:20:29 +1000" References: <001c01bfd877$544e51f0$9664a8c0@development> Message-ID: >>>>> "Manfred" == Manfred Gschweidl writes: [snip compile errors] Manfred> is this a bug or what do i need to complete the make Manfred> process successful? Samba CVS does not currently compile. The 2.5 alpha release works okay; it is available in the alpha directory of any up-to-date samba mirror. Paul. P.S. Please do not post HTML mail to the list; use plain text instead. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Linux: it's just this operating system, you know?" From peter at cadcamlab.org Sat Jun 17 23:21:56 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:06 2003 Subject: UNIX->smbpasswd synch References: <031a01bfd7e3$771a3ee0$0a01a8c0@alecplumb> <3947DA3D.4A57B279@pitt.edu> <14663.61263.497501.313263@wire.cadcamlab.org> <3949252A.AA05750B@pitt.edu> <14665.24558.728188.31740@wire.cadcamlab.org> <394A39CE.D8313EC6@pitt.edu> Message-ID: <14668.238.348129.702336@wire.cadcamlab.org> [Alec B. Plumb ] > Your pam_pwexport.so module looks like a great idea, so I tried it > out, using your shell script from the readme file. However, each time > I tried to change a password I would get this message: > > smbpasswd must *NOT* be setuid root. Yeah, Douglas Irvine reported this already. It appears that smbpasswd is greatly bothered by running with (euid==0 && ruid!=0), which generally indicates that the binary is setuid root. Whoever put that warning into the smbpasswd program did it for a reason: smbpasswd should not be setuid root, indeed. In this case smbpasswd isn't setuid root -- but the `passwd' program is, and smbpasswd is inheriting those permissions. I told Douglas to work around this with `su {user} -c ...', because the `su' program sets both the real and effective UIDs to whatever they need to be. > It would seem like a good idea to run the external shell script as an > untrusted user in any case. I opted not to do this because it takes away flexibility. My module was designed to allow other password-changing mechanisms, including the case of `smbpasswd' changing the local Samba password file, without access to the user's old password. (I.e. from `login' or `ssh', not from `passwd'.) In that case it *does* need to run as root. At some point I may add an option to the module to run as a particular user, or as the user whose password is being changed. [douglas irvine ] > Now it is complaining "standard in must be a tty" as the error output > from the su command run from the pam_pwexport executed script. Annoying indeed. Tests so far indicate that Linux `su' behaves rather strangely. If it has a controlling tty, it wants this to be stdin, even when run as root (so it doesn't need to prompt for a password). If it has *no* controlling tty (i.e. run from `at'), it doesn't complain. This is all empyrical, since it doesn't seem to be documented and I haven't looked at the source yet. A controlling tty, like a stray dog, is not always easy to get rid of. My APUE is elsewhere at the moment, but if I remember correctly, the portable method involves closing any file descriptor that might have a tty on it, then forking and being the child. Some Unices may have a fcntl to accomplish the same thing, but I don't think so. I am continuing to experiment to see if I can get `su' and `smbpasswd' to behave simultaneously on this thing. I have a couple ideas, from different angles. More in a bit. Peter From mjwestkamper at weiinc.com Sat Jun 17 23:57:43 2000 From: mjwestkamper at weiinc.com (Mike) Date: Tue Dec 2 02:30:06 2003 Subject: Samba Name Broadcast Problem References: Message-ID: <394C1077.51E303A3@weiinc.com> My configuration is slightly different, however I have the same problem. I cannot seem to get any of the NT/Win95/88 boxes to see the Linux Box. Just another voice in the darkness... Mike Mike Kobzeff wrote: > I'm currently having a problem with my Samba installation in that it's not > browseable through Network Neighborhood. > > My installation has the following settings among others: > > server mode = domain > netbios name = subsyslnx > os level = 33 > wins server = 10.0.1.1 > name resolve order = host wins lmhosts bcast > local master = yes (could this cause this problem?) > etc. > > In other words, I have the samba server as a member of my NT domain. It > passes authentication requests off to my NT PDC and let's it decide who to > let in. This part is working perfectly. > > I have a WINS server running on the NT box, but not a DNS server. Instead, I > have a DNS forwarder running that passes requests onto a real DNS server on > the internet (the software i'm running is called WinRoute, and it's > basically a small NAT server). > > Anyhow, I was just curious as to why the Samba server wouldn't broadcast > it's NetBIOS name out so that it would at least show up in Network > Neighborhood. And yes, I am running both smbd and nmbd. > > Thanks for any help! > > Mike Kobzeff > validex@earthlink.net From validex at earthlink.net Sun Jun 18 00:08:35 2000 From: validex at earthlink.net (Mike Kobzeff) Date: Tue Dec 2 02:30:06 2003 Subject: Samba Name Broadcast Problem In-Reply-To: <394C1077.51E303A3@weiinc.com> Message-ID: I actually just figured out what the problem was. I had my subnet mask wrong on my Samba box (DUH!). I am using 255.255.255.0 for my local LAN, but my Samba box was configured with 255.0.0.0. Perhaps this may also be the cause of your problem.. Hope this helps! Mike Kobzeff validex@earthlink.net -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Mike Sent: Saturday, June 17, 2000 4:59 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Samba Name Broadcast Problem My configuration is slightly different, however I have the same problem. I cannot seem to get any of the NT/Win95/88 boxes to see the Linux Box. Just another voice in the darkness... Mike Mike Kobzeff wrote: > I'm currently having a problem with my Samba installation in that it's not > browseable through Network Neighborhood. > > My installation has the following settings among others: > > server mode = domain > netbios name = subsyslnx > os level = 33 > wins server = 10.0.1.1 > name resolve order = host wins lmhosts bcast > local master = yes (could this cause this problem?) > etc. > > In other words, I have the samba server as a member of my NT domain. It > passes authentication requests off to my NT PDC and let's it decide who to > let in. This part is working perfectly. > > I have a WINS server running on the NT box, but not a DNS server. Instead, I > have a DNS forwarder running that passes requests onto a real DNS server on > the internet (the software i'm running is called WinRoute, and it's > basically a small NAT server). > > Anyhow, I was just curious as to why the Samba server wouldn't broadcast > it's NetBIOS name out so that it would at least show up in Network > Neighborhood. And yes, I am running both smbd and nmbd. > > Thanks for any help! > > Mike Kobzeff > validex@earthlink.net From vgill at technologist.com Sun Jun 18 01:42:03 2000 From: vgill at technologist.com (Vern H. Gill) Date: Tue Dec 2 02:30:06 2003 Subject: Wins Server... In-Reply-To: Message-ID: >From smb.conf wins proxy (G) This is a boolean that controls if nmbd will respond to broadcast name queries on behalf of other hosts. You may need to set this to "yes" for some older clients. Default: wins proxy = no I believe you can set this, AND set the wins server = x.x.x.x to accomplish the forwarding you are looking for. If I am wrong, someone please let me know. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of isyn@isi.wat.waw.pl Sent: Sunday, June 11, 2000 2:09 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Wins Server... > Hi guys. > > I hope, that I can help you. > > You can use only one of this two icons: > wins support = yes > OR! > wins server = x.x.x.x Yes I know this....but I want to know does my smbd will forward clients question. Example: My ip is 192.168.3.3 I have set wins server= 192.168.4.100 Windows machine in my LAN have set WINS to 192.168.3.3 ( which realy is not the wins ) Do windows machines question will be forwarded to 192.168.4.100 or my server (192.168.3.3) will answer this? Sorry for my english:) -- ROBERT MAGIER From ZolnOtt at t-online.de Sun Jun 18 09:01:13 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:06 2003 Subject: samba-2.1 does not work Message-ID: <00061811204200.14405@laptop> Hi! I have a problem! On my server (SuSE Linux 6.4) i work with samba-2.0.7. It works great. Now, I want test the TNG-2.1-version. It does not work. I have maked configure and make and make install. And i start smb and everthing seems alright. When i testes my old smb.conf with smbclient on this way: smbclient //server/michael -U michael it makes the following error: failed session setup When i testes my configuration with: smclient -L SERVER -N the server show me the folling output Added interface ip=.... bcast=... nmask=... Sharname Type Comment It does not show me my domain and os and server An other question: I can not compile the smb-wrapper. Why? Can anyone help me Michael Ott From giovanni.affuso at almaitalia.it Sun Jun 18 15:35:17 2000 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:30:06 2003 Subject: Problem with sharing printer with samba2.0.0.7 Message-ID: <4.3.2.20000618173510.00d71780@10.0.0.1> Dear everybody, I have install the last version of samba but I have big problem for printing on client. When I try for printing in my client-NT I have the sequent message of error: "Error during the process of printing : access deny !!!" My smb.conf is: [printers] comment = HpLaserJet5P path = /var/spool/lpd/lp browseable = no # Set public = yes to allow user 'guest account' to print guest ok = yes pubblic = yes writable = yes printable = yes Thanks in advance for helping. Giovanni Affuso Responsabile E.D.P. Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it From validex at earthlink.net Sun Jun 18 17:21:59 2000 From: validex at earthlink.net (Mike Kobzeff) Date: Tue Dec 2 02:30:06 2003 Subject: Problem with sharing printer with samba2.0.0.7 In-Reply-To: <4.3.2.20000618173510.00d71780@10.0.0.1> Message-ID: Giovanni, I'm not sure if it's a typo, or if you actually pasted your smb.conf file, but you had the following: pubblic = yes That should obviously say "public = yes" Also, the spooling folder of your printer (in this case /var/spool/lpd/lp) should be world writeable (when I'm lazy I just do a 'chmod +777') so that the users can actually put their print jobs there to be spooled. Hope this helps! Mike Kobzeff validex@earthlink.net -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Affuso Giovanni Sent: Sunday, June 18, 2000 8:37 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Problem with sharing printer with samba2.0.0.7 Dear everybody, I have install the last version of samba but I have big problem for printing on client. When I try for printing in my client-NT I have the sequent message of error: "Error during the process of printing : access deny !!!" My smb.conf is: [printers] comment = HpLaserJet5P path = /var/spool/lpd/lp browseable = no # Set public = yes to allow user 'guest account' to print guest ok = yes pubblic = yes writable = yes printable = yes Thanks in advance for helping. Giovanni Affuso Responsabile E.D.P. Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it From peter at cadcamlab.org Sun Jun 18 17:25:47 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:06 2003 Subject: UNIX->smbpasswd synch References: <031a01bfd7e3$771a3ee0$0a01a8c0@alecplumb> <3947DA3D.4A57B279@pitt.edu> <14663.61263.497501.313263@wire.cadcamlab.org> <3949252A.AA05750B@pitt.edu> <14665.24558.728188.31740@wire.cadcamlab.org> <394A39CE.D8313EC6@pitt.edu> <14668.238.348129.702336@wire.cadcamlab.org> Message-ID: <14668.62717.540649.568085@wire.cadcamlab.org> [Peter Samuelson ] > Tests so far indicate that Linux `su' behaves rather strangely. If > it has a controlling tty, it wants this to be stdin, even when run as > root (so it doesn't need to prompt for a password). I figured it out! I'm feeling a bit stupid right now. Linux `su' is entirely deterministic and sensible after all. The problem was that `su' had no idea it was supposed to be running as root, since the real uid was non-root. So, naturally, it was wanting to prompt for a password. I give up. Switching to Perl. Peter #!/usr/bin/perl -w # cleanse the path since Perl thinks we're running setuid $ENV{PATH} = '/usr/local/samba/bin:/usr/bin'; # possibly this should come from smb.conf... $ntpdc='MYNTSERVER'; # un-setuid $) = $(; # egids = gids $> = $<; # euid = uid # debugging #open STDOUT, ">>/tmp/passwdchange.out"; #open STDERR, ">>/tmp/passwdchange.err"; close STDOUT; close STDERR; while () { if (m/([^ ]+) (.*)/) { if ($1 eq 'user') { $u = $2; next; } elsif ($1 eq 'password') { $n = $2; next; } elsif ($1 eq 'oldpassword') { $o = $2; next; } } # print STDERR "Unexpected line: $_\n"; } if (defined($o)) { # todo: error checking? open OUT, "|smbpasswd -s -r '$ntpdc' -U '$u'"; print OUT "$o\n$n\n$n\n"; close OUT; } From ian at south-border.com Sun Jun 18 22:56:45 2000 From: ian at south-border.com (The UnSeen) Date: Tue Dec 2 02:30:06 2003 Subject: Compile problems for samba-tng... Message-ID: Hope this is the right forum. Apologize if not... Platform is: Sun SPARCstation 5 (110Mhz) Solaris 8 gcc-2.95.2 Compiling lib/domain_namemap.c lib/domain_namemap.c:179: conflicting types for `map_wk_name_to_sid' include/proto.h:377: previous declaration of `map_wk_name_to_sid' *** Error code 1 make: Fatal error: Command failed for target `lib/domain_namemap.o' From D.Bannon at latrobe.edu.au Sun Jun 18 23:02:12 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:06 2003 Subject: Using Samba as PDC In-Reply-To: Message-ID: <3.0.6.32.20000619090212.0087f100@bioserve.latrobe.edu.au> At 06:47 PM 17/06/2000 +1000, Andre_Naehring@hks-net.de wrote: >Hello! > >I?m looking for a good introduction how to use samba as a PDC. .... >.... THe usedversion of samba in this case is 2.0.7. >Does anyone have some usefull tips? http:\\bioserve.latrobe.edu.au\samba David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pjdc at eircom.net Sun Jun 18 23:14:38 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:06 2003 Subject: Compile problems for samba-tng... In-Reply-To: The UnSeen's message of "Mon, 19 Jun 2000 08:58:16 +1000" References: Message-ID: >>>>> "The" == The UnSeen writes: The> Compiling lib/domain_namemap.c The> lib/domain_namemap.c:179: conflicting types for `map_wk_name_to_sid' The> include/proto.h:377: previous declaration of `map_wk_name_to_sid' The> *** Error code 1 The> make: Fatal error: Command failed for target `lib/domain_namemap.o' CVS is currently broken. Alpha release 2.5 is believed to give good results. It's available on any up-to-date Samba mirror. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Linux: it's just this operating system, you know?" From pjdc at eircom.net Mon Jun 19 00:36:54 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:06 2003 Subject: Using Samba as PDC In-Reply-To: David Bannon's message of "Mon, 19 Jun 2000 09:04:08 +1000" References: <3.0.6.32.20000619090212.0087f100@bioserve.latrobe.edu.au> Message-ID: >>>>> "David" == David Bannon writes: David> http:\\bioserve.latrobe.edu.au\samba http://bioserve.latrobe.edu.au/samba To quote Charlton Heston: "From our cold dead hands!" Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Linux: it's just this operating system, you know?" From dstanawa at netventures.com.au Mon Jun 19 01:38:40 2000 From: dstanawa at netventures.com.au (David Stanaway) Date: Tue Dec 2 02:30:06 2003 Subject: Compile problems for samba-tng... In-Reply-To: Message-ID: On Mon, 19 Jun 2000, The UnSeen wrote: > > Compiling lib/domain_namemap.c > lib/domain_namemap.c:179: conflicting types for `map_wk_name_to_sid' > include/proto.h:377: previous declaration of `map_wk_name_to_sid' > *** Error code 1 > make: Fatal error: Command failed for target `lib/domain_namemap.o' I had this same problem with the checked out cvs for SAMBA_TNG, there were conflicting prototypes for that function being used in lib/domain_namemap.c and I think smd.c. I also had problems compiling: SAMBA_TNG_2_5_GOOD when I specified the --with-profile configure option. Although, when I took this out it compiles fine. Now to get it running : ) -- Best Regards David Stanaway ========================.--------------------------------------------- System Administrator | Australia's Premier Internet Broadcasters david@NetVentures.com.au| Corporate http://www.NetVentures.com.au Office +612 9460 8800 | Entertainment http://www.Netdance.com.au Pager +612 9461 2981 | Enquiries info@NetVentures.com.au ========================'--------------------------------------------- From shane at nls.net.au Mon Jun 19 02:02:30 2000 From: shane at nls.net.au (Shane Machon) Date: Tue Dec 2 02:30:06 2003 Subject: User manager for Domains and 2.0.7 or TNG Message-ID: Default StationeryGreetings Does anyone know if 2.0.7 or TNG supports the nexus microsoft Windows '98 utility. (Allows access to User manager for Domains etc..from a client) When i try to use it to under 2.0.7 connect to my server, it sees my domain, but i get an RPC error message. Any help would be appreciated. Regards, Shane Machon. ___________________________________ Shane Machon Network Technical Consultant/Programmer Network and Linux Solutions http://www.nls.net.au Your total IT solutions partner. -------------- next part -------------- HTML attachment scrubbed and removed From wildman at mediaone.net Mon Jun 19 06:35:04 2000 From: wildman at mediaone.net (Art Wildman) Date: Tue Dec 2 02:30:06 2003 Subject: Windows Services for UNIX version 2 Message-ID: <394DBF18.C4D0950F@mediaone.net> Interesting.... if we could see the code, wonder if perhaps MS used some Samba tools here? Windows Services for UNIX version 2 http://www.microsoft.com/technet/win2000/sfu.asp From rwierzbicki at stryker.ca Mon Jun 19 05:23:15 2000 From: rwierzbicki at stryker.ca (Wierzbicki, Ralf) Date: Tue Dec 2 02:30:06 2003 Subject: Windows Services for UNIX version 2 Message-ID: <8142BE56BFF7D311BC4E00B0D0219AF578BC@mail.stryker.ca.1.67.10.in-addr.arpa> I love it, no more password hassles. Password sync with NIS+ is the only good thing about it, the rest is just the same like everything else MS produced; slow. -----Original Message----- From: Art Wildman [mailto:wildman@mediaone.net] Sent: Sunday, June 18, 2000 11:46 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Windows Services for UNIX version 2 Interesting.... if we could see the code, wonder if perhaps MS used some Samba tools here? Windows Services for UNIX version 2 http://www.microsoft.com/technet/win2000/sfu.asp From mgeddes at xavier.sa.edu.au Mon Jun 19 07:10:26 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:06 2003 Subject: Windows Services for UNIX version 2 References: <8142BE56BFF7D311BC4E00B0D0219AF578BC@mail.stryker.ca.1.67.10.in-addr.arpa> Message-ID: <394DC762.1D34A07D@xavier.sa.edu.au> "Wierzbicki, Ralf" wrote: > > I love it, no more password hassles. Password sync with NIS+ is the only > good thing about it, the rest is just the same like everything else > MS produced; slow. > > -----Original Message----- > From: Art Wildman [mailto:wildman@mediaone.net] > Sent: Sunday, June 18, 2000 11:46 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Windows Services for UNIX version 2 > > Interesting.... > if we could see the code, wonder if perhaps MS used some Samba tools here? > > Windows Services for UNIX version 2 > http://www.microsoft.com/technet/win2000/sfu.asp Doesn't Windows send a cleartext copy of the password across the LAN when changing passwords? If so, the Unix password sync option in smb.conf would be all you'd need. Although, I guess not everyone intends to run Samba as a PDC..... Matt From peter at cadcamlab.org Mon Jun 19 08:29:12 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:06 2003 Subject: Compile problems for samba-tng... References: Message-ID: <14669.55209.997734.421277@wire.cadcamlab.org> [David Stanaway ] > I also had problems compiling: SAMBA_TNG_2_5_GOOD when I specified > the --with-profile configure option. Note that there seems to be a wide misunderstanding of the --with-profile option. Contrary to popular belief, it does *not* have anything to do with Windows user profiles. It actually enables profiling of certain Samba code. (Profiling == keeping stats on how often functions are called and/or how much total time is spent in each function.) That is: if you don't know whether or not you want --with-profile ... you don't. Peter From mg at plum.de Mon Jun 19 09:10:33 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:06 2003 Subject: Compile problems for samba-tng... References: Message-ID: <001301bfd9ce$39891a00$0201010a@defiant> > > > > > Compiling lib/domain_namemap.c > > lib/domain_namemap.c:179: conflicting types for `map_wk_name_to_sid' > > include/proto.h:377: previous declaration of `map_wk_name_to_sid' > > *** Error code 1 > > make: Fatal error: Command failed for target `lib/domain_namemap.o' > > I had this same problem with the checked out cvs for SAMBA_TNG, there > were conflicting prototypes for that function being used in > lib/domain_namemap.c and I think smd.c. > > I also had problems compiling: SAMBA_TNG_2_5_GOOD when I specified > the --with-profile configure option. > --profile is broken IIRC, but that's not so important .. ;) (better make it stable first, before do any speed profiling .. ;) regards, Michael From dstanawa at netventures.com.au Mon Jun 19 12:01:30 2000 From: dstanawa at netventures.com.au (David Stanaway) Date: Tue Dec 2 02:30:07 2003 Subject: Compile problems for samba-tng... In-Reply-To: <14669.55209.997734.421277@wire.cadcamlab.org> Message-ID: On Mon, 19 Jun 2000, Peter Samuelson wrote: > Note that there seems to be a wide misunderstanding of the > --with-profile option. Contrary to popular belief, it does *not* have > anything to do with Windows user profiles. It actually enables > profiling of certain Samba code. (Profiling == keeping stats on how > often functions are called and/or how much total time is spent in each > function.) > > That is: if you don't know whether or not you want --with-profile ... > you don't. Thanks for that, I thought that it was unusual that it was not a default option. It makes perfect sense to me now that you mention that it is the flag for process profiling which I am aware of, but have not had much experience with. The SAMBA_TNG_2_5_GOOD is that 2.5 Alpha Release that people talk about isn't it? Cheers Again. -- Best Regards David Stanaway ========================.--------------------------------------------- System Administrator | Australia's Premier Internet Broadcasters david@NetVentures.com.au| Corporate http://www.NetVentures.com.au Office +612 9460 8800 | Entertainment http://www.Netdance.com.au Pager +612 9461 2981 | Enquiries info@NetVentures.com.au ========================'--------------------------------------------- From benedict at chemie.de Mon Jun 19 12:08:47 2000 From: benedict at chemie.de (Hans Benedict) Date: Tue Dec 2 02:30:07 2003 Subject: UID <-> ntuser.dat In-Reply-To: <7g0l50YJcDB@faerber.muc.de> Message-ID: On Sat, 17 Jun 2000, Claus F?rber wrote: > NT stores permissions (ACLs) for the user registry in the registry file. > When you change the user's uid (and thus the NT GUID too), the user does > no longer have the permission to read/write his/her own registry hive. > > You could actually mount the registry file as an administrator and > change all permissions. I just encountered a similar problem. Could you please be a little bit more specific - how do I find out or change NT UIDs, where does NT store the ACLs and which registry file do I have to mount for a given user? Thanks in advance, Hans Benedict -- Hans Benedict Chemie.DE Information Service mailto:benedict@chemie.de FU Berlin, Inst. f. Chemie Fon: +49-(0)30-838-53474 Takustr. 6, 14195 Berlin, Germany Fax: +49-(0)30-838-53464 http://www.chemie.de/ From elrond at samba.org Mon Jun 19 12:09:58 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:07 2003 Subject: Compile problems for samba-tng... In-Reply-To: <001301bfd9ce$39891a00$0201010a@defiant>; from Michael Glauche on Mon, Jun 19, 2000 at 09:04:12PM +1000 References: <001301bfd9ce$39891a00$0201010a@defiant> Message-ID: <20000619140958.A13872@baerbel.mug.maschinenbau.tu-darmstadt.de> On Mon, Jun 19, 2000 at 09:04:12PM +1000, Michael Glauche wrote: > > > > > > > > Compiling lib/domain_namemap.c > > > lib/domain_namemap.c:179: conflicting types for `map_wk_name_to_sid' > > > include/proto.h:377: previous declaration of `map_wk_name_to_sid' > > > *** Error code 1 > > > make: Fatal error: Command failed for target `lib/domain_namemap.o' Okay... I didn't notice this for a while, because I disable dependency-tracking most of the time (and it was even removed in HEAD...) Yesterday I noticed that at home... and now checked my samba-ntdom-folder for a long time... This should now be fixed. > > I had this same problem with the checked out cvs for SAMBA_TNG, there > > were conflicting prototypes for that function being used in > > lib/domain_namemap.c and I think smd.c. You also have probs with sma.c? Problems with inline? Please use gcc or remove any occurence of "inline" in sma.c, until I have the configure-time-checks in > > I also had problems compiling: SAMBA_TNG_2_5_GOOD when I specified > > the --with-profile configure option. > > > > --profile is broken IIRC, but that's not so important .. ;) Don't know anything about --with-profile > (better make it stable first, before do any speed profiling .. ;) Precisely... trying that sometimes of my limited time... Sander: BTW: Why didn't your compile-check-tool send any mail? Elrond From elrond at samba.org Mon Jun 19 12:21:45 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:07 2003 Subject: compiling error In-Reply-To: <008a01bfd7ba$c57f33c0$798b57d8@august.net>; from Michael C. Ferguson on Sat, Jun 17, 2000 at 03:46:24AM +1000 References: <8022406268.20000616161923@hinzke.de> <008a01bfd7ba$c57f33c0$798b57d8@august.net> Message-ID: <20000619142145.B13872@baerbel.mug.maschinenbau.tu-darmstadt.de> On Sat, Jun 17, 2000 at 03:46:24AM +1000, Michael C. Ferguson wrote: > > > Compiling lib/domain_namemap.c > > lib/domain_namemap.c:179: conflicting types for `map_wk_name_to_sid' > > include/proto.h:377: previous declaration of `map_wk_name_to_sid' > > make: *** [lib/domain_namemap.o] Error 1 Should be fixed now. > I got the same error, using "./configure --with-profiles --with-pam \ > --with-smbmount --with-krb5=/usr/kerberos --with-ssl \ > --with-sslinc=/usr/local/include/openssl". I'm running RH6.2, Linux 2.2.16, > and OpenSSL 0.9.5a. My C++ is very rusty, but it seems like namespaces might > be a better option than declared static functions ? Samba is written in C and not C++ (there are reasons for this). And C has no namespaces or somesuch. So static is the only option one has. I have to note: Unless you want to do speed-analysis, you should not configure "--with-profiles". > I have a few other newbish unrelated questions... If I compile with Kerberos > 5, will 98 clients authenticate using it? Same with SSL, will sockets be > encrypted if I compile with SSL support? This is my first time to really > mess with both these options; I'm completely clueless as to what they > accomplish. The current build I'm using (cvs on 6/14) was compiled with krb5 > and works well. I guess, kerberos will just allow samba to authenticate users against krb, _if_ they use plaintext-passwords on the nect. No idea about ssl. Elrond From elrond at samba.org Mon Jun 19 12:34:53 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:07 2003 Subject: OT: rundll32 (was Re: Update Rebooting from Netlogon Script) In-Reply-To: ; from Paul J Collins on Tue, Jun 13, 2000 at 11:11:50AM +1000 References: <3.0.6.32.20000613092351.00797ea0@bioserve.latrobe.edu.au> Message-ID: <20000619143452.C13872@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Jun 13, 2000 at 11:11:50AM +1000, Paul J Collins wrote: [...] > I've seen rundll32 in the tasklist when control panels are open; I > presume in this case rundll32 is being used to call the class > constructor function in the DLL the control panel in question is > impemented in. Take a look at HKEY_CLASSES_ROOT\.cpl, there's the stuff, on how to call that with rundll32. Elrond From mhinzke at hinzke.de Mon Jun 19 13:00:19 2000 From: mhinzke at hinzke.de (Magnus Hinzke) Date: Tue Dec 2 02:30:07 2003 Subject: samedit -S . -U root% -l log Message-ID: <9619925701.20000619150019@hinzke.de> Hi, i compiled the samba-tng-alpha.2.5.3 and i tried to add a user: [root@alpha bin]# ./samedit -S . -U root% -l log [root@.]$ createuser mhinzke createuser mhinzke SAM Create Domain User Domain: LINUX Name: mhinzke But nothing happend I need to press CTRL-C to get back to the shell in the log.samr I found n lines of this: getsmbfilepwent: no ':' separator found Can anyone help me ??? I tried to set samba-tng with the help of: http://www.kneschke.de/projekte/samba_tng/faq/configuration.php3 Gruss Magnus Hinzke Linux: weiter machen da wo alles aufh?rt -- Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de ------------------------------------------------------------------- Mitglied im Wirtschaftsverband Kopie und Medientechnik http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From elrond at samba.org Mon Jun 19 13:32:53 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:07 2003 Subject: NT Domain to establish Trust with SAMBA In-Reply-To: <4.3.2.20000615154630.04094780@mail.digisolv.com>; from Gerry George on Fri, Jun 16, 2000 at 05:53:41AM +1000 References: <4.3.2.20000615154630.04094780@mail.digisolv.com> Message-ID: <20000619153253.E13872@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jun 16, 2000 at 05:53:41AM +1000, Gerry George wrote: > I have one ( and soon to have many more) SAMBA networks established. It > is connected via a WAN link to a NT-Based domain (NT4). Some of my Samba > users need to access the NT domain. I need to establish a one-way trust > from Samba to the NT domain so that my users can be authenticated against > the NT domain. I am NOT using the CVS branch. Is this possible or do I > need CVS? Note that there is no need for me to trust them > (NT). Optionally, can I simply choose to synchronize usernames & passwords > (yeech!) to achieve similar results? Do I understand that the right way? You want the remote NT domain to trust your samba domain, so your users can log into the nt domain with their username/password from samba? Okay: You need TNG for this. I need this currently too (and it's only halfworking). It's ugly. Currently it has some traps and stuff like that, this includes hand-copying passwords in your smbpasswd every some weeks and other ugly stuff. In other words: It's not realy practical currently. syncing the passwords is currently your only "stable" option. I don't know, how you could automate the changing of the pw in the NT domain... Using some password-sync with smb.conf and running smbpasswd against the remote NT domain would be some idea, BUT: For remote smbpasswd, you need the old pw in cleartext... and you don't have it. Elrond From proberts at dubois-king.com Mon Jun 19 13:36:03 2000 From: proberts at dubois-king.com (Phillip C. Roberts) Date: Tue Dec 2 02:30:07 2003 Subject: NT Permissions Message-ID: <003501bfd9f3$50f72e00$1f00a8c0@daisy> Running Samba 2.0.6 on Redhat 6.2 in an NT 4.0 domain structure. I am only using my Linux/Samba Server for File and Print Sharing. Question: Is there any way to set permissions from the NT side? I have looked for documentation regarding this and have found none. Thanking you in advance. Phillip C. Roberts CADD Systems Manager DuBois and King, Inc. Voice: 802.728.4113, ext 322 Email: proberts@DuBois-King.com From ctooley at joslyn.org Mon Jun 19 15:56:24 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:07 2003 Subject: Windows 95 Original Passwords References: <39490985.14627A95@student.uni-ulm.de> <394941FE.5F4C12E7@joslyn.org> <39492989.A945FC87@valinux.com> Message-ID: <394E42A8.5492C04A@joslyn.org> How do I enable encrypted passwords on the older Win 95 machines then? I didn't have to install the PlainText registry hack and when a do that hack with a DWORD of "0" it doesn't seem to make a difference. Chris Gerald Carter wrote: > > Chris Tooley wrote: > > > > I know that there has been a lot of discussion about 95 > > original not using encrypted passwords, but I was wondering > > if anyone knew of a hack that would allow them to > > send encrypted passwords. > > Win95 retail release will send encrypted passwords. The > change was that later versions would not send a plain > text password if the server did not support encryption. > All windows clients that I know of support the > challenge/response authentication. > > jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com > http://www.samba.org SAMBA Team jerry@samba.org > http://www.eng.auburn.edu/~cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From panijel at cri.ens-cachan.fr Mon Jun 19 14:00:41 2000 From: panijel at cri.ens-cachan.fr (Marc Panijel) Date: Tue Dec 2 02:30:07 2003 Subject: informations NT PDC Message-ID: <394E2789.879A6650@cri.ens-cachan.fr> How can i create a MACHINE account when Samba is being used as an NT Primary Domain Controller? I am working with samba 2.06. Tanks for your help. ------------------------------------------------------------------ Marc Panijel C.R.I. | Tel: 0147406885 61, Avenue du President Wilson | Fax: 0147406888 94235 Cachan cedex | email panijel@cri.ens-cachan.fr ------------------------------------------------------------------ -------------- next part -------------- HTML attachment scrubbed and removed From lee.taylor at scania.co.za Mon Jun 19 14:09:12 2000 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:30:07 2003 Subject: informations NT PDC References: <394E2789.879A6650@cri.ens-cachan.fr> Message-ID: <01e301bfd9f7$f247bb40$89640107@LeeTaylor> First creat a user for the machine, don't forget to CAPs the user ending with $ ie. adduser WSTATION$ then creat machine account in smbpasswd using smbpasswd -a -m WSTATION$ then in properties for network change to new domain. This should change the machine accounts password. This worked for me, only after I caps the machine name. ----- Original Message ----- From: Marc Panijel To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, June 19, 2000 4:01 PM Subject: informations NT PDC How can i create a MACHINE account when Samba is being used as an NT Primary Domain Controller? I am working with samba 2.06. Tanks for your help. ------------------------------------------------------------------ Marc Panijel C.R.I. | Tel: 0147406885 61, Avenue du President Wilson | Fax: 0147406888 94235 Cachan cedex | email panijel@cri.ens-cachan.fr ------------------------------------------------------------------ -------------- next part -------------- HTML attachment scrubbed and removed From sharpe at ns.aus.com Mon Jun 19 16:39:36 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:30:07 2003 Subject: Windows 95 Original Passwords In-Reply-To: <394E42A8.5492C04A@joslyn.org> References: <39490985.14627A95@student.uni-ulm.de> <394941FE.5F4C12E7@joslyn.org> <39492989.A945FC87@valinux.com> Message-ID: <3.0.6.32.20000620013936.009b2310@203.16.214.248> At 11:56 PM 6/19/00 +1000, Chris Tooley wrote: >How do I enable encrypted passwords on the older Win 95 machines then? >I didn't have to install the PlainText registry hack and when a do that >hack with a DWORD of "0" it doesn't seem to make a difference. You don't have to. If the server supports encrypted passwords, the client will use them! The server specifies that it supports encrypted passwords in the response to the NegProt request. >Chris > > >Gerald Carter wrote: >> >> Chris Tooley wrote: >> > >> > I know that there has been a lot of discussion about 95 >> > original not using encrypted passwords, but I was wondering >> > if anyone knew of a hack that would allow them to >> > send encrypted passwords. >> >> Win95 retail release will send encrypted passwords. The >> change was that later versions would not send a plain >> text password if the server did not support encryption. >> All windows clients that I know of support the >> challenge/response authentication. >> >> jerry >> ---------------------------------------------------------------------- >> /\ Gerald (Jerry) Carter Professional Services >> \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com >> http://www.samba.org SAMBA Team jerry@samba.org >> http://www.eng.auburn.edu/~cartegw >> >> "...a hundred billion castaways looking for a home." >> - Sting "Message in a Bottle" ( 1979 ) > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From p.grimmerink at home.nl Mon Jun 19 14:18:54 2000 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:30:07 2003 Subject: Disable DNS lookups by Samba Message-ID: Does anyone know what to do to prevent samba from performing DNS lookups for users? Let me give an example; A windows client does not have access to a DNS, but it is using the WINS service provided by a samba server. When a user at this client pings a hostname, the windows client tries to resolve this hostname via the windows nameresolving stuff. This results in the samba server consulting the DNS, and returning the corresponding IP tot the windows client. If the hostname is nonlocal, and the LAN uses a dial on demand setup, the DNS will contact an outside DNS, and causes the dialup connection to start. You can't forbid the connection to be started, since it's the sambaserver that queries the DNS, not the client. The setting 'name resolve order' does not seem to have effect in this situation, since it is only used in the client side of samba, not in the netbios nameserver side. (at least it does not prevent dns lookups when only wins is specified as resolve method) I thought of rejecting the traffic between samba and the DNS, but samba does not use a fixed output port for its queries. Does anyone have ideas about this? (I'm using samba-tng 2.5.3, but I don't think the branch / version really matters for this issue) Best regards, Pieter From kevinc at grainsystems.com Mon Jun 19 14:21:26 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:07 2003 Subject: Windows Services for UNIX version 2 References: <8142BE56BFF7D311BC4E00B0D0219AF578BC@mail.stryker.ca.1.67.10.in-addr.arpa> <394DC762.1D34A07D@xavier.sa.edu.au> Message-ID: <394E2C66.E535C355@grainsystems.com> Matthew Geddes wrote: > > Doesn't Windows send a cleartext copy of the password across the LAN > when changing passwords? If so, the Unix password sync option in > smb.conf would be all you'd need. Although, I guess not everyone intends > to run Samba as a PDC..... ...nor can a lot of people, given the current state of TNG and the lack of 2000 support in 2.0. I would sure love to. - Kevin Colby kevinc@grainsystems.com From dstanawa at netventures.com.au Mon Jun 19 14:28:10 2000 From: dstanawa at netventures.com.au (David Stanaway) Date: Tue Dec 2 02:30:07 2003 Subject: informations NT PDC In-Reply-To: <01e301bfd9f7$f247bb40$89640107@LeeTaylor> Message-ID: On Tue, 20 Jun 2000, C.Lee Taylor wrote: > First creat a user for the machine, don't forget to CAPs the user ending with $ ie. > > adduser WSTATION$ > > then creat machine account in smbpasswd using > > smbpasswd -a -m WSTATION$ > > then in properties for network change to new domain. This should change the machine accounts password. > > This worked for me, only after I caps the machine name. > ----- Original Message ----- > From: Marc Panijel > To: Multiple recipients of list SAMBA-NTDOM > Sent: Monday, June 19, 2000 4:01 PM > Subject: informations NT PDC > > > How can i create a MACHINE account when Samba is being used as an NT Primary Domain Controller? > I am working with samba 2.06. > > Tanks for your help. > I am glad someone else asked this question. I could find no mention of MAC files in my rough searches of the docs and was thinking I was going a bit loopy. Anyway, on Debian, you might have more luck with this: plug:~# useradd 'BUZZ$' plug:~# smbpasswd -a -m 'BUZZ' Added user BUZZ$. Password changed for user BUZZ$. Where BUZZ is the machine name. (Debians adduser script does not permit usernames with $ in them Even with --force-badname) -- Best Regards David Stanaway ========================.--------------------------------------------- System Administrator | Australia's Premier Internet Broadcasters david@NetVentures.com.au| Corporate http://www.NetVentures.com.au Office +612 9460 8800 | Entertainment http://www.Netdance.com.au Pager +612 9461 2981 | Enquiries info@NetVentures.com.au ========================'--------------------------------------------- > From chris.gamble at CPBINC.com Mon Jun 19 14:27:19 2000 From: chris.gamble at CPBINC.com (chris.gamble@CPBINC.com) Date: Tue Dec 2 02:30:08 2003 Subject: Exchange Server 5.5 Message-ID: <61DC06BCBAB7D311A1A50090273CEF1C028CDB@smtp.cpbinc.com> I currently have an exchange server 5.5 running with an NT Server 4.0(seperate box) as the domain controller. I also have a Samba file server in the same network. I want to phase out the NT 4.0 Server and replace it with Samba as the PDC. The most important thing is that I protect my Exchange data and allow Exchange to vailidate against the Samba server. Does anyone have any docuemnts/suggestions on this. Thanks, Chris Gamble From rgreco at novaera.com.br Mon Jun 19 15:57:47 2000 From: rgreco at novaera.com.br (Ricardo Greco) Date: Tue Dec 2 02:30:08 2003 Subject: Hiding a Shared Resource !!! Message-ID: <001501bfda07$1d0423a0$63c8f9c8@novaera.com.br> Hi all, I've installed samba that comes with Conectiva Linux (A brazilian Red hat Distribution) using Kernel 2.2.14. I've configured samba using Swat. Everything is working fine, but there is a single doubt : How must I configure 'smbd.conf' so that after sharing some folder (eg. folder1), only the group "staff" can view that folder, besides access it. I can restrict access to folder1 (only group staff), but other group members are still viewing it, even not having permission to access it. How may I Hide a shared resource so that it stays unviwed for those that haven't access ? Thanks in advance. Ricardo Greco Recife-PE Brazil -------------- next part -------------- HTML attachment scrubbed and removed From dstanawa at netventures.com.au Mon Jun 19 16:37:18 2000 From: dstanawa at netventures.com.au (David Stanaway) Date: Tue Dec 2 02:30:08 2003 Subject: Problems with NT Profiles and timestamps with 2.0.6 Message-ID: Hi all. I am having some problems with roaming profiles being kept on my 2.0.6 samba server. When users login, always it appears to be treated as the first time they have logged in (However, their desktop and start menu are preserved). (IE, The Welcome to Windows crap screen (With no Do not show this again checkbox .. the stupid thing wants you to see it at least twice on any new system)). A seperate (But possibly related) issue is that files copied from NT to a share on the 2.0.6 server loose their creation stamp (Which is not very good for doc management in the users profile). Is this version of samba supposed to preserve creation stamps? I have tried: dos filetimes = True and a few other things that don't seem to do the job. Does this work in TNG_2.5.2 alpha, or in HEAD? Here is the partial config. [global] workgroup = NETALLEN security = User domain logons = True dos filetimes = True logon drive = U: logon home = "\\plug\%U" logon path = "\\plug\%U\profile" logon script = "LOGON.BAT" [netlogon] path = /usr/local/winlogon read only = Yes browseable = No [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No Here is the LOGON.BAT [DOS FORMAT] NET TIME \\DANTE /SET /YES NET USE U: /HOME NET USE R: \\PLUG\RichStuff NET USE G: \\PLUG\Floppy (NB, PLUG is the logon server, BUZZ is the NT4.0-sp6 wkstn and DANTE is another 2.0.6 Samba server with a good clock and ntp4 client) -- Best Regards David Stanaway ========================.--------------------------------------------- System Administrator | Australia's Premier Internet Broadcasters david@NetVentures.com.au| Corporate http://www.NetVentures.com.au Office +612 9460 8800 | Entertainment http://www.Netdance.com.au Pager +612 9461 2981 | Enquiries info@NetVentures.com.au ========================'--------------------------------------------- From s.striker at striker.nl Mon Jun 19 17:21:51 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:30:08 2003 Subject: Compile problems for samba-tng... In-Reply-To: <20000619140958.A13872@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: [...] >Sander: BTW: Why didn't your compile-check-tool send any > mail? > > Elrond Hmmm, because it was screwed up... I just fixed it :-) Should work fine now. Sander From grahamj at virtue.cx Mon Jun 19 17:28:32 2000 From: grahamj at virtue.cx (Jonathan Graham) Date: Tue Dec 2 02:30:08 2003 Subject: Problems with NT Profiles and timestamps with 2.0.6 In-Reply-To: Message-ID: On Tue, 20 Jun 2000, David Stanaway wrote: > Hi all. > > I am having some problems with roaming profiles being kept on my 2.0.6 > samba server. > > When users login, always it appears to be treated as the first time they > have logged in (However, their desktop and start menu are preserved). > (IE, The Welcome to Windows crap screen (With no Do not show this again > checkbox .. the stupid thing wants you to see it at least twice on > any new system)). What happens in the directories? For example when someone logs out are the modify times of the user directories being changed? Do these directories show up as being owned by the user? What are the privledges on the parent directory? \\Plug\ in this case. Currently I have the following set: > logon drive = U: > logon path = "\\TRUTH\profile\%U" This works however I have the parent directory /opt/samba-2.0/profile chmod'ed to 1777. Hope this helps. From pjdc at eircom.net Mon Jun 19 17:48:22 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:08 2003 Subject: User manager for Domains and 2.0.7 or TNG In-Reply-To: "Shane Machon"'s message of "Mon, 19 Jun 2000 12:04:05 +1000" References: Message-ID: >>>>> "Shane" == Shane Machon writes: Shane> Does anyone know if 2.0.7 or TNG supports the nexus Shane> microsoft?Windows '98 utility. (Allows access to User Shane> manager for Domains etc..from a client) When i try to use Shane> it to under 2.0.7 connect to?my server, it sees my domain, Shane> but i get an RPC error message. AFAIK 2.0.x does not support enumeration of users and groups in a domain context at all. I have successfully used Hyena (a NT-based domain administration tool) to examine a Samba-TNG domain. I don't know about Nexus, I have never tried it. Please note that you should not send HTML mail to this list. The HTML didn't render at all for me. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing bu flowers!" From pjdc at eircom.net Mon Jun 19 17:52:14 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:08 2003 Subject: Hiding a Shared Resource !!! In-Reply-To: "Ricardo Greco"'s message of "Tue, 20 Jun 2000 00:58:58 +1000" References: <001501bfda07$1d0423a0$63c8f9c8@novaera.com.br> Message-ID: >>>>> "Ricardo" == Ricardo Greco writes: Ricardo> How may I Hide a shared resource so that it stays unviwed Ricardo> for those that haven't access ? If you are talking about hiding the very existence of a share, then the answer is that it can't be done. AFAIK the list of shares is retrieved using an anonymous connection to the server, which means that the server has no way of knowing who is requesting the list. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing bu flowers!" From elrond at samba.org Mon Jun 19 18:30:56 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:08 2003 Subject: Compile problems for samba-tng... In-Reply-To: ; from Sander Striker on Mon, Jun 19, 2000 at 07:21:51PM +0200 References: <20000619140958.A13872@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000619203056.B18392@baerbel.mug.maschinenbau.tu-darmstadt.de> On Mon, Jun 19, 2000 at 07:21:51PM +0200, Sander Striker wrote: > [...] > > >Sander: BTW: Why didn't your compile-check-tool send any > > mail? > > > > Elrond > > Hmmm, because it was screwed up... I just fixed it :-) > Should work fine now. Thanks ! :) > Sander Elrond From peter at cadcamlab.org Mon Jun 19 20:24:57 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:08 2003 Subject: Compile problems for samba-tng... References: <14669.55209.997734.421277@wire.cadcamlab.org> Message-ID: <14670.31248.131010.931928@wire.cadcamlab.org> [David Stanaway ] > The SAMBA_TNG_2_5_GOOD is that 2.5 Alpha Release that people talk > about isn't it? Yeah. When Luke released 2.5 alpha, several people gave very positive reports of it. At someone's suggestion, he made a new CVS tag out of it, SAMBA_TNG_2_5_GOOD. (Not to be confused with `release-alpha-2-5'.) Peter From Eirik.Thorsnes at student.uib.no Mon Jun 19 20:33:17 2000 From: Eirik.Thorsnes at student.uib.no (Eirik Thorsnes) Date: Tue Dec 2 02:30:08 2003 Subject: Windows 95 Original Passwords In-Reply-To: <3.0.6.32.20000620013936.009b2310@203.16.214.248> References: <394E42A8.5492C04A@joslyn.org> <39490985.14627A95@student.uni-ulm.de> Message-ID: <4.2.2.20000619223006.00b8aef0@rasmus.uib.no> At 00:16 20.06.00 +1000, you wrote: >At 11:56 PM 6/19/00 +1000, Chris Tooley wrote: > >How do I enable encrypted passwords on the older Win 95 machines then? > >I didn't have to install the PlainText registry hack and when a do that > >hack with a DWORD of "0" it doesn't seem to make a difference. > >You don't have to. If the server supports encrypted passwords, the client >will use them! > >The server specifies that it supports encrypted passwords in the response >to the NegProt request. I think that they have an update / patch at MSKB for using encrypted passwords as default in the early 95 versions. Don't have the link here though :( -Eirik Thorsnes From ggarcia at cyg.com.uy Mon Jun 19 21:25:45 2000 From: ggarcia at cyg.com.uy (=?iso-8859-1?Q?Gerardo_Garc=EDa?=) Date: Tue Dec 2 02:30:08 2003 Subject: Problems with Samba Wins and Browser Message-ID: <9073B01E4A2FD311981C0060081F77EA3C83@YATASTO> Hi, I have an NT server 4.0 sp 6a acting as a PDC, DHCP and WINS server, I configured a Samba server 2.0 running on an Red Hat 6.1 server. The samba server can not register with the wins server and do not appears in the browse list of the domain. Thew parameters in the smb.conf file are as follows workgroup = otro server string = Lucifer Samba Server %v netbios name = lucifer auto services = ggar public netlogon prueba add user script = /usr/sbin/adduser %u hosts allow = 140.100. Log file = /var/log/samba/log.%m max log size = 200 security = domain password server = yatasto encrypt passwords = yes smb passwd file = /etc/smbpasswd encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*passwo rd* %n\n *passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = no name resolve order = wins wins server = 140.100.1.1 dns proxy = no I was changed the log level of the nmbd to 3 and the following errors appear in the log.nmb It apperars to have a trouble registering with the WINS server. [2000/06/19 20:56:51, 0] libsmb/nmblib.c:send_udp(754) Packet send failed to 140.100.1.1(137) ERRNO=Invalid argument [2000/06/19 20:56:51, 0] nmbd/nmbd_packets.c:send_netbios_packet(170) send_netbios_packet: send_packet() to IP 140.100.1.1 port 137 failed [2000/06/19 20:56:51, 0] nmbd/nmbd_nameregister.c:register_name(362) register_name: Failed to send packet trying to register name LUCIFER<20> [2000/06/19 20:56:51, 0] libsmb/nmblib.c:send_udp(754) Packet send failed to 140.100.1.1(137) ERRNO=Invalid argument [2000/06/19 20:56:51, 0] nmbd/nmbd_packets.c:send_netbios_packet(170) send_netbios_packet: send_packet() to IP 140.100.1.1 port 137 failed [2000/06/19 20:56:51, 0] nmbd/nmbd_nameregister.c:register_name(362) send_netbios_packet: send_packet() to IP 140.100.1.1 port 137 failed [2000/06/19 20:56:51, 0] nmbd/nmbd_nameregister.c:register_name(362) register_name: Failed to send packet trying to register name LUCIFER<03> [2000/06/19 20:56:51, 0] libsmb/nmblib.c:send_udp(754) Packet send failed to 140.100.1.1(137) ERRNO=Invalid argument [2000/06/19 20:56:51, 0] nmbd/nmbd_packets.c:send_netbios_packet(170) send_netbios_packet: send_packet() to IP 140.100.1.1 port 137 failed [2000/06/19 20:56:51, 0] nmbd/nmbd_nameregister.c:register_name(362) register_name: Failed to send packet trying to register name LUCIFER<00> [2000/06/19 20:56:51, 0] libsmb/nmblib.c:send_udp(754) Packet send failed to 140.100.1.1(137) ERRNO=Invalid argument [2000/06/19 20:56:51, 0] nmbd/nmbd_packets.c:send_netbios_packet(170) send_netbios_packet: send_packet() to IP 140.100.1.1 port 137 failed [2000/06/19 20:56:51, 0] nmbd/nmbd_nameregister.c:register_name(362) register_name: Failed to send packet trying to register name OTRO<00> [2000/06/19 20:56:51, 0] libsmb/nmblib.c:send_udp(754) Packet send failed to 140.100.1.1(137) ERRNO=Invalid argument [2000/06/19 20:56:51, 0] nmbd/nmbd_packets.c:send_netbios_packet(170) send_netbios_packet: send_packet() to IP 140.100.1.1 port 137 failed [2000/06/19 20:56:51, 0] nmbd/nmbd_nameregister.c:register_name(362) register_name: Failed to send packet trying to register name OTRO<1e> [2000/06/19 20:56:51, 3] nmbd/nmbd_serverlistdb.c:create_server_on_workgroup(173 ) TIA Regards Gerardo Garc?a From mcf at augustmail.com Mon Jun 19 21:52:14 2000 From: mcf at augustmail.com (Michael C. Ferguson) Date: Tue Dec 2 02:30:08 2003 Subject: TNG compiles, domain login fails Message-ID: <004a01bfda38$a14f0f40$798b57d8@august.net> Ok, TNG compiles now, but 98 domain login is failing, and spoolssd is apparently not starting (? I am unclear as to what this daemon does in the first place... but it isn't in the process list anymore). I configured with "--with-pam --with-smbmount --with-krb5=/usr/kerberos5". I'm running RH 6.2 on kernel 2.2.16. 98 reports the standard "No login server .. blah blah .. or password is not valid.." smb.log file says that the password did not match. Yes, I am typing in the password correctly. I can provide log files at debug level 50 if needed. -- mcf From validex at earthlink.net Mon Jun 19 22:02:19 2000 From: validex at earthlink.net (Mike Kobzeff) Date: Tue Dec 2 02:30:08 2003 Subject: TNG compiles, domain login fails In-Reply-To: <004a01bfda38$a14f0f40$798b57d8@august.net> Message-ID: Sounds like you might need to turn on password encryption in your smb.conf file. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Michael C. Ferguson Sent: Monday, June 19, 2000 2:53 PM To: Multiple recipients of list SAMBA-NTDOM Subject: TNG compiles, domain login fails Ok, TNG compiles now, but 98 domain login is failing, and spoolssd is apparently not starting (? I am unclear as to what this daemon does in the first place... but it isn't in the process list anymore). I configured with "--with-pam --with-smbmount --with-krb5=/usr/kerberos5". I'm running RH 6.2 on kernel 2.2.16. 98 reports the standard "No login server .. blah blah .. or password is not valid.." smb.log file says that the password did not match. Yes, I am typing in the password correctly. I can provide log files at debug level 50 if needed. -- mcf From mcf at augustmail.com Mon Jun 19 22:08:30 2000 From: mcf at augustmail.com (Michael C. Ferguson) Date: Tue Dec 2 02:30:08 2003 Subject: TNG compiles, domain login fails References: Message-ID: <002701bfda3a$e6df1080$798b57d8@august.net> > Sounds like you might need to turn on password encryption in your smb.conf > file. Password encryption is on; I was using the same config with CVS on 6/14 and everything worked fine. I'm trying to recompile now without --with-krb5=... (although I had that on the 6/14 build and it worked?). -- mcf From pjdc at eircom.net Mon Jun 19 22:40:30 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:08 2003 Subject: TNG compiles, domain login fails In-Reply-To: "Michael C. Ferguson"'s message of "Tue, 20 Jun 2000 08:08:41 +1000" References: <002701bfda3a$e6df1080$798b57d8@august.net> Message-ID: >>>>> "Michael" == Michael C Ferguson writes: >> Sounds like you might need to turn on password encryption in >> your smb.conf file. Michael> Password encryption is on; I was using the same config Michael> with CVS on 6/14 and everything worked fine. I'm trying Michael> to recompile now without --with-krb5=... (although I had Michael> that on the 6/14 build and it worked?). I tried it too (no krb). smbd seems to bomb out everytime I try a password validation, even with rpcclient::ntlogin. I tried a domain login and I got the "slow network connection" dialog, followed by the "roaming profile not available" dialog, and then the "domain not available" dialog. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing bu flowers!" From mgeddes at xavier.sa.edu.au Mon Jun 19 23:13:36 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:08 2003 Subject: Windows Services for UNIX version 2 References: <8142BE56BFF7D311BC4E00B0D0219AF578BC@mail.stryker.ca.1.67.10.in-addr.arpa> <394DC762.1D34A07D@xavier.sa.edu.au> <394E2C66.E535C355@grainsystems.com> Message-ID: <394EA920.467EA0FA@xavier.sa.edu.au> Kevin Colby wrote: > > Matthew Geddes wrote: > > > > Doesn't Windows send a cleartext copy of the password across the LAN > > when changing passwords? If so, the Unix password sync option in > > smb.conf would be all you'd need. Although, I guess not everyone intends > > to run Samba as a PDC..... > > ..nor can a lot of people, given the current state of TNG and the > lack of 2000 support in 2.0. I would sure love to. > > - Kevin Colby > kevinc@grainsystems.com What *is* the current state of TNG. I know I have had my problems, but I think they are my fault ;-). I have also seen a bunch of "can't compile"s on the list. Anyone? Matt From D.Bannon at latrobe.edu.au Mon Jun 19 23:06:21 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:08 2003 Subject: Hiding a Shared Resource !!! In-Reply-To: <001501bfda07$1d0423a0$63c8f9c8@novaera.com.br> Message-ID: <3.0.6.32.20000620090621.0086b2f0@bioserve.latrobe.edu.au> At 12:59 AM 20/06/2000 +1000, Ricardo Greco wrote: > How may I Hide a >shared resource so that it stays unviwed for those that haven't access ? > Thanks in advance. Ricardo Greco Recife-PE Brazil Not sure what you mean by 'unviewed'. If you turn of browsing for the share, then people don't see it on the browse lists but can still connect to it if they know its name. Is that what you are after ? ps - the convention on this list is to post only plain text messages. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mcf at augustmail.com Mon Jun 19 23:55:59 2000 From: mcf at augustmail.com (Michael C. Ferguson) Date: Tue Dec 2 02:30:08 2003 Subject: Windows Services for UNIX version 2 References: <8142BE56BFF7D311BC4E00B0D0219AF578BC@mail.stryker.ca.1.67.10.in-addr.arpa> <394DC762.1D34A07D@xavier.sa.edu.au> <394E2C66.E535C355@grainsystems.com> <394EA920.467EA0FA@xavier.sa.edu.au> Message-ID: <002301bfda49$eb681d40$798b57d8@august.net> > What *is* the current state of TNG. I know I have had my problems, but I > think they are my fault ;-). I have also seen a bunch of "can't > compile"s on the list. Anyone? Well, until about 6/15 or so it was all working pretty well. I was having some minor problems with IPC$ showing root's home dir instead of the user I'd logged in as (?!?), and printing wasn't working too well (couldn't get it to work at all -- although text and ps will print normally). Currently CVS will compile, but domain logins (and probably other things? spoolssd must be breaking something else?) are dysfunctional. Probably the best current solution would be SAMBA_TNG_2_5_GOOD on cvs, as others have mentioned. -- mcf From peter at cadcamlab.org Tue Jun 20 00:22:54 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:08 2003 Subject: UID <-> ntuser.dat References: <7g0l50YJcDB@faerber.muc.de> Message-ID: <14670.47232.892718.581990@wire.cadcamlab.org> [Hans Benedict ] > I just encountered a similar problem. Could you please be a little > bit more specific - how do I find out or change NT UIDs, where does > NT store the ACLs and which registry file do I have to mount for a > given user? Each user's profile includes the file NTUSER.DAT which is a registry hive. Mount this onto a local registry tree using REGEDIT.EXE. REGEDIT has options for changing ACLs for keys and values (recursively, if need be). Peter From peter at cadcamlab.org Tue Jun 20 00:30:26 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:08 2003 Subject: Disable DNS lookups by Samba References: Message-ID: <14670.47847.726449.287534@wire.cadcamlab.org> [Pieter Grimmerink ] > Does anyone know what to do to prevent samba from performing DNS > lookups for users? dns proxy = no Peter From pjdc at eircom.net Tue Jun 20 00:56:06 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:08 2003 Subject: UID <-> ntuser.dat In-Reply-To: Peter Samuelson's message of "Tue, 20 Jun 2000 10:25:02 +1000" References: <7g0l50YJcDB@faerber.muc.de> <14670.47232.892718.581990@wire.cadcamlab.org> Message-ID: >>>>> "Peter" == Peter Samuelson writes: Peter> Each user's profile includes the file NTUSER.DAT which is a Peter> registry hive. Mount this onto a local registry tree using Peter> REGEDIT.EXE. REGEDIT has options for changing ACLs for Peter> keys and values (recursively, if need be). Don't you need to use REGEDT32.EXE for mounting hives and changing ACLs? Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing bu flowers!" From ZolnOtt at t-online.de Tue Jun 20 06:50:41 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:30:08 2003 Subject: domain user and groups Message-ID: <00062009013700.00673@laptop> Hallo! I have download the last CVS-version and it works good. But one thing does not work. I have read in the book "Teach Yourself Samba" that you can use domain users and admins, when you want use the same users and groups on both Systems. But it does not work. The first thing, i can not find, is the domain users. And the second thing is that when i log in as Administrator that the NT-machine says, that i have wrong passwd. But in my smbpasswd i have the user root and in the domain admin users i have write, that root = Administrator and in the domain admin group i have write root = Administratoren (the german words for admin). Can anybody help me Another little question. First i have the TNG-2.1-version downloaded. The configure-file have more than the CVS-Version. Who can i get a new configure-file. Thanks for your help Michael From mhinzke at hinzke.de Tue Jun 20 08:05:30 2000 From: mhinzke at hinzke.de (Magnus Hinzke) Date: Tue Dec 2 02:30:08 2003 Subject: couldn't login Message-ID: <88724611.20000620100530@hinzke.de> Hi, I tried to test login for an NT Client with samedit: [root@.]$ ntlogin hinzke\mhinzke xxxxx ntlogin hinzke\mhinzke xxxxx cli_nt_setup_creds: request challenge failed cmd_nt_login: login (mhinzke) test succeeded: No Here my smbpasswd: sachsen$:501:AF5E72C805AB1C6DBD777C4C38465D2A:AF5E72C805AB1C6DBD777C4C38465D2A:[W ]:LCT-394E45E7: mhinzke:500:5DB2CCC004F93B56AAD3B435B51404EE:180360FC804415028A3878279863B7C1:[U ]:LCT-394F254C: I add the user with cresteuser mhinzke -p xxxxx My Version is samba-tng-alpha.2.5.3 Can anyone tell me why I cannt login ??? Gruss Magnus Hinzke LINUX, the only way to be free! -- Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de ------------------------------------------------------------------- Mitglied im Wirtschaftsverband Kopie und Medientechnik http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From weingfra at goeschwitz.jena.thur.de Tue Jun 20 08:40:25 2000 From: weingfra at goeschwitz.jena.thur.de (Frank Weingart ) Date: Tue Dec 2 02:30:08 2003 Subject: couldn't login In-Reply-To: <88724611.20000620100530@hinzke.de> References: <88724611.20000620100530@hinzke.de> Message-ID: <00062010481000.06525@s4213> Hallo Magnus, Am Die, 20 Jun 2000 schrieben Sie: > Hi, > > I tried to test login for an NT Client with samedit: > [root@.]$ ntlogin hinzke\mhinzke xxxxx > ntlogin hinzke\mhinzke xxxxx > > cli_nt_setup_creds: request challenge failed > cmd_nt_login: login (mhinzke) test succeeded: No > ---schnipp --- I hav the same problem like you, but i've tried to login from the nt-machine and it works well (incl. mapping of home-dirs etc.; only difference: I'm using tng-alpha.2.5 instead of 2.5.3). Frank. From mg at plum.de Tue Jun 20 08:57:05 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:08 2003 Subject: couldn't login References: <88724611.20000620100530@hinzke.de> Message-ID: <01a501bfda95$82063390$0201010a@defiant> > Hi, > > I tried to test login for an NT Client with samedit: > [root@.]$ ntlogin hinzke\mhinzke xxxxx > ntlogin hinzke\mhinzke xxxxx > > cli_nt_setup_creds: request challenge failed > cmd_nt_login: login (mhinzke) test succeeded: No > > Here my smbpasswd: > sachsen$:501:AF5E72C805AB1C6DBD777C4C38465D2A:AF5E72C805AB1C6DBD777C4C38465D 2A:[W ]:LCT-394E45E7: > mhinzke:500:5DB2CCC004F93B56AAD3B435B51404EE:180360FC804415028A3878279863B7C 1:[U ]:LCT-394F254C: > > I add the user with cresteuser mhinzke -p xxxxx > > My Version is samba-tng-alpha.2.5.3 > > Can anyone tell me why I cannt login ??? 2.5.3 is known to be broken. switch back to 2.5 regards, Michael From admin at hans-bredow-institut.de Tue Jun 20 08:55:10 2000 From: admin at hans-bredow-institut.de (Matthias Krawen) Date: Tue Dec 2 02:30:08 2003 Subject: How to set permissions correctly ? Message-ID: <4.3.0.20000620103706.00ba4e80@192.168.4.2> Hi ! Maybe I'm just to blind, but i don't know how to do this. Imagine following scenery; There are UserA, UserB, UserC, UserD There are following UnixGroups (can create more/other groups) norm - UserA, UserB, UserC, UserD Team1 - UserA, UserB Team2 - UserB, UserC Team3 - UserA, UserC, UserD There are following share, containing following dirs [homes] - UserA, UserB, UserC [Projekt1] - Projekt1A, Projekt1B, Projekt1C Question 1 - How to accomplish: Homedirs generally read-only by owner. Exception \homes\UserA should be full accessable by Team3. That means especially that files created by UserC and UserD should be full accessable like files from UserA Question 2 - How to accomplish: Projekt1A is owned by UserA.Team1, Team1 should have full access, esp. create files so that full access is possible. Projekt1B is owned by UserC.Team2. Everyone (owner & teammate) should have full access to all files in theses directorys. That means, files created in Projekt1B by UserB should be full accessable by UserC and so on. How to accomplish this ? Thanks Matthias Krawen Hans-Bredow-Institut Heimhuder Str. 21 20148 Hamburg Fax: 040 / 450 217 77 http://www.hans-bredow-institut.de PGP-Public Key available From lauffer at ph-freiburg.de Tue Jun 20 09:53:06 2000 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:30:08 2003 Subject: How to set permissions correctly ? In-Reply-To: <4.3.0.20000620103706.00ba4e80@192.168.4.2> Message-ID: Hi Matthias! Have a look at username = usera, userb (...) and force user = unix_user force group = unix_group With the combination of this parameters you should be able to to a lot of nice things. Example with a webserver: [wwwroot] comment = WWW-Root path = /usr/local/httpd/htdocs only user = Yes browsable = No # windows-users: username = duffner, nagel, lauffer # unix user: force user = wwwrun force group = nogroup [wwwservice] comment = WWW-Service path = /usr/local/httpd/htdocs/service only user = Yes browsable = No # windows-users: username = lauffer, walz # unix user force user = wwwservice force group = nogroup Remember, it?s just an example! if you dont have local accounts for windows users, you?re able to check the accounts with another PDC: [global] # our pdc password server = wwwpdc But you can do several other things... just have a look to the man pages from force... username... username map... valid users... and invalid users... "Using Samba", one of the many book around samba, is online availabe! Have a look at: http://www.oreilly.com/catalog/samba/chapter/book/index.html Chapter 6 is what you need! ;-) Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ Abteilung ZIK: WWW ] [ Tel.: 0761 - 682 459 Mobil: 0172 - 7145 197 ] From admin at hans-bredow-institut.de Tue Jun 20 10:04:39 2000 From: admin at hans-bredow-institut.de (Matthias Krawen) Date: Tue Dec 2 02:30:08 2003 Subject: Re^2: How to set permissions correctly ? Message-ID: <4.3.0.20000620120051.00b9fef0@192.168.4.2> At 11:53 20.06.00 +0200, you wrote: >Hi Matthias! Hi Stephan, >Have a look at > >username = usera, userb (...) >and >force user = unix_user >force group = unix_group Thanks for your effords, but have a look at my example. Above parameters are share-level. I know them, but I don't want to create one share for every "Projekt1?"-dir. We have too many of them to handle them this way. "Using Samba", one of the many book around samba, is online availabe! >Have a look at: >http://www.oreilly.com/catalog/samba/chapter/book/index.html >Chapter 6 is what you need! ;-) I know this book very well (right, quit good I think), the manpages and several other literatur but my problem isn't covered there. There must be a solution if samba's in everyday use ! Thanks Matthias Hans-Bredow-Institut Heimhuder Str. 21 20148 Hamburg Fax: 040 / 450 217 77 http://www.hans-bredow-institut.de PGP-Public Key available From lauffer at ph-freiburg.de Tue Jun 20 10:26:49 2000 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:30:08 2003 Subject: How to set permissions correctly ? In-Reply-To: <4.3.0.20000620103706.00ba4e80@192.168.4.2> Message-ID: Hi! > There are UserA, UserB, UserC, UserD > norm - UserA, UserB, UserC, UserD > Team1 - UserA, UserB > Team2 - UserB, UserC > Team3 - UserA, UserC, UserD > > [homes] - UserA, UserB, UserC invalid users = UserD > > [Projekt1] - Projekt1A, Projekt1B, Projekt1C > Homedirs generally read-only by owner. Exception \homes\UserA should be no, it depends on your default settings. f.e. SuSE is distributing a binary which is rw for homedirs. Checkout with testparm... > full accessable by Team3. That means especially that files created by UserC > and UserD should be full accessable like files from UserA ok, then it?s not easy to use a global [home] section. try something like this: [UserA] path = /home/UserA username = UserA, UserC, UserD force user = UserA the other homes must alos be set up by "hand". > Question 2 - How to accomplish: > Projekt1A is owned by UserA.Team1, Team1 should have full access, esp. > create files so that full access is possible. [Projekt1] user name = UserA, UserB force user = UserA force group = Team1 And so on... really it?s working with security = user... Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ Abteilung ZIK: WWW ] [ Tel.: 0761 - 682 459 Mobil: 0172 - 7145 197 ] From p.mayers at ic.ac.uk Tue Jun 20 10:40:11 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:30:08 2003 Subject: How to set permissions correctly ? Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8145D@icex1.cc.ic.ac.uk> I think the problem you're having is that Samba is setting the wrong permissions on files created. Do this: 2) For the Projects mkdir /whatever/Projekt1A chown UserA /whatever/Projekt1A chgrp Team1 /whatever/Project1A chmod 2770 /whatever/Project1A Note, we've set the setgid bit on the directories above, so all the files create in that directory will have the directories group, not the user's primary group Then, on the share containing these files, set the parameters create mask = 0770 force create mode = 0770 directory mask = 2770 force directory mode = 2770 We make sure the setgid bit propagates to all the directories. There are many different ways to do this. Without knowing your exact requirements in detail (which, to be frank, no-one here wants to :o) it's impossible to say. You'll need a good understanding of Unix permissions and Samba's interaction with them to find the absolute best solution. (The absolute best solution would be proper NT-style ACLs in the filesystem, but no popular unices offer that). Cheers, Phil -----Original Message----- From: Matthias Krawen [mailto:admin@hans-bredow-institut.de] Sent: Tuesday, June 20, 2000 10:01 AM To: Multiple recipients of list SAMBA-NTDOM Subject: How to set permissions correctly ? Hi ! Maybe I'm just to blind, but i don't know how to do this. Imagine following scenery; There are UserA, UserB, UserC, UserD There are following UnixGroups (can create more/other groups) norm - UserA, UserB, UserC, UserD Team1 - UserA, UserB Team2 - UserB, UserC Team3 - UserA, UserC, UserD There are following share, containing following dirs [homes] - UserA, UserB, UserC [Projekt1] - Projekt1A, Projekt1B, Projekt1C Question 1 - How to accomplish: Homedirs generally read-only by owner. Exception \homes\UserA should be full accessable by Team3. That means especially that files created by UserC and UserD should be full accessable like files from UserA Question 2 - How to accomplish: Projekt1A is owned by UserA.Team1, Team1 should have full access, esp. create files so that full access is possible. Projekt1B is owned by UserC.Team2. Everyone (owner & teammate) should have full access to all files in theses directorys. That means, files created in Projekt1B by UserB should be full accessable by UserC and so on. How to accomplish this ? Thanks Matthias Krawen Hans-Bredow-Institut Heimhuder Str. 21 20148 Hamburg Fax: 040 / 450 217 77 http://www.hans-bredow-institut.de PGP-Public Key available -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3483 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000620/384ab899/attachment.bin From giulioo at pobox.com Tue Jun 20 10:50:31 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:30:08 2003 Subject: How to set permissions correctly ? In-Reply-To: <4.3.0.20000620103706.00ba4e80@192.168.4.2> References: <4.3.0.20000620103706.00ba4e80@192.168.4.2> Message-ID: <20000620105205.04C952AE73@i3.golden.dom> On Tue, 20 Jun 2000 19:02:01 +1000, you wrote: A samba method has already been suggested. I propose a different method based entirely on unix permissions (setgid): >There are UserA, UserB, UserC, UserD >There are following UnixGroups (can create more/other groups) >norm - UserA, UserB, UserC, UserD >Team1 - UserA, UserB >Team2 - UserB, UserC >Team3 - UserA, UserC, UserD >There are following share, containing following dirs >[homes] - UserA, UserB, UserC >[Projekt1] - Projekt1A, Projekt1B, Projekt1C > >Question 1 - How to accomplish: >Homedirs generally read-only by owner. Exception \homes\UserA should be >full accessable by Team3. That means especially that files created by UserC >and UserD should be full accessable like files from UserA chown UserA.Team3 /home/userA chmod 2770 /home/userA However, it's better not to use the homedir for such a thing, create another dir for this purpose. >Question 2 - How to accomplish: > >Projekt1A is owned by UserA.Team1, Team1 should have full access, esp. >create files so that full access is possible. chown root.Team1 /path/Project1A chmod 2770 /path/Project1A In smb.conf you need create mode = 2770 force create mode = 2770 directory mode = 2770 force directory mode = 2770 for that shares All this is from memory and not tested :) -- giulioo@pobox.com From lkp at sophusmedical.dk Tue Jun 20 11:41:54 2000 From: lkp at sophusmedical.dk (Lars Kirkeskov Pedersen) Date: Tue Dec 2 02:30:08 2003 Subject: move from CVS version to 2.0.7 Message-ID: Hi All Forgive my ignorance, but this is really annoying me. We have been running a prealpha of Samba for some months (8 or 9). Some of the clients have been upgraded to Win2K and these clients couldn't connect to the file shares, so we thought an upgrade would be in place. Our Setup: We are running a RH5.2 (with various upgrades and fixes) box as a network server, configured to be PDC and fileserver for the domain (All shares are on the server). We then run 15 WinNT4.0 SP4-6a machines on the network with domain logons. Recently we would like to transfer two IBM laptops to Win2K (Don't ask, it's the marketing people!) Now I would like a newer version of samba running as a PDC for the NT machines, and as a fileserver for the 2k machines. With 2.0.7 I succed in the filesharing for both NT and 2K, but logging in to the NT machines on domain accounts raised multiple issues. 1: Some machines said: user allowed to login interactively from this station. 2: Other machines just logged right in and created a new profile, not using the old profile allready on the system. (We dont use roving profiles). In the user manager (under NT) all the old users show up as \unknown I thought it might be done to the secret SID, and tried to force it to use the old one to no avail. After that I tried to rejoin a machine to the domain to get it to use the old profile, still to no avail. So here is (at last) the question: How do I move from 2.1.0-prealpha (CVS version) to 2.0.7 without messing up my profiles? All ideas and insightfull answers would be appreciated. The network is rater small so even solutions which involve a bit of manual work will do for me. Regards Lars From elrond at samba.org Tue Jun 20 18:18:53 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:09 2003 Subject: TNG compiles, domain login fails In-Reply-To: ; from Paul J Collins on Tue, Jun 20, 2000 at 08:34:18AM +1000 References: <002701bfda3a$e6df1080$798b57d8@august.net> Message-ID: <20000620201853.A22596@baerbel.mug.maschinenbau.tu-darmstadt.de> Could you retry with latest cvs? I fixed some annoying memory-corruption prob (and introduced a memory leak...) Tom told me, that shares still don't work, when you come from a domain-logon, but they work, when you connect them by hand... (as far as I understood him) I've no idea currently, what the problem might be here. Elrond On Tue, Jun 20, 2000 at 08:34:18AM +1000, Paul J Collins wrote: > >>>>> "Michael" == Michael C Ferguson writes: > > >> Sounds like you might need to turn on password encryption in > >> your smb.conf file. > > Michael> Password encryption is on; I was using the same config > Michael> with CVS on 6/14 and everything worked fine. I'm trying > Michael> to recompile now without --with-krb5=... (although I had > Michael> that on the 6/14 build and it worked?). > > I tried it too (no krb). smbd seems to bomb out everytime I try a > password validation, even with rpcclient::ntlogin. I tried a domain > login and I got the "slow network connection" dialog, followed by the > "roaming profile not available" dialog, and then the "domain not > available" dialog. > > Paul. > > -- > Paul Collins - - - - - [ A&P,a&f ] > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > "Where? Where is the town? Now it's nothing bu flowers!" From elrond at samba.org Tue Jun 20 18:21:36 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:09 2003 Subject: couldn't login In-Reply-To: <01a501bfda95$82063390$0201010a@defiant>; from Michael Glauche on Tue, Jun 20, 2000 at 06:58:39PM +1000 References: <88724611.20000620100530@hinzke.de> <01a501bfda95$82063390$0201010a@defiant> Message-ID: <20000620202136.B22596@baerbel.mug.maschinenbau.tu-darmstadt.de> Thanks to all, who help out each other here... I don't know much about the "released" alphas... I'm just trying to get cvs to work again... Elrond On Tue, Jun 20, 2000 at 06:58:39PM +1000, Michael Glauche wrote: > > Hi, > > > > I tried to test login for an NT Client with samedit: > > [root@.]$ ntlogin hinzke\mhinzke xxxxx > > ntlogin hinzke\mhinzke xxxxx > > > > cli_nt_setup_creds: request challenge failed > > cmd_nt_login: login (mhinzke) test succeeded: No > > > > Here my smbpasswd: > > > sachsen$:501:AF5E72C805AB1C6DBD777C4C38465D2A:AF5E72C805AB1C6DBD777C4C38465D > 2A:[W ]:LCT-394E45E7: > > > mhinzke:500:5DB2CCC004F93B56AAD3B435B51404EE:180360FC804415028A3878279863B7C > 1:[U ]:LCT-394F254C: > > > > I add the user with cresteuser mhinzke -p xxxxx > > > > My Version is samba-tng-alpha.2.5.3 > > > > Can anyone tell me why I cannt login ??? > > 2.5.3 is known to be broken. switch back to 2.5 > > regards, > Michael From pjdc at eircom.net Tue Jun 20 21:05:56 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:09 2003 Subject: TNG compiles, domain login fails In-Reply-To: Elrond's message of "Wed, 21 Jun 2000 04:21:15 +1000" References: <002701bfda3a$e6df1080$798b57d8@august.net> <20000620201853.A22596@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: >>>>> "Elrond" == Elrond writes: Elrond> Could you retry with latest cvs? Domain logins are still broken. Elrond> I fixed some annoying memory-corruption prob (and Elrond> introduced a memory leak...) Elrond> Tom told me, that shares still don't work, when you come Elrond> from a domain-logon, but they work, when you connect them Elrond> by hand... (as far as I understood him) I've no idea Elrond> currently, what the problem might be here. Well, when you log in as a local user and then attempt to map a share, it seems to use the normal smb stuff and not the domain stuff. Clearly, the domain stuff is broken, somewhere. I see a broken pipe during the sending of a reply: cli_net_req_chal: LSA Request Challenge from \\. to STO-KERRIG: B01A9DA8E3D30152 make_q_req_chal: 596 make_q_req_chal: 606 000000 net_io_q_req_chal 0000 undoc_buffer: 00000001 000004 smb_io_unistr2 logon_srv 0004 uni_max_len: 00000004 0008 undoc : 00000000 000c uni_str_len: 00000004 0010 buffer : \.\..... 000018 smb_io_unistr2 logon_clnt 0018 uni_max_len: 0000000b 001c undoc : 00000000 0020 uni_str_len: 0000000b 0024 buffer : S.T.O.-.K.E.R.R.I.G... 00003a smb_io_chal clnt_chal 003a data: b0 1a 9d a8 e3 d3 01 52 rpc_con_pipe_req: op_num 4 offset 66 used: 66 rpc_api_pipe_req: start: 0 off: 66 create_rpc_request: opnum: 0x4 data_len: 0x5a create_rpc_request: data_len: 5a auth_len: 0 alloc_hint: 42 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type : 10 00 00 00 prs_set_packtype: bigendian: No 0008 frag_len : 005a 000a auth_len : 0000 000c call_id : 0000008a 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000042 0014 context_id: 006a 0016 opnum : 0004 rpc_api_pipe_req: end: 66 ncalrpc_l_send_prs: data: 0x403c3e34 len 90 [000] 05 00 00 03 10 00 00 00 5A 00 00 00 8A 00 00 00 ........ Z....... [010] 42 00 00 00 6A 00 04 00 01 00 00 00 04 00 00 00 B...j... ........ [020] 00 00 00 00 04 00 00 00 5C 00 5C 00 2E 00 00 00 ........ \.\..... [030] 0B 00 00 00 00 00 00 00 0B 00 00 00 53 00 54 00 ........ ....S.T. [040] 4F 00 2D 00 4B 00 45 00 52 00 52 00 49 00 47 00 O.-.K.E. R.R.I.G. [050] 00 00 B0 1A 9D A8 E3 D3 01 52 ........ .R write_socket(15,90) write_socket_data: write failure. Error = Broken pipe write_socket(15,90) wrote -1 write_socket: Error writing 90 bytes to socket 15: ERRNO = Broken pipe rpc_con_pipe_req FAILED cli_nt_setup_creds: request challenge failed domain_client_validate: credentials failed (\\.) SMB LM/NT Password did not match! Rejecting user 'sneakums': authentication failed 32 bit error packet at line 493 cmd=115 (SMBsesssetupX) eclass=c000006d [Error: Unknown error (109,49152)] error string = Broken pipe size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=16384 smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=5184 smt_wct=0 smb_bcc=0 I'm not sure what it's trying to write to: is the lsa trying to send a reply to netlogon? Right now I'm trying to trace through all the calls in the source, and I've gotten as far as rpc_con_pipe_req. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing bu flowers!" From mcf at augustmail.com Tue Jun 20 21:34:31 2000 From: mcf at augustmail.com (Michael C. Ferguson) Date: Tue Dec 2 02:30:09 2003 Subject: TNG compiles, domain login fails References: <002701bfda3a$e6df1080$798b57d8@august.net> <20000620201853.A22596@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <007101bfdaff$5b67ace0$798b57d8@august.net> > Elrond> Could you retry with latest cvs? > > Domain logins are still broken. ??? I just built the latest CVS, and now domain logins are functioning again (from 98 clients -- I don't have any machines running NT4/5). There is something else wierd I've noticed. When I view TNG's IPC$ share from a 98 client, often 'root' is displayed instead of the real home for the user. Access to root's home folder is denied. By "refreshing" IPC$, occasionally the proper home share will be displayed (instead of root's). I can still access the normal home folder by typing it in manually or using "net use * /home". -- mcf From pjdc at eircom.net Tue Jun 20 21:56:46 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:09 2003 Subject: TNG compiles, domain login fails In-Reply-To: "Michael C. Ferguson"'s message of "Wed, 21 Jun 2000 07:35:34 +1000" References: <002701bfda3a$e6df1080$798b57d8@august.net> <20000620201853.A22596@baerbel.mug.maschinenbau.tu-darmstadt.de> <007101bfdaff$5b67ace0$798b57d8@august.net> Message-ID: >>>>> "Michael" == Michael C Ferguson writes: Elrond> Could you retry with latest cvs? >> Domain logins are still broken. Michael> ??? I just built the latest CVS, and now domain logins Michael> are functioning again (from 98 clients -- I don't have Michael> any machines running NT4/5). There is something else Michael> wierd I've noticed. They're not real domain logins. NT domain logins are still broken. 98 domain logins use SMB calls; NT's ones use DCE/RPC calls. Michael> When I view TNG's IPC$ share from a 98 client, often Michael> 'root' is displayed instead of the real home for the Michael> user. Access to root's home folder is denied. By Michael> "refreshing" IPC$, occasionally the proper home share Michael> will be displayed (instead of root's). I can still access Michael> the normal home folder by typing it in manually or using Michael> "net use * /home". IPC$ is used as a communication channel; it's not a file-serving share. I don't know enough SMB to say if what you're seeing is of any consequence. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing bu flowers!" From psv at transgaz.tomsk.ru Tue Jun 20 17:54:57 2000 From: psv at transgaz.tomsk.ru (psv) Date: Tue Dec 2 02:30:09 2003 Subject: Syncing time with Samba... HOW? (TNG_2_5_GOOD) Message-ID: <394FAFF1.AF1C32D8@comm.ttg> Hi! Finaly I have running samba TNG_2_5_GOOD as domain controller for Win9x and Win2k. But now I have problem with setting time on clients'. When I run "net time \\linux" it return time in GMT and regardless of timezone setting on workstation time (with "net time \\linux /set /yes") will sets in this value. On linux "date" shows time with right timezone/DST correction... So, how to set workstation time in right way? In my smb.conf among of other I have "time server = true" and have expieremented with "time offset = nn". Last setting doesn't have any visual effect when I check it with "net time" on local machine. Thanks, in advance, Sergei. From Michael.Weisbach at de.ibm.com Wed Jun 21 12:09:07 2000 From: Michael.Weisbach at de.ibm.com (Michael.Weisbach@de.ibm.com) Date: Tue Dec 2 02:30:09 2003 Subject: Benchmark suite for Linux/Samba?! Message-ID: Hi Samba-Crew:) a little question from one of my colleagues: > does one of you know a goot benchmark suite for linux? > > > We need tests regarding systemperformance of a samba server. > The customer would like to see results of the musbus/kenbus test. Both are > not available under linux, atleast I was not able to find them. Any hints?! Greetz, Michael From mg at plum.de Wed Jun 21 12:31:23 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:30:09 2003 Subject: Benchmark suite for Linux/Samba?! References: Message-ID: <003501bfdb7c$9c8bf9b0$0201010a@defiant> > > Hi Samba-Crew:) > > a little question from one of my colleagues: > > > does one of you know a goot benchmark suite for linux? > > > > > > We need tests regarding systemperformance of a samba server. > > The customer would like to see results of the musbus/kenbus test. Both > are > > not available under linux, atleast I was not able to find them. I don't really understand that question. Samba is a SMB server, which has Windows clients. So, normal windows benchmarks work quite good. (like zdnet's netbench) But why do you want to benchmark from linux ? do you plan to use smbfs to a samba server ??? Why don't use nfs/coda then ? regards, Michael From ctooley at joslyn.org Wed Jun 21 15:01:43 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:09 2003 Subject: Benchmark suite for Linux/Samba?! References: <003501bfdb7c$9c8bf9b0$0201010a@defiant> Message-ID: <3950D8D7.6ED2AA4F@joslyn.org> In some cases you are looking to standardize the share method. Maybe you have NT/9x boxes that are using shares on a Linux box and other Unix boxen that need those shares as well. If you standardize on NFS then you need to purchase an NFS client/server for NT or find one that works that is free (good luck finding a good one there). If you find you standardize on SMB and have everything use that, you get the same affect, except that there is a really good *NIX tool to mount SMB shares that is already available and known as stable. So you don't have the problem of administering two different sharing methods and all the problems that will entail (ie How well does NFS recognize an SMB lock and vice versa?). The benchmarks would let them know how much of a difference there is between the two. Chris Tooley Michael Glauche wrote: > > > > > Hi Samba-Crew:) > > > > a little question from one of my colleagues: > > > > > does one of you know a goot benchmark suite for linux? > > > > > > > > > We need tests regarding systemperformance of a samba server. > > > The customer would like to see results of the musbus/kenbus test. Both > > are > > > not available under linux, atleast I was not able to find them. > > I don't really understand that question. Samba is a SMB server, which > has Windows clients. So, normal windows benchmarks work quite > good. (like zdnet's netbench) > > But why do you want to benchmark from linux ? do you plan to use smbfs to a > samba > server ??? Why don't use nfs/coda then ? > > regards, > Michael From george at v-sync.bg Wed Jun 21 13:38:14 2000 From: george at v-sync.bg (George Terziysky) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts Message-ID: <006b01bfdb85$f3648e10$292818c3@hot> Hi, Can you tell me how can I set a PROXY settings from Logon Scripts for Win98 workstations I'm using RH6.2 smb 2.0.6 as Domain Server Thank you in advice -------------- next part -------------- HTML attachment scrubbed and removed From ctooley at joslyn.org Wed Jun 21 15:47:07 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts References: <006b01bfdb85$f3648e10$292818c3@hot> Message-ID: <3950E37B.8BD407BC@joslyn.org> What type of PROXY settings are you trying to set? PROXY settings for IE? Chris Tooley > George Terziysky wrote: > > Hi, > > Can you tell me how can I set a PROXY settings from Logon Scripts > for Win98 workstations > I'm using RH6.2 smb 2.0.6 as Domain Server > > Thank you in advice From george at v-sync.bg Wed Jun 21 14:02:34 2000 From: george at v-sync.bg (George Terziysky) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts Message-ID: <009f01bfdb89$597278e0$292818c3@hot> Exactly for IE, I'd like to set: server: name.domain.com port: xxxx George ----- Original Message ----- From: "Chris Tooley" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, June 21, 2000 4:45 PM Subject: Re: Logon Scripts > What type of PROXY settings are you trying to set? PROXY settings for > IE? > > Chris Tooley > > > George Terziysky wrote: > > > > Hi, > > > > Can you tell me how can I set a PROXY settings from Logon Scripts > > for Win98 workstations > > I'm using RH6.2 smb 2.0.6 as Domain Server > > > > Thank you in advice -------------- next part -------------- HTML attachment scrubbed and removed From v_valchev at prosyst.bg Wed Jun 21 14:38:50 2000 From: v_valchev at prosyst.bg (Valentin Pavlov) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts References: <006b01bfdb85$f3648e10$292818c3@hot> Message-ID: <002301bfdb8e$8b86f5e0$0cc8a8c0@psb> In IE5->Tools->Options->Connection->LAN Setting->Use Automatic Configuration Script Here is the help: Provides a space for you to type an address (URL) or file name that will be used to configure Internet Explorer. This file is created by your system administrator to run Internet Explorer on your corporate system. The file might include settings for Internet Explorer options, such as which home page to use, or configuration settings for the proxy server. Each time you start Internet Explorer, it will use those settings. The URL or location of this file is provided to you by your system administrator Ok, So create a file and put it in users home directory on samba server. You should mount in your login script home directories of all users to specified device letter e.g Z: All users should set Z:\ie_proxy.config for their configuration file. There could be a better more elegant decision - just think about it. --- Valentin Pavlov System Administrator & Team Leader @ ProSyst Software AG From ctooley at joslyn.org Wed Jun 21 16:39:27 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts References: <006b01bfdb85$f3648e10$292818c3@hot> <3950E37B.8BD407BC@joslyn.org> <008401bfdb88$2bae9480$292818c3@hot> Message-ID: <3950EFBF.7CFF44F1@joslyn.org> Are these settings contained in the registry? I think they are... and if so it's pretty simple to make registry edits. For instance to change the ip address of the the "DNS Server" for your TCP/IP settings you would export: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP to a file and edit the file. Then put it somewhere you can get to it, like the netlogon share with read accessibility. If it were in the Netlogon share you would want to enter the following command into your login script: regedit /s \\SERVER\\Netlogon\MSTCP.reg which would import the setting with whatever you change. You can add values this way as with others. I'm not sure that the settings are stored in the registry or if they are where but I would bet that's where they're at. Good luck and be sure to reply to the mailing list so that other people that would like to do this can benifit from this as well. Chris Tooley George Terziysky wrote: > > Exactly for IE, > server: name.domain.com > port: xxxx > > thanks > ----- Original Message ----- > From: "Chris Tooley" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, June 21, 2000 4:45 PM > Subject: Re: Logon Scripts > > > What type of PROXY settings are you trying to set? PROXY settings for > > IE? > > > > Chris Tooley > > > > > George Terziysky wrote: > > > > > > Hi, > > > > > > Can you tell me how can I set a PROXY settings from Logon Scripts > > > for Win98 workstations > > > I'm using RH6.2 smb 2.0.6 as Domain Server > > > > > > Thank you in advice From dstanawa at netventures.com.au Wed Jun 21 14:44:29 2000 From: dstanawa at netventures.com.au (David Stanaway) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts In-Reply-To: <002301bfdb8e$8b86f5e0$0cc8a8c0@psb> Message-ID: On Thu, 22 Jun 2000, Valentin Pavlov wrote: > You should mount in your login script home directories of all users to > specified device letter > e.g Z: > All users should set Z:\ie_proxy.config for their configuration file. > > There could be a better more elegant decision - just think about it. Look for the registry key that holds this value, and prepare a registry hive [Correct term?] then merge it with the users registry in the logon script. ([netlogon] would be a good place to put this I guess.) -- Best Regards David Stanaway ========================.--------------------------------------------- System Administrator | Australia's Premier Internet Broadcasters david@NetVentures.com.au| Corporate http://www.NetVentures.com.au Office +612 9460 8800 | Entertainment http://www.Netdance.com.au Pager +612 9461 2981 | Enquiries info@NetVentures.com.au ========================'--------------------------------------------- From p.grimmerink at home.nl Wed Jun 21 14:46:46 2000 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts In-Reply-To: <009f01bfdb89$597278e0$292818c3@hot> Message-ID: -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of George Terziysky Sent: woensdag 21 juni 2000 16:01 To: Multiple recipients of list SAMBA-NTDOM Subject: Logon Scripts >Exactly for IE, I'd like to set: >server: name.domain.com >port: xxxx Sorry, this reply is completely off topic, I know. What I do to avoid making settings on the workstations is using a transparent proxy for port 80. All outgoing traffic to port 80 is redirected to a local port, (requires transparent proxy support in the kernel) running a transproxy daemon, which rebuilds the URL by adding the hostname to the request, and then consults the proxyserver. This is really transparent to the clients, and does not require settings on the workstations. Best regards, Pieter From simo.sorce at polimi.it Wed Jun 21 15:07:27 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:09 2003 Subject: smbusers Message-ID: <3950DA2F.646428B5@polimi.it> us1.samba.org seems down so I'm not able to search on it. Q: Is smbusers file still used in 2.0.7 and if yes does i have to put something in smb.conf to resolve real UNIX names against it? Is the file format changed in any way? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Ben_Meyer at pfm.org Wed Jun 21 15:15:43 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:09 2003 Subject: NT & Samba Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE257E@NT_4> Note: If this is the wrong place to send the message, please let me know where it should go. Thank you. I am having a problem with NT & Samba. After logging off of Samba and disconnecting from the NT Domain, I loose the ability to join the domain again. I am getting the following error messages: cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine mydomain_pdc. Error was : NT_STATUS_ACCESS_DENIED. 2000/06/21 10:03:29 : change_trust_account_password: Failed to change password for domain mydomain. Unable to join domain mydomain. The samba server has been entered as a NT Workstation or Server on the NT PDC, and has worked on the network before. I'm just getting frustrated because it joins, and then later (after having signed off) it won't join the domain. Ben From ctooley at joslyn.org Wed Jun 21 17:26:09 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts References: Message-ID: <3950FAB1.6F61EC36@joslyn.org> This assumes you are using Linux as your PROXY, MS-PROXY doesn't necessarily do this the same way. Chris Tooley Pieter Grimmerink wrote: > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > George Terziysky > Sent: woensdag 21 juni 2000 16:01 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Logon Scripts > > >Exactly for IE, I'd like to set: > >server: name.domain.com > >port: xxxx > > Sorry, this reply is completely off topic, I know. > > What I do to avoid making settings on the workstations is > using a transparent proxy for port 80. > All outgoing traffic to port 80 is redirected to a local port, > (requires transparent proxy support in the kernel) > running a transproxy daemon, which rebuilds the URL by adding > the hostname to the request, and then consults the proxyserver. > > This is really transparent to the clients, and does not require settings > on the workstations. > > Best regards, > > Pieter From MBrown at msdemo.ms.gmsmail.com Wed Jun 21 15:35:45 2000 From: MBrown at msdemo.ms.gmsmail.com (Brown, Matthew) Date: Tue Dec 2 02:30:09 2003 Subject: Intermittent logon failures Message-ID: <8158CAF171AED311B73F0060085A92C9011349@msdemo.ms.gmsmail.com> I have installed Samba to replace a NT 3.51 PDC. It is working well except that sometimes users must attempt several logons before they are granted access to the server. It is not localized to a specific set of machines or a specific set of users. Best regards, -Matthew Brown From p.grimmerink at home.nl Wed Jun 21 15:38:36 2000 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts In-Reply-To: <3950FAB1.6F61EC36@joslyn.org> Message-ID: > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Chris Tooley > Sent: woensdag 21 juni 2000 17:27 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Logon Scripts > > > This assumes you are using Linux as your PROXY, MS-PROXY doesn't > necessarily do this the same way. No, it does not assume a linux proxy, but it assumes a defaultroute to a linuxbox. The transproxy daemon can redirect to any proxy. But you're right, I made the assumption about the defaultroute. Best regards, Pieter From dcox at coxnetwork.com Wed Jun 21 15:58:13 2000 From: dcox at coxnetwork.com (Duane Cox) Date: Tue Dec 2 02:30:09 2003 Subject: samba with libwrap Message-ID: <000e01bfdb99$812f4060$062d923f@laptop.coxnetwork.com> is there any way to have samba work along with libwrap ? I understand samba keeps its own hosts.allow type configuration within the smb.conf file, but is there any way to combine the two? Duane Cox dcox@coxnetwork.com From D.Bannon at latrobe.edu.au Wed Jun 21 22:56:04 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:09 2003 Subject: Logon Scripts In-Reply-To: <009f01bfdb89$597278e0$292818c3@hot> Message-ID: <3.0.6.32.20000622085604.0087d670@bioserve.latrobe.edu.au> At 12:02 AM 22/06/2000 +1000, George Terziysky wrote: > Exactly for IE, I'd like to set: >server: name.domain.com >port: xxxx > Sounds like the sort of thing that should be done with a policy. David. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From proberts at dubois-king.com Wed Jun 21 22:54:42 2000 From: proberts at dubois-king.com (Phillip C. Roberts) Date: Tue Dec 2 02:30:09 2003 Subject: smbd and nmbd services status in SWAT Message-ID: <000201bfdbd3$b0507af0$1f00a8c0@daisy> I am running Samba 2.0.6 on Linux 6.2. When in SWAT on the Server Status Page my services are listed as not running. But, they are on the server. Any clues or hints? Phillip C. Roberts CADD Systems Manager DuBois and King, Inc. Voice: 802.728.4113, ext 322 Email: proberts@DuBois-King.com From peter at cadcamlab.org Wed Jun 21 20:27:22 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:09 2003 Subject: ANNOUNCE: pam_pwexport, Unix->SMB password changes References: <14662.6568.913991.650134@wire.cadcamlab.org> Message-ID: <14673.6220.61642.665393@wire.cadcamlab.org> [Seth Vidal ] > I've got a current setup of nt users running on samba 2.0.7 > w/unencrypted passwords (nt plain password hack). I also have A LOT > of unix-only users who never touch nt (but might someday) > > I'd like to migrate to encrypted passwords, using this module to > update the samba database. That's *exactly* what I had in mind when I wrote the module. I'll release version 0.1 RSN. (Random cleanups, things like actually compiling on HP-UX and Solaris.) > but my problem is account addition: > ie: my smbpasswd file has no users in it. So I need to add all the users > with the nopassword option. But then those accounts are more or less > exposed. And the old password never works to change it. smbpasswd has a lot of options, see the manpage: -a add the user to the smbpasswd file -x remove the user from smbpasswd -e enable the account -d disable the account -s read passwords from stdin rather than /dev/tty So you just have to cook up the appropriate script. Here's a try, untested. (Perl is needed for the "$< = $>" line; I don't know a way to do this in sh.) ---------------------------------------------------------------------- #!/usr/bin/perl -wT # we're setuid so don't trust the values of these important variables $ENV{PATH}='/usr/local/samba/bin:/usr/bin'; $ENV{IFS} =" \t"; $< = $>; # setuid(geteuid()) so smbpasswd won't complain if ($< != 0) { die "Must be run as root\n"; } while (<>) { chomp; m/^([^ ]+) (.*)$/; if ($1 eq 'user' ) { $u = $2; } elsif ($1 eq 'password' ) { $n = $2; } elsif ($1 eq 'oldpassword') { $o = $2; } } open OUT, "| smbpasswd -s -a '$u'" or die "Cannot exec smbpasswd: $!\n"; print OUT, "$n\n$n\n"; close OUT; ---------------------------------------------------------------------- I'll try and test a few scenarios like this one and provide working example scripts for version 0.1. > So how do I make the change take place from multiple remote linux clients. Since you will not (necessarily) have access to the old password, only the new password, it's not good to rely on smbpasswd's remote password update feature. So what I'd do instead is do it by remote login, i.e. ssh. Either set up openssh so that the root account on your PDC trusts the root accounts on other machines, or create a dedicated account with uid 0 that has the above script as its login shell (and of course a locked password and a ~/.ssh/authorized_keys file that only lets those other root accounts in). Peter From peter at cadcamlab.org Wed Jun 21 21:58:44 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:09 2003 Subject: ANNOUNCE: pam_pwexport, Unix->SMB password changes References: <14673.6220.61642.665393@wire.cadcamlab.org> Message-ID: <14673.14110.951367.451659@wire.cadcamlab.org> [Seth Vidal ] > for remote logins I'm working on an perl/expect script to set the > smbpasswd on the pdc - as long as the file is only > readable/executable by root then it should be relatively safe enough. Hmmm, so you're planning to export this via a network filesystem? I suppose that could work. If you are thinking NFS, make sure the client boxes aren't root-squashed. Also, don't forget to do proper locking on the smbpasswd file, though, for obvious reasons. Or did you mean something else? Peter From proberts at dubois-king.com Thu Jun 22 01:55:47 2000 From: proberts at dubois-king.com (Phillip C. Roberts) Date: Tue Dec 2 02:30:09 2003 Subject: Am I missing something? Message-ID: <000401bfdbec$fdc08280$1f00a8c0@daisy> Setup: Samba 2.0.6 Linux Redhat 6.2 Samba Server is member of Domain - File and Print Sharing Only Security is set to Domain - All users and groups defined in NT Domain - No Linux Users or Groups Question: 1. Is there a way to assign permissions to shares created in the smb.conf to an NT Domain Users Group?? I know I could assign a Linux group if I had defined/used them. Would Samba 2.0.7 or TNG make this implementation easier? Thanks in advance for any input. Phillip C. Roberts CADD Systems Manager DuBois and King, Inc. Voice: 802.728.4113, ext 322 Email: proberts@DuBois-King.com From skvidal at phy.duke.edu Wed Jun 21 19:23:51 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:09 2003 Subject: ANNOUNCE: pam_pwexport, Unix->SMB password changes In-Reply-To: <14662.6568.913991.650134@wire.cadcamlab.org> Message-ID: > For all you out there who use PAM-enabled Unix systems (that means most > flavors of Linux and Solaris, and recently HP-UX, and possibly others I > don't know about), you may wish to give this a shot: > > http://peter.cadcamlab.org/misc/pam_pwexport-0.0.tar.gz > > It sits and snoops whenever a user enters or changes a password through > PAM, and sends the passwords off to be processed by an arbitrary > PAM-unaware executable. That means: > > * For all logins (ftp, ssh, telnet, pop3, etc) you can grab the > password and use it to populate your local smbpasswd file. This is > akin to the smb.conf `update encrypted' option, useful for migration > from a Unix environment to a mixed Unix/NT environment. > I can't get to any of the samba mirrors or the archive so if this has been answered please just let me know. I've got a current setup of nt users running on samba 2.0.7 w/unencrypted passwords (nt plain password hack). I also have A LOT of unix-only users who never touch nt (but might someday) I'd like to migrate to encrypted passwords, using this module to update the samba database. but my problem is account addition: ie: my smbpasswd file has no users in it. So I need to add all the users with the nopassword option. But then those accounts are more or less exposed. And the old password never works to change it. So how do I make the change take place from multiple remote linux clients. I want every login to update the password in the smbpasswd file on a certain system. Is this possible? Thanks -sv From skvidal at phy.duke.edu Wed Jun 21 21:26:28 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:09 2003 Subject: ANNOUNCE: pam_pwexport, Unix->SMB password changes In-Reply-To: <14673.6220.61642.665393@wire.cadcamlab.org> Message-ID: > > So how do I make the change take place from multiple remote linux clients. > > Since you will not (necessarily) have access to the old password, only > the new password, it's not good to rely on smbpasswd's remote password > update feature. So what I'd do instead is do it by remote login, > i.e. ssh. Either set up openssh so that the root account on your PDC > trusts the root accounts on other machines, or create a dedicated > account with uid 0 that has the above script as its login shell (and of > course a locked password and a ~/.ssh/authorized_keys file that only > lets those other root accounts in). for remote logins I'm working on an perl/expect script to set the smbpasswd on the pdc - as long as the file is only readable/executable by root then it should be relatively safe enough. and it should allow remote unix machines w/pam fields to sync up. - it would be somewhat slow for some logins but I think it would work. does that sound reasonable to you? -sv From D.Bannon at latrobe.edu.au Thu Jun 22 05:01:46 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:10 2003 Subject: Am I missing something? In-Reply-To: <000401bfdbec$fdc08280$1f00a8c0@daisy> Message-ID: <3.0.6.32.20000622150146.00891ad0@bioserve.latrobe.edu.au> At 12:05 PM 22/06/2000 +1000, Phillip C. Roberts wrote: > .... >1. Is there a way to assign permissions to shares created in the smb.conf to >an NT Domain Users Group?? No, not in 2.0.6 or 2.0.7 >Would Samba 2.0.7 or TNG make this implementation easier? > TNG will do it. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Christian.Duclou at eeigm.inpl-nancy.fr Thu Jun 22 07:48:42 2000 From: Christian.Duclou at eeigm.inpl-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:30:10 2003 Subject: informations NT PDC References: <394E2789.879A6650@cri.ens-cachan.fr> Message-ID: <3951C4DA.CE0C62AE@eeigm.inpl-nancy.fr> Hi, Remember that there is a free book .... In france (RENATER) you can download it here: http://www.eeigm.inpl-nancy.fr/Docs/samba2.0.xx/sambapdf.zip C.D. Marc Panijel wrote: > How can i create a MACHINE account when Samba is being used as an NT > Primary Domain Controller? > > I am working with samba 2.06. > > Tanks for your help. > > ------------------------------------------------------------------ > Marc Panijel > C.R.I. | Tel: 0147406885 > 61, Avenue du President Wilson | Fax: 0147406888 > 94235 Cachan cedex | email panijel@cri.ens-cachan.fr > ------------------------------------------------------------------ > > -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: +33 383.3683.27 - Fax: +33 383.3683.36 _______________ http://eeigm.inpl-nancy.fr _____________ -------------- next part -------------- HTML attachment scrubbed and removed From eirvine at tpgi.com.au Thu Jun 22 08:11:14 2000 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:30:10 2003 Subject: Two sambas, one machine? How about pid files? Message-ID: <3951CA22.38596B37@tpgi.com.au> Hi all :) I want to move over to encrypted passwords so I can support domain logons for NT SP5 machines. While I move over, I still want to keep my support for the plaintext machines up and running for a while. I've had domain logons for Win9x machines with plaintext passwords for several years. I've got a smbpasswd file happening, aliasing on my ethernet card happening, and two versions of a smb.conf file. Different interfaces, domains, spool files etc for each. The idea is that I fire up two versions each of smbd and nmbd, right? One is pointed to the first smb.conf file, the other the second. Yes? When I tried this, the second versions of smbd and nmbd refused to start, because /var/run/smbd.pid and /var/run/nmbd.pid were already there. I can't find an option to point the pid files elsewhere. Am I missing something? Or do I have to hack the source and compile a second version of samba binaries? Ta very much Eddie. From admin at hans-bredow-institut.de Thu Jun 22 09:20:16 2000 From: admin at hans-bredow-institut.de (Matthias Krawen) Date: Tue Dec 2 02:30:10 2003 Subject: Fwd: Re: How to set permissions correctly ? Message-ID: <4.3.0.20000622111852.00b9e910@192.168.4.2> Hi Stephan, > > There are UserA, UserB, UserC, UserD > > norm - UserA, UserB, UserC, UserD > > Team1 - UserA, UserB > > Team2 - UserB, UserC > > Team3 - UserA, UserC, UserD > > > > [homes] - UserA, UserB, UserC >invalid users = UserD > > > > [Projekt1] - Projekt1A, Projekt1B, Projekt1C > > full accessable by Team3. That means especially that files created by > UserC > > and UserD should be full accessable like files from UserA > > Question 2 - How to accomplish: > > Projekt1A is owned by UserA.Team1, Team1 should have full access, esp. > > create files so that full access is possible. >[Projekt1] >user name = UserA, UserB >force user = UserA >force group = Team1 > >And so on... really it?s working with security = user... Not really. It's the same problem: Projekt1 in my example contains the directorys Projekt1A, Projekt1B and so on. Team1 should only have access to Projekt1A and not the other projects. Thats my Problem. I dont want to create a share for every "subproject" MfG Matthias Hans-Bredow-Institut Heimhuder Str. 21 20148 Hamburg Fax: 040 / 450 217 77 http://www.hans-bredow-institut.de PGP-Public Key available From admin at hans-bredow-institut.de Thu Jun 22 09:25:13 2000 From: admin at hans-bredow-institut.de (Matthias Krawen) Date: Tue Dec 2 02:30:10 2003 Subject: Fwd: RE: How to set permissions correctly ? Message-ID: <4.3.0.20000622112056.00b9f970@192.168.4.2> Hi Philip, >I think the problem you're having is that Samba is setting the wrong >permissions on files created. Do this: right. >2) For the Projects >chmod 2770 /whatever/Project1A > >Note, we've set the setgid bit on the directories above, so all the files >create in that directory will have the directories group, not the user's >primary group That's it I think. Where can I find such additional attributes ? I only knew the suid-bit. man chmod doesn't explain this. [...] Upps. Sorry. It is. Never had a look for this. Thx again. >impossible to say. You'll need a good understanding of Unix permissions and > ^^^^^^^^^^^^^^^^ Thinks I have to get deeper into this than wrx :-) Thx Matthias Hans-Bredow-Institut Heimhuder Str. 21 20148 Hamburg Fax: 040 / 450 217 77 http://www.hans-bredow-institut.de PGP-Public Key available From admin at hans-bredow-institut.de Thu Jun 22 09:32:03 2000 From: admin at hans-bredow-institut.de (Matthias Krawen) Date: Tue Dec 2 02:30:10 2003 Subject: Fwd: Benchmark suite for Linux/Samba?! Message-ID: <4.3.0.20000622112835.00baa2e0@192.168.4.2> Hi ! >a little question from one of my colleagues: > > > does one of you know a goot benchmark suite for linux? > > > > > > We need tests regarding systemperformance of a samba server. > > The customer would like to see results of the musbus/kenbus test. Both >are > > not available under linux, atleast I was not able to find them. Don't know it this is what you need; http://www1.zdnet.com/zdbop/netbench/netbench.html It's a benchmark for fileservers which is used by at leased several german "pc-pro-magazines". It's for Windows. Several Clients are simulating "officelike"-access to a fileserver. So you can compare several servers, and if you have access to, your server to tested servers eg at http://www.zdnet.de It's freeware. MfG Matthias Hans-Bredow-Institut Heimhuder Str. 21 20148 Hamburg Fax: 040 / 450 217 77 http://www.hans-bredow-institut.de PGP-Public Key available From simo.sorce at polimi.it Thu Jun 22 10:02:45 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:10 2003 Subject: us1.samba.org down? Message-ID: <3951E445.A02430E1@polimi.it> Still unable from yesterday to connect to us1.samba.org, also nslookup fails to find IP address. Is it down for any reason? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From proberts at dubois-king.com Thu Jun 22 11:04:46 2000 From: proberts at dubois-king.com (Phillip C. Roberts) Date: Tue Dec 2 02:30:10 2003 Subject: Am I missing something? In-Reply-To: <3.0.6.32.20000622150146.00891ad0@bioserve.latrobe.edu.au> Message-ID: <000801bfdc39$add46e10$1f00a8c0@daisy> Would I have to implement my File and Print Server as a Domain Controller? Or, can NT group permissions be assigned to files and directories on the File and Print Server as a member of the domain via TNG? If TNG is the answer, how stable is it? Where can I find the best documentation on it? Hanks again for the input. It is greatly appreciated. Phillip C. Roberts CADD Systems Manager DuBois and King, Inc. Voice: 802.728.4113, ext 322 Email: proberts@DuBois-King.com -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of David Bannon Sent: Thursday, June 22, 2000 1:05 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Am I missing something? At 12:05 PM 22/06/2000 +1000, Phillip C. Roberts wrote: > .... >1. Is there a way to assign permissions to shares created in the smb.conf to >an NT Domain Users Group?? No, not in 2.0.6 or 2.0.7 >Would Samba 2.0.7 or TNG make this implementation easier? > TNG will do it. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ .... Humpty Dumpty was pushed ! From BeckerA at blackclawson-cm.com Thu Jun 22 12:17:33 2000 From: BeckerA at blackclawson-cm.com (Becker, Andrew) Date: Tue Dec 2 02:30:10 2003 Subject: nt and samba Message-ID: <8FA6CB4C3ED1D3118DBC0060089315BC1AE6C4@calypso.blackclawson-cm.com> Is there any way to sync my samba users and passwords with the NT domain passwords so that I do not have to hand create new users to access samba? From Jerome.Lefeuvre at iu-vannes.fr Thu Jun 22 12:29:58 2000 From: Jerome.Lefeuvre at iu-vannes.fr (Lefeuvre =?iso-8859-1?Q?J=E9r=F4me?=) Date: Tue Dec 2 02:30:10 2003 Subject: can't log in TNG 2.5 GOOD Message-ID: <395206C6.A5DB7D97@iu-vannes.fr> Hi all :) I'm tested samba TNG 2.5 good, The source code compiled and installed without any errors or anything, i'm starting samba without any errors in logs. When i create some users or account machine it is ok , but when i log some user the log.smb returned me write_socket(14,342) write_socket(14,342) wrote 342 ncalrpc_l_receive: 121 read_data: read of 16 returned 0. "Error = No such file or directory" msrpc_receive: failed domain_client_validate: unable to validate password for user lefeuvre in domain LARS to Domain controller \\.. SMB LM/NT Password did not match! Rejecting user 'lefeuvre': authentication failed error packet at line 497 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 error string = No such file or directory size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=1339 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=0 write_socket(7,39) write_socket(7,39) wrote 39 read_socket_data: recv of 4 returned 0. Error = Success receive_smb: length < 0! end of file from client Closing connections Server exit (normal exit) can anyone help me. -------------- next part -------------- A non-text attachment was scrubbed... Name: lefeuvre.vcf Type: text/x-vcard Size: 295 bytes Desc: Carte pour Lefeuvre Jérôme Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000622/329c3b68/lefeuvre.vcf From iulica at dntis.ro Thu Jun 22 15:07:49 2000 From: iulica at dntis.ro (Iulian Ciorascu) Date: Tue Dec 2 02:30:10 2003 Subject: Two sambas, one machine? How about pid files? References: <3951CA22.38596B37@tpgi.com.au> Message-ID: <39522BC5.CE2D04AB@dntis.ro> > Am I missing something? Or do I have to hack the source and compile a > second version of samba binaries? I think you have to ./configure --prefix=... and compile it. This is to answer your question. But have you considered using encrypted passwords for all of your clients ? Why not ? I have 2 samba running on the same machine but there are different versions, one TNG for PDC, and a samba-2.0.7 for profiles, homes, file and print server. > > Ta very much > Eddie. Best wishes, Iulian From rajeeva at research.bell-labs.com Thu Jun 22 15:19:18 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:30:10 2003 Subject: HEAD branch and nt printing Message-ID: <39522E75.F547B74C@research.bell-labs.com> I am trying to use NT printing with HEAD branch, which was working at some point of time in past. But with latest code, I get certain nt printing related parameters to be unknown parameters doing parameter nt forms file = /LPRng/samba/lib/nt/ntforms.def [2000/06/22 10:17:15, 0] param/loadparm.c:map_parameter(1820) Unknown parameter encountered: "nt forms file" [2000/06/22 10:17:15, 0] param/loadparm.c:lp_do_parameter(2419) Ignoring unknown parameter "nt forms file" doing parameter nt printer driver = /LPRng/samba/lib/nt [2000/06/22 10:17:15, 0] param/loadparm.c:map_parameter(1820) Unknown parameter encountered: "nt printer driver" [2000/06/22 10:17:15, 0] param/loadparm.c:lp_do_parameter(2419) Ignoring unknown parameter "nt printer driver" I can however try to add printer using NT workstation, but I don't see the file NTprinter_printername being created anywhere. Has anything changed? Should I be using a different branch? Thanks, rajeev From eparker at mindsec.com Thu Jun 22 16:05:29 2000 From: eparker at mindsec.com (Erik Parker) Date: Tue Dec 2 02:30:10 2003 Subject: PDC peering? Message-ID: Greetings, First off, I am not an NT person at all. I depise it and refuse to use it. However my company on the other hand does not. We have a dozen samba boxes in the USA that auth off of US-PDC. The US-PDC has a "trusted peering" relationship with the UK-PDC. However when the machines ask the US-PDC for a password of a user who is setup on the UK-PDC, the auth fails. The NT peeps assure me that their peering crap is setup fine. So my question is has anyone else seen this? How did you fix it? Also, can Samba have a 'if fails on this PDC.. try this other PDC?' type of setup? Erik Parker eparker@mindsec.com From p.mayers at ic.ac.uk Thu Jun 22 16:21:49 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:30:10 2003 Subject: PDC peering? Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81473@icex1.cc.ic.ac.uk> Which version of Samba? A little more information is needed, but to give you the background to the trouble you're having... I've never really been sure of the status, but what you're talking about is using an account from a trusted domain to access a server in a given domain. You didn't say what the "security" setting was in smb.conf - this is important. I'm pretty sure you need the username mapping functionality of Samba to do that, but I'm not even sure that's enough. The problem is... well look at it like this: /etc/passwd pfwe:x:501:501::/home/pfwe:/bin/bash grrt:x:502:502::/home/grrt:/bin/bash /etc/smbpasswd pfwe:501:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[ U ]:LCT-394DFABF: grrt:502:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[ U ]:LCT-394DFADB: /etc/smb.conf workgroup = USDOMAIN server string = Samba Server security = domain encrypt passwords = yes smb passwd file = /etc/smbpasswd And you've done an "smbpasswd -j USDOMAIN" So, connecting from a client as: pfwe or USDOMAIN\pfwe The Samba server maps you to UID number 501, no problems there. But, connecting as: UKDOMAIN\anotheruser The Samba server has no way to map you to a unix user (which it must do to setuid() down to you). So, the real answer is I don't know what happens. HEAD and TNG have methods (winbind and SURS multi-domain algorithms) to deal with this. What security setting are you using in smb.conf? Cheers, Phil -----Original Message----- From: Erik Parker [mailto:eparker@mindsec.com] Sent: Thursday, June 22, 2000 5:08 PM To: Multiple recipients of list SAMBA-NTDOM Subject: PDC peering? Greetings, First off, I am not an NT person at all. I depise it and refuse to use it. However my company on the other hand does not. We have a dozen samba boxes in the USA that auth off of US-PDC. The US-PDC has a "trusted peering" relationship with the UK-PDC. However when the machines ask the US-PDC for a password of a user who is setup on the UK-PDC, the auth fails. The NT peeps assure me that their peering crap is setup fine. So my question is has anyone else seen this? How did you fix it? Also, can Samba have a 'if fails on this PDC.. try this other PDC?' type of setup? Erik Parker eparker@mindsec.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3457 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000622/aefd006b/attachment.bin From gcarter at valinux.com Thu Jun 22 16:55:49 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:10 2003 Subject: HEAD branch and nt printing References: <39522E75.F547B74C@research.bell-labs.com> Message-ID: <39524515.26959314@valinux.com> These parameters exist in TNG. They disappeared from HEAD somehow, but the functionality stil exists (in rapid flux at the moment as we are actively working on it). jerry Rajeev Agrawala wrote: > > I am trying to use NT printing with HEAD branch, which was working at > some point of time in past. > > But with latest code, I get certain nt printing related > parameters to be unknown parameters > > doing parameter nt forms file = /LPRng/samba/lib/nt/ntforms.def > [2000/06/22 10:17:15, 0] param/loadparm.c:map_parameter(1820) > Unknown parameter encountered: "nt forms file" > [2000/06/22 10:17:15, 0] param/loadparm.c:lp_do_parameter(2419) > Ignoring unknown parameter "nt forms file" > > doing parameter nt printer driver = /LPRng/samba/lib/nt > [2000/06/22 10:17:15, 0] param/loadparm.c:map_parameter(1820) > Unknown parameter encountered: "nt printer driver" > [2000/06/22 10:17:15, 0] param/loadparm.c:lp_do_parameter(2419) > Ignoring unknown parameter "nt printer driver" > > I can however try to add printer using NT workstation, but I don't see > the file NTprinter_printername being created anywhere. > > Has anything changed? Should I be using a different branch? > > Thanks, > > rajeev -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ptredeau at crossbeamsys.com Thu Jun 22 17:33:45 2000 From: ptredeau at crossbeamsys.com (Peter Tredeau) Date: Tue Dec 2 02:30:10 2003 Subject: Password Sync Message-ID: <000101bfdc70$04c4fdd0$2c01020a@HAGGIS> Hello, I have a Win NT domain will all W2K and NT 4.0 machines, along with a Linux NIS environment. I would like to be able to have the Linux users change their passwords on the NIS master and the NT users use the NT environment. I would like to keep the passwords in sync. The PDC is on NT 4.0 server. Any idea how to do this ? -Pete From kellermg at potsdam.edu Thu Jun 22 19:02:52 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:30:10 2003 Subject: Windows Services for UNIX version 2 References: <394DBF18.C4D0950F@mediaone.net> Message-ID: <395262DC.E23B2B46@potsdam.edu> Art Wildman wrote: > > Interesting.... > if we could see the code, wonder if perhaps MS used some Samba tools here? > > Windows Services for UNIX version 2 > http://www.microsoft.com/technet/win2000/sfu.asp I hope it is significantly better than version 1 of that product- THAT was a waste of $156... Oh well. :() -- Matthew Keller Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From ranjan_bagchi at yahoo.com Thu Jun 22 19:44:40 2000 From: ranjan_bagchi at yahoo.com (Ranjan Bagchi) Date: Tue Dec 2 02:30:10 2003 Subject: NT Profiles not being copied back to PDC Message-ID: <20000622194440.14762.qmail@web2106.mail.yahoo.com> Hi -- I'm using Samba 2.0.6 as PDC on my home lan. I'm using it mainly to keep profiles backed up on the linux box. I recently added another NT (SP6a) box to the lan and while it sees my domain and other machines in it, the profile-backing-up part seems broken. When I log in, it notices that the local profile is newer than the one on samba, but it never copies it back when I log out. I don't believe I did anything different with my other machines.. I did apply service pack 6a right after I installed, so could that be it. Any hints on how to debug this? Should I upgrade to 2.0.7? Thanks, Ranjan Bagchi __________________________________________________ Do You Yahoo!? Send instant messages with Yahoo! Messenger. http://im.yahoo.com/ From raub at gator.net Thu Jun 22 20:46:29 2000 From: raub at gator.net (Mauricio Tavares) Date: Tue Dec 2 02:30:10 2003 Subject: (FAQ?) samba box not seen by PCs Message-ID: <3.0.6.32.20000622164629.007d25b0@mail.gator.net> WARNING: o this may be rather long since I included dumps from the log files. o This is also the first time I am trying to get samba to work, so do bear with me =) I installed Samba 2.0.3 in my netbsd 1.4.1 box. I configured it as follows: # Samba config file created using SWAT # from shado.proedint.com (10.0.0.11) # Date: 2000/06/22 16:39:32 # Global parameters workgroup = UFO netbios name = INTERCEPTOR server string = Samba Server 2.0.3 preferred master = Yes domain master = Yes wins support = Yes [homes] comment = Home Directories read only = No browseable = No [public] comment = Public path = /home/public read only = No create mask = 0664 directory mask = 0775 guest ok = Yes where UFO is a workgroup I created with just the unix box in it. Then, I started it manually, interceptor# cat var/log.smb [2000/06/22 16:34:18, 1] smbd/server.c:main(614) smbd version 2.0.3 started. Copyright Andrew Tridgell 1992-1998 [2000/06/22 16:34:18, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 3394 are available. interceptor# cat var/log.nmb [2000/06/22 16:34:20, 1] nmbd/nmbd.c:main(672) Netbios nameserver version 2.0.3 started. Copyright Andrew Tridgell 1994-1998 [2000/06/22 16:34:20, 0] nmbd/asyncdns.c:start_async_dns(150) started asyncdns process 13549 [2000/06/22 16:34:21, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_win s(332) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup UFO, subnet UNICAST_SU BNET. [2000/06/22 16:34:21, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_win s(347) become_domain_master_browser_wins: querying WINS server at IP 10.0.0.12 for do main master browser name UFO<1b> on workgroup UFO [2000/06/22 16:34:21, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) ***** Samba server INTERCEPTOR is now a domain master browser for workgroup UFO on s ubnet UNICAST_SUBNET ***** [2000/06/22 16:34:21, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bca st(284) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup UFO on subnet 10.0.0.1 2 [2000/06/22 16:34:21, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bca st(298) become_domain_master_browser_bcast: querying subnet 10.0.0.12 for domain maste r browser on workgroup UFO [2000/06/22 16:34:30, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) ***** Samba server INTERCEPTOR is now a domain master browser for workgroup UFO on s ubnet 10.0.0.12 ***** [2000/06/22 16:34:45, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) ***** Samba name server INTERCEPTOR is now a local master browser for workgroup UFO on subnet 10.0.0.12 ***** interceptor# Then, I go to my PC (in workgroup PROED, with IP 10.0.0.11. The unix box, interceptor, has IP 10.0.0.12) and see if I can see the workgroup UFO. To my dispair, it is not there. What could be wrong? From chris.gamble at CPBINC.com Thu Jun 22 20:55:04 2000 From: chris.gamble at CPBINC.com (chris.gamble@CPBINC.com) Date: Tue Dec 2 02:30:10 2003 Subject: SIDs for Linux PDC Message-ID: <61DC06BCBAB7D311A1A50090273CEF1C056D37@smtp.cpbinc.com> I want to convert my linux machine to be my PDC but I am really unsure wher to start. The service I need to preserve is the Exchange Server. However, that would require me copying the SID of the exchange user to the Linux Machine. Anyone have any ideas on how to make this happen? Chris Gamble CPB Inc p: 972-579-1642 e: chris.gamble@cpbinc.com From mgeddes at xavier.sa.edu.au Thu Jun 22 23:02:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:10 2003 Subject: Password Sync References: <000101bfdc70$04c4fdd0$2c01020a@HAGGIS> Message-ID: <39529B23.25DF4A48@xavier.sa.edu.au> Peter Tredeau wrote: > > Hello, > > I have a Win NT domain will all W2K and NT 4.0 machines, along > with a Linux NIS environment. I would like to be able to have > the Linux users change their passwords on the NIS master and the > NT users use the NT environment. I would like to keep the passwords > in sync. The PDC is on NT 4.0 server. Any idea how to do this ? > > -Pete Check out the unix password sync option in smb.conf man page. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From dstanawa at netventures.com.au Thu Jun 22 22:57:58 2000 From: dstanawa at netventures.com.au (David Stanaway) Date: Tue Dec 2 02:30:10 2003 Subject: Password Sync In-Reply-To: <39529B23.25DF4A48@xavier.sa.edu.au> Message-ID: On Fri, 23 Jun 2000, Matthew Geddes wrote: > Peter Tredeau wrote: > > I have a Win NT domain will all W2K and NT 4.0 machines, along > > with a Linux NIS environment. I would like to be able to have > > the Linux users change their passwords on the NIS master and the > > NT users use the NT environment. I would like to keep the passwords > > in sync. The PDC is on NT 4.0 server. Any idea how to do this ? > > Check out the unix password sync option in smb.conf man page. I think that Peter wanted to be able to have the reverse operation defined as well. EG: Running yppasswd (Or whatever the NIS util is called), and having it update the SMB passwd as well. I thought that samba could auth against NIS? Alternately, he could look into how well the pam_ntdom module works (I think its a part of TNG_2_5). Whatevr works, I have an interest in too, but not be able to look into it for a while. -- Best Regards David Stanaway ========================.--------------------------------------------- System Administrator | Australia's Premier Internet Broadcasters david@NetVentures.com.au| Corporate http://www.NetVentures.com.au Office +612 9460 8800 | Entertainment http://www.Netdance.com.au Pager +612 9461 2981 | Enquiries info@NetVentures.com.au ========================'--------------------------------------------- From mgeddes at xavier.sa.edu.au Thu Jun 22 23:15:01 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:10 2003 Subject: (FAQ?) samba box not seen by PCs References: <3.0.6.32.20000622164629.007d25b0@mail.gator.net> Message-ID: <39529DF5.A61D23BB@xavier.sa.edu.au> Mauricio Tavares wrote: > > WARNING: > o this may be rather long since I included dumps from the log files. > o This is also the first time I am trying to get samba to work, so do > bear with me =) > > I installed Samba 2.0.3 in my netbsd 1.4.1 box. I configured it as follows: > > Then, I go to my PC (in workgroup PROED, with IP 10.0.0.11. The unix box, > interceptor, has IP 10.0.0.12) and see if I can see the workgroup UFO. To > my dispair, it is not there. What could be wrong? If be 'see', you mean Network Neighbourhood, you should try mapping a network drive by right-clicking on 'My Computer' and selecting 'Map Network Drive'. Browsing (NetHood) doesn't always work under an NT only environment. -- Matthew Geddes Network Manager Xavier College Gawler, SA From D.Bannon at latrobe.edu.au Thu Jun 22 23:25:48 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:10 2003 Subject: nt and samba In-Reply-To: <8FA6CB4C3ED1D3118DBC0060089315BC1AE6C4@calypso.blackclawso n-cm.com> Message-ID: <3.0.6.32.20000623092548.008874c0@bioserve.latrobe.edu.au> At 10:25 PM 22/06/2000 +1000, Becker, Andrew wrote: >Is there any way to sync my samba users and passwords with the NT domain >passwords so that I do not have to hand create new users to access samba? Really not enough info. Are you using a NT Domain controller or a Samba DC ? Which flavour or Unix ? Possibly what you want is to do all your authentication from one passwd database on the domain controller. Have a look into pam_smb http://www.csn.ul.ie/~airlied/pam_smb/ if you are using linux or sun. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mhinzke at hinzke.de Fri Jun 23 07:06:48 2000 From: mhinzke at hinzke.de (Magnus Hinzke) Date: Tue Dec 2 02:30:11 2003 Subject: couldn't login In-Reply-To: <01a501bfda95$82063390$0201010a@defiant> References: <88724611.20000620100530@hinzke.de> <01a501bfda95$82063390$0201010a@defiant> Message-ID: <137415747.20000623090648@hinzke.de> Moin Michael, Tuesday, June 20, 2000, 10:58:20 AM, you wrote: >> I add the user with cresteuser mhinzke -p xxxxx >> >> My Version is samba-tng-alpha.2.5.3 >> >> Can anyone tell me why I cannt login ??? MG> 2.5.3 is known to be broken. switch back to 2.5 It does not work with 2.5.3, 2.5 and the current cvs version, so I think it is my mistake ... [root@.]$ ntlogin HINZKE\mhinzke xxxxx ntlogin HINZKE\mhinzke xxxxx root is in 7 groups: 0, 1, 2, 3, 4, 6, 10 uid 0 registered to name root Clearing default real name uid 0 vuid 100 registered to unix name root policy(pnum=1 ): Setting policy state setting policy con policy(pnum=1 ): Getting policy state Getting policy con state policy(pnum=1 ): Getting policy state Getting policy con state Duplicating policy state pnum=1 policy(pnum=2 ): Setting policy state setting policy con policy(pnum=2 ): Getting policy state Getting policy con state policy(pnum=2 ): Getting policy state Getting policy con state policy(pnum=2 ): Getting policy state Getting policy con state policy(pnum=2 ): Closing policy(pnum=1 ): Getting policy state Getting policy con state policy(pnum=1 ): Closing root is in 7 groups: 0, 1, 2, 3, 4, 6, 10 uid 0 registered to name root Clearing default real name uid 0 vuid 101 registered to unix name root cli_nt_setup_creds: request challenge failed cmd_nt_login: login (mhinzke) test succeeded: No Sorry for the long mail, but I think it's important. The same is happens then I try to login with an NT Station, the Domain Logon works, but no script is started and I cannot access any share. Anyone can help me ? Gruss Magnus Hinzke LINUX - KEEP THE SPIRIT ALIVE... -- Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de ------------------------------------------------------------------- Mitglied im Wirtschaftsverband Kopie und Medientechnik http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From Andre_Naehring at hks-net.de Fri Jun 23 08:32:33 2000 From: Andre_Naehring at hks-net.de (Andre_Naehring@hks-net.de) Date: Tue Dec 2 02:30:11 2003 Subject: Using NT 4.0 WKS and Novell Client Message-ID: Are there any known problems using Windows NT 4.0 Workstation with installed Client for Novell Netware v 4.71? If I try the login into my domain, NT crashes with a bluescreen, while another NT Installation without the Client works well. Thank you! From simo.sorce at polimi.it Fri Jun 23 08:55:33 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:11 2003 Subject: Password Sync References: <000101bfdc70$04c4fdd0$2c01020a@HAGGIS> Message-ID: <39532605.A53CF10B@polimi.it> Peter Tredeau wrote: > > Hello, > > I have a Win NT domain will all W2K and NT 4.0 machines, along > with a Linux NIS environment. I would like to be able to have > the Linux users change their passwords on the NIS master and the > NT users use the NT environment. I would like to keep the passwords > in sync. The PDC is on NT 4.0 server. Any idea how to do this ? > > -Pete I don't know if this is a viable solution for you. I resolved the problem setting an https (ssl encrypted) page to change the password. It take the responsability to authenticate the user and change the samba and unix passwords. The difference is that I have Samba and NIS on the same server. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From mhinzke at hinzke.de Fri Jun 23 10:46:01 2000 From: mhinzke at hinzke.de (Magnus Hinzke) Date: Tue Dec 2 02:30:11 2003 Subject: Using NT 4.0 WKS and Novell Client In-Reply-To: References: Message-ID: <18513568360.20000623124601@hinzke.de> Moin Andre, Friday, June 23, 2000, 10:36:14 AM, you wrote: Ahnd> Are there any known problems using Windows NT 4.0 Workstation with Ahnd> installed Client for Novell Netware v 4.71? If I try the login into my Ahnd> domain, NT crashes with a bluescreen, while another NT Installation without Ahnd> the Client works well. Ahnd> Thank you! Are you using samba-2.0.7 ??? If got the same problem, with tng it works fine! But I cannot tell you any suggestion to fix the problem ... Gruss Magnus Hinzke Linux. Ich bin doch nicht bl?d! -- Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de ------------------------------------------------------------------- Mitglied im Wirtschaftsverband Kopie und Medientechnik http://www.hinzke.de / Oc?Net Partner: http://www.ocenet.de Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 From hanak at IRIS.osu.cz Fri Jun 23 11:28:59 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:30:11 2003 Subject: Using NT 4.0 WKS and Novell Client In-Reply-To: <18513568360.20000623124601@hinzke.de> Message-ID: To solve this problem, uninstall novell client and use one from M$. Or don't use NOVELL:) O.H. On Fri, 23 Jun 2000, Magnus Hinzke wrote: > Moin Andre, > > Friday, June 23, 2000, 10:36:14 AM, you wrote: > > Ahnd> Are there any known problems using Windows NT 4.0 Workstation with > Ahnd> installed Client for Novell Netware v 4.71? If I try the login into my > Ahnd> domain, NT crashes with a bluescreen, while another NT Installation without > Ahnd> the Client works well. > > Ahnd> Thank you! > > Are you using samba-2.0.7 ??? > If got the same problem, with tng it works fine! But I cannot tell you > any suggestion to fix the problem ... > > Gruss > Magnus Hinzke > > Linux. Ich bin doch nicht blöd! > > -- > Magnus Hinzke / Volker Hinzke GmbH / mhinzke@hinzke.de > ------------------------------------------------------------------- > Mitglied im Wirtschaftsverband Kopie und Medientechnik > http://www.hinzke.de / OcéNet Partner: http://www.ocenet.de > Kanalstrasse 62, 23552 Luebeck, Tel: +49-451-79957-01, Fax: -27 > > From Andre_Naehring at hks-net.de Fri Jun 23 11:35:51 2000 From: Andre_Naehring at hks-net.de (Andre_Naehring@hks-net.de) Date: Tue Dec 2 02:30:11 2003 Subject: Antwort: Re: Using NT 4.0 WKS and Novell Client Message-ID: > To solve this problem, uninstall novell client and use one from M$. Or > don't use NOVELL:) Nice! Thank you! > Ahnd> Are there any known problems using Windows NT 4.0 Workstation with > Ahnd> installed Client for Novell Netware v 4.71? If I try the login into my > Ahnd> domain, NT crashes with a bluescreen, while another NT Installation without > Ahnd> the Client works well. > > Ahnd> Thank you! > > Are you using samba-2.0.7 ??? > If got the same problem, with tng it works fine! But I cannot tell you > any suggestion to fix the problem ... Hi Magnus! Benutze die 2.0.7, die TNG hat bei mir nur Mist gemacht. cu, Andr? From jabachman at hiestandsupply.com Fri Jun 23 13:13:43 2000 From: jabachman at hiestandsupply.com (Jason Bachman) Date: Tue Dec 2 02:30:11 2003 Subject: NT Profiles not being copied back to PDC In-Reply-To: <20000622194440.14762.qmail@web2106.mail.yahoo.com> Message-ID: Ranjan, 1. Check that your permissions haven't changed on the Samba box. That gets me every time. 2. If you tell NT to use the locally stored profile, it will not save it back to the PDC on logout. (this has been my experience). When it asks if you want to use the locally stored profile, select NO. That will force the NT box to re-download the profile from the PDC. 3. You may want to use POLEDIT and change the NT machine so that it does not save the profile locally after logout. Basically the NT machine will download the profile from the PDC at logon, and delete the local copy after uploading to the PDC at logoff. There are some VERY helpful documents on Microsoft's support website that explain how the whole profile thing works and how to control it. They also have some references to Samba, although they give no direct help for Samba configurations. Good Luck! ------------------------------- Jason Bachman Director of Information Systems Hiestand Supply Company jabachman@hiestandsupply.com (717)426-1921 -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Ranjan Bagchi Sent: Thursday, June 22, 2000 3:48 PM To: Multiple recipients of list SAMBA-NTDOM Subject: NT Profiles not being copied back to PDC Hi -- I'm using Samba 2.0.6 as PDC on my home lan. I'm using it mainly to keep profiles backed up on the linux box. I recently added another NT (SP6a) box to the lan and while it sees my domain and other machines in it, the profile-backing-up part seems broken. When I log in, it notices that the local profile is newer than the one on samba, but it never copies it back when I log out. I don't believe I did anything different with my other machines.. I did apply service pack 6a right after I installed, so could that be it. Any hints on how to debug this? Should I upgrade to 2.0.7? Thanks, Ranjan Bagchi __________________________________________________ Do You Yahoo!? Send instant messages with Yahoo! Messenger. http://im.yahoo.com/ From elrond at samba.org Fri Jun 23 16:31:05 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:11 2003 Subject: NT Profiles not being copied back to PDC In-Reply-To: ; from Jason Bachman on Fri, Jun 23, 2000 at 11:20:49PM +1000 References: <20000622194440.14762.qmail@web2106.mail.yahoo.com> Message-ID: <20000623183105.A16862@baerbel.mug.maschinenbau.tu-darmstadt.de> What also could have happened: The time on your new nt-box is not set correctly. nt checks times to see, wether it may update/download stuff... Elornd On Fri, Jun 23, 2000 at 11:20:49PM +1000, Jason Bachman wrote: > Ranjan, > > 1. Check that your permissions haven't changed on the Samba box. That gets > me every time. > > 2. If you tell NT to use the locally stored profile, it will not save it > back to the PDC on logout. (this has been my experience). When it asks if > you want to use the locally stored profile, select NO. That will force the > NT box to re-download the profile from the PDC. > > 3. You may want to use POLEDIT and change the NT machine so that it does > not save the profile locally after logout. Basically the NT machine will > download the profile from the PDC at logon, and delete the local copy after > uploading to the PDC at logoff. > > There are some VERY helpful documents on Microsoft's support website that > explain how the whole profile thing works and how to control it. They also > have some references to Samba, although they give no direct help for Samba > configurations. > > Good Luck! > > ------------------------------- > Jason Bachman > Director of Information Systems > Hiestand Supply Company > jabachman@hiestandsupply.com > (717)426-1921 > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Ranjan Bagchi > Sent: Thursday, June 22, 2000 3:48 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: NT Profiles not being copied back to PDC > > > > Hi -- > > I'm using Samba 2.0.6 as PDC on my home lan. I'm > using it mainly to keep profiles backed up on the > linux box. > > I recently added another NT (SP6a) box to the lan and > while it sees my domain and other machines in it, the > profile-backing-up part seems broken. When I log in, > it notices that the local profile is newer than the > one on samba, but it never copies it back when I log > out. > > I don't believe I did anything different with my other > machines.. I did apply service pack 6a right after I > installed, so could that be it. > > Any hints on how to debug this? Should I upgrade to > 2.0.7? > > Thanks, > > Ranjan Bagchi > > __________________________________________________ > Do You Yahoo!? > Send instant messages with Yahoo! Messenger. > http://im.yahoo.com/ From elrond at samba.org Fri Jun 23 16:53:55 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:11 2003 Subject: Password Sync In-Reply-To: <000101bfdc70$04c4fdd0$2c01020a@HAGGIS>; from Peter Tredeau on Fri, Jun 23, 2000 at 03:36:58AM +1000 References: <000101bfdc70$04c4fdd0$2c01020a@HAGGIS> Message-ID: <20000623185354.B16862@baerbel.mug.maschinenbau.tu-darmstadt.de> What you could do: Get TNG 2.5, compile it, and only use rpcclient: You can run it against an NT PDC and change the password of other users by logging in as Administrator. It works mainly like this (untested) rpcclient -S ntpdc -U Administrator%passwdofadmin samuserset ntuser -p newpassword Of course, you have to run this on a secure machine, because otherwise your users can see the admin-pw in a "ps -ef". So, now how to get the new pw? Check out the post "ANNOUNCE: pam_pwexport, Unix->SMB password changes" by Peter Samuelson . It's a pam-module, that can grab the new pw for you. BTW: This should also even work against a TNG-PDC. Elrond On Fri, Jun 23, 2000 at 03:36:58AM +1000, Peter Tredeau wrote: > > Hello, > > I have a Win NT domain will all W2K and NT 4.0 machines, along > with a Linux NIS environment. I would like to be able to have > the Linux users change their passwords on the NIS master and the > NT users use the NT environment. I would like to keep the passwords > in sync. The PDC is on NT 4.0 server. Any idea how to do this ? > > -Pete From pjdc at eircom.net Fri Jun 23 19:04:10 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:11 2003 Subject: Using NT 4.0 WKS and Novell Client In-Reply-To: Ondrej Hanak's message of "Fri, 23 Jun 2000 21:28:38 +1000" References: Message-ID: >>>>> "Ondrej" == Ondrej Hanak writes: Ondrej> To solve this problem, uninstall novell client and use one Ondrej> from M$. Or don't use NOVELL:) Microsoft's Novell client is horrible. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From list-samba-ntdom at faerber.muc.de Fri Jun 23 08:11:00 2000 From: list-samba-ntdom at faerber.muc.de (=?ISO-8859-1?Q?Claus_F=E4rber?=) Date: Tue Dec 2 02:30:11 2003 Subject: NT Profiles not being copied back to PDC In-Reply-To: <20000622194440.14762.qmail@web2106.mail.yahoo.com> Message-ID: <7gPhUJ4ZcDB@faerber.muc.de> Ranjan Bagchi schrieb/wrote: > I recently added another NT (SP6a) box to the lan and > while it sees my domain and other machines in it, the > profile-backing-up part seems broken. When I log in, > it notices that the local profile is newer than the > one on samba, but it never copies it back when I log > out. Check this system's time and date settings. Claus -- http://www.faerber.muc.de From skvidal at phy.duke.edu Fri Jun 23 20:28:15 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:11 2003 Subject: kerberos, nt and samba Message-ID: I work at duke university and there are many folks who are trying to sort out how to solve a perplexing situation. 1. We have a kerberos realm for the entire campus. Depts can use that with their own local authentication mechanism to auth users and provide services for them. Its Krb5 not 4. 2. We have nt machines that we would like authenticate via kerberos then have them be able to mount drives on samba servers. 3. We do not want to have plaintext passwords enabled b/c its obvious suboptimal for security. Additionally we might want to have an Samba-based PDC and NT gets unhappy about talking to a PDC if plaintext is enabled. Obviously samba can deal with the LMhash coming from the NT machines but it can't then auth against krb5 w/o cracking the hash first. Any ideas? New Nt ginas? looking for ways around this problem. thanks -sv From darren at sandd.co.uk Fri Jun 23 22:42:53 2000 From: darren at sandd.co.uk (Darren Hammond) Date: Tue Dec 2 02:30:11 2003 Subject: Using NT 4.0 WKS and Novell Client References: Message-ID: <3953E7ED.1E03038C@sandd.co.uk> This explains why when I try to log a NT4 Terminal Server in to the domain it kicks me straight back out, no errors or nothing on a terminal. I tried a workstation and got the blue screen. Both had Novell Client 4.7.1 on them. It worked fine after I reloaded NT on the workstation, but then I forgot to reload the Novell client in my hurry to try it out. I think using the MS Novell client will give far more problems than it solves. Maybe the time has come for me to go to TNG. Darren Paul J Collins wrote: > >>>>> "Ondrej" == Ondrej Hanak writes: > > Ondrej> To solve this problem, uninstall novell client and use one > Ondrej> from M$. Or don't use NOVELL:) > > Microsoft's Novell client is horrible. > > Paul. > > -- > Paul Collins - - - - - [ A&P,a&f ] > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > "Where? Where is the town? Now it's nothing but flowers!" From johan.ostensson at orebro.lantmen.se Mon Jun 26 06:03:08 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:30:11 2003 Subject: =?Iso-8859-1?Q?stability_of_2.0.7_as_pdc=3F?= Message-ID: <20000626060414Z25799639-25578+356@samba.org> How stable is 2.0.7's domain-controlling function? I'm thinking of installing it on a small network I'm administring. And since I'm not there it *has* to go on for several weeks without problems... There has been no problem whatsoever with 2.0.6 (not as pdc though) /johan Johan ?stensson johan.ostensson@orebro.lantmen.se (work) johan.ostensson@swipnet.se (home) From mgeddes at xavier.sa.edu.au Mon Jun 26 06:25:29 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:11 2003 Subject: stability of 2.0.7 as pdc? References: <20000626060414Z25799639-25578+356@samba.org> Message-ID: <3956F759.577E08E6@xavier.sa.edu.au> Johan ?stensson wrote: > > How stable is 2.0.7's domain-controlling function? I'm thinking of > installing it on a small network I'm administring. And since I'm not there > it *has* to go on for several weeks without problems... There has been no > problem whatsoever with 2.0.6 (not as pdc though) > > /johan > > Johan ?stensson > johan.ostensson@orebro.lantmen.se (work) > johan.ostensson@swipnet.se (home) Samba 2.0.x does not officially support domain logons for Windows NT and I believe there are a few issues with Windows 2000. I have run 2.0.6 as a PDC for Windows 95, 98 and NT 4 quite successfully. Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From simo.sorce at polimi.it Mon Jun 26 07:30:04 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:11 2003 Subject: Using NT 4.0 WKS and Novell Client References: <3953E7ED.1E03038C@sandd.co.uk> Message-ID: <3957067C.4CF9C4A5@polimi.it> Darren Hammond wrote: > > This explains why when I try to log a NT4 Terminal Server in to the > domain it kicks me straight back out, no errors or nothing on a terminal. > I tried a workstation and got the blue screen. Both had Novell Client > 4.7.1 on them. > > It worked fine after I reloaded NT on the workstation, but then I forgot > to reload the Novell client in my hurry to try it out. > > I think using the MS Novell client will give far more problems than it > solves. Maybe the time has come for me to go to TNG. > > Darren I'm using M$ Client for novell in a samba controlled environment and all works fine. Check that the binding preference is on tcp/ip as binding preference for novell may disrupt more the election system of Windows machines as the samba server cannot see elections or messages sent through IPX. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From gcarter at valinux.com Sun Jun 25 00:56:56 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:11 2003 Subject: domain user and groups References: <00062009013700.00673@laptop> Message-ID: <395558D8.D473864F@valinux.com> Andrea Zolnhofer & Michael Ott wrote: > > Hallo! > > I have download the last CVS-version and it works good. > But one thing does not work. I have read in the book > "Teach Yourself Samba" that you can use domain users > and admins, when you want use the same users and groups > on both Systems. But it does not work. The first thing, i > can not find, is the domain users. Anything in the STY Samba book was written prior to the existence of the SAMBA_TNG branch. Since the PDC implementation has been in a constant state of flux, the STY Samba chapter on Samba as a Windows NT domain controlled is outdated wrt to TNG. jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at samba.org Mon Jun 26 12:50:02 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:30:11 2003 Subject: [cliffs] status Message-ID: findfirst / next / close - the latest ops now working! so that makes: - negprot (LM 0.12 only) - sesssetupX (parses, no auth so all ops are root) - tconX - openX, readX, writeX, close - trans trans - lanman: - DosNetShareEnum - DosNetServerGetInfo - trans2 trans2 - fileops: - FindFirst2 (info 0x104) - FindNext2 (info 0x104) - QueryFSInfo (info 0x105) - findclose2 - getattrE (only one info level) this is a fairly radical, "clean" approach i'm taking. aside from the auto-generated code, the largest .c file, aside from those borrowed from samba source, is 204 lines long, in each of which, the GPL license takes up 20! so, aside from there being lots of files, it's really obvious what's going on as the auto-generated code dealing with the over-the-wire stuff is completely separated from the actual job of being a "server". despite the obvious complexity and mess of dealing with the SMB protocol, this stuff is actually quite a pleasure to work with. there is a smb-vfs-redirector layer added in on all main SMB operations (open,close,read,write,trans,trans2 only at moment) and i currently have an independent smb-file-redirector, smb-IPC$-redirector and smb-print-redirector. smb-print says "unsupported" at the mo. smb-IPC$ only supports trans, for LANMAN operations. smb-file supports rwoc + trans2 because you need Trans2FindFirst. there is a PHANDLE object with which a void* and a free-function can be associated (and it can also be associated with a parent PHANDLE). closing a PHANDLE has the effect of calling the free-funtion on the void* *and* calling the close-handle on all child objects. sounds weird? maybe, maybe not :) it means that the implementation of SMBtdis is like this: pTconHnd = find_tcon_hnd_by_index(pSesssetupHnd, SMB_HDR->tid)) close_policy_hnd(pTconHnd); well *duur*, how simple is that??? :) this will have the effect of calling, for each child-file-handle, the close_policy_hnd() operation, which will call close(state->filedescriptor) and when i have locking etc it will do the unlocking too, and also get rid of change-notify events which will _also_ be handles, etc etc. maybe i will do locking next, although i would like to have notepad opening / saving a file, first: it does weird stuff like trans2-query-fs-info requests and getattrs that i don't support yet. interesting to see what i can "get away with" not supporting, and see what breaks and what works. e.g i don't return 8.3 mangled file names in the findfirst/findnext lists tee hee :) authentication hasn't been added yet, The Plan Is to use TNG code on loop-back for both authentication and any DCE/RPC requests just get passed _straight_ through, no questions asked (like they are in TNG at the moment). so, i do not link in the SMB client library into conifersd at the moment, and i plan to make sure it stays that way unless there is a really compelling reason to do otherwise. and at the moment, there isn't one. things i am definitely not going to consider supporting: - security = share things i am going to consider supporting under duress or will be happy to accept patches for: - win95 - plaintext passwords things to support if they are needed: - SMBsearch (8-bit, DOS-variant of Trans2FindFirst needed even, as andrew mentioned, for DOS-apps running on NT) quite a lot achieved in a short space of time. hindsight and most of the work done through using a spec is a great benefit. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From k.zieger at odn.de Mon Jun 26 13:15:34 2000 From: k.zieger at odn.de (Klaus Zieger) Date: Tue Dec 2 02:30:11 2003 Subject: Samba 2.0.7 as pdc and about 40 clients Win95/98 ? Message-ID: <005a01bfdf70$a2832c60$f33ca8c0@fosnbg.de> Has anybody experience with Samba (2.0.7.) set up on a fast server (2 CPU's and 512 MB RAM, 100Mbit/s network) as primary domain controller for Win9x clients. Is the performance still acceptable if there are about 45 clients (45 PC's and a maximum of 90 users, on the average there are about 30 logons but there frequent logoffs and logons simultaneously) ? I would be most grateful if anybody could send me an example of his smb.conf file. So far I have managed successfully to build up a small network with 3 clients (1 Samba PDC, 3 Win9x clients) and it works just fine. I'm battlehardenend as far as WIN NT4.0 is concerned and can take quite some frustration - as you can probably imagine !! A Linux-Newcomer Klaus Zieger / Nuremberg in Germany -------------- next part -------------- HTML attachment scrubbed and removed From k.zieger at odn.de Mon Jun 26 13:24:04 2000 From: k.zieger at odn.de (Klaus Zieger) Date: Tue Dec 2 02:30:11 2003 Subject: Samba 2.0.7 as pdc and about 40 clients Win95/98 ? 2nd request Message-ID: <008f01bfdf71$ccd9fd80$f33ca8c0@fosnbg.de> Has anybody experience with Samba (2.0.7.) set up on a fast server (2 CPU's and 512 MB RAM, 100Mbit/s network) as primary domain controller for Win9x clients. Is the performance still acceptable if there are about 45 clients (45 PC's and a maximum of 90 users, on the average there are about 30 logons but there frequent logoffs and logons simultaneously) ? I would be most grateful if anybody could send me an example of his smb.conf file. So far I have managed successfully to build up a small network with 3 clients (1 Samba PDC, 3 Win9x clients) and it works just fine. I'm battlehardenend as far as WIN NT4.0 is concerned and can take quite some frustration - as you can probably imagine !! A Linux-Newcomer Klaus Zieger / Nuremberg in Germany k.zieger@odn.de -------------- next part -------------- HTML attachment scrubbed and removed From MBrown at msdemo.ms.gmsmail.com Mon Jun 26 13:13:20 2000 From: MBrown at msdemo.ms.gmsmail.com (Brown, Matthew) Date: Tue Dec 2 02:30:11 2003 Subject: SIDs for Linux PDC Message-ID: <8158CAF171AED311B73F0060085A92C901134A@msdemo.ms.gmsmail.com> Are you sure you'd need to copy the SID's? I would have thought Exchange would do some sort of RPC auth with the current NT domain, so maybe you could use TNG. But be aware, I am purely guessing on the RPC issue. -Matthew Brown -----Original Message----- From: chris.gamble@CPBINC.com [mailto:chris.gamble@CPBINC.com] Sent: Thursday, June 22, 2000 5:04 PM To: Multiple recipients of list SAMBA-NTDOM Subject: SIDs for Linux PDC I want to convert my linux machine to be my PDC but I am really unsure wher to start. The service I need to preserve is the Exchange Server. However, that would require me copying the SID of the exchange user to the Linux Machine. Anyone have any ideas on how to make this happen? Chris Gamble CPB Inc p: 972-579-1642 e: chris.gamble@cpbinc.com From p.grimmerink at home.nl Mon Jun 26 13:34:11 2000 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:30:11 2003 Subject: Time server problems Message-ID: What could be the reason for the following problems I'm experiencing with samba-tng 2.5.3 as a pdc with 'time server = yes' : running the logon script in a dosbox gives the following output: C:\WINDOWS\Desktop>net time \\server /SET /YES Current time at \\SERVER is 26-6-2000 13:24 ^^^^^^ this is GMT, while the 'date' command displays the local time Error 50: You attempted an operation that cannot be performed from your computer or that is not supported on the specified server. Make sure you are using the correct server for the command or task that you want to perform. If the problem persists, contact your network administrator. The workstation is a win98 box. I'm sure it worked before, don't know exactly at which tng version it went wrong. Best regards, Pieter Grimmerink From hwimmer at bakerref.com Mon Jun 26 14:34:09 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:30:12 2003 Subject: samba version release questions References: <005a01bfdf70$a2832c60$f33ca8c0@fosnbg.de> Message-ID: <001201bfdf7b$975d0350$9f01a8c0@bakerref.com> we have been evaluating samba as a server for some time. we have a good deal of applications that are nt server specific such as com apps, mts, and IIS applications, the 2 o/s'es need to live together happliy. 1. when will the next major samba version be released (so far, i have heard october)? 2. will it have win2k support (clients and servers) 3. will it provide domain controlling for 95/98/nt/2000 well enough that it can be used in an environment with NT and allow our apps that use nt authentication to run (they validate based on the domain) thanks for you help a troubled system admin hayden From ctooley at joslyn.org Mon Jun 26 17:19:05 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:12 2003 Subject: samba version release questions References: <005a01bfdf70$a2832c60$f33ca8c0@fosnbg.de> <001201bfdf7b$975d0350$9f01a8c0@bakerref.com> Message-ID: <39579089.3D03FE20@joslyn.org> We use Samba on a Dual PII 233 with 192 MB of RAM and about 60 users with very few problems as far as the people are concerned. I'd put my Samba box up against any NT box with the Linux box on half the hardware resources. But, then maybe I'm a little biased, I've never rebooted my new Samba box (142 days and counting). Chris Tooley Hayden Wimmer wrote: > > we have been evaluating samba as a server for some time. we have a good > deal of applications that are nt server specific such as com apps, mts, and > IIS applications, the 2 o/s'es need to live together happliy. > > 1. when will the next major samba version be released (so far, i have heard > october)? > > 2. will it have win2k support (clients and servers) > > 3. will it provide domain controlling for 95/98/nt/2000 well enough that it > can be used in an environment with NT and allow our apps that use nt > authentication to run (they validate based on the domain) > > thanks for you help > > a troubled system admin > > hayden From pr at 3a.com.br Mon Jun 26 15:24:29 2000 From: pr at 3a.com.br (Paulo =?iso-8859-1?Q?Rog=E9rio?= Oliveira de Souza) Date: Tue Dec 2 02:30:12 2003 Subject: Subscription Message-ID: <395775AD.B0876E90@3a.com.br> I want to subscribe myself under this mailing list!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: pr.vcf Type: text/x-vcard Size: 263 bytes Desc: Card for Paulo Rogério Oliveira de Souza Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000626/6971a088/pr.vcf From gcarter at valinux.com Mon Jun 26 15:45:22 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:12 2003 Subject: Samba 2.0.7 as pdc and about 40 clients Win95/98 ? 2nd request References: <008f01bfdf71$ccd9fd80$f33ca8c0@fosnbg.de> Message-ID: <39577A92.C520CDE8@valinux.com> > Klaus Zieger wrote: > > Has anybody experience with Samba (2.0.7.) set up on a fast server (2 > CPU's and 512 MB RAM, 100Mbit/s network) as primary domain controller > for Win9x clients. Is the performance still acceptable if there are > about 45 clients (45 PC's and a maximum of 90 users, on the average > there are about 30 logons but there frequent logoffs and logons > simultaneously) ? > I would be most grateful if anybody could send me an example of his > smb.conf file. > So far I have managed successfully to build up a small network with 3 > clients (1 Samba PDC, 3 Win9x clients) and it works just fine. I'm > battlehardenend as far as WIN NT4.0 is concerned and can take quite > some frustration - as you can probably imagine !! > A Linux-Newcomer > Klaus Zieger / Nuremberg in Germany > k.zieger@odn.de > I've run 2.0.6 of a Sun E3000 (4x250Mhz) with 1.5Gb RAM. Included 5 100Mb ports and 250Gb of disk space. Number of clients supports was ~700. What more information do you need regarding smb.conf? Mine was fairly intricate and hand crafted so it would probably not be a good example. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mjwestkamper at weiinc.com Mon Jun 26 16:07:17 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:12 2003 Subject: Samba 2.0.7 as pdc and about 40 clients Win95/98 ? 2nd request References: <008f01bfdf71$ccd9fd80$f33ca8c0@fosnbg.de> <39577A92.C520CDE8@valinux.com> Message-ID: <39577FB5.3BE5213F@weiinc.com> Klaus; I am running SAMBA 2.0.6 on an Intel P5/90 with 64kb memory. I have 30+ users (95/98/Nt4/Win2k/OS2/Linux), 170gb SCSI, 100mb network. I am also using IP chains on this box and have had no incidence of slowdown. The system runs peak at 55% during long builds. The smb.conf is a mess given all the various users. I would start by using a NT box as the PDC and let Linux/SAMBA do everything else. Mike Gerald Carter wrote: > > Klaus Zieger wrote: > > > > Has anybody experience with Samba (2.0.7.) set up on a fast server (2 > > CPU's and 512 MB RAM, 100Mbit/s network) as primary domain controller > > for Win9x clients. Is the performance still acceptable if there are > > about 45 clients (45 PC's and a maximum of 90 users, on the average > > there are about 30 logons but there frequent logoffs and logons > > simultaneously) ? > > I would be most grateful if anybody could send me an example of his > > smb.conf file. > > So far I have managed successfully to build up a small network with 3 > > clients (1 Samba PDC, 3 Win9x clients) and it works just fine. I'm > > battlehardenend as far as WIN NT4.0 is concerned and can take quite > > some frustration - as you can probably imagine !! > > A Linux-Newcomer > > Klaus Zieger / Nuremberg in Germany > > k.zieger@odn.de > > > > I've run 2.0.6 of a Sun E3000 (4x250Mhz) with 1.5Gb RAM. Included > 5 100Mb ports and 250Gb of disk space. Number of clients supports > was ~700. > > What more information do you need regarding smb.conf? Mine was > fairly intricate and hand crafted so it would probably > not be a good example. > > Cheers, > jerry > -- > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com > http://www.samba.org SAMBA Team jerry@samba.org > http://www.eng.auburn.edu/~cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From tom at ee.ucl.ac.uk Mon Jun 26 17:04:28 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:30:12 2003 Subject: samba-TNG cvs 17:00 BST 26/6/00 doesn't compile Message-ID: <200006261704.SAA09638@picard.ee.ucl.ac.uk> Hello, samba-TNG cvs 17:00 BST 26/6/00 on Solaris 2.7 Sparc 64 gcc 2.8.1 doesn't compile due to conflicting types for samr_query_dispinfo It's defined as BOOL in line 385 in include/rpc_client_proto.h and uint32 in rpc_client/cli_samr.c line 2543. What should it be? Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From darren at sandd.co.uk Mon Jun 26 17:27:27 2000 From: darren at sandd.co.uk (Darren Hammond) Date: Tue Dec 2 02:30:13 2003 Subject: Using NT 4.0 WKS and Novell Client References: <3953E7ED.1E03038C@sandd.co.uk> <3957067C.4CF9C4A5@polimi.it> Message-ID: <3957927A.3A641F8B@sandd.co.uk> Unfortunately, the system I've inherited uses Zenworks to distribute applications and I believe I need the Novell Client for this. That bit works well, so I don't really want to change it. I've got a workstation free at the moment, so I'm going to do some experimenting. Simo Sorce wrote: > > > I'm using M$ Client for novell in a samba controlled environment and all > works fine. > Check that the binding preference is on tcp/ip as binding preference for > novell may disrupt more the election system of Windows machines as the > samba server cannot see elections or messages sent through IPX. > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! From jester at optonline.net Mon Jun 26 18:21:08 2000 From: jester at optonline.net (Christopher Johnston) Date: Tue Dec 2 02:30:13 2003 Subject: Samba 2.0.7 as pdc and about 40 clients Win95/98 ? 2nd request References: <008f01bfdf71$ccd9fd80$f33ca8c0@fosnbg.de> <39577A92.C520CDE8@valinux.com> <39577FB5.3BE5213F@weiinc.com> Message-ID: <008e01bfdf9b$4cb4de70$0b00000a@evolution> I find that to be the best solution in a production environment.. considering a small NT server can be setup to handle PDC and WINS resolutions.. pentium 133 with a bit of ram could handle the task and perform absolute functionality for what you need. Christopher Johnston System Analyst Salomon Smith Barney New York, NY ----- Original Message ----- From: "Mike Westkamper" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Monday, June 26, 2000 12:12 PM Subject: Re: Samba 2.0.7 as pdc and about 40 clients Win95/98 ? 2nd request > Klaus; > > I am running SAMBA 2.0.6 on an Intel P5/90 with 64kb memory. I have 30+ > users (95/98/Nt4/Win2k/OS2/Linux), 170gb SCSI, 100mb network. I am also > using IP chains on this box and have had no incidence of slowdown. The > system runs peak at 55% during long builds. > > The smb.conf is a mess given all the various users. I would start by using > a NT box as the PDC and let Linux/SAMBA do everything else. > > Mike > > Gerald Carter wrote: > > > > Klaus Zieger wrote: > > > > > > Has anybody experience with Samba (2.0.7.) set up on a fast server (2 > > > CPU's and 512 MB RAM, 100Mbit/s network) as primary domain controller > > > for Win9x clients. Is the performance still acceptable if there are > > > about 45 clients (45 PC's and a maximum of 90 users, on the average > > > there are about 30 logons but there frequent logoffs and logons > > > simultaneously) ? > > > I would be most grateful if anybody could send me an example of his > > > smb.conf file. > > > So far I have managed successfully to build up a small network with 3 > > > clients (1 Samba PDC, 3 Win9x clients) and it works just fine. I'm > > > battlehardenend as far as WIN NT4.0 is concerned and can take quite > > > some frustration - as you can probably imagine !! > > > A Linux-Newcomer > > > Klaus Zieger / Nuremberg in Germany > > > k.zieger@odn.de > > > > > > > I've run 2.0.6 of a Sun E3000 (4x250Mhz) with 1.5Gb RAM. Included > > 5 100Mb ports and 250Gb of disk space. Number of clients supports > > was ~700. > > > > What more information do you need regarding smb.conf? Mine was > > fairly intricate and hand crafted so it would probably > > not be a good example. > > > > Cheers, > > jerry > > -- > > ---------------------------------------------------------------------- > > /\ Gerald (Jerry) Carter Professional Services > > \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com > > http://www.samba.org SAMBA Team jerry@samba.org > > http://www.eng.auburn.edu/~cartegw > > > > "...a hundred billion castaways looking for a home." > > - Sting "Message in a Bottle" ( 1979 ) > > From RAD2921 at cup.edu Mon Jun 26 18:28:05 2000 From: RAD2921 at cup.edu (RADIGAN, TIMOTHY ) Date: Tue Dec 2 02:30:13 2003 Subject: samba-tng 2.5 and 2.53 with win2k Message-ID: Ok, I got roaming profiles and the login script to work with samba-tng-2.5. Once I got Samba working correctly and had all of the daemons running, I decided to reboot my server and get everything functional from bootup. When I did this, I noticed that lsarpcd, samrd, and netlogond were not loading. I tried to do this manually and still had no success. To fix this, I upgraded from samba-tng-2.5 to samba-tng-2.5.3. To my suprise, those three daemons load with no problem. But now, I can't access roaming profiles and my login script does not work. Even the shares that should be offered by samba are not working. I checked the shares with smbclient and they work fine. But the Win2K machine will not see the profiles or anything any more. The wierd thing is that I can successfully join the domain from the Win2K machine. Anyone have any suggestions? Tim Radigan From lynn at cis.usouthal.edu Mon Jun 26 21:16:09 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:30:13 2003 Subject: Rebooting from netlogon script In-Reply-To: <393D8CD1.1C0AF27A@joslyn.org> Message-ID: Hi, I read the posts regarding the solutions for shutting down Windows from the command line. I saw the post about shutdown.exe. Is there a similar one that will log off the user and not shutdown? If so, where can I find it? Thanks. Keith Lynn On Wed, 7 Jun 2000, Chris Tooley wrote: > Well, this shuts down the machine at least. Is there somewhere I can learn more about what I can > pass to rundll32.exe? BTW the only part that is case sensitive is the "ExitWindows" part. > > Thank you very much for your help. > > Chris Tooley > > Osama Abu-Aish wrote: > > > Am 7 Jun 00, um 2:24 Uhr schrieb Jeffrey W. Hampson zum Thema RE: Rebooting from netlogon script: > > Dazu meine Meinung: > > > > > Is there a command I can run to get some Win 9x boxes to reboot from a > > > netlogon script? > > > > You could try the following line: > > > > Rundll32.exe user,ExitWindows > > > > Note that the command is case-sensitive and no additional spaces > > are allowed! > > > > Hope this helps, > > Osama > > --- > > Fachhochschule für Technik Esslingen > > Außenstelle Goeppingen > > From cheinric at tfh-berlin.de Mon Jun 26 21:12:56 2000 From: cheinric at tfh-berlin.de (Carsten Heinrici) Date: Tue Dec 2 02:30:13 2003 Subject: win2000 and 2.0.6 as pdc (Re: stability of 2.0.7 as pdc?) In-Reply-To: <3956F759.577E08E6@xavier.sa.edu.au> Message-ID: On Mon, 26 Jun 2000, Matthew Geddes wrote: > Samba 2.0.x does not officially support domain logons for Windows NT and > I believe there are a few issues with Windows 2000. I have run 2.0.6 as > a PDC for Windows 95, 98 and NT 4 quite successfully. win2k was not able to connect to the domain here but winnt40 works fine. do you know how to use win2k anyway? using samba 2.0.6 -- Carsten Heinrici Technische Fachhochschule Berlin - University of Applied Sciences From ctooley at joslyn.org Mon Jun 26 23:20:57 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:13 2003 Subject: [Fwd: Re: Update Rebooting from Netlogon Script] Message-ID: <3957E559.E1B90B95@joslyn.org> Keith: This is from a thread "Update Rebooting from Netlogon Script" that came after the other thread. The addition to my update should fill in the holes that mine left out. In my opinion this should be taped to the side of every Win 9x SysAdmin's head. But, that's just my opinion. :) Hope this helps. Chris Tooley -------- Original Message -------- Subject: Re: Update Rebooting from Netlogon Script Date: Tue, 13 Jun 2000 09:26:04 +1000 From: David Bannon Reply-To: D.Bannon@latrobe.edu.au To: Multiple recipients of list SAMBA-NTDOM At 11:12 PM 09/06/2000 +1000, Chris Tooley wrote: >1) Rebooting Windows 9x is a terrible pain in the butt, but it can be >done. I'm pretty sure that having a command called reboot that >"reboot"s the system, would be WAY too difficult for them to understand. > There is a WinAPI that I use to shutdown WinNT, I have not tried it under w95 but my help files indicate it will work. If you are interested in a code based solution : ExitWindowsEx(EWX_SHUTDOWN or EWX_FORCE, 0); Parameters 'or'ed together include : EWX_LOGOFF - Shuts down processes and logs user off EWX_REBOOT - Shuts down the restarts the system EWX_SHUTDOWN - Shuts down system The following attributes may be combined (OR'd) with above flags EWX_POWEROFF - shuts down system and turns off the power. EWX_FORCE - forces processes to terminate. I expect that rundll32 makes a call to that function. David > >rundll32.exe shell32,SHExitWindowsEx X > >where the last "X" is a number. > > 0 - LOGOFF > 1 - SHUTDOWN > 2 - REBOOT > 4 - FORCE > 8 - POWEROFF > > Or any combination thereof, by adding the values together, giving 16 >possible shutdown/restart sequences. > >I wish there was a better place to document something like this as it's >obvious that Microsoft isn't offering it up very readily. > >Chris Tooley > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ .... Humpty Dumpty was pushed ! From lynn at cis.usouthal.edu Mon Jun 26 21:37:37 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:30:13 2003 Subject: [Fwd: Re: Update Rebooting from Netlogon Script] In-Reply-To: <3957E559.E1B90B95@joslyn.org> Message-ID: Chris, I'm sorry I wasn't more specific. I was wondering if along with the shutdown.exe for NT there was another program that would log a user out. My reason for asking is that I am a sysadmin in charge of a few labs, and I want to prevent multiple logins. I was just wondering if there was a command that could be placed into the logon script that would cause NT to logout. Thanks. Keith On Tue, 27 Jun 2000, Chris Tooley wrote: > Keith: > > This is from a thread "Update Rebooting from Netlogon Script" that came > after the other thread. The addition to my update should fill in the > holes that mine left out. In my opinion this should be taped to the > side of every Win 9x SysAdmin's head. But, that's just my opinion. :) > > Hope this helps. > > Chris Tooley > > -------- Original Message -------- > Subject: Re: Update Rebooting from Netlogon Script > Date: Tue, 13 Jun 2000 09:26:04 +1000 > From: David Bannon > Reply-To: D.Bannon@latrobe.edu.au > To: Multiple recipients of list SAMBA-NTDOM > > At 11:12 PM 09/06/2000 +1000, Chris Tooley wrote: > > >1) Rebooting Windows 9x is a terrible pain in the butt, but it can be > >done. I'm pretty sure that having a command called reboot that > >"reboot"s the system, would be WAY too difficult for them to understand. > > > > There is a WinAPI that I use to shutdown WinNT, I have not tried it > under > w95 but my help files indicate it will work. If you are interested in a > code based solution : > > ExitWindowsEx(EWX_SHUTDOWN or EWX_FORCE, 0); > > Parameters 'or'ed together include : > EWX_LOGOFF - Shuts down processes and logs user off > EWX_REBOOT - Shuts down the restarts the system > EWX_SHUTDOWN - Shuts down system > > The following attributes may be combined (OR'd) with above flags > > EWX_POWEROFF - shuts down system and turns off the power. > EWX_FORCE - forces processes to terminate. > > I expect that rundll32 makes a call to that function. > > David > > > > >rundll32.exe shell32,SHExitWindowsEx X > > > >where the last "X" is a number. > > > > 0 - LOGOFF > > 1 - SHUTDOWN > > 2 - REBOOT > > 4 - FORCE > > 8 - POWEROFF > > > > Or any combination thereof, by adding the values together, giving 16 > >possible shutdown/restart sequences. > > > >I wish there was a better place to document something like this as it's > >obvious that Microsoft isn't offering it up very readily. > > > >Chris Tooley > > > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ... Humpty Dumpty was pushed ! > From D.Bannon at latrobe.edu.au Mon Jun 26 23:27:54 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:13 2003 Subject: Samba 2.0.7 as pdc and about 40 clients Win95/98 ? In-Reply-To: <005a01bfdf70$a2832c60$f33ca8c0@fosnbg.de> Message-ID: <3.0.6.32.20000627092754.00870730@bioserve.latrobe.edu.au> At 11:15 PM 26/06/2000 +1000, Klaus Zieger wrote: > a maximum of 90 users, on the average there are about 30 logons but >there frequent logoffs and logons simultaneously) ? I would be most >grateful if anybody could send me an example of his smb.conf file. build >up a small network with 3 clients (1 Samba PDC, 3 Win9x clients) and it >works just fine. I'm battlehardenend as far as WIN NT4.0 is concerned and >can take quite some frustration - as you can probably imagine !! A >Linux-Newcomer Klaus Zieger / Nuremberg in Germany (Bit hard to include a sensible part of your message, you have sent formatted text to the mailing list, naughty !) I have some 130 users here hanging mostly NT4ws (sp4) but a few win95 (and no win98 ) and a couple of macs using Dave. At any one time there are typically 80 active logins. The PDC is a RH 5.2 running samba on a PII-350 with 256meg ram. Load based performance does not seem to be a problem, that is things don't slow down significantly at full load compared to early morning when there are less people on. However : We dont store the main applications on the server, only data. ie MS Office etc is installed locally on each PC. We do have a couple of other (linux) servers doing some other tasks such as mail, httpd, dhcp etc. Have a look at my web site http://bioserve.latrobe.edu.au/samba/index.html for a sample config file for 2.0.7 as a pdc. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From griffy at math.umd.edu Tue Jun 27 03:23:53 2000 From: griffy at math.umd.edu (Tim Strobell aka Griffy) Date: Tue Dec 2 02:30:13 2003 Subject: keeping ACLs while moving domains Message-ID: <20000626232352.B29047@laplace.umd.edu> Howdy folks, I'm moving our computer lab from an NT PDC to a samba PDC. When I have a workstation join the new domain, how can I ensure that one user's SID will be preserved so the ACLs won't break? Thanks, and keep up the excellent work! Tim -- Tim "Griffy" Strobell, griffy@math.umd.edu, (301) 405-8175 Assistant Sysadmin, Server Janitor, and Customer Service Associate Department of Mathematics, University of Maryland at College Park From johan.ostensson at orebro.lantmen.se Tue Jun 27 06:05:13 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:30:13 2003 Subject: =?Iso-8859-1?Q?RE:_stability_of_2.0.7_as_pdc=3F?= Message-ID: <20000627060603Z25773626-25578+1015@samba.org> Thanks for your answer! But; ;-) My main concern is not IF it works, it's more like "does it work for 200 days without restart". Anyone with experience of such uptimes? (hmm mayby that's impossible, it's not that many days since 207 was released :>) /johan > -----Ursprungligt meddelande----- > Fr?n: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Skickat: den 26 juni 2000 08:13 > Till: johan.ostensson@orebro.lantmen.se; Multiple recipients of list > SAMBA-NTDOM > ?mne: Re: stability of 2.0.7 as pdc? > > > Johan ?stensson wrote: > > > > How stable is 2.0.7's domain-controlling function? I'm thinking of > > installing it on a small network I'm administring. And > since I'm not there > > it *has* to go on for several weeks without problems... > There has been no > > problem whatsoever with 2.0.6 (not as pdc though) > > > > /johan > > > > Johan ?stensson > > johan.ostensson@orebro.lantmen.se (work) > > johan.ostensson@swipnet.se (home) > > Samba 2.0.x does not officially support domain logons for > Windows NT and > I believe there are a few issues with Windows 2000. I have > run 2.0.6 as > a PDC for Windows 95, 98 and NT 4 quite successfully. > > Hope it helps, > Matt > > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA > From D.Bannon at latrobe.edu.au Tue Jun 27 07:04:20 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:13 2003 Subject: stability of 2.0.7 as pdc? In-Reply-To: <20000627060603Z25773626-25578+1015@samba.org> Message-ID: <3.0.6.32.20000627170420.00871b20@bioserve.latrobe.edu.au> At 04:08 PM 27/06/2000 +1000, Johan ?stensson wrote: >Thanks for your answer! > >But; ;-) >My main concern is not IF it works, it's more like "does it work for 200 >days without restart". Anyone with experience of such uptimes? (hmm mayby >that's impossible, it's not that many days since 207 was released :>) Trouble is you're thinking Windows. My various linux/samba systems only get restarted when the power fails . We don't really think about how long something runs for, it runs until there is a reason for it to stop ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From johan.ostensson at orebro.lantmen.se Tue Jun 27 07:12:51 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:30:13 2003 Subject: =?Iso-8859-1?Q?RE:_stability_of_2.0.7_as_pdc=3F?= Message-ID: <20000627071334Z25857225-25578+1035@samba.org> That's the answer I wanted... thanks! I was mayby a bit troubled by the fact that pdc in 207 is unsupported (which in my ears sounds like something that might crash or something :>). But now I know that isn't the case. /johan > -----Ursprungligt meddelande----- > Fr?n: David Bannon [mailto:D.Bannon@latrobe.edu.au] > Skickat: den 27 juni 2000 09:04 > Till: johan.ostensson@orebro.lantmen.se; Multiple recipients of list > SAMBA-NTDOM > ?mne: RE: stability of 2.0.7 as pdc? > > > At 04:08 PM 27/06/2000 +1000, Johan ?stensson wrote: > >Thanks for your answer! > > > >But; ;-) > >My main concern is not IF it works, it's more like "does it > work for 200 > >days without restart". Anyone with experience of such > uptimes? (hmm mayby > >that's impossible, it's not that many days since 207 was released :>) > > Trouble is you're thinking Windows. My various linux/samba > systems only get > restarted when the power fails . We don't really think about how long > something runs for, it runs until there is a reason for it to stop ! > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! > From Braun at lswi01.wiwi.uni-tuebingen.de Tue Jun 27 08:41:01 2000 From: Braun at lswi01.wiwi.uni-tuebingen.de (Braun, Matthias) Date: Tue Dec 2 02:30:13 2003 Subject: SUBSCRIBE Message-ID: SUBSCRIBE From george at v-sync.bg Tue Jun 27 14:19:03 2000 From: george at v-sync.bg (George Terziysky) Date: Tue Dec 2 02:30:13 2003 Subject: Logon Scripts References: <006b01bfdb85$f3648e10$292818c3@hot> <3950E37B.8BD407BC@joslyn.org> <008401bfdb88$2bae9480$292818c3@hot> <3950EFBF.7CFF44F1@joslyn.org> Message-ID: <003c01bfe042$a5156790$298f74d4@hot> I'd like to thanks to Chris Tooley helping me to set a Proxy server during Logging into domain this idea works great. If someone is in interest of exact registry keys I set just let me know. George ----- Original Message ----- From: "Chris Tooley" To: "George Terziysky" ; "Samba NTDOM Mailing List" Sent: Wednesday, June 21, 2000 7:39 PM Subject: Re: Logon Scripts > Are these settings contained in the registry? I think they are... and > if so it's pretty simple to make registry edits. > > For instance to change the ip address of the the "DNS Server" for your > TCP/IP settings you would export: > > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP > > to a file and edit the file. Then put it somewhere you can get to it, > like the netlogon share with read accessibility. > > If it were in the Netlogon share you would want to enter the following > command into your login script: > > regedit /s \\SERVER\\Netlogon\MSTCP.reg > > which would import the setting with whatever you change. You can add > values this way as with others. > > I'm not sure that the settings are stored in the registry or if they are > where but I would bet that's where they're at. > > Good luck and be sure to reply to the mailing list so that other people > that would like to do this can benifit from this as well. > > Chris Tooley > > George Terziysky wrote: > > > > Exactly for IE, > > server: name.domain.com > > port: xxxx > > > > thanks > > ----- Original Message ----- > > From: "Chris Tooley" > > To: "Multiple recipients of list SAMBA-NTDOM" > > Sent: Wednesday, June 21, 2000 4:45 PM > > Subject: Re: Logon Scripts > > > > > What type of PROXY settings are you trying to set? PROXY settings for > > > IE? > > > > > > Chris Tooley > > > > > > > George Terziysky wrote: > > > > > > > > Hi, > > > > > > > > Can you tell me how can I set a PROXY settings from Logon Scripts > > > > for Win98 workstations > > > > I'm using RH6.2 smb 2.0.6 as Domain Server > > > > > > > > Thank you in advice From ctooley at joslyn.org Tue Jun 27 16:32:41 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:13 2003 Subject: Logon Scripts References: <006b01bfdb85$f3648e10$292818c3@hot> <3950E37B.8BD407BC@joslyn.org> <008401bfdb88$2bae9480$292818c3@hot> <3950EFBF.7CFF44F1@joslyn.org> <003c01bfe042$a5156790$298f74d4@hot> Message-ID: <3958D729.670185CE@joslyn.org> Could you go ahead and tells us which registry keys it is so others will (hopefully) be able to search the archives and find it without having to ask again? Thanks Chris Tooley George Terziysky wrote: > > I'd like to thanks to Chris Tooley helping me to set a Proxy server during > Logging into domain > this idea works great. > If someone is in interest of exact registry keys I set just let me know. > > George > > ----- Original Message ----- > From: "Chris Tooley" > To: "George Terziysky" ; "Samba NTDOM Mailing List" > > Sent: Wednesday, June 21, 2000 7:39 PM > Subject: Re: Logon Scripts > > > Are these settings contained in the registry? I think they are... and > > if so it's pretty simple to make registry edits. > > > > For instance to change the ip address of the the "DNS Server" for your > > TCP/IP settings you would export: > > > > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP > > > > to a file and edit the file. Then put it somewhere you can get to it, > > like the netlogon share with read accessibility. > > > > If it were in the Netlogon share you would want to enter the following > > command into your login script: > > > > regedit /s \\SERVER\\Netlogon\MSTCP.reg > > > > which would import the setting with whatever you change. You can add > > values this way as with others. > > > > I'm not sure that the settings are stored in the registry or if they are > > where but I would bet that's where they're at. > > > > Good luck and be sure to reply to the mailing list so that other people > > that would like to do this can benifit from this as well. > > > > Chris Tooley > > > > George Terziysky wrote: > > > > > > Exactly for IE, > > > server: name.domain.com > > > port: xxxx > > > > > > thanks > > > ----- Original Message ----- > > > From: "Chris Tooley" > > > To: "Multiple recipients of list SAMBA-NTDOM" > > > Sent: Wednesday, June 21, 2000 4:45 PM > > > Subject: Re: Logon Scripts > > > > > > > What type of PROXY settings are you trying to set? PROXY settings for > > > > IE? > > > > > > > > Chris Tooley > > > > > > > > > George Terziysky wrote: > > > > > > > > > > Hi, > > > > > > > > > > Can you tell me how can I set a PROXY settings from Logon Scripts > > > > > for Win98 workstations > > > > > I'm using RH6.2 smb 2.0.6 as Domain Server > > > > > > > > > > Thank you in advice From paolo at init.co.il Tue Jun 27 14:40:39 2000 From: paolo at init.co.il (Paolo Supino) Date: Tue Dec 2 02:30:13 2003 Subject: Nt --> Windows9x: access denied References: <006b01bfdb85$f3648e10$292818c3@hot> <3950E37B.8BD407BC@joslyn.org> <008401bfdb88$2bae9480$292818c3@hot> <3950EFBF.7CFF44F1@joslyn.org> <003c01bfe042$a5156790$298f74d4@hot> Message-ID: <3958BCE7.6E8B9D09@init.co.il> Hi I've installed a network who's PDC is Samba (Linux RedHat 6.1 running Samba 2.0.5a). Everything works greate and the company is very pleased with the setup. There is however one problem I can't seem to solve (and they found a way to bypass it by opening a share on the linux machine): Trying to access shares on Windows 9x machines from NT machines yields the error: access denied. What might be the cause of this problem? Did anyone ancounter this before and is there a solution? TIA Paolo From randyp at ti.com Tue Jun 27 14:49:21 2000 From: randyp at ti.com (Randy Parker) Date: Tue Dec 2 02:30:13 2003 Subject: Slightly Off Topic Message-ID: <2673.962117361@cluster> This is slightly off topic and I apologize, but does anyone know of an NT program that sends log events to Unix syslogd? Thanks, Randy Parker From p.grimmerink at home.nl Tue Jun 27 14:54:56 2000 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:30:13 2003 Subject: CVS compared to 2.5.3 Message-ID: I'm still using samba-tng 2.5 and 2.5.3, and haven't heard of newer snapshots since a long time. Those versions do not work as domain clients in an NT4 controlled domain, and also don't allow NT4 clients to log on into a domain controlled by themselves, most of the time. Have (some of) these problems been corrected in the CVS tng branche? Best regards, Pieter From ed at schernau.com Tue Jun 27 14:57:13 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:13 2003 Subject: Slightly Off Topic References: <2673.962117361@cluster> Message-ID: <3958C0C9.3CF7E36B@schernau.com> Randy Parker wrote: > > This is slightly off topic and I apologize, but > does anyone know of an NT program that sends log > events to Unix syslogd? > > Thanks, > Randy Parker No, but that's an AWESOME idea! -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From simo.sorce at polimi.it Tue Jun 27 15:01:46 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:14 2003 Subject: Nt --> Windows9x: access denied References: <006b01bfdb85$f3648e10$292818c3@hot> <3950E37B.8BD407BC@joslyn.org> <008401bfdb88$2bae9480$292818c3@hot> <3950EFBF.7CFF44F1@joslyn.org> <003c01bfe042$a5156790$298f74d4@hot> <3958BCE7.6E8B9D09@init.co.il> Message-ID: <3958C1DA.1276F5D5@polimi.it> Paolo Supino wrote: > > Hi > > I've installed a network who's PDC is Samba (Linux RedHat 6.1 running Samba > 2.0.5a). Everything works greate and the company is very pleased with the > setup. There is however one problem I can't seem to solve (and they found a way > to bypass it by opening a share on the linux machine): Trying to access shares > on Windows 9x machines from NT machines yields the error: access denied. What > might be the cause of this problem? Did anyone ancounter this before and is > there a solution? > > TIA > > Paolo samba 2.0.5 is not able to authenticate the W95 machines on behalf of NT workstations as in a real NT domain would happen, so NT workstation deny you access. with 2.0.x you can't also log from a wks to another as admin nor launch at commands from a wks to another. Answers based on my experience. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From kill-9 at warbeast.com Tue Jun 27 15:07:02 2000 From: kill-9 at warbeast.com (kill -9) Date: Tue Dec 2 02:30:14 2003 Subject: two way trust between samba tng pdc and nt pdc Message-ID: I have been able to create a trust relationship between my tng samba pdc box and my nt pdc box, with samba as the trusted and nt as the trusting. I did this by creating a machine account in samba using the -i option, with the name of the trusting domain, and a machine account in samba with the name of the nt pdc machine. I then used user manager for domains on the nt pdc to create the trust using the password I gave to the trust account on the samba pdc. This seems to have worked. Now I want to go the other way, and I'm a little lost. I have 'permitted the samba pdc to trust' on the nt pdc, and from what I've gleaned, this should create an inter-domain-trust account on the nt pdc with a machine name equal to my samba pdc domain. This is where I get stuck. How do I actually create the trust on the samba pdc? What is the significance of the 'trusted domains' and 'trusting domains' values in smb.conf? I noticed when I moved to CVS 2.5 GOOD that if I included the 'trusted domains' lines that most of the daemons would not start properly. It's okay to include the 'trusting domain' line however. Thanks for ANY help or info. ---------------------------------------------------------------------------- Alex West A&M Communications - Tech Guru BioControl Technology Inc., MIS Administrator kill-9@warbeast.com | kill-9@ipost.net Visit Third Eye Digital Productions - http://www.indiana-emall.com/thirdeye Check out my band and FREE music at *** www.mp3.com/snowpants *** ---------------------------------------------------------------------------- From gcarter at valinux.com Tue Jun 27 15:05:57 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:14 2003 Subject: Slightly Off Topic References: <2673.962117361@cluster> <3958C0C9.3CF7E36B@schernau.com> Message-ID: <3958C2D5.E61C031F@valinux.com> Edward Schernau wrote: > > Randy Parker wrote: > > > > This is slightly off topic and I apologize, but > > does anyone know of an NT program that sends log > > events to Unix syslogd? > > > > Thanks, > > Randy Parker > > No, but that's an AWESOME idea! Try looking at EvntSlog (http://www.adiscon.com) or NTSyslog (http://www.sabernet.net). jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From p.mayers at ic.ac.uk Tue Jun 27 15:09:54 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:30:14 2003 Subject: Slightly Off Topic Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81496@icex1.cc.ic.ac.uk> Go to http://www.google.com Type "NT event log to syslog" in the box, hit search... Fourth hit on the list: http://www.adiscon.com/EvntSLog And a page or so later: http://www.netal.com/clsl12.htm And a quick search on www.winsite.com gives: http://www.winsite.com/info/pc/winnt/sysutil/ievntslg.exe/ 3 in under 5 minutes. Come on guys... It's hardly rocket science. I believe they call it a search engine. Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Edward Schernau [mailto:ed@schernau.com] Sent: Tuesday, June 27, 2000 4:00 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Slightly Off Topic Randy Parker wrote: > > This is slightly off topic and I apologize, but > does anyone know of an NT program that sends log > events to Unix syslogd? > > Thanks, > Randy Parker No, but that's an AWESOME idea! -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From ed at schernau.com Tue Jun 27 15:33:15 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:14 2003 Subject: Slightly Off Topic References: <0846B011B9A4D111A1EE006097DA4FCE02F81496@icex1.cc.ic.ac.uk> Message-ID: <3958C93B.105CD41D@schernau.com> "Mayers, Philip J" wrote: > 3 in under 5 minutes. Come on guys... It's hardly rocket science. I believe > they call it a search engine. Lets pretend someone did this. Lets pretend they tried all 3. Lets pretend 2 out of 3 sucked, and the 3rd only worked after you set some stupid registry entry. Wouldn't that be nice to know? I believe the spirit of the original post was: "Does anyone know of an app that works, has good docs, sets up easily and is easy to maintain, that sends NT log info to syslogd?" -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From randyp at ti.com Tue Jun 27 15:44:16 2000 From: randyp at ti.com (Randy Parker) Date: Tue Dec 2 02:30:14 2003 Subject: Slightly Off Topic In-Reply-To: Your message of "Wed, 28 Jun 2000 01:36:02 +1000." <3958C93B.105CD41D@schernau.com> Message-ID: <3100.962120656@cluster> Exactly. Thank you for your kind defense. I had tried NTsyslog and couldn't get it to work. The evntslog program seems to work fine. Randy Edward Schernau wrote: >"Mayers, Philip J" wrote: > >> 3 in under 5 minutes. Come on guys... It's hardly rocket science. I believe >> they call it a search engine. > >Lets pretend someone did this. >Lets pretend they tried all 3. >Lets pretend 2 out of 3 sucked, and the 3rd only worked >after you set some stupid registry entry. > >Wouldn't that be nice to know? > >I believe the spirit of the original post was: > >"Does anyone know of an app that works, has good docs, sets >up easily and is easy to maintain, that sends NT log info >to syslogd?" >-- >Edward Schernau, mailto:ed@schernau.com >Network Architect http://www.schernau.com >RC5-64#: 243249 e-gold acct #:131897 > From kevinc at grainsystems.com Tue Jun 27 15:52:58 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:14 2003 Subject: Slightly Off Topic References: <3100.962120656@cluster> Message-ID: <3958CDDA.AA16E65C@grainsystems.com> Withholding information gets you burned. If you have tried some solutions and are looking for alternatives, just say so. I'm glad evntslog works. - Kevin Colby kevinc@grainsystems.com Randy Parker wrote: > > Exactly. Thank you for your kind defense. I had > tried NTsyslog and couldn't get it to work. The > evntslog program seems to work fine. > > Randy From gcarter at valinux.com Tue Jun 27 16:51:42 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:14 2003 Subject: samba version release questions References: <005a01bfdf70$a2832c60$f33ca8c0@fosnbg.de> <001201bfdf7b$975d0350$9f01a8c0@bakerref.com> Message-ID: <3958DB9E.47F842AD@valinux.com> Hayden Wimmer wrote: > > 1. when will the next major samba version be released (so > far, i have heard october)? We are shooting for Linuxworld in August. > 2. will it have win2k support (clients and servers) Not as a Win2k DC. It will continue to operate as a NT 4 client if you have a Win2k DC operating in mixed mode. > 3. will it provide domain controlling for 95/98/nt/2000 > well enough that it can be used in an environment with NT > and allow our apps that use nt authentication to run > (they validate based on the domain) The PDC code is slated for 3.0. We have a very full plate right now. :-\ Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pjdc at eircom.net Tue Jun 27 18:06:40 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:14 2003 Subject: SUBSCRIBE In-Reply-To: "Braun, Matthias"'s message of "Tue, 27 Jun 2000 18:45:19 +1000" References: Message-ID: >>>>> "Braun," == Braun, Matthias writes: Braun> SUBSCRIBE http://www.samba.org/listproc/ Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From mgeddes at xavier.sa.edu.au Wed Jun 28 03:46:52 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:14 2003 Subject: samba version release questions References: <005a01bfdf70$a2832c60$f33ca8c0@fosnbg.de> <001201bfdf7b$975d0350$9f01a8c0@bakerref.com> <3958DB9E.47F842AD@valinux.com> Message-ID: <3959752C.EC8B5476@xavier.sa.edu.au> Gerald Carter wrote: > > 3. will it provide domain controlling for 95/98/nt/2000 > > well enough that it can be used in an environment with NT > > and allow our apps that use nt authentication to run > > (they validate based on the domain) > > The PDC code is slated for 3.0. We have a very full > plate right now. :-\ Is there anything any of us 'normal' (not that I think Luke is super-human or anything) people can do to help? We all get a great deal from Samba and I believe that if there is stuff that can be done, a fair few of us non-programmer types would gladly help. Keep up the good work ;-) Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mgeddes at xavier.sa.edu.au Wed Jun 28 03:51:23 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:30:14 2003 Subject: smbpasswd file Message-ID: <3959763B.8A16C720@xavier.sa.edu.au> Hi, I grabbed a cvs sometime in the last couple of days (it gets kind of blurry after a couple of hours ;-)) and having compiled and installed it, I have noticed that the permissions of the smbpasswd file are set to rw to the owner only. Great idea. Does this mean, though, that the only user who can add new accounts is the person who owns this file (in my case, the administrator) or does it mean that my domain admins group is not set up correctly? I can use smbpasswd to change the passwords OK, but rpcclient does not enjoy changing anyone's password (including the user I am logged in as). Thanks, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From bsagonda at okzim.co.zw Wed Jun 28 10:28:41 2000 From: bsagonda at okzim.co.zw (blessing k. sagonda) Date: Tue Dec 2 02:30:14 2003 Subject: (no subject) Message-ID: <3959D358.5BA60EB6@okzim.co.zw> blessing k sagonda unsubscribe From peter at cadcamlab.org Wed Jun 28 12:27:36 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:14 2003 Subject: Password Sync References: <000101bfdc70$04c4fdd0$2c01020a@HAGGIS> <20000623185354.B16862@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <14681.60627.573137.282664@wire.cadcamlab.org> [Elrond ] > rpcclient -S ntpdc -U Administrator%passwdofadmin > samuserset ntuser -p newpassword [...] > So, now how to get the new pw? > > Check out the post > "ANNOUNCE: pam_pwexport, Unix->SMB password changes" > by Peter Samuelson . Yeah, I didn't think of using rpcclient or samedit. I'll add something like this in as another example file in the next version. (To be released Real Soon Now, as I keep saying.) Thanks, Elrond. The difficulty with using multiple PAM modules for changing passwords is that password updates aren't atomic. It's easy to get the two password lists out of sync, if the first module succeeds but the second fails. (Say the PDC is unavailable, etc). At that point there's not too much you can do other than fix it manually. There's just no way to express the sequence "check to make sure all these updates will succeed (grabbing whatever locks are necessary to ensure this), then do them." Peter From p.mayers at ic.ac.uk Wed Jun 28 13:41:38 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:30:15 2003 Subject: samba version release questions Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8149E@icex1.cc.ic.ac.uk> Does that include WINBIND, or just the 2.2 stuff already mentioned? If not, what is the chance of a standalone, stable-ish winbind? Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Gerald Carter [mailto:gcarter@valinux.com] Sent: Tuesday, June 27, 2000 5:56 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: samba version release questions Hayden Wimmer wrote: > > 1. when will the next major samba version be released (so > far, i have heard october)? We are shooting for Linuxworld in August. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 2472 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000628/41c15b3d/attachment.bin From gcarter at valinux.com Wed Jun 28 13:55:40 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:15 2003 Subject: samba version release questions References: <0846B011B9A4D111A1EE006097DA4FCE02F8149E@icex1.cc.ic.ac.uk> Message-ID: <395A03DC.AF66D2E0@valinux.com> "Mayers, Philip J" wrote: > > Does that include WINBIND, or just the 2.2 stuff > already mentioned? Good question. > If not, what is the chance of a standalone, > stable-ish winbind? Is Tim Potter on this list? Hmmm...well I guess not. So far, no work has been done to back port winbind from HEAD to SAMBA_2_0. IIRC winbind was slated for 3.0 as well. I'll check with Tim and see what the deal is. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From p.mayers at ic.ac.uk Wed Jun 28 13:59:01 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:30:15 2003 Subject: samba version release questions Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8149F@icex1.cc.ic.ac.uk> I suspect WINBIND requires a moderately functional RPC client library. So, it probably depends on whether that will exist in 2.2 (I suspect not). Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Gerald Carter [mailto:gcarter@valinux.com] Sent: Wednesday, June 28, 2000 2:56 PM To: Mayers, Philip J Cc: Multiple recipients of SAMBA-NTDOM (E-mail) Subject: Re: samba version release questions "Mayers, Philip J" wrote: > > Does that include WINBIND, or just the 2.2 stuff > already mentioned? Good question. > If not, what is the chance of a standalone, > stable-ish winbind? Is Tim Potter on this list? Hmmm...well I guess not. So far, no work has been done to back port winbind from HEAD to SAMBA_2_0. IIRC winbind was slated for 3.0 as well. I'll check with Tim and see what the deal is. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 2944 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000628/78c94283/attachment.bin From gcarter at valinux.com Wed Jun 28 14:00:05 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:15 2003 Subject: smbpasswd file References: <3959763B.8A16C720@xavier.sa.edu.au> Message-ID: <395A04E5.20E124EF@valinux.com> Matthew Geddes wrote: > > I have noticed that the permissions of the smbpasswd file > are set to rw to the owner only. Great idea. Does this > mean, though, that the only user who can add new accounts > is the person who owns this file (in my case, the > administrator) or does it mean that my domain admins group is > not set up correctly? I can use smbpasswd to change the > passwords OK, but rpcclient does not enjoy changing > anyone's password (including the user I am logged in as). I may be preaching to the choir here, but the password hashes in the smbpasswd file are plain text equivalents so the file should be rw- for root only. To relax permissions is a security risk. Have not played with changing passwords via rpcclient in a while, but my gut is that it should work. What error messgae(s) do you get? Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From wilson at coms.com Wed Jun 28 14:10:01 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:30:15 2003 Subject: \\SERVER\NETLOGON\login.bat Message-ID: <395A0739.FF705CB7@coms.com> Hi, everyone! I've recently migrated a Samba-NT-PDC system from one machine to another (both running the same hardware & O/S). During logon, I've got the following error messages in NT client: --------------------------------------------------- Setting Current Time... Current time at \\tubby is 6/28/00 2:21 PM System error 1314 has occurred. A required privilege is not held by the client. Mapping Network Drives to Samba Server 'SERVER'... System error 67 has occurred. The network name cannot be found. ----------------------------------------------------- I had the same problem with time synchronization on the previous machine, but I could map the network drive there. Here is my login.bat script: ------------------------------- @echo off echo Setting Current Time... net time \\SERVER /set /yes echo Mapping Network Drives to Samba Server 'tubby'... net use w: \\SERVER\path-to-share /persistent:no ------------------------------------------------------ Could anyone give me a quick answer to 'How to fix these two problems?' Many thanks, Wilson From gcarter at valinux.com Wed Jun 28 14:14:45 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:15 2003 Subject: samba version release questions References: <0846B011B9A4D111A1EE006097DA4FCE02F8149F@icex1.cc.ic.ac.uk> Message-ID: <395A0855.668BC096@valinux.com> "Mayers, Philip J" wrote: > > I suspect WINBIND requires a moderately functional RPC > client library. So, it probably depends on whether that > will exist in 2.2 (I suspect not). Well you must remember that the RPC infrastructure in 2.2.0 is growing more robust because individual pieces are being implemented for NT printing as well as the domain member code that has been there since 2.0. Rather than speculate any more though, I will find out from Tim. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From dqpr10 at canal-plus.fr Wed Jun 28 14:35:05 2000 From: dqpr10 at canal-plus.fr (dqpr10@canal-plus.fr) Date: Tue Dec 2 02:30:15 2003 Subject: \\SERVER\NETLOGON\login.bat References: <395A0739.FF705CB7@coms.com> Message-ID: <395A0D19.B237A4FB@canal-plus.fr> 1st problem: The current user must have the 'SeSystemtimePrivilege' If you're running this script from a NT machine, this is "normal" as simple users doesn't have this privilege by default. 2nd problem: It seems to be a name resolution issue, check your client configuration. You must either use a WINS server for name resolution (TCP/IP properties), either add entries into the LMHOSTS file (%WinDir% for Win9x, %SystemDir%\System32\drivers\etc for WinNT) If you are using a WINS server, check if the mapping exists. If not, check your server configuration as it should have been added automatically if the server is also a WINS client. Otherwise (if you don't want to use a WINS resolution on the server), add a static mapping yourself. Have fun, Ben. wilson@coms.com a ?crit : > > Hi, everyone! > > I've recently migrated a Samba-NT-PDC system from one machine to another > (both running the same hardware & O/S). During logon, I've got the > following error messages in NT client: > > --------------------------------------------------- > Setting Current Time... > Current time at \\tubby is 6/28/00 2:21 PM > > System error 1314 has occurred. > > A required privilege is not held by the client. > > Mapping Network Drives to Samba Server 'SERVER'... > System error 67 has occurred. > > The network name cannot be found. > ----------------------------------------------------- > > I had the same problem with time synchronization on the previous > machine, but I could map the network drive there. > > Here is my login.bat script: > ------------------------------- > > @echo off > > echo Setting Current Time... > net time \\SERVER /set /yes > > echo Mapping Network Drives to Samba Server 'tubby'... > > net use w: \\SERVER\path-to-share /persistent:no > > ------------------------------------------------------ > > Could anyone give me a quick answer to 'How to fix these two problems?' > > Many thanks, > > Wilson -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =- Benoit Boudeville | CANAL+ Technologies -= -= Computer System Engineer | 34, place Raoul Dautry =- =- mailto:bboudev@canal-plus.fr | 75516 Paris Cedex 15 -= -= Tel: 01.71.71.55.83 | Fax: 01.71.71.55.77 =- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -------------- next part -------------- A non-text attachment was scrubbed... Name: bboudevi.vcf Type: text/x-vcard Size: 324 bytes Desc: Carte pour Benoit Boudeville - Admin Syst?me Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000628/a4a828ce/bboudevi.vcf From jwhamps at ilstu.edu Wed Jun 28 16:24:18 2000 From: jwhamps at ilstu.edu (Jeffrey W. Hampson) Date: Tue Dec 2 02:30:15 2003 Subject: Samba poppin in/out Message-ID: Hey all, My Samba 2.07 server keep poppin in and out of network neighborhood, although still accessible by typing in their exact location.. what's going on? thanks ------------------------------ Jeff Hampson -------------- next part -------------- HTML attachment scrubbed and removed From elrond at samba.org Wed Jun 28 16:22:41 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:15 2003 Subject: Password Sync In-Reply-To: <14681.60627.573137.282664@wire.cadcamlab.org>; from Peter Samuelson on Wed, Jun 28, 2000 at 10:30:15PM +1000 References: <000101bfdc70$04c4fdd0$2c01020a@HAGGIS> <20000623185354.B16862@baerbel.mug.maschinenbau.tu-darmstadt.de> <14681.60627.573137.282664@wire.cadcamlab.org> Message-ID: <20000628182241.A14350@baerbel.mug.maschinenbau.tu-darmstadt.de> On Wed, Jun 28, 2000 at 10:30:15PM +1000, Peter Samuelson wrote: > > [Elrond ] > > rpcclient -S ntpdc -U Administrator%passwdofadmin > > samuserset ntuser -p newpassword > [...] > > So, now how to get the new pw? > > > > Check out the post > > "ANNOUNCE: pam_pwexport, Unix->SMB password changes" > > by Peter Samuelson . > > Yeah, I didn't think of using rpcclient or samedit. I'll add something > like this in as another example file in the next version. (To be > released Real Soon Now, as I keep saying.) Thanks, Elrond. Yeah, I just thought it up, when I saw the original post. Oh. Can you ask Lars to include a link on his pages to your stuff? (I don't know, if he has some "related stuff"-page on his pages... didn't look there for a long time.) > The difficulty with using multiple PAM modules for changing passwords > is that password updates aren't atomic. It's easy to get the two > password lists out of sync, if the first module succeeds but the second > fails. (Say the PDC is unavailable, etc). At that point there's not > too much you can do other than fix it manually. There's just no way to > express the sequence "check to make sure all these updates will succeed > (grabbing whatever locks are necessary to ensure this), then do them." Well, if the first pam module succeeds in changing a password, that later is sufficient to authenticates to again change a password, and all the other pam-modules are made to do a "force pw-change" (as the rpcclient-example above) the user just can try to change it again... (on the other side, I don't know enough about pam...) Oh, BTW: I think, if your smb.conf sets the workgroup the right way, you can call rpcclient -S '*', which lets rpcclient find the pdc itself. (useful, if you have nt and some DCs, because they can "promote" (right word?) the pdc-role to any of them.) > Peter Elrond From elrond at samba.org Wed Jun 28 16:45:16 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:15 2003 Subject: two way trust between samba tng pdc and nt pdc In-Reply-To: ; from kill -9 on Wed, Jun 28, 2000 at 01:09:56AM +1000 References: Message-ID: <20000628184516.B14350@baerbel.mug.maschinenbau.tu-darmstadt.de> On Wed, Jun 28, 2000 at 01:09:56AM +1000, kill -9 wrote: > I have been able to create a trust relationship between my tng samba pdc > box and my nt pdc box, with samba as the trusted and nt as the trusting. > I did this by creating a machine account in samba using the -i option, > with the name of the trusting domain, and a machine account in samba with > the name of the nt pdc machine. I then used user manager for domains on > the nt pdc to create the trust using the password I gave to the trust > account on the samba pdc. This seems to have worked. Now I want to go the Nice, that you described this awkward process here. I've gone through it too. What I have to note: The nt pdc will change the pw every some weeks and it will only change the pw for the account with the domain-name, so you have to copy the pw over to the account for the pdc-name. I'm thinking of fixing this by using the trusting domain variable, but I currently want to get CVS TNG more stable... before starting to play again. > other way, and I'm a little lost. I have 'permitted the samba pdc to > trust' on the nt pdc, and from what I've gleaned, this should create an > inter-domain-trust account on the nt pdc with a machine name equal to > my samba pdc domain. This is where I get stuck. How do I actually create > the trust on the samba pdc? What is the significance of the 'trusted > domains' and 'trusting domains' values in smb.conf? I noticed when I moved > to CVS 2.5 GOOD that if I included the 'trusted domains' lines that most > of the daemons would not start properly. It's okay to include the > 'trusting domain' line however. Thanks for ANY help or info. You've gone the right way here. You've to do the following too: add the domain to the trusted domains-list: trusted domains = "domain=pdc,bdc" Then you have to do something like smbpasswd -j NTDOMAIN (hope, I remember that correctly...) The other way is to find out the domain sid of the nt domain (rpcclient -S ntpdc -U % -c 'lsaq') and create a NTDOMAIN.SID next to your SAMBADOMAIN.SID file, with the SID as contents. The next problem is, that samba needs a unix-user for each nt-user... you might want to investigate winbind, or create them all by hand... Please tell us, how far you get and especialy, if interactive login from the "other domain" works in both domains, I mean: Go, and sit in front of some nt-box, that is a member in the NTDOMAIN and try to login as a user from the SAMBADOMAIN. If that doesn't work, please try to find some indications in the logs. Elrond From pjdc at eircom.net Wed Jun 28 18:37:53 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:15 2003 Subject: samba version release questions In-Reply-To: Matthew Geddes's message of "Wed, 28 Jun 2000 13:34:55 +1000" References: <005a01bfdf70$a2832c60$f33ca8c0@fosnbg.de> <001201bfdf7b$975d0350$9f01a8c0@bakerref.com> <3958DB9E.47F842AD@valinux.com> <3959752C.EC8B5476@xavier.sa.edu.au> Message-ID: >>>>> "Matthew" == Matthew Geddes writes: Matthew> (not that I think Luke is super-human or anything) He is. Born a mortal, one night a chunk of glowing green Sambonite fell into his back yard; young Luke went to see what it was, and was forever changed. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From David.Bear at asu.edu Wed Jun 28 18:33:30 2000 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:30:15 2003 Subject: neme resolution Message-ID: I was perusing rfc1001 and 1002 last night and noticed something that doesn't seem to fit with the way microsoft smb servers find names. First, the netbios name is supposed to be encoded cause per the IBM Lan Technical Ref regarding netbios a name can be any 16 byte pattern -- non printable characters included. I've never seen microsoft make this recommendation for dns resolution. So, how does a ms smb server find a netbios name in dns? Second, since a netname will contain space padding up to the 15 byte, and then a hex code for machine name, group name, workgroup name, etc., and since ms is not encoding these names, what does the smb server actually ask for from dns? Third, since netbios names can by any 16 bytes, and the reversible half ascii encoding method specified in the rfc would imply case sensitivity in names, what does the smb server do with uppper/lower case in name resolution? Fourth, since a period '.' is not considered a valid character in a netbios name (the original list of invalid characters included things like "*", "?", "/", "\" "'"), and since it is possible the connect to a dotted decimal notated netname via \\129.219.15.22\sharename, the requester must be converting this ip address to a netbios name? or resolving it some other way. Can anyone describe the mechanism used here? Fifth, while have haven't read the CIFS spec completely, I haven't seen anywhere that in CIFS that changes the nature of netbios naming. For example, with CIFS can you partition the netbios name space like a domain name space? David Bear College of Public Programs/ASU From peter at cadcamlab.org Wed Jun 28 18:53:20 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:15 2003 Subject: Password Sync References: <000101bfdc70$04c4fdd0$2c01020a@HAGGIS> <20000623185354.B16862@baerbel.mug.maschinenbau.tu-darmstadt.de> <14681.60627.573137.282664@wire.cadcamlab.org> <20000628182241.A14350@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <14682.18428.762760.894687@wire.cadcamlab.org> [Elrond ] > Oh. Can you ask Lars to include a link on his pages to your stuff? (I > don't know, if he has some "related stuff"-page on his > pages... didn't look there for a long time.) I don't know that I have all *that* much stuff and it's certainly not organized to the point of being possible to navigate ... if and when I improve matters I'll probably ask for a little "official recognition". > Well, if the first pam module succeeds in changing a password, that > later is sufficient to authenticates to again change a password, and > all the other pam-modules are made to do a "force pw-change" (as the > rpcclient-example above) the user just can try to change it again... > (on the other side, I don't know enough about pam...) Yeah, the difficulty is really in using two or more schemes, all of which require both the old and the new passwords. Then if one fails, you're out of sync with no way to get back in. If you use something like rpcclient with the administrator password, this isn't as big of a problem. I guess I was thinking of smbpasswd against a remote PDC, where you *aren't* do an administrative override. Peter From pjdc at eircom.net Wed Jun 28 19:08:23 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:15 2003 Subject: neme resolution In-Reply-To: iddwb's message of "Thu, 29 Jun 2000 04:40:54 +1000" References: Message-ID: >>>>> "iddwb" == iddwb writes: iddwb> Fourth, since a period '.' is not considered a valid iddwb> character in a netbios name (the original list of invalid iddwb> characters included things like "*", "?", "/", "\" "'"), iddwb> and since it is possible the connect to a dotted decimal iddwb> notated netname via \\129.219.15.22\sharename, the iddwb> requester must be converting this ip address to a netbios iddwb> name? or resolving it some other way. Can anyone describe iddwb> the mechanism used here? You kind of answered your own question there; the requester sees the dotted quad and says, "Aha! an IP address; no need to look up a name". There is no point in converting the IP address to a NetBIOS name, since it would have to convert it back again to actually make the SMB connection. Connections are made to IP addresses, not to NetBIOS names. I am speaking of a TCP/IP-only NetBIOS environment, since that is all that Samba supports. Using the IP address is necessary trick when you want to connect to an NT server from the same machine using two different user accounts. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From ed at schernau.com Wed Jun 28 20:03:45 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:15 2003 Subject: setting up a Linux 2.2 server for Win9x dialin Message-ID: <395A5A21.3E379A30@schernau.com> Subject line says what I'm doing. I'd like to use pam_ntdom for authentication, since IIRC, it can authenticate people even if they don't have /etc/passwd entries. I just need the users to get ppp access, the Linux box is in an NT domain environment (which I've joined). Any pointers on this? Is the latest pam_ntdom still CVS only? -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From jabachman at hiestandsupply.com Wed Jun 28 20:50:42 2000 From: jabachman at hiestandsupply.com (Jason Bachman) Date: Tue Dec 2 02:30:15 2003 Subject: Samba poppin in/out In-Reply-To: Message-ID: Sounds like you have two machines competing for browse master. Try making the Samba machine the browse master, or make sure that all windows machines have browse master disabled. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Jeffrey W. Hampson Sent: Wednesday, June 28, 2000 12:25 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Samba poppin in/out Hey all, My Samba 2.07 server keep poppin in and out of network neighborhood, although still accessible by typing in their exact location.. what's going on? thanks ------------------------------ Jeff Hampson -------------- next part -------------- HTML attachment scrubbed and removed From ralf at is.rice.edu Wed Jun 28 21:32:54 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:30:15 2003 Subject: Joining a domain Message-ID: Help please!!! I have SAMBA_TNG_2.5_GOOD running on Solaris 2.6. The problem is: I can't make an NT workstation join the domain for the life of me. I keep getting the message "Check your computer account on the domain". And on the log for the Workstation I get the following: LSA_OPENSECRET: unknown error SMB LM/NT Password did not match! Rejecting user 'ralf': authentication failed authorise_login: TODO. split function, it's 6 levels! msrpc_receive: failed domain_client_validate: unable to validate password for user TOSHIBA$ in domain SAMBATNG to Domain controller \\.. Now, ralf is an administrator on the NT workstation. And even if I create an account for administrator, the same thing happens: LSA_OPENSECRET: unknown error SMB LM/NT Password did not match! Rejecting user 'administrator': authentication failed authorise_login: TODO. split function, it's 6 levels! msrpc_receive: failed domain_client_validate: unable to validate password for user AGAMEMNON$ in domain SAMBATNG to Domain controller \\.. Authentication seems to have changed on TNG. Samba 2.0.7 and prior didn't seem to mind who was the user at the NT workstation when joining the domain, as long as it was an administrator. Please!!! What is the process of authentication when an NT workstation tries to join a domain? I've gone through the process of creating unix and samba accounts with both useradd and rpcclient respectively. Why can't the workstations join the domain? Please help!!! Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From paulnoah at noah.cnchost.com Thu Jun 29 00:54:18 2000 From: paulnoah at noah.cnchost.com (Paul Noah) Date: Tue Dec 2 02:30:15 2003 Subject: for papa Message-ID: <4.3.2.7.2.20000628205250.0229c418@127.0.0.1> This one is for Papa A plumber attended to a leaking faucet at the neurosurgeon's house. After a 2 minute job he demanded $75. The neurosurgeon exclaimed, 'I don't charge this amount even though I am a surgeon.' The plumber replied, 'I didn't either when I was a surgeon. That's why I switched to plumbing!' From peter at cadcamlab.org Thu Jun 29 02:37:13 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:15 2003 Subject: Using NT 4.0 WKS and Novell Client References: <3953E7ED.1E03038C@sandd.co.uk> <3957067C.4CF9C4A5@polimi.it> <3957927A.3A641F8B@sandd.co.uk> Message-ID: <14682.46591.750283.920176@wire.cadcamlab.org> [Darren Hammond ] > Unfortunately, the system I've inherited uses Zenworks to distribute > applications and I believe I need the Novell Client for this. That > bit works well, so I don't really want to change it. I think he meant just go to the "bindings" tab, view "all services" and make sure services like Server and Workstation are *not* bound to IPX/SPX but only TCP/IP. Peter From D.Bannon at latrobe.edu.au Thu Jun 29 02:59:27 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:15 2003 Subject: setting up a Linux 2.2 server for Win9x dialin In-Reply-To: <395A5A21.3E379A30@schernau.com> Message-ID: <3.0.6.32.20000629125927.00871b30@bioserve.latrobe.edu.au> At 06:07 AM 29/06/2000 +1000, Edward Schernau wrote: >Subject line says what I'm doing. I'd like to use pam_ntdom >for authentication, since IIRC, it can authenticate people >even if they don't have /etc/passwd entries. I just need >the users to get ppp access, the Linux box is in an NT >domain environment (which I've joined). > I do a similar thing using pam_smb and found that ppp did not like being told to authenticate a user who did not have an acount. So I have a system that creates 'dummy' accounts on the dial in server as they appear on the samba pdc. It might still be possible, but I found it easier to spawn the accounts as I already had such a system running for other purposes anyway. >From memory, ppp wants a uid to change to after authentication. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sam at topic.com.au Thu Jun 29 03:24:43 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:30:15 2003 Subject: setting up a Linux 2.2 server for Win9x dialin In-Reply-To: <3.0.6.32.20000629125927.00871b30@bioserve.latrobe.edu.au>; from D.Bannon@latrobe.edu.au on Thu, Jun 29, 2000 at 01:02:30PM +1000 References: <395A5A21.3E379A30@schernau.com> <3.0.6.32.20000629125927.00871b30@bioserve.latrobe.edu.au> Message-ID: <20000629132443.A1829@topic.com.au> David Bannon wrote: > > I do a similar thing using pam_smb and found that ppp did not like being > told to authenticate a user who did not have an acount. So I have a system > that creates 'dummy' accounts on the dial in server as they appear on the > samba pdc. It might still be possible, but I found it easier to spawn the > accounts as I already had such a system running for other purposes anyway. The "easier" way would be to use the winbind thing I've been hearing about. It's a Name Service (like /etc/passwd or NIS) that uses an NT domain PDC to look up user accounts. But yes, the account does need to exist on the system for pam_ntdom to work. -- Sam Couter | Internet Engineer | http://www.topic.com.au/ sam@topic.com.au | tSA Consulting | PGP key available on key servers PGP key fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000629/5dddc2f2/attachment.bin From list3 at avia.kfkipark.hu Thu Jun 29 10:23:06 2000 From: list3 at avia.kfkipark.hu (List3) Date: Tue Dec 2 02:30:15 2003 Subject: Using Samba as PDC Message-ID: version: 2.0.7-pre4 I set up everything according "Using Samba 2.0.x as PDC" at http://bioserve.latrobe.edu.au/samba. On the nt4 workstation I get the following message if I try to join to the domain: "Unable to update local security in order to join domain." Does anyone have some usefull tips? Many thanks in advance: Miklos Kanyo (aka list3) From raub at gator.net Thu Jun 29 13:49:11 2000 From: raub at gator.net (Mauricio Tavares) Date: Tue Dec 2 02:30:15 2003 Subject: Getting somewhere in my samba adventures... slowly Message-ID: <3.0.6.32.20000629094911.00aef460@mail.gator.net> It seems I am slowly making progress, but I am still not out of the woods. Let's start by allowing me to show my config file: # Samba config file created using SWAT # from shado.proedint.com (10.0.0.11) # Date: 2000/06/29 09:39:09 # Global parameters workgroup = UFO netbios name = INTERCEPTOR server string = Samba Server 2.0.3 preferred master = Yes domain master = Yes wins support = Yes [homes] comment = Home Directories read only = No browseable = No [public] comment = Public path = /home/public read only = No create mask = 0664 directory mask = 0775 guest ok = Yes I configured my laptop (moonbase, running Win95B) to use the UFO workgroup and interceptor as its DNS (I set it up to do so) and WINS (ditto). Using network neighborhood, I was able to *finally* see the machine there. Then, I tried to open interceptor so I could access the public directory. The error message I got in the laptop says "\\Interceptor is not accessible. No permission to access resource." What does that mean? I do not know if the user I loged into as in moonbase must be defined in interceptor. If that was the case, I would expect to be greeted with a login prompt, a la SWAT. Talking about swat, this is what is says when I check the server status: PID Client IP address Date 26251 moonbase 10.0.0.26 Thu Jun 29 09:37:16 2000 Suggestions about what could be wrong and what to do/check are always welcome =) From ctooley at joslyn.org Thu Jun 29 16:29:25 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:30:15 2003 Subject: Getting somewhere in my samba adventures... slowly References: <3.0.6.32.20000629094911.00aef460@mail.gator.net> Message-ID: <395B7965.439205FA@joslyn.org> Do you have encrypt passwords = no set in your smb.conf? If you don't have an entry there about encrypting passwords, you may need to try the PlainTextPasswords hack for Windows 95. That may help some. Chris Tooley Mauricio Tavares wrote: > > It seems I am slowly making progress, but I am still not out of the woods. > Let's start by allowing me to show my config file: > > # Samba config file created using SWAT > # from shado.proedint.com (10.0.0.11) > # Date: 2000/06/29 09:39:09 > > # Global parameters > workgroup = UFO > netbios name = INTERCEPTOR > server string = Samba Server 2.0.3 > preferred master = Yes > domain master = Yes > wins support = Yes > > [homes] > comment = Home Directories > read only = No > browseable = No > > [public] > comment = Public > path = /home/public > read only = No > create mask = 0664 > directory mask = 0775 > guest ok = Yes > > I configured my laptop (moonbase, running Win95B) to use the UFO workgroup > and interceptor as its DNS (I set it up to do so) and WINS (ditto). Using > network neighborhood, I was able to *finally* see the machine there. Then, > I tried to open interceptor so I could access the public directory. The > error message I got in the laptop says "\\Interceptor is not accessible. > No permission to access resource." What does that mean? I do not know if > the user I loged into as in moonbase must be defined in interceptor. If > that was the case, I would expect to be greeted with a login prompt, a la > SWAT. > > Talking about swat, this is what is says when I check the server status: > > PID Client IP address Date > 26251 moonbase 10.0.0.26 Thu Jun 29 09:37:16 2000 > > Suggestions about what could be wrong and what to do/check are always > welcome =) From kill-9 at warbeast.com Thu Jun 29 14:43:33 2000 From: kill-9 at warbeast.com (kill -9) Date: Tue Dec 2 02:30:15 2003 Subject: two way trust between samba tng pdc and nt pdc In-Reply-To: <20000628184516.B14350@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: Thanks a heap for you clarification. Things are starting to work already. I will get back with more info later. For now though, could you or someone please clarify the format of the 'trusted domains=' line? The way you mentioned it confused me a little. For example, my samba domain is lxind, and my samba domain pdc is lxfsind. The nt domain is ntfsind, and the nt pdc is fsind. Do I do trusted domains=ntfsind or do I do something else? Thanks again. On Thu, 29 Jun 2000, Elrond wrote: > On Wed, Jun 28, 2000 at 01:09:56AM +1000, kill -9 wrote: > > I have been able to create a trust relationship between my tng samba pdc > > box and my nt pdc box, with samba as the trusted and nt as the trusting. > > I did this by creating a machine account in samba using the -i option, > > with the name of the trusting domain, and a machine account in samba with > > the name of the nt pdc machine. I then used user manager for domains on > > the nt pdc to create the trust using the password I gave to the trust > > account on the samba pdc. This seems to have worked. Now I want to go the > > Nice, that you described this awkward process here. > I've gone through it too. > > What I have to note: > > The nt pdc will change the pw every some weeks and it will > only change the pw for the account with the domain-name, so > you have to copy the pw over to the account for the > pdc-name. > > I'm thinking of fixing this by using the trusting domain > variable, but I currently want to get CVS TNG more > stable... before starting to play again. > > > > other way, and I'm a little lost. I have 'permitted the samba pdc to > > trust' on the nt pdc, and from what I've gleaned, this should create an > > inter-domain-trust account on the nt pdc with a machine name equal to > > my samba pdc domain. This is where I get stuck. How do I actually create > > the trust on the samba pdc? What is the significance of the 'trusted > > domains' and 'trusting domains' values in smb.conf? I noticed when I moved > > to CVS 2.5 GOOD that if I included the 'trusted domains' lines that most > > of the daemons would not start properly. It's okay to include the > > 'trusting domain' line however. Thanks for ANY help or info. > > You've gone the right way here. > You've to do the following too: > > add the domain to the trusted domains-list: > trusted domains = "domain=pdc,bdc" > > Then you have to do something like > smbpasswd -j NTDOMAIN > (hope, I remember that correctly...) > > The other way is to find out the domain sid of the nt > domain (rpcclient -S ntpdc -U % -c 'lsaq') and create a > NTDOMAIN.SID next to your SAMBADOMAIN.SID file, with the > SID as contents. > > The next problem is, that samba needs a unix-user for each > nt-user... you might want to investigate winbind, or create > them all by hand... > > Please tell us, how far you get and especialy, if > interactive login from the "other domain" works in both > domains, I mean: > > Go, and sit in front of some nt-box, that is a member in > the NTDOMAIN and try to login as a user from the > SAMBADOMAIN. If that doesn't work, please try to find some > indications in the logs. > > Elrond > ---------------------------------------------------------------------------- Alex West A&M Communications - Tech Guru BioControl Technology Inc., MIS Administrator kill-9@warbeast.com | kill-9@ipost.net Visit Third Eye Digital Productions - http://www.indiana-emall.com/thirdeye Check out my band and FREE music at *** www.mp3.com/snowpants *** ---------------------------------------------------------------------------- From raub at gator.net Thu Jun 29 15:11:42 2000 From: raub at gator.net (Mauricio Tavares) Date: Tue Dec 2 02:30:15 2003 Subject: Getting somewhere in my samba adventures... slowly In-Reply-To: <000501bfe1d6$635eee80$0cc8a8c0@psb> References: <3.0.6.32.20000629094911.00aef460@mail.gator.net> Message-ID: <3.0.6.32.20000629111142.007ea2b0@mail.gator.net> At 05:29 PM 6/29/00 +0300, "Valentin Pavlov" wrote: >Simply add "security = share" in global parameters. >But note - you will not be able to authenticate users. > I understand, but using what you suggested allowed me to do waht I consider to be the most important right now: find out if my samba server is working and I can connect to it. It works! So I am pretty happy now. Thanks! =) Now that has been taken care of, I can proceed to the next phase, which is setting the user authentication part. What I envision is to have people to log into to their NT/W98/W95/W2K boxes anad have that l/p already take care of what they have access to in the unix box. I plan in the end to run the unix box as primary server for the localnet and have our current NT server as secondary, asking the unix box for anything it may need such as usernames and stuff. Again, thanks for the help! =) From mjwestkamper at weiinc.com Thu Jun 29 16:04:55 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:30:15 2003 Subject: Getting somewhere in my samba adventures... slowly References: <3.0.6.32.20000629094911.00aef460@mail.gator.net> <3.0.6.32.20000629111142.007ea2b0@mail.gator.net> Message-ID: <395B73A7.3BFBA143@weiinc.com> >From my recent experiences you may want to use a small NT box as the Primary Domain Controller (PDC) and do the authentications through it. SAMBA is a great thing, however there are some lingering problems having it as a PDC, at least that is my opinion. The Linux/SAMBA box then authenticates all the users through the PDC and happy, happy. Later as you progress and the next SAMBA version is released it is not a big deal to move the PDC job to SAMBA. Mike Mauricio Tavares wrote: > At 05:29 PM 6/29/00 +0300, "Valentin Pavlov" wrote: > >Simply add "security = share" in global parameters. > >But note - you will not be able to authenticate users. > > > I understand, but using what you suggested allowed me to do waht I > consider to be the most important right now: find out if my samba server > is working and I can connect to it. It works! So I am pretty happy now. > Thanks! =) > > Now that has been taken care of, I can proceed to the next phase, which is > setting the user authentication part. What I envision is to have people to > log into to their NT/W98/W95/W2K boxes anad have that l/p already take care > of what they have access to in the unix box. I plan in the end to run the > unix box as primary server for the localnet and have our current NT server > as secondary, asking the unix box for anything it may need such as > usernames and stuff. > > Again, thanks for the help! =) From elrond at samba.org Thu Jun 29 18:46:08 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:15 2003 Subject: two way trust between samba tng pdc and nt pdc In-Reply-To: ; from kill -9 on Fri, Jun 30, 2000 at 12:46:18AM +1000 References: <20000628184516.B14350@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000629204608.A20448@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Jun 30, 2000 at 12:46:18AM +1000, kill -9 wrote: > Thanks a heap for you clarification. Things are starting to work already. > I will get back with more info later. For now though, could you or someone > please clarify the format of the 'trusted domains=' line? > The way you mentioned it confused me a little. For example, my samba > domain is lxind, and my samba domain pdc is lxfsind. The nt domain is > ntfsind, and the nt pdc is fsind. Do I do trusted domains=ntfsind > or do I do something else? Thanks again. trusted domains = ntfsind=fsind Samba needs to know the name of a DC in that domain. ... Yes.. it could ask the wins server... but it currently doesn't do that. And it would need to somehow cache the answer, since otherwise, anything related to the other domain will involve a wins-query... well... speed isn't currently realy of any interest. ;) Elrond > On Thu, 29 Jun 2000, Elrond wrote: > > > On Wed, Jun 28, 2000 at 01:09:56AM +1000, kill -9 wrote: > > > I have been able to create a trust relationship between my tng samba pdc > > > box and my nt pdc box, with samba as the trusted and nt as the trusting. > > > I did this by creating a machine account in samba using the -i option, > > > with the name of the trusting domain, and a machine account in samba with > > > the name of the nt pdc machine. I then used user manager for domains on > > > the nt pdc to create the trust using the password I gave to the trust > > > account on the samba pdc. This seems to have worked. Now I want to go the > > > > Nice, that you described this awkward process here. > > I've gone through it too. > > > > What I have to note: > > > > The nt pdc will change the pw every some weeks and it will > > only change the pw for the account with the domain-name, so > > you have to copy the pw over to the account for the > > pdc-name. > > > > I'm thinking of fixing this by using the trusting domain > > variable, but I currently want to get CVS TNG more > > stable... before starting to play again. > > > > > > > other way, and I'm a little lost. I have 'permitted the samba pdc to > > > trust' on the nt pdc, and from what I've gleaned, this should create an > > > inter-domain-trust account on the nt pdc with a machine name equal to > > > my samba pdc domain. This is where I get stuck. How do I actually create > > > the trust on the samba pdc? What is the significance of the 'trusted > > > domains' and 'trusting domains' values in smb.conf? I noticed when I moved > > > to CVS 2.5 GOOD that if I included the 'trusted domains' lines that most > > > of the daemons would not start properly. It's okay to include the > > > 'trusting domain' line however. Thanks for ANY help or info. > > > > You've gone the right way here. > > You've to do the following too: > > > > add the domain to the trusted domains-list: > > trusted domains = "domain=pdc,bdc" > > > > Then you have to do something like > > smbpasswd -j NTDOMAIN > > (hope, I remember that correctly...) > > > > The other way is to find out the domain sid of the nt > > domain (rpcclient -S ntpdc -U % -c 'lsaq') and create a > > NTDOMAIN.SID next to your SAMBADOMAIN.SID file, with the > > SID as contents. > > > > The next problem is, that samba needs a unix-user for each > > nt-user... you might want to investigate winbind, or create > > them all by hand... > > > > Please tell us, how far you get and especialy, if > > interactive login from the "other domain" works in both > > domains, I mean: > > > > Go, and sit in front of some nt-box, that is a member in > > the NTDOMAIN and try to login as a user from the > > SAMBADOMAIN. If that doesn't work, please try to find some > > indications in the logs. > > > > Elrond > > > > ---------------------------------------------------------------------------- > Alex West > A&M Communications - Tech Guru > BioControl Technology Inc., MIS Administrator > kill-9@warbeast.com | kill-9@ipost.net > Visit Third Eye Digital Productions - http://www.indiana-emall.com/thirdeye > Check out my band and FREE music at *** www.mp3.com/snowpants *** > ---------------------------------------------------------------------------- From chico at summitpro.com Thu Jun 29 18:57:55 2000 From: chico at summitpro.com (Chico) Date: Tue Dec 2 02:30:16 2003 Subject: SMBMOUNT In-Reply-To: Message-ID: here's my prob: i have a NT SERVER 4.0 sp6a share w/ full rights to *everyone*. i have connected to the share using this command. mount -t smbfs -o username=administrator,password=XXXXXX //machinename/stuff /home/stuff it works just fine. i can access it and it's all good. but as time goes on.. it stays working but i get these messages appear on the console. smb_trans2_request: result=-32, setting invalid smb_retry: new pid=8003, generation=2 it keeps working though.. is this some type of debug info or something? anybody know the entry in smb.conf to get rid of it? these r the packages/versions i'm using: samba-client-2.0.6-9 samba-common-2.0.6-9 samba-2.0.6-9 on redhat 6.1, kernel 2.2.15 thx. in advance.. ;-] From kevinc at grainsystems.com Thu Jun 29 19:08:53 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:16 2003 Subject: two way trust between samba tng pdc and nt pdc References: <20000628184516.B14350@baerbel.mug.maschinenbau.tu-darmstadt.de> <20000629204608.A20448@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <395B9EC5.B3965892@grainsystems.com> Elrond wrote: > On Fri, Jun 30, 2000 at 12:46:18AM +1000, kill -9 wrote: > > > > [...] could you or someone please clarify the format of the > > 'trusted domains=' line? > > trusted domains = ntfsind=fsind > > Samba needs to know the name of a DC in that domain. I understand that it needs the DC name, but I must say this syntax seems quite bizarre. I don't see how a domain "=" a DC list. - Kevin Colby kevinc@grainsystems.com From rez at moremagic.com Thu Jun 29 20:47:44 2000 From: rez at moremagic.com (=?iso-8859-1?Q?Lauri_Myll=E4ri?=) Date: Tue Dec 2 02:30:16 2003 Subject: trust between two samba-tng pdcs? Message-ID: <20000629234743.A12642@moremagic.com> Hi! Reading the exchange on two way trust between nt and samba was enlightening, but not quite enough for my situation. I have two domains controlled by samba-tngs with samba-2.0.7 {file,print}servers and NT4 clients - and all is good and beautiful. Until I need to access the other domain with an NT.. Is it possible to get the pdcs to trust each other? Both are tng-2.5. All I found from the archives was how to get samba talking to nt pdc, but nothing on two samba pdcs. Is this documented somewhere else? Am I missing something completely obvious? btw, I have a somewhat weird (but working solution) for keeping the account and group information updated on my samba pdc, samba servers, unix servers and workstations. A custom program, which creates and updates accounts/passwords/groups on *nix with ssh - a hack, but it requires no changes for existing linux workstations and keeps sanity in a mixed linux/NT environment (nfs and samba, nt and unix logins, imap accounts etc). It's a python application that comes with a gui, access groups for different computers and support for samba and cyrus.. If someone is interested, I should be able to get it released under GPL - the original coder is too busy to become a maintainer for a 'real' project. From Lance.Ellinghaus at eConnections.com Thu Jun 29 22:41:06 2000 From: Lance.Ellinghaus at eConnections.com (Lance.Ellinghaus@eConnections.com) Date: Tue Dec 2 02:30:16 2003 Subject: Getting latest from CVS Message-ID: What is the tag that I use to pull the latest version of SAMBA that supports NT PDC Services? Thanks! Lance Ellinghaus -------------- next part -------------- HTML attachment scrubbed and removed From pjdc at eircom.net Thu Jun 29 22:57:05 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:16 2003 Subject: Getting latest from CVS In-Reply-To: Lance.Ellinghaus@eConnections.com's message of "Fri, 30 Jun 2000 08:44:52 +1000" References: Message-ID: >>>>> "Lance" == Lance Ellinghaus writes: Lance> What is the tag that I use to pull the latest version of Lance> SAMBA that supports NT PDC Services? Lance> Thanks! Lance> Lance Ellinghaus SAMBA_TNG Please do not post HTML mail to this list; thank you. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From peter at cadcamlab.org Fri Jun 30 00:15:04 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:30:16 2003 Subject: Getting somewhere in my samba adventures... slowly References: <3.0.6.32.20000629094911.00aef460@mail.gator.net> <000501bfe1d6$635eee80$0cc8a8c0@psb> <3.0.6.32.20000629111142.007ea2b0@mail.gator.net> Message-ID: <14683.58500.200119.236341@wire.cadcamlab.org> [Mauricio Tavares ] > What I envision is to have people to log into to their NT/W98/W95/W2K > boxes anad have that l/p already take care of what they have access > to in the unix box. Are you currently using an NT domain controller? If so, this stage should be relatively easy. Set the following parameters: workgroup = DOMAIN_NAME encrypt passwords = true password server = YOUR_NT_PDC Then either set security = server for generic pass-through authentication, or go whole hog and actually join the domain (faster and more secure): security = domain If you want to use `security = domain', you must actually join the domain in question. Get on the PDC as an administrator, go to Start -> Programs -> Administrative Tools -> Server Manager, and add your computer name to the domain. Then hop back on your Unix box as root and run `smbpasswd -j DOMAIN_NAME -r YOUR_NT_PDC'. Either way your Unix user list needs to match the NT user list (or you can provide a username map), although the Unix passwords don't matter as they will be ignored. > I plan in the end to run the unix box as primary server for the > localnet and have our current NT server as secondary, asking the unix > box for anything it may need such as usernames and stuff. That'll be a bit more effort.... (: Peter From f.w.j.wiegerinck at student.utwente.nl Fri Jun 30 11:31:49 2000 From: f.w.j.wiegerinck at student.utwente.nl (F.W.J.Wiegerinck) Date: Tue Dec 2 02:30:16 2003 Subject: Getting somewhere in my samba adventures... slowly References: <3.0.6.32.20000629094911.00aef460@mail.gator.net> Message-ID: <001c01bfe286$c815cc30$2000a8c0@student.utwente.nl> Make sure you have created an user "guest" Frank ----- Original Message ----- From: "Mauricio Tavares" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Thursday, June 29, 2000 2:52 PM Subject: Getting somewhere in my samba adventures... slowly > It seems I am slowly making progress, but I am still not out of the woods. > Let's start by allowing me to show my config file: > > # Samba config file created using SWAT > # from shado.proedint.com (10.0.0.11) > # Date: 2000/06/29 09:39:09 > > # Global parameters > workgroup = UFO > netbios name = INTERCEPTOR > server string = Samba Server 2.0.3 > preferred master = Yes > domain master = Yes > wins support = Yes > > [homes] > comment = Home Directories > read only = No > browseable = No > > [public] > comment = Public > path = /home/public > read only = No > create mask = 0664 > directory mask = 0775 > guest ok = Yes > > I configured my laptop (moonbase, running Win95B) to use the UFO workgroup > and interceptor as its DNS (I set it up to do so) and WINS (ditto). Using > network neighborhood, I was able to *finally* see the machine there. Then, > I tried to open interceptor so I could access the public directory. The > error message I got in the laptop says "\\Interceptor is not accessible. > No permission to access resource." What does that mean? I do not know if > the user I loged into as in moonbase must be defined in interceptor. If > that was the case, I would expect to be greeted with a login prompt, a la > SWAT. > > Talking about swat, this is what is says when I check the server status: > > PID Client IP address Date > 26251 moonbase 10.0.0.26 Thu Jun 29 09:37:16 2000 > > Suggestions about what could be wrong and what to do/check are always > welcome =) > From george at v-sync.bg Fri Jun 30 10:59:36 2000 From: george at v-sync.bg (George Terziysky) Date: Tue Dec 2 02:30:16 2003 Subject: Logon Scripts References: <006b01bfdb85$f3648e10$292818c3@hot> <3950E37B.8BD407BC@joslyn.org> <008401bfdb88$2bae9480$292818c3@hot> <3950EFBF.7CFF44F1@joslyn.org> <003c01bfe042$a5156790$298f74d4@hot> <3958D729.670185CE@joslyn.org> Message-ID: <015e01bfe282$4783f780$298f74d4@hot> Sorry for the late I was out of E-mail few days... So the Registry keys for Win 98 are: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable"=dword:00000001 "ProxyServer"="proxy.domain.name:PORT" "MigrateProxy"=dword:00000001 "ProxyOverride"="" For me it works great George ----- Original Message ----- From: "Chris Tooley" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Tuesday, June 27, 2000 5:35 PM Subject: Re: Logon Scripts > Could you go ahead and tells us which registry keys it is so others will > (hopefully) be able to search the archives and find it without having to > ask again? > > Thanks > > Chris Tooley > From mh at ame.de Fri Jun 30 11:54:23 2000 From: mh at ame.de (Marcel Hoetter) Date: Tue Dec 2 02:30:16 2003 Subject: Problems with Samba-TNG PDC and W2k Message-ID: <395C8A6E.5CA9BA0F@ame.de> We are planning to replace almost all of out NT-servers with Linux-Samba servers, including the PDC. Clients will be W2k boxes and i want them to load their profiles and run their login scripts from the PDC. For test reasons i have set up a SambaTNG PDC for the domain TEST, a machine account "testpc" and a user "testuser" I got as far as being able to log in and authentificatefrom an w2k box and browse the shares on the server. But though I did an ./configure --with-profile when compiling the source and an chmod 1777 on the profile directory, w2k gives me an error message telling me something like "no permission to access the profile in directory //SAMBAPDC/profile/username". Another problem is that the (simpe) login script is not executed and no drives are mapped. I wrote the script it in vi and added ^M to every line and i tried to write it in W2k and to copy it in the right server directory. Nothing worked. I changed from the samba-TNG-alpha-2.5.3 source to the newest one via cvs, but the problems remained. I have already spend a lot of time to find out what is wrong and i would be glad for any help! Here are parts of my smb.conf: [global] netbios name = SAMBAPDC workgroup = TEST log level = 5 log file = /var/lock/samba/log.%m security = user domain logons = yes encrypt passwords = yes os level = 65 domain master = yes preferred master = yes local master = yes logon script = login.bat logon drive = U: logon home = \\SAMBAPDC\%U logon path = \\SAMBAPDC\profile\%U [homes] browseable = no writable = yes comment = Users' home directories [netlogon] path = /opt/samba/netlogon writable = no guest ok = no comment = PDC netlogon share [profile] path = /opt/samba/profile writeable = yes [public] path = /opt/samba/public browseable = yes public = yes writeable = yes comment = Public share From simo.sorce at polimi.it Fri Jun 30 12:07:51 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:16 2003 Subject: Problems with Samba-TNG PDC and W2k References: <395C8A6E.5CA9BA0F@ame.de> Message-ID: <395C8D97.A8B0D13E@polimi.it> Marcel Hoetter wrote: > > We are planning to replace almost all of out NT-servers with Linux-Samba > servers, including the PDC. > Clients will be W2k boxes and i want them to load their profiles and run > their login scripts from the PDC. > For test reasons i have set up a SambaTNG PDC for the domain TEST, a > machine account "testpc" and a user > "testuser" I got as far as being able to log in and authentificatefrom > an w2k box and browse the shares on the server. > But though I did an ./configure --with-profile when compiling the --with-profile options has nothing to do with M$ profiles it means activate profiling on samba code and wont work in TNG (cause it make no sense yet to profile unstable code for speed). > source and an chmod 1777 on the profile > directory, w2k gives me an error message telling me something like "no > permission to access the profile in > directory //SAMBAPDC/profile/username". Another problem is that the > (simpe) login script is not executed > and no drives are mapped. I wrote the script it in vi and added ^M to > every line and i tried to write it in W2k and to > copy it in the right server directory. Nothing worked. I changed from > the samba-TNG-alpha-2.5.3 source to > the newest one via cvs, but the problems remained. I have already spend > a lot of time to find out what is wrong and > i would be glad for any help! The currently "GOOD" version is samba-TNG-alpha-2.5 (.1,.2,.3 have many problems) > > Here are parts of my smb.conf: > > [global] > netbios name = SAMBAPDC > workgroup = TEST > log level = 5 > log file = /var/lock/samba/log.%m > security = user > domain logons = yes > encrypt passwords = yes > os level = 65 > domain master = yes > preferred master = yes > local master = yes > logon script = login.bat > logon drive = U: > logon home = \\SAMBAPDC\%U > logon path = \\SAMBAPDC\profile\%U > > [homes] > browseable = no > writable = yes > comment = Users' home directories > > [netlogon] > path = /opt/samba/netlogon > writable = no > guest ok = no > comment = PDC netlogon share > > [profile] > path = /opt/samba/profile > writeable = yes > > [public] > path = /opt/samba/public > browseable = yes > public = yes > writeable = yes > comment = Public share -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From doverbey at att.com Fri Jun 30 13:51:07 2000 From: doverbey at att.com (Overbey, Alfred D (Dudley), ALCOO) Date: Tue Dec 2 02:30:16 2003 Subject: Hlep question on TNG Message-ID: Our firewall requires the IP address of cvs.samba.org. Could someone kindly send this address to me, so I may download the Samba PDC code. Thanks Dudley doverbey@att.com From hulet at ittc.ukans.edu Fri Jun 30 14:00:15 2000 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:30:16 2003 Subject: Hlep question on TNG In-Reply-To: Message-ID: nslookup cvs.samba.org Name: cvs.samba.org Address: 150.203.164.44 Michael Hulet Network System Administrator ITTC, University of Kansas On Fri, 30 Jun 2000, Overbey, Alfred D (Dudley), ALCOO wrote: > Our firewall requires the IP address of cvs.samba.org. > Could someone kindly send this address to me, so I may download the Samba > PDC code. > > Thanks > Dudley > doverbey@att.com > From simo.sorce at polimi.it Fri Jun 30 14:05:50 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:16 2003 Subject: Hlep question on TNG References: Message-ID: <395CA93E.7123A0E0@polimi.it> "Overbey, Alfred D (Dudley), ALCOO" wrote: > > Our firewall requires the IP address of cvs.samba.org. > Could someone kindly send this address to me, so I may download the Samba > PDC code. nslookup cvs.samba.org Name: cvs.samba.org Address: 150.203.164.44 :( no-comments ): -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From kill-9 at warbeast.com Fri Jun 30 15:35:30 2000 From: kill-9 at warbeast.com (kill -9) Date: Tue Dec 2 02:30:16 2003 Subject: trust between two samba-tng pdcs? In-Reply-To: <20000629234743.A12642@moremagic.com> Message-ID: On Fri, 30 Jun 2000, [iso-8859-1] Lauri Mylläri wrote: I haven't had a need to do this between two samba pdcs. but I would assume the process is like so. Create an account on domain1 pdc with the name of the other domain (domain2$), and use the -i option (createuser -i domain2$ -p password) (I think this is the format). Then create another account but with the name of domain2's pdc, ex. (createuser domain2pdc$ -p password) Do this but in reverse on the othe pdc. Unix accounts would have to be done too on both. Then, I think you could just follow Elrond's instructions, and use either smbpasswd -j domainname, or get the domain sid for each domain using rpcclient -S otherpdc -U % -c 'lsaq', and copy that SID into a file named DOMAIN1.SID. Do this for each domain. Then I think you could use the trusting and trusted domains lines in each smb.conf file. Sorry if this is unclear. As I said, I'm guessing, and I've never really done this with 2 samba pdcs. Thhat prog you speak of sounds very usefull. I would sure be interested in seeing it available. > Hi! > > Reading the exchange on two way trust between nt and samba was > enlightening, but not quite enough for my situation. I have two domains > controlled by samba-tngs with samba-2.0.7 {file,print}servers and NT4 > clients - and all is good and beautiful. Until I need to access the > other domain with an NT.. Is it possible to get the pdcs to trust each > other? Both are tng-2.5. All I found from the archives was how to get > samba talking to nt pdc, but nothing on two samba pdcs. Is this documented > somewhere else? Am I missing something completely obvious? > > btw, I have a somewhat weird (but working solution) for keeping the > account and group information updated on my samba pdc, samba servers, unix > servers and workstations. A custom program, which creates and updates > accounts/passwords/groups on *nix with ssh - a hack, but it requires > no changes for existing linux workstations and keeps sanity in a mixed > linux/NT environment (nfs and samba, nt and unix logins, imap accounts > etc). It's a python application that comes with a gui, access groups > for different computers and support for samba and cyrus.. If someone is > interested, I should be able to get it released under GPL - the original > coder is too busy to become a maintainer for a 'real' project. > > ---------------------------------------------------------------------------- Alex West A&M Communications - Tech Guru BioControl Technology Inc., MIS Administrator kill-9@warbeast.com | kill-9@ipost.net Visit Third Eye Digital Productions - http://www.indiana-emall.com/thirdeye Check out my band and FREE music at *** www.mp3.com/snowpants *** ---------------------------------------------------------------------------- From andyzb at ltiflex.com Fri Jun 30 15:41:35 2000 From: andyzb at ltiflex.com (Andy Zbikowski) Date: Tue Dec 2 02:30:16 2003 Subject: This topic is probally getinng really old... Message-ID: <395CBFAF.69E4D22D@ltiflex.com> But inguiring minds want to know. Last night I moved our entire SQL database to a new, faster server. (Too bad it's still win NT and MS-SQL...) Mostly because the old database server was overloaded (bad network design from the admin and consultant group before me, and I really had to be insistand to the CFO about dropping $20,000 on a new server to replace one we bought about a year ago. He's eating his foot this morning) Anyway, I mentioned before the old database server was overloaded. It was running MSSQL 6.5, doing WINS and PDC, as well as serving roaming profiles and user home directories. With the database off that server, it's somewhat safer to rebuild it. (One way or another it needs a fresh install due to a bad voltage regulator on the motherboard, damn NT) The kicker is, gotta have a PDC. (and idealy, a BDC...heh.) Is samba-tng stable enough to handle about 30 clients and 3 NT servers? The clients are quite hetrogenous. We've got about 5 win95 clients, 5 win98, 20 or so NT4 workstation, and 10 win2k machines. I'm really worried about the issues that would arise using samba as a pdc with such a mix. standardizing on win2k might help the situation, but we're also moving tward thin clients so win2k is right now perminately on the back burner. My eventual goal would probally be getting a linux/samba PDC, configure authentication to go through LDAP services and allow LDAP authentication through PAM on the Linux machines. Seems like a crazy mixed up mess doesn't it? When everything gets to the point where it is stable enough to handle all that, it would really just rock. Have a LTSP (http://www.ltsp.org) machine booting a bunch of diskless workstations, and use Citrix to provide the Windows applications that just won't go away. This is the eventual goal, and the CFO is mostly sold on the idea. But in the short term, I want to get file serving on Linux, and since the IT budjet is pretty much maxed for awile, and since I have to rebuild the current PDC anyway, I wanted to consider all my options. Right now, will samba-tng handle simple Domain logins for the 3 some mixed clients? In the future (or does is it now) stable enough to handle LDAP authentication services? Will my dreams ever come true? =) -- \\\|/// \\ - - // ( @ @ ) ----oOOo--(_)-oOOo------------------------------------------- Andy Zbikowski, Sys Admin | http://www.ltiflex.com LTI Flexible Products, Inc. | "Reality is merely an illusion, 21801 Industrial Blvd | albeit a very persistent one." Rogers, MN 55374 | -- Albert Einstein ---------------Ooooo----------------------------------------- ( ) ooooO ) / ( ) (_/ \ ( \_) From jens.jorgensen at cmgisolutions.com Fri Jun 30 16:19:38 2000 From: jens.jorgensen at cmgisolutions.com (Jens B. Jorgensen) Date: Tue Dec 2 02:30:16 2003 Subject: neme resolution References: Message-ID: <395CC89A.C2973599@cmgisolutions.com> You're just getting started. Run a network trace sometime and wonder at the "extra" netbt-ns operations that go on which I guess have to do with, I'm guessing, browse master stuff or something like that. Also, you'll discover that Win95 boxes only answer packets which have a source port of 137. This is extremely annoying since in unix you have to be root to use ports <= 1024. Also this means you can't have more than one program listening on this port and expect things to work normally. Fun! But at any rate, you're right, windows doesn't do any special encoding to look up NETBIOS names in DNS, although it's pretty easy to see that it should to work with all allowable NETBIOS names. iddwb wrote: > I was perusing rfc1001 and 1002 last night and noticed something that > doesn't seem to fit with the way microsoft smb servers find names. > > First, the netbios name is supposed to be encoded cause per the IBM Lan > Technical Ref regarding netbios a name can be any 16 byte pattern -- non > printable characters included. I've never seen microsoft make this > recommendation for dns resolution. So, how does a ms smb server find a > netbios name in dns? > > Second, since a netname will contain space padding up to the 15 byte, and > then a hex code for machine name, group name, workgroup name, etc., and > since ms is not encoding these names, what does the smb server actually > ask for from dns? > > Third, since netbios names can by any 16 bytes, and the reversible half > ascii encoding method specified in the rfc would imply case sensitivity in > names, what does the smb server do with uppper/lower case in name > resolution? > > Fourth, since a period '.' is not considered a valid character in a > netbios name (the original list of invalid characters included things like > "*", "?", "/", "\" "'"), and since it is possible the connect to a dotted > decimal notated netname via \\129.219.15.22\sharename, the requester must > be converting this ip address to a netbios name? or resolving it some > other way. Can anyone describe the mechanism used here? > > Fifth, while have haven't read the CIFS spec completely, I haven't seen > anywhere that in CIFS that changes the nature of netbios naming. For > example, with CIFS can you partition the netbios name space like a domain > name space? > > David Bear > College of Public Programs/ASU -- Jens B. Jorgensen jens.jorgensen@cmgisolutions.com From r_huelsmann at ish.de Fri Jun 30 18:42:29 2000 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:30:17 2003 Subject: samba tng 2.5.3 and profiles Message-ID: <000001bfe2c2$f1885600$3401a8c0@workstation_1a> hi ! has somebody a running system or some tips ? suse 6.3 samba tng 2.5.3 as a pdc win2000 / nt 4.0 client i can join the domain, but: - the users seems to have no rights to write to profiles - in win200 that means, i can?t copy local to server-based profiles, because the option is "greyd-out" kind of urgent... system should be running on monday morning thanx --- Ralf Huelsmann Kempen Germany Office: http://www.ish.com/ r_huelsmann@ish.com phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 -------------- next part -------------- A non-text attachment was scrubbed... Name: =?iso-8859-1?Q?Ralf_H=FClsmann.vcf?= Type: application/octet-stream Size: 357 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000630/7d424148/iso-8859-1QRalf_HFClsmann.obj From pjdc at eircom.net Fri Jun 30 18:58:08 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:17 2003 Subject: samba tng 2.5.3 and profiles In-Reply-To: "Ralf Huelsmann"'s message of "Sat, 1 Jul 2000 04:44:44 +1000" References: <000001bfe2c2$f1885600$3401a8c0@workstation_1a> Message-ID: >>>>> "Ralf" == Ralf Huelsmann writes: Ralf> samba tng 2.5.3 as a pdc Ralf> - the users seems to have no rights to write to profiles As far as I can recall, profiles were broken in 2.5.3 in some fashion, but I think they work in 2.5. Paul. -- Paul Collins - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Where? Where is the town? Now it's nothing but flowers!" From kevinc at grainsystems.com Fri Jun 30 19:16:18 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:17 2003 Subject: This topic is probally getinng really old... References: <395CBFAF.69E4D22D@ltiflex.com> Message-ID: <395CF202.3CFB1028@grainsystems.com> Andy Zbikowski wrote: > > Is samba-tng stable enough to handle about 30 clients and 3 NT servers? The "2.5 GOOD" release reportedly is. > The clients are quite hetrogenous. We've got about 5 win95 clients, > 5 win98, 20 or so NT4 workstation, and 10 win2k machines. The Win2K machines are the kicker here. Without them, you could run 2.0.x as a PDC. With them, your options are only TNG, NT or Win2K as PDC. > I'm really worried about the issues that would arise using samba as a > pdc with such a mix. standardizing on win2k might help the situation, Not really. Ditching the 9x clients _might_ help, but NT/2K isn't going to matter much. > My eventual goal would probally be getting a linux/samba PDC, > configure authentication to go through LDAP services and allow > LDAP authentication through PAM on the Linux machines. Wouldn't we all? Unfortunately, right now LDAP is in the middle of the transition to the new schema, and using it with TNG is not likely to make it much easier. > But in the short term, I want to get file serving on Linux, and since > the IT budjet is pretty much maxed for awile, and since I have to > rebuild the current PDC anyway, I wanted to consider all my options. I hate to say it, but right now, the most fully-featured PDC for Win2K clients is NT or Win2K. TNG is getting there, though. A lot depends on how much you need NT client domain/user utilities and NT-style password changing and the like. - Kevin Colby kevinc@grainsystems.com From Gree3776 at rowan.edu Fri Jun 30 20:59:45 2000 From: Gree3776 at rowan.edu (Samuel Greenfeld) Date: Tue Dec 2 02:30:17 2003 Subject: Samba Head w/ TNG setup - multiple .SID files? Message-ID: At our organization, we were looking to integrate a test Windows 2000 machine into our samba setup. Here, samba plays a PDC. However, the system had to support 95/98 machines as well. So we followed the recommendation in the online TNG document and ran the smbd from the SAMBA_HEAD cvs tree and all the other utilities (nmbd, etc.) from the SAMBA_TNG cvs tree. We compiled the two of them into directories with two separate prefixes (/usr/local/samba.tng and /usr/local/samba.head). We shutdown the stable samba version we were using, started the alpha editions, and got the following error message in log.smbd whenever we tried to add the Win2k machine to the domain: ERROR: Samba cannot create a SAM SID for its domain (TESTDOM1). both /etc/MACHINE.SID and /etc/TESTDOM1.SID exist when only one should, unable to continue In other words, we ran into a problem where some of the utilities seem to be using the /etc/MACHINE.SID file, while some utilities were using an /etc/TESTDOM1.SID file (the name of the domain we created). This caused samba to get confused, and completely screwed up domain logins from the NT 4.0 client we had hooked up in samba 2.0.7, which said the SID it knew for the domain controller was not it. Renaming either of these .SID files and restarting samba caused them to be recreated. No harm done, we simply shut down the experimental version, used the old .SID file we backed up, started samba 2.0.7, and everything was back to normal. During the entire time, we were quite careful to cd into the appropriate directories (/usr/local/samba.tng/sbin and /usr/local/samba.head/bin) and run "./daemonname" to ensure that the proper binary was started. Right now, this entire setup is experimental, so if anyone has any ideas on how to fix this (or wants us to track down which daemon is at fault), please let me know. We also ran into trouble getting samedit to run, but I do not know if this is related. Date of experiment: June 28, 2000 Date of last CVS update & compile prior to experiment: June 28, 2000, early morning Samba TNG prefix set to: /usr/local/samba.tng Samba HEAD prefix set to: /usr/local/samba.head /etc/smb.conf was shared between versions, /etc/smbpasswd also forced in both. Operating system: Linux 2.2.14-6.1.1smp (yes, it needs to be upgraded, but we're waiting on some binary-only drivers) on a Dual Xeon 800 w/ 1024 MB RAM. Sincerely, Samuel Greenfeld Electrical & Computer Engineering, Rowan University