From anders at aae.wisc.edu Wed Mar 1 05:19:36 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:28:50 2003 Subject: Where do you want to go today. Message-ID: <200003010519.XAA27396@qui-gon.aae.wisc.edu> Ok, guys.. I know this is off-topic, but.... Luke: please don't delete me from the mailing-list.. --Anders Forwarded message from Madison Linux user-group: Please pardon the forwarded, off-topic message . . . > The classically-minded among us may have noted > a new TV ad for > Microsoft's Internet Explorer e-mail program > which uses the musical > theme of the "Confutatis Maledictis" from > Mozart's Requiem. > > "Where do you want to go today?" is the cheery > line on the screen. > > While, the chorus sings "Confutatis maledictis, > flammis acribus addictis," > This translates to > "The damned and accursed are convicted to the > flames of hell." > > Good to know that Microsoft has done its > research. So, where do you want to go today? From chriskl at familyhealth.com.au Wed Mar 1 07:01:55 2000 From: chriskl at familyhealth.com.au (Christopher Kings-Lynne) Date: Tue Dec 2 02:28:51 2003 Subject: Domain group mappings in latest CVS source In-Reply-To: <200003010519.XAA27396@qui-gon.aae.wisc.edu> Message-ID: Hi, I notice that 'domain group map' is gone from the cvs source, and it looks like 'domain groups' is its replacement... So, if I add the domain users file with the entry wheel = Administrators Why does my login not give me administrative privileges on the local machine? How can I tell if the group mapping is actually _working_? Thanks, Chris From dstutz at clip.de Wed Mar 1 08:29:50 2000 From: dstutz at clip.de (Daniel Stutz) Date: Tue Dec 2 02:28:51 2003 Subject: Behavior of roaming profiles Message-ID: <00030110061800.00337@perseus.ett.clip.de> Hello. I'm running Samba 2.0.6 with a 2.2.12 kernel as a Domain Server (Pseudo PDC). It worked fine, even the roaming profiles. But then I leaved the domain and joined a workgroup. The "trusted account" in passwd an smbpasswd had been deleted, also all user accounts. Now I'm created a new machine account (same machine name), joined the domain again and found the following situation: some users couldn't change their profiles (They can change, but after logout they get a new NT default profile, NOT then one located in "%systemroot%\profiles\default user". It's just like mandatory profiles.), while others could. To ensure, that the configuration haven't be changed, I restored both a linux and a NT Workstation backup, made from "virgin" systems to build a test environment. Again everything worked fine. I leaved the domain, joined a workgroup, deleted the machine account and the user accounts and rejoined the domain. I found nearly the same situation as described above. But now no user could change his profile. I found a microsoft article about, corrupted profiles, which described similar symptoms. I tried their recommended workaround and deleted the server stored profile as well as the local copy. It worked! But after that the users got a new profile, but not the same as before: now it is the one located in the "default user" directory! Has anybody made similar experiences? Is there a solution for my production environment? I'm searching for a "checked" version of the "userenv.dll", which logs all activities during down- an uploading roaming profiles. I could not find it in DDK or SDK like described in microsoft article "How to debug roaming profiles". Does anybody know, where I can find it? Thanks in advance Daniel From lk at netuse.de Wed Mar 1 09:45:19 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:51 2003 Subject: Login fails (was Re: Samba TNG) References: Message-ID: <38BCE6AF.39AF2A64@netuse.de> Luke Kenneth Casson Leighton wrote: > try an account that maps to root. > > I have a old problem. I can join the domain, but if i reboot > > windows nt, i'm not able to login, because windows nt can't find > > the computeraccount or the password for the workstation account > > is wrong. Do you have any idea where i can look? I found the problem. But i need to investigate it further. lsarpcd dies "internaly". It's not crashing(that's why you can see it with ps) but it won't work anymore. When i kill lsarpc and start it again, i'm able to login. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Wed Mar 1 09:47:32 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:51 2003 Subject: Updated the webpages Message-ID: <38BCE734.A5561B18@netuse.de> Hello! I have updated my samba tng webpages. The way how to create a PDC has changed and there was a error in the example configfiles. The profile directory should not be \\PDC\%U\profile but \\PDC\profile\%U. And of course you need now a profile share. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From p.mayers at ic.ac.uk Wed Mar 1 10:16:25 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:28:51 2003 Subject: Linux as an NT CLIENT Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8135B@icex1.cc.ic.ac.uk> Yeh, saw that after I pulled the TNG code down. Cool. Cheers, Phil ===================== The world is divided into two kinds of people, those who divide the world into two kinds of people, and those who don't... -----Original Message----- From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] Sent: Tuesday, February 29, 2000 7:58 PM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: Linux as an NT CLIENT luke howard has already written a sursldap, it's incredibly simple: it's a switch statement around two function calls. so it's been done. luke On Wed, 1 Mar 2000, Mayers, P J wrote: > I'm well aware of the need for s SURS implementation. In fact, if/when the > API settles down, pulling the SID->uid/gid mapping out of an LDAP directory > is something I'd like to look at. > > Cheers, > Phil > > -----Original Message----- > From: Luke Kenneth Casson Leighton > To: Multiple recipients of list SAMBA-NTDOM > Sent: 29/02/00 16:58 > Subject: RE: Linux as an NT CLIENT > > On Wed, 1 Mar 2000, Mayers, P J wrote: > > > Yes, still need a passwd/NIS entry. IIRC there was something under > > development called winbind, which is the equivalent for ypbind for an > NT > > domain, rather than NIS. Very nice. But it was dependent on SURS, and > hence > > probably TNG. Again, I don't know the progress. > > yeah, tim's working on it. > > actually, absolutely _Everything_ is dependent on a decent SURS > implementation, and we don't have one. > > and no, dammit, the current one _isn't_ good enough. however, as i was > explaining to tim (it took a couple of days, and his code got a _lot_ > simpler when he got it), it's not the responsibility of samba, > pam_ntdom, > pam_smb, winbind, pam_smbpass, or anything BUT surs itself to solve the > problem of mapping uids/gids and sids. > > luke > > > > > -----Original Message----- > > From: Jay Thomas > > To: Multiple recipients of list SAMBA-NTDOM > > Sent: 2/29/00 1:01 AM > > Subject: Re: Linux as an NT CLIENT > > > > Jonathan Hutchins wrote: > > > > > > On Sat, 19 Feb 2000, Jonathan Hutchins wrote: > > > > > > >> What are the critical steps in getting a Samba machine to join > the > > > >> domain and access shares? > > > > > > And Luke Kenneth Casson Leighton rather sparsely > > replied: > > > > > > > pam_ntdom. > > > > > > Which migh possibly be a compile-time option? Not currently doc'ed > as > > a > > > configuration keyword. > > > > > > >From the looks of the list, there are some problems with the > > > authenticate-the-linux-user-from-the-NT-PDC code, yet Jason Holland > > says "I > > > have several samba boxes joined and authenticating to NT PDC's". > > > > > > There appears to about 1/3 of a page of documentation on this. I'd > > gladly > > > write a HOWTO if someone could take the time to elaborate a bit > more. > > I've > > > got most of the rest of the functionality of an NT Client working, > > just need > > > the authenticate-from-NT part. > > > > Do you need to have a passwd file entry for each user when they > > authenticate of > > a NT-PDC? > > > > Anyone got this to work w/ HPUX 10.20 or 11? (they seem to have an > older > > PAM version than is standard) > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From peter at cadcamlab.org Wed Mar 1 10:21:56 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:51 2003 Subject: multiple logs References: Message-ID: <14524.61101.823861.118112@wire.cadcamlab.org> [Gregory Leblanc] > Speaking of seeing things fly by on the screen, will multiple -l > options work together (TNG from CVS, whenever)? I.E. if I want to > log to tty8 and $logdir/log.smb, can I get output both places? There's always the old Unix trick: mkfifo /tmp/log.smb.fifo tee < /tmp/log.smb.fifo > /dev/tty8 $logdir/log.smb rpcclient -l /tmp/log.smb.fifo .... I guess it goes without saying that you have to modify this for /tmp races if you don't trust your local users.... Peter From lk at netuse.de Wed Mar 1 12:26:47 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:51 2003 Subject: Updated the webpages References: <38BCE734.A5561B18@netuse.de> Message-ID: <38BD0C87.A8DB4A7E@netuse.de> Lars Kneschke wrote: > I have updated my samba tng webpages. > The way how to create a PDC has changed and there was a error in > the example configfiles. The profile directory should not be > \\PDC\%U\profile but \\PDC\profile\%U. And of course you need now > a profile share. Ups, maybe not everyone knows the URL: http://www.kneschke.de/projekte/samba_tng Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Wed Mar 1 12:27:28 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:51 2003 Subject: Domain group mappings in latest CVS source References: Message-ID: <38BD0CB0.9F850020@netuse.de> Christopher Kings-Lynne wrote: > > Hi, > > I notice that 'domain group map' is gone from the cvs source, and it looks > like 'domain groups' is its replacement... > > So, if I add the domain users file with the entry > wheel = Administrators > > Why does my login not give me administrative privileges on the local > machine? How can I tell if the group mapping is actually _working_? It seems not to work actually. Ci -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Wed Mar 1 12:47:31 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:51 2003 Subject: What is VFS Message-ID: <38BD1163.B79CF2B1@netuse.de> Hello! I have read http://www.linuxcare.com.au/tridge/lw_tridge/ . Can someone explain the benefits of "Loadable VFS system"? What does this mean in the real world? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From jroman6 at ford.com Wed Mar 1 13:53:25 2000 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:28:51 2003 Subject: Behavior of roaming profiles Message-ID: <200003011353.IAA22732@mailfw6.ford.com> Not that this is much help, but we also have had the same problem, but not necessarily when switching domains. The same problem can happen using Novell servers for storage of roaming profiles. (We actually hoped that the problem would be resolved by going to Samba). Currently we are using NT4 Workstations and a Samba 2.0.6 server. The only solution we have is deleting the roaming profile off the server and then, while logged on as administrator, deleting the entire profile out of the WINNT\profiles directory. As best as we can tell, it is due to problems shutting down the computer and saving the profile to the server. We have suggested to users that they make sure to shutdown all applications (and verify that they are completely shutdown) before shutting down the Workstations. While this may not be the exact situation that you are running into, perhaps the information will help. -----Original Message----- From: Daniel Stutz [mailto:dstutz@clip.de] Sent: Wednesday, March 01, 2000 4:09 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Behavior of roaming profiles Hello. I'm running Samba 2.0.6 with a 2.2.12 kernel as a Domain Server (Pseudo PDC). It worked fine, even the roaming profiles. But then I leaved the domain and joined a workgroup. The "trusted account" in passwd an smbpasswd had been deleted, also all user accounts. Now I'm created a new machine account (same machine name), joined the domain again and found the following situation: some users couldn't change their profiles (They can change, but after logout they get a new NT default profile, NOT then one located in "%systemroot%\profiles\default user". It's just like mandatory profiles.), while others could. To ensure, that the configuration haven't be changed, I restored both a linux and a NT Workstation backup, made from "virgin" systems to build a test environment. Again everything worked fine. I leaved the domain, joined a workgroup, deleted the machine account and the user accounts and rejoined the domain. I found nearly the same situation as described above. But now no user could change his profile. I found a microsoft article about, corrupted profiles, which described similar symptoms. I tried their recommended workaround and deleted the server stored profile as well as the local copy. It worked! But after that the users got a new profile, but not the same as before: now it is the one located in the "default user" directory! Has anybody made similar experiences? Is there a solution for my production environment? I'm searching for a "checked" version of the "userenv.dll", which logs all activities during down- an uploading roaming profiles. I could not find it in DDK or SDK like described in microsoft article "How to debug roaming profiles". Does anybody know, where I can find it? Thanks in advance Daniel From jrb at fluent.de Wed Mar 1 14:10:25 2000 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:28:51 2003 Subject: Domain unavailable Message-ID: <200003011410.PAA16125@prag.fluent.de> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 511 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000301/903e1c15/attachment.bin From lk at netuse.de Wed Mar 1 14:16:08 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:51 2003 Subject: Domain unavailable References: <200003011410.PAA16125@prag.fluent.de> Message-ID: <38BD2628.71FD6FB@netuse.de> Juergen Bock wrote: > > Hi there, > > I'm having trouble logging in with today's tng-cvs. I could join the domain, but logins are not > possible. I get an error message like "The system couldn't log you on at this time because the > domain BLAH is unavailable" (from German). > The PDC is Suse 6.2, Kernel 2.2.14. Does anybody else have a similar problem??? It's possible that some daemons died, while joining the domain. Try to restart all samba tng daemons before you try to login again. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From jrb at fluent.de Wed Mar 1 14:31:00 2000 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:28:51 2003 Subject: Domain unavailable In-Reply-To: <38BD2628.71FD6FB@netuse.de> Message-ID: <200003011431.PAA17484@prag.fluent.de> Nope, that didn't fix it. I stopped all daemons and restarted them. I got the error message "remove on /home/samba/var/locks/.msrpc/xxx failed" for all daemons except smbd and nmbd. So I stopped them again, wiped the var directory and restarted. Yet no login possible, same error message. Juergen > It's possible that some daemons died, while joining the domain. > Try to restart all samba tng daemons before you try to login > again. > > Cu > > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-0 From lk at netuse.de Wed Mar 1 14:56:05 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:51 2003 Subject: Domain unavailable References: <200003011431.PAA17484@prag.fluent.de> Message-ID: <38BD2F85.C354A329@netuse.de> Juergen Bock wrote: > > Nope, that didn't fix it. I stopped all daemons and restarted them. I > got the error message "remove on > /home/samba/var/locks/.msrpc/xxx failed" for all daemons except I have these messages too, but it works. > smbd and nmbd. So I stopped them again, wiped the var directory > and restarted. > Yet no login possible, same error message. Strange, but i have no idea anymore. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From m.kaschel at sf.hs-wismar.de Wed Mar 1 15:01:46 2000 From: m.kaschel at sf.hs-wismar.de (Michael Kaschel) Date: Tue Dec 2 02:28:52 2003 Subject: Logon-Script Message-ID: <38bd30eb.5f086d.0@sf.hs-wismar.de> >Hi there, > >my logon-script is mapping a lot of drives from my PDC with the clients. >This script is executed the first time a User logs on the PDC. >When the User log on the second time the script is giving some >errormessages: >"Can?t map the drives the drives are already in use or something like >that. >Is there a possibility to delete the "net use" commands in first step and >the connect them again? >Like >delete all net use >and then >net use \\PDC\drive > >Thank you >-------------------------------------------------------------------------------------------------- >Mit freundlichen Gr??en > >Cord-H. Fricke >Fon: 0 52 1 / 52 51-111 >Fax: 0 52 1 / 52 51-115 > >..keep on headbangin? , that rocks!!! > You have to use the net command in following manner: net use Y: \\SERVER\ShareName /persistent:no This will disconnect the drive, when the user logged out. Otherwise the connection will restored again when the user logs in again. When then the script is executed and the drive is already connected you get the above mentioned error message. Best regards Michael Kaschel ++ From lauffer at ph-freiburg.de Wed Mar 1 15:16:05 2000 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:28:52 2003 Subject: Logon-Script In-Reply-To: Message-ID: Hi all! > Like > delete all net use > and then > net use \\PDC\drive net use h: /delete Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ Abteilung ZIK: WWW ] [ Tel.: 0761 - 682 447 Mobil: 0172 - 7145 197 ] From fabian at guternet.de Wed Mar 1 15:20:56 2000 From: fabian at guternet.de (Fabian Guter) Date: Tue Dec 2 02:28:52 2003 Subject: Logon-Script In-Reply-To: <38bd30eb.5f086d.0@sf.hs-wismar.de> Message-ID: > You have to use the net command in following manner: > > net use Y: \\SERVER\ShareName /persistent:no > > This will disconnect the drive, when the user logged out. Unfortunately, this works only with NT clients, since Win9x doesn't know the option /persistent:yes|no. Is there a way to get the desired result on both systems without using different user acoounts ? Regards, Fabian -- Fabian Guter From lee.taylor at scania.co.za Wed Mar 1 15:40:26 2000 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:28:52 2003 Subject: Logon-Script References: Message-ID: <015601bf8394$77225380$8b640107@scania.co.za> > my logon-script is mapping a lot of drives from my PDC with the clients. > This script is executed the first time a User logs on the PDC. > When the User log on the second time the script is giving some > errormessages: > "Can?t map the drives the drives are already in use or something like > that. > Is there a possibility to delete the "net use" commands in first step and > the connect them again? > Like > delete all net use > and then > net use \\PDC\drive Why not just try "net use \\PDC\drive /yes" which should override what ever drive mappings that are there. You should be able to check these options at the DOS command prompt by typing "Net Help Use | More" Hope this helps. Mailed C.Lee Taylor Scania South Africa From johanh at fusion.kth.se Wed Mar 1 15:42:18 2000 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:28:52 2003 Subject: Domain unavailable In-Reply-To: <38BD2F85.C354A329@netuse.de> Message-ID: We have the same problem since a few days. We run current versions (updated today) och samba pre-3.0.0 smbd and nmbd and other daemons from Samba TNG. Also browsing is broken. All the shares are there but named ",". I don't know if this is related. I *think* the problems started when I moved the "domain master" and "local master" to the Samba PDC. domain master = yes local master = yes preferred master = yes os level = 65 wins support = yes encrypt passwords = yes domain logons = yes How should I proceed to debug this? /Johan Hedin /---------------------------------------------------------------------\ | Johan Hedin | johanh@fusion.kth.se | | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | \---------------------------------------------------------------------/ On Thu, 2 Mar 2000, Lars Kneschke wrote: > Juergen Bock wrote: > > > > Nope, that didn't fix it. I stopped all daemons and restarted them. I > > got the error message "remove on > > /home/samba/var/locks/.msrpc/xxx failed" for all daemons except > I have these messages too, but it works. > > > smbd and nmbd. So I stopped them again, wiped the var directory > > and restarted. > > Yet no login possible, same error message. > Strange, but i have no idea anymore. > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > From Elrond at Wunder-Nett.org Wed Mar 1 16:18:53 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:52 2003 Subject: Problems joining a domain with a Samba-TNG PDC In-Reply-To: <38BC4B8C.AED8B497@loudcloud.com>; from Paul Kennedy on Wed, Mar 01, 2000 at 09:42:31AM +1100 References: <38BC4B8C.AED8B497@loudcloud.com> Message-ID: <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> On Wed, Mar 01, 2000 at 09:42:31AM +1100, Paul Kennedy wrote: [...] > After rebooting paulpc, I try to logon to the domain Airius and fail. The > message dialog which pops up says "The system cannot log you on to this > domain because the systems computer account in it's primary domain is > missing or the password on that account is incorrect". > [...] I got this too for a while (without ldap). The current best workarround, I know, is: - remove all reference to paulpc$ from ldap - give root a password in samba maybe like: samedit -S . -U root% createuser root -p pass - (possible checking of that with smbclient...) - use the create machine trust account checkbox in the join dialog. Hope, that helps a bit. Elrond From johanh at fusion.kth.se Wed Mar 1 16:26:58 2000 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:28:52 2003 Subject: Domain unavailable In-Reply-To: Message-ID: On Thu, 2 Mar 2000, Johan Hedin wrote: > ",". I don't know if this is related. I *think* the problems started when The shares are without name. "," was on the other side of a " in an error message. /Johan Hedin From tschweikle at FIDUCIA.de Wed Mar 1 16:51:03 2000 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:28:52 2003 Subject: Logon-Script Message-ID: <0057540004131652000002L422*@MHS> fabian@guternet.de: >> You have to use the net command in following manner: >> >> net use Y: \\SERVER\ShareName /persistent:no >> >> This will disconnect the drive, when the user logged out. > > Unfortunately, this works only with NT clients, since > Win9x doesn't know the option /persistent:yes|no. > > Is there a way to get the desired result on both systems > without using different user acoounts ? Yes there is, but it needs some more elaboration... < y:\>type \\PDC\netlogon\logon.bat < @echo Versuche Zeit vom Server zu erhalten... < @if not "%logonserver%" == "\\XCNLM00S" net time \\xcnlm00s /set /yes > NUL < @if "%OS%" == "Windows_98" goto osok < @if "%OS%" == "Windows_NT" goto osok < @if "%OS%" == "OS2_Warp4" goto osok < < @if "%WINDIR%" == "" goto quit < @if "%WINBOOTDIR%" == "" goto quit < < @echo SET OS=Windows_98>> c:\autoexec.bat < @set OS=Windows_98 < < :osok < @if exist \\PDC\netlogon\%os%.cmd start \\PDC\netlogon\%os%.cmd > c:\%os%.txt < @if exist \\PDC\netlogon\%os%.bat start \\PDC\netlogon\%os%.bat > c:\%os%.txt < < :quit < exit While not all os have (like unix) a variable telling me what os I am working on (Windows 9x) I'll set, for my convenience, one after finding out what os my script is running on. I use the same script for all those non unix clients --- the disadvantage is: command-line-interpreters differ if you use certain commands. You must make sure too keep the least common level. After having found out what os my scrip runs on I switch to an other script doing the rest of the work. -- From bkeats at spiff.chin.gc.ca Wed Mar 1 16:42:35 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:52 2003 Subject: NetLogon Service Message-ID: <00030111531100.27796@panther> Hi, I realize this might not be the best place to post this message but it sure seems like there are a lot of knowledgable people on this list. I am currently using 2.05 as a member of an NT domain, with security = domain, to process domain logons for a handfull of Win95 machines. The current setup works great for performing the logon service except that the NetLogon service doesn't work the way I was expecting it to. This is just my assumption on the NT NetLogon service, but I assume during the process it passes along the netlogon batch file (for the sake of a better term) to the requesting client to process. I.E. %u.bat, or whatever. I also assume that the correct batch file to pass along to the client is stored with username on the NT PDC/BDC's. Currently, users being validated by my samba server at not passed along this batch file, but are validated on the domain. I can issue a 'net use' command on the client with success. Is this a limitation of ver 2.05 and is handled by TNG or a later version of samba ? Anyone have any further insight as to how the netlogon service works, or any suggestions as to what I should try ? Regards in advance Brian Keats P.S. Good luck with your holiday and new job Luke ! From olegario at noc.rutgers.edu Wed Mar 1 17:24:30 2000 From: olegario at noc.rutgers.edu (Alan Olegario) Date: Tue Dec 2 02:28:52 2003 Subject: Application Error Message-ID: <001401bf83a3$01ca0d30$1a37e6a5@rutgers.edu> While working on my NT box, when I try to view permissions of a file/directory on the SAMBA server, I get an application error in EXPLORER.exe with an access violation. Has anyone seen this before? ------------- Alan Olegario Rutgers University Computing Services Systems Administrator RUNet 2000 Project Office 63 Road 1 Piscataway, NJ 08854 Voice: 732-445-1470x606 Fax: 732-445-1481 Cell: 732-433-6840 Email: olegario@noc.rutgers.edu Pager: 732-954-9158 or olegario@pager.rutgers.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: Alan Olegario.vcf Type: text/x-vcard Size: 544 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000301/5ad634d3/AlanOlegario.vcf From cartegw at Eng.Auburn.EDU Wed Mar 1 17:32:31 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:28:52 2003 Subject: Application Error References: <001401bf83a3$01ca0d30$1a37e6a5@rutgers.edu> Message-ID: <38BD542F.CAAA2418@eng.auburn.edu> Alan Olegario wrote: > > While working on my NT box, when I try to view permissions of a > file/directory on the SAMBA server, I get an application error in > EXPLORER.exe with an access violation. Has anyone seen this before? What version of Samba are you using? I'm guessing an older 2.0.x version. Works fine in 2.0.6 i know. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From hutchins at opus1.com Wed Mar 1 17:51:35 2000 From: hutchins at opus1.com (Jonathan) Date: Tue Dec 2 02:28:52 2003 Subject: Linux as an NT CLIENT Message-ID: <317F4501306FD11187020080ADB4811B15D470@CAVERN> > From: Mayers, P J [mailto:p.mayers@ic.ac.uk] > Sent: Monday, February 28, 2000 6:20 PM > Do you mean at login: prompt time? In which case, if your > system supports pam, you can use pam_ntdom (hence Luke's rather sparse reply). I still have no clue what "pam_ntdom" is, or how I would "use" it. It's not documented in anything I've found on samba yet. What is it? Is it a compile-time option? Is it a keyword in recent versions of smb.conf that's not documented? What versions does it appear in? How do I find it? > But you need to be clear exactly what you mean, and how > you're making Linux an NT client. I suppose "join an NT domain as a client" is as obvious in it's implications to an NT Administrator as "use pam_ntdom" is to a Linux programmer. A member client of an NT domain relies on the PDC for all authentication - any user with a domain account can log in to any member workstation, and can access resources based on rights associated with that login. I want my Linux workstation to use the NT PDC to authenticate users, so any user with a domain account can log in to the Linux box, preferably without me having to first create an account on the Linux box first. > smbmount will allow you to mount smb shares ... So far, this works as long as I supply an NT username and password to the command. > but there's a program with Samba called smbsh... And boy, you want to talk undocumented! There's no clue how to use it, just that you can. I realize that Samba is a work in progress, but there are features that are in the stable release that the average non-programmer can't use because nothing says how to go about using them. The documents mention them, and say what you can do with them, but there's nothing about how to implement them. Even more, there's nothing about troubleshooting them, where to look if one of the features isn't working. The server side is being pretty well documented, but we need a little better work on the client/workstation side. If I want to put a Linux workstation in a cube and make it work with the corporate NT network to show the suits an alternative to the evil from Redmond, the client side of Samba has to offer network resources that can be made reasonably transparent to an NT user. If I can get this information together, I want to document a HOWTO of putting a Linux workstation on an NT domain as a client, step by step, with troubleshooting. From hutchins at opus1.com Wed Mar 1 17:57:59 2000 From: hutchins at opus1.com (Jonathan) Date: Tue Dec 2 02:28:52 2003 Subject: Linux as an NT Client Message-ID: <317F4501306FD11187020080ADB4811B15D471@CAVERN> OK, it looks like seamless integration of a Linux box as an NT client/workstation is a work-in-progress, not quite ready for play yet. Still, the methods for joining a domain look workable if we could document them with a little more depth. If anyone can help with some advice beyond the current NT Domain FAQ on getting the current stable release to properly map NT accounts to Linux accounts, how to create the Linux account list from the NT account list, how smbsh is supposed to be set up and used, I would appreciate the help. From thomas.heiligenmann at t-online.de Wed Mar 1 18:07:46 2000 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:28:52 2003 Subject: Logon-Script References: Message-ID: <38BD5C72.7567E2EB@heiligenmann.de> Fabian Guter wrote: > > > You have to use the net command in following manner: > > > > net use Y: \\SERVER\ShareName /persistent:no > > > > This will disconnect the drive, when the user logged out. > > Unfortunately, this works only with NT clients, since Win9x doesn't know the > option /persistent:yes|no. > > Is there a way to get the desired result on both systems without using > different user acoounts ? > if %OS%=="Windows NT" goto NT_LOGON :WIN95_LOGON net use Y: \\SERVER\ShareName goto END :NT_LOGON net use Y: \\SERVER\ShareName /persistent:no :END -- Thomas From thien_vu at hotmail.com Wed Mar 1 18:14:33 2000 From: thien_vu at hotmail.com (Thien Vu) Date: Tue Dec 2 02:28:52 2003 Subject: Linux as an NT Client References: <317F4501306FD11187020080ADB4811B15D471@CAVERN> Message-ID: <20000301181528.89133.qmail@hotmail.com> It depends on what you will be using on the Linux platform. In our office, Samba will be the main mechanism for authentication until we move to something like LDAP. We achieve this for our WinNT workstations and Linux workstations. For our Linux boxes, we will be doing authentication through pam_smb (which can be obtained in a similar manner to Samba through cvs) and probably will be mounting home directories through a logon script and smbmount or some other network fs mechanism. We will "pamify" other services such as sshd and apache so that most of the authentication on Linux will be filtered into PAM. Thien Vu ----- Original Message ----- From: "Jonathan" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, March 01, 2000 10:01 AM Subject: Linux as an NT Client > OK, it looks like seamless integration of a Linux box as an NT > client/workstation is a work-in-progress, not quite ready for play yet. > > Still, the methods for joining a domain look workable if we could document > them with a little more depth. If anyone can help with some advice beyond > the current NT Domain FAQ on getting the current stable release to properly > map NT accounts to Linux accounts, how to create the Linux account list from > the NT account list, how smbsh is supposed to be set up and used, I would > appreciate the help. > > From kellermg at potsdam.edu Wed Mar 1 20:15:03 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:28:52 2003 Subject: Insignificant Drivel Message-ID: <38BD7A47.2935907B@potsdam.edu> smbclient appears to be broken in regards to server names with embedded spaces. (and yes, I've tried quoting the string). I don't know how far back this goes (as a bug). I've scoured through the smbclient code, and don't see problems, so I'm a little baffled- Workgroups/domains with smbclient work fine. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From mbreuer at siac.com Wed Mar 1 21:14:24 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:52 2003 Subject: TNG 0.7 PDC - w2k success (with patch) Message-ID: <38BD8830.8C137D90@siac.com> I've successfully joined an W2K nt workstation to the samba domain. The following works... at least for me. 1) the become_user issue has to be fixed, otherwise it is difficult if not impossible to set things up to work consistantly both for joining a ws to a domain and then logging in to the domain. It's probably a bad patch, but it works for now. 2) There are issues if you are using usernamemaps. Basically, the domain login inconsistently switches between the "unix" user id and the NT user id. For example, assume usernamemap: unixuser=ntuser. When logging in to the NT workstation as 'ntuser' the user name supplied comes back as "unixuser". This causes the local machine to incorrectly map profiles and other network logins (Netware, for example). I worked around this problem by removing the username map entries involved. This forced rearranging /etc/passwd so that the NT user id precedes the unix version (nasty... requires the NT password for the UNIX screen saver). 3) I'm sure it's been discussed, but I haven't seen this in the TNG faqs... it is useful to add the domain user to the local machine... it's not automatic. For example: if there is a unix account "user1" and an nt account "user1" and the nt machine is joined to the domain, "user1" logging on to the domain will have no local rights. While this may be desirable, it seems inconsistent from W2K Server behaviour when joining a workstation to a domain (you can assign local rights at the NT Active Directory tree). In the samba case, you have to go in as a local administrator (runas helps) and add a NEW user user1 to the domain (on the local machine). AFAIK, this can only be done by clicking "Users and Passwords" in the control panel, selecting the 'Users" tab and hitting "add." On the property sheet which comes up, add the user on the samba domain name. Don't use "browse", it doesn't seem to work with tng 0.7. -------------- next part -------------- *** samba-tng-alpha.0.7/source/lib/set_uid.c Wed Mar 1 10:47:52 2000 --- samba-tng-alpha.0.7/source/lib/set_uid.c.orig Wed Feb 23 18:26:51 2000 *************** *** 333,349 **** if (become_root_depth) { DEBUG(0,("ERROR: become root depth is non zero\n")); } ! if (save_dir && !become_root_depth) dos_GetWd(become_root_dir); ! if (!become_root_depth) { ! current_user_saved = current_user; ! } ! become_root_depth++; /* let's try to stack ... but always keep the original ID */ ! if (become_root_depth == 1) { /* only needed if not root */ ! become_uid(0); ! become_gid(0); ! } } /**************************************************************************** --- 333,346 ---- if (become_root_depth) { DEBUG(0,("ERROR: become root depth is non zero\n")); } ! if (save_dir) dos_GetWd(become_root_dir); ! current_user_saved = current_user; ! become_root_depth = 1; ! ! become_uid(0); ! become_gid(0); } /**************************************************************************** *************** *** 353,366 **** ****************************************************************************/ void unbecome_root(BOOL restore_dir) { ! if (!become_root_depth) {/* too many unwinds ... oops just abort */ ! DEBUG(0,("ERROR: unbecome root depth called with root depth = 0")); ! return; ! } ! if (--become_root_depth) { DEBUG(0,("ERROR: unbecome root depth is %d\n", ! become_root_depth+1)); ! return; /* don't unwind yet... nested calls */ } /* we might have done a become_user() while running as root, --- 350,358 ---- ****************************************************************************/ void unbecome_root(BOOL restore_dir) { ! if (become_root_depth != 1) { DEBUG(0,("ERROR: unbecome root depth is %d\n", ! become_root_depth)); } /* we might have done a become_user() while running as root, *************** *** 395,398 **** --- 387,391 ---- current_user = current_user_saved; + become_root_depth = 0; } From rkelley at syncreticsoft.com Wed Mar 1 22:03:34 2000 From: rkelley at syncreticsoft.com (Ron Kelley) Date: Tue Dec 2 02:28:52 2003 Subject: Windows2000 Message-ID: <38BD93B6.6AF8F8BB@syncreticsoft.com> So, has anyone had trouble with seeing a LINUX box from Windows2000 server yet? I am. I have RedHat 6.0 with the out-of-the-box verision of Samba running. I'm pretty sure I have everything configured correctly, because I had it working on NT4.0. I made sure that Windows2000 knew about my LINUX box via DNS. Do I need something else? Thanks, Ron From clairroberts at home.com Wed Mar 1 22:27:58 2000 From: clairroberts at home.com (Clair Roberts) Date: Tue Dec 2 02:28:52 2003 Subject: Compiling Problem Message-ID: <38BD996E.83458DD1@home.com> I grabbed the head source of Samba yesterday using CVS. I followed the instructions on the FAQ located at http://us1.samba.org/samba/docs/ntdom_faq/page2.html. I checked out all the source code. Ran configure, then make. It all seemed to be going ticky boo until this little error poped up. -- Using LIBS = -lsec -lgen -lsocket -lnsl -ldl Compiling rpcclient/rpcclient.c rpcclient/rpcclient.c: In function `main': rpcclient/rpcclient.c:768: Internal compiler error in `build_insn_chain', at global.c:1756 Please submit a full bug report. See for instructions. make: *** [rpcclient/rpcclient.o] Error 1 --- I was compiling this on Solaris 2.7 using "gcc version 2.95.2 19991024 (release)" Anybody seen this before? -- Clair Roberts Systems Analyst Advanced Delivery Solutions Limited 2716 Rock Bay Ave. Victoria, BC Canada V8T 4R9 Tel: 250-592-7453 Fax: 250-592-7452 http://www.AdvancedDelivery.com From gene_yee at hotmail.com Wed Mar 1 22:28:18 2000 From: gene_yee at hotmail.com (Gene Yee) Date: Tue Dec 2 02:28:52 2003 Subject: Windows2000 Message-ID: <20000301222818.98518.qmail@hotmail.com> I know it works fine with RedHat 6.1, also with 6.1 and latest Samba. >From: Ron Kelley >Reply-To: rkelley@syncreticsoft.com >To: Multiple recipients of list SAMBA-NTDOM >Subject: Windows2000 >Date: Thu, 2 Mar 2000 09:07:58 +1100 > >So, has anyone had trouble with seeing a LINUX box from Windows2000 >server yet? > >I am. I have RedHat 6.0 with the out-of-the-box verision of Samba >running. I'm pretty sure I have everything configured correctly, because >I had it working on NT4.0. I made sure that Windows2000 knew about my >LINUX box via DNS. Do I need something else? > >Thanks, >Ron > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From hwimmer at bakerref.com Wed Mar 1 22:29:37 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:28:52 2003 Subject: pdc support Message-ID: <00f801bf83cd$a14d3830$9f01a8c0@hwimmer.bakerref.com> i am not as far along as most of you but i have some ?'s we would like to move our file servers from novell to linux, as well as our sun mail server to linux / sendmail, we also have a need for an nt domain. we need to eliminate logins. will a samba pdc authenticate users for our other nt servers. we dont need it to do much more than allow network browsing and logins for users. otherwise, i need accounts (nis) for linux and NT and then map them together ??? From JasonJensen at home.com Thu Mar 2 00:47:45 2000 From: JasonJensen at home.com (Jason Jensen) Date: Tue Dec 2 02:28:52 2003 Subject: Fw: Linux as an NT Client Message-ID: <000701bf83e0$ed069dd0$0201a8c0@trt.cx> ----- Original Message ----- From: "Jason Jensen" To: Sent: Wednesday, March 01, 2000 4:11 PM Subject: Re: Linux as an NT Client > I would be happy to document this project into depth if given knowledge > about each part (from luke?) and given a little help so my machine is > working. > > I mean if i can't get profiles working right nor get the printers working i > can't document it right. > ----- Original Message ----- > From: "Jonathan" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, March 01, 2000 11:59 AM > Subject: Linux as an NT Client > > > > OK, it looks like seamless integration of a Linux box as an NT > > client/workstation is a work-in-progress, not quite ready for play yet. > > > > Still, the methods for joining a domain look workable if we could document > > them with a little more depth. If anyone can help with some advice beyond > > the current NT Domain FAQ on getting the current stable release to > properly > > map NT accounts to Linux accounts, how to create the Linux account list > from > > the NT account list, how smbsh is supposed to be set up and used, I would > > appreciate the help. > > > > > From chriskl at familyhealth.com.au Thu Mar 2 01:30:01 2000 From: chriskl at familyhealth.com.au (Christopher Kings-Lynne) Date: Tue Dec 2 02:28:52 2003 Subject: NetLogon Service References: <00030111531100.27796@panther> Message-ID: <003e01bf83e6$d483d6f0$2100a8c0@internal> Do you definitely have a 'netlogon' share defined and the directive: logon script = %U.bat in your smb.conf? Chris -- Christopher Kings-Lynne Family Health Network chriskl@familyhealth.com.au ----- Original Message ----- From: Brian Keats To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, March 02, 2000 12:58 AM Subject: NetLogon Service > Hi, > I realize this might not be the best place to post this message but it > sure seems like there are a lot of knowledgable people on this list. I am > currently using 2.05 as a member of an NT domain, with security = domain, to > process domain logons for a handfull of Win95 machines. The current setup > works great for performing the logon service except that the NetLogon service > doesn't work the way I was expecting it to. This is just my assumption on the > NT NetLogon service, but I assume during the process it passes along the > netlogon batch file (for the sake of a better term) to the requesting client to > process. I.E. %u.bat, or whatever. I also assume that the correct batch file > to pass along to the client is stored with username on the NT PDC/BDC's. > Currently, users being validated by my samba server at not passed along this > batch file, but are validated on the domain. I can issue a 'net use' command on > the client with success. Is this a limitation of ver 2.05 and is handled by > TNG or a later version of samba ? Anyone have any further insight as to how > the netlogon service works, or any suggestions as to what I should try ? > > > Regards in advance > Brian Keats > > > P.S. Good luck with your holiday and new job Luke ! > > From chriskl at familyhealth.com.au Thu Mar 2 01:36:39 2000 From: chriskl at familyhealth.com.au (Christopher Kings-Lynne) Date: Tue Dec 2 02:28:52 2003 Subject: Linux as an NT CLIENT References: <0846B011B9A4D111A1EE006097DA4FCE02F8135B@icex1.cc.ic.ac.uk> Message-ID: <001001bf83e7$c1a12230$2100a8c0@internal> Could somebody please tell me what the following directives mean in the latest CVS source? (I have a fair idea what they mean - but I would like to know exactly!) domain groups = domain admin group = domain guest group = domain admin users = domain guest users = Thanks... Chris -- Christopher Kings-Lynne Family Health Network chriskl@familyhealth.com.au ----- Original Message ----- From: Mayers, P J To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, March 01, 2000 6:18 PM Subject: RE: Linux as an NT CLIENT > Yeh, saw that after I pulled the TNG code down. Cool. > > Cheers, > Phil > > ===================== > > The world is divided into two kinds of people, those who divide the world > into two kinds of people, and those who don't... > > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Tuesday, February 29, 2000 7:58 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Linux as an NT CLIENT > > > luke howard has already written a sursldap, it's incredibly simple: it's a > switch statement around two function calls. > > so it's been done. > > luke > > On Wed, 1 Mar 2000, Mayers, P J wrote: > > > I'm well aware of the need for s SURS implementation. In fact, if/when the > > API settles down, pulling the SID->uid/gid mapping out of an LDAP > directory > > is something I'd like to look at. > > > > Cheers, > > Phil > > > > -----Original Message----- > > From: Luke Kenneth Casson Leighton > > To: Multiple recipients of list SAMBA-NTDOM > > Sent: 29/02/00 16:58 > > Subject: RE: Linux as an NT CLIENT > > > > On Wed, 1 Mar 2000, Mayers, P J wrote: > > > > > Yes, still need a passwd/NIS entry. IIRC there was something under > > > development called winbind, which is the equivalent for ypbind for an > > NT > > > domain, rather than NIS. Very nice. But it was dependent on SURS, and > > hence > > > probably TNG. Again, I don't know the progress. > > > > yeah, tim's working on it. > > > > actually, absolutely _Everything_ is dependent on a decent SURS > > implementation, and we don't have one. > > > > and no, dammit, the current one _isn't_ good enough. however, as i was > > explaining to tim (it took a couple of days, and his code got a _lot_ > > simpler when he got it), it's not the responsibility of samba, > > pam_ntdom, > > pam_smb, winbind, pam_smbpass, or anything BUT surs itself to solve the > > problem of mapping uids/gids and sids. > > > > luke > > > > > > > > -----Original Message----- > > > From: Jay Thomas > > > To: Multiple recipients of list SAMBA-NTDOM > > > Sent: 2/29/00 1:01 AM > > > Subject: Re: Linux as an NT CLIENT > > > > > > Jonathan Hutchins wrote: > > > > > > > > On Sat, 19 Feb 2000, Jonathan Hutchins wrote: > > > > > > > > >> What are the critical steps in getting a Samba machine to join > > the > > > > >> domain and access shares? > > > > > > > > And Luke Kenneth Casson Leighton rather sparsely > > > replied: > > > > > > > > > pam_ntdom. > > > > > > > > Which migh possibly be a compile-time option? Not currently doc'ed > > as > > > a > > > > configuration keyword. > > > > > > > > >From the looks of the list, there are some problems with the > > > > authenticate-the-linux-user-from-the-NT-PDC code, yet Jason Holland > > > says "I > > > > have several samba boxes joined and authenticating to NT PDC's". > > > > > > > > There appears to about 1/3 of a page of documentation on this. I'd > > > gladly > > > > write a HOWTO if someone could take the time to elaborate a bit > > more. > > > I've > > > > got most of the rest of the functionality of an NT Client working, > > > just need > > > > the authenticate-from-NT part. > > > > > > Do you need to have a passwd file entry for each user when they > > > authenticate of > > > a NT-PDC? > > > > > > Anyone got this to work w/ HPUX 10.20 or 11? (they seem to have an > > older > > > PAM version than is standard) > > > > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > From Patrick.Li at v-wave.com Thu Mar 2 02:00:06 2000 From: Patrick.Li at v-wave.com (Patrick Li) Date: Tue Dec 2 02:28:52 2003 Subject: Samba-tng Message-ID: SGVsbG8gZ3V5cywNCg0KSSBqdXN0IGluc3RhbGxlZCBzYW1iYS10bmcgYW5kIGhlYWQgaW50byBt eSBib3gsDQpteSB3aW45OCBjYW4gbG9nb24gZmluZSwgYnV0IHdoZW4gSSB0cmllZCB0byBsb2dv biB1c2luZyBteSBOVCBzZXJ2ZXINCml0IGVpdGhlciBzYWlkIG5vIGNvbm5lY3Rpb24gb3IgcGFz c3dvcmQgaW52YWxpZA0KYW55IGNsdWU/DQoNClRoYW54DQoNClBhdHJpY2s= From jasonjensen at home.com Thu Mar 2 02:09:49 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:28:52 2003 Subject: PLEASE PRINTER HELP!! Message-ID: <003f01bf83ec$63b9e170$0201a8c0@trt.cx> I cannot get the printer to work AT ALL.. it has the printer port listen when i goto My Network Places | SAMBA | SERVER | PRINTERS | ADD PRINTER but when i go there and try to add a printer the the samba server.. it gets all the way to the end and says "Printer was not installed. Operation could not be completed". I don't care about being able to mess with the printers from win2k right now.. is there a way i can share a printer from like rpcclient or something? (i would think spoolss) Also i get a LOT of connection errors (sockets) to files... like "Connection to /tmp/.spoolss/.blahblah (255.255.255.255:445) CONNECTION REFUSED.. DOES ANYONE HAVE A CLUE? maybe i have somethign setup wrong that is messing it up? -------------- next part -------------- HTML attachment scrubbed and removed From pkennedy at loudcloud.com Thu Mar 2 05:28:08 2000 From: pkennedy at loudcloud.com (Paul Kennedy) Date: Tue Dec 2 02:28:52 2003 Subject: Problems joining a domain with a Samba-TNG PDC References: <38BC4B8C.AED8B497@loudcloud.com> <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <38BDFBE8.BC608D09@loudcloud.com> I tried this suggestion, but the problem persists. From the message tot he list over the last few days, quite a few people (everyone ?) building from the tip of the SAMBA_TNG branch are experiencing this inability to login to a domain from an NT workstation. Pk. Elrond wrote: > On Wed, Mar 01, 2000 at 09:42:31AM +1100, Paul Kennedy wrote: > [...] > > After rebooting paulpc, I try to logon to the domain Airius and fail. The > > message dialog which pops up says "The system cannot log you on to this > > domain because the systems computer account in it's primary domain is > > missing or the password on that account is incorrect". > > > [...] > > I got this too for a while (without ldap). > The current best workarround, I know, is: > - remove all reference to paulpc$ from ldap > - give root a password in samba maybe like: > samedit -S . -U root% > createuser root -p pass > - (possible checking of that with smbclient...) > - use the create machine trust account checkbox in the join > dialog. > > Hope, that helps a bit. > > Elrond From lk at netuse.de Thu Mar 2 06:27:52 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:52 2003 Subject: Linux as an NT CLIENT References: <0846B011B9A4D111A1EE006097DA4FCE02F8135B@icex1.cc.ic.ac.uk> <001001bf83e7$c1a12230$2100a8c0@internal> Message-ID: <38BE09E8.C14D6B05@netuse.de> Christopher Kings-Lynne wrote: > > Could somebody please tell me what the following directives mean in the > latest CVS source? > (I have a fair idea what they mean - but I would like to know exactly!) > > domain groups = > domain admin group = > domain guest group = > domain admin users = > domain guest users = I think they are not supported anymore in samba tng. Please use "domain group map=/path/domaingroup.map". Content of /path/domaingroup.map: unix group = windows nt group Hope this helps. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Thu Mar 2 06:32:15 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:52 2003 Subject: Compiling Problem References: <38BD996E.83458DD1@home.com> Message-ID: <38BE0AEF.81D3C516@netuse.de> Clair Roberts wrote: > I grabbed the head source of Samba yesterday using CVS. I followed the > instructions on the FAQ located at > http://us1.samba.org/samba/docs/ntdom_faq/page2.html. > > I checked out all the source code. Ran configure, then make. It all > seemed to be going ticky boo until this little error poped up. > -- > Using LIBS = -lsec -lgen -lsocket -lnsl -ldl > Compiling rpcclient/rpcclient.c > rpcclient/rpcclient.c: In function `main': > rpcclient/rpcclient.c:768: Internal compiler error in > `build_insn_chain', at global.c:1756 > Please submit a full bug report. > See for > instructions. > make: *** [rpcclient/rpcclient.o] Error 1 > --- > > I was compiling this on Solaris 2.7 using "gcc version 2.95.2 19991024 > (release)" > > Anybody seen this before? I have also Solaris 2.7, but i'm using "egcs-2.91.57" and i have no compile problems Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Thu Mar 2 06:36:35 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:52 2003 Subject: pdc support References: <00f801bf83cd$a14d3830$9f01a8c0@hwimmer.bakerref.com> Message-ID: <38BE0BF3.BA9434C@netuse.de> Hayden Wimmer wrote: > > i am not as far along as most of you but i have some ?'s > > we would like to move our file servers from novell to linux, as well as our > sun mail server to linux / sendmail, we also have a need for an nt domain. > we need to eliminate logins. > will a samba pdc authenticate users for our > other nt servers. Yes. > we dont need it to do much more than allow network > browsing and logins for users. Works. > otherwise, i need accounts (nis) for linux > and NT and then map them together ??? Yes. But be aware that samba tng is yet alpha software. One day it works one day later something is broken. But when it works, it works. You will need some testing, before you can use it. To find out more about samba tng, you can have a look at my homepage at http://www.kneschke.de/projekte/samba_tng Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Thu Mar 2 06:40:30 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:52 2003 Subject: Problems joining a domain with a Samba-TNG PDC References: <38BC4B8C.AED8B497@loudcloud.com> <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> <38BDFBE8.BC608D09@loudcloud.com> Message-ID: <38BE0CDE.FC5F4791@netuse.de> Paul Kennedy wrote: > > I tried this suggestion, but the problem persists. From the message tot he list > over the last few days, quite a few people (everyone ?) building from the tip > of the SAMBA_TNG branch are experiencing this inability to login to a domain > from an NT workstation. > > Pk. > > Elrond wrote: > > > On Wed, Mar 01, 2000 at 09:42:31AM +1100, Paul Kennedy wrote: > > [...] > > > After rebooting paulpc, I try to logon to the domain Airius and fail. The > > > message dialog which pops up says "The system cannot log you on to this > > > domain because the systems computer account in it's primary domain is > > > missing or the password on that account is incorrect". Ahh, i had this too! Sorry i did not read correctly! After joining the domain, lsarpd doesn't work anymore. It doesn't crash, but it doesn't work anymore. Try to restart the samba daemons before you login again. After that i was abel to login. > > I got this too for a while (without ldap). > > The current best workarround, I know, is: > > - remove all reference to paulpc$ from ldap > > - give root a password in samba maybe like: > > samedit -S . -U root% > > createuser root -p pass > > - (possible checking of that with smbclient...) > > - use the create machine trust account checkbox in the join > > dialog. > > > > Hope, that helps a bit. > > > > Elrond -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From chriskl at familyhealth.com.au Thu Mar 2 06:53:02 2000 From: chriskl at familyhealth.com.au (Christopher Kings-Lynne) Date: Tue Dec 2 02:28:52 2003 Subject: Linux as an NT CLIENT In-Reply-To: <38BE09E8.C14D6B05@netuse.de> Message-ID: Lars, When I try adding the 'domain group map' to the smb.conf file - testparm complains that it is an 'unknown parameter'. I don't know if I have samba-tng or not - I just followed the instructions on www.samba.org in the NT Domain FAQ to cvs the latest source... Chris -----Original Message----- From: lars@netuse.de [mailto:lars@netuse.de]On Behalf Of Lars Kneschke Sent: Thursday, 2 March 2000 14:28 To: chriskl@familyhealth.com.au Cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: Linux as an NT CLIENT Christopher Kings-Lynne wrote: > > Could somebody please tell me what the following directives mean in the > latest CVS source? > (I have a fair idea what they mean - but I would like to know exactly!) > > domain groups = > domain admin group = > domain guest group = > domain admin users = > domain guest users = I think they are not supported anymore in samba tng. Please use "domain group map=/path/domaingroup.map". Content of /path/domaingroup.map: unix group = windows nt group Hope this helps. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From richard at caloundra.net Thu Mar 2 07:36:31 2000 From: richard at caloundra.net (Richard Ham) Date: Tue Dec 2 02:28:52 2003 Subject: Problems joining a domain with a Samba-TNG PDC References: <38BC4B8C.AED8B497@loudcloud.com> <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> <38BDFBE8.BC608D09@loudcloud.com> <38BE0CDE.FC5F4791@netuse.de> Message-ID: <005301bf841a$0762e100$85bc6dcb@int.calcc.qld.edu.au> Hello, After catching up with the list archives and list traffic, it seems no one is having the simple problem of just creating the trust account any more - except for me? I am running last nights version of the TNG branch, and am getting the following type of dialog with rpcclient when I try to create a trust account for a NT WKS named calnet2 : /usr/local/samba/bin/rpcclient -S . -U root -l log Enter Password: [root@.]$ createuser calnet2$ createuser calnet2$ please use 'lsaquery' first, to ascertain the SID [root@.]$ lsaquery lsaquery [root@.]$ createuser calnet2$ createuser calnet2$ please use 'lsaquery' first, to ascertain the SID [root@.]$ quit quit So then I try this : [root@coastal /tmp]# /usr/local/samba/bin/rpcclient -S coastal -U root -l log Enter Password: [root@COASTAL]$ createuser calnet2$ createuser calnet2$ SAM Create Domain User Domain: Name: calnet2$ ACB: [W ] Create Domain User: FAILED [root@COASTAL]$ It seems that it just can't get over the fact that /tmp/.sam.0/agent doesn't exist...... Have I missed something important or am I just stupid?? Regards, Richard ----- Original Message ----- From: Lars Kneschke To: Multiple recipients of list SAMBA-NTDOM < > Sent: Thursday, March 02, 2000 4:45 PM Subject: Re: Problems joining a domain with a Samba-TNG PDC Paul Kennedy wrote: > > I tried this suggestion, but the problem persists. From the message tot he list > over the last few days, quite a few people (everyone ?) building from the tip > of the SAMBA_TNG branch are experiencing this inability to login to a domain > from an NT workstation. > > Pk. > > Elrond wrote: > > > On Wed, Mar 01, 2000 at 09:42:31AM +1100, Paul Kennedy wrote: > > [...] > > > After rebooting paulpc, I try to logon to the domain Airius and fail. The > > > message dialog which pops up says "The system cannot log you on to this > > > domain because the systems computer account in it's primary domain is > > > missing or the password on that account is incorrect". Ahh, i had this too! Sorry i did not read correctly! After joining the domain, lsarpd doesn't work anymore. It doesn't crash, but it doesn't work anymore. Try to restart the samba daemons before you login again. After that i was abel to login. > > I got this too for a while (without ldap). > > The current best workarround, I know, is: > > - remove all reference to paulpc$ from ldap > > - give root a password in samba maybe like: > > samedit -S . -U root% > > createuser root -p pass > > - (possible checking of that with smbclient...) > > - use the create machine trust account checkbox in the join > > dialog. > > > > Hope, that helps a bit. > > > > Elrond -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Thu Mar 2 07:54:26 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:52 2003 Subject: Problems joining a domain with a Samba-TNG PDC References: <38BC4B8C.AED8B497@loudcloud.com> <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> <38BDFBE8.BC608D09@loudcloud.com> <38BE0CDE.FC5F4791@netuse.de> <005301bf841a$0762e100$85bc6dcb@int.calcc.qld.edu.au> Message-ID: <38BE1E32.F2E41875@netuse.de> Richard Ham wrote: > > Hello, > > After catching up with the list archives and list traffic, it seems no one > is having the simple problem of just creating the trust account any more - > except for me? > > I am running last nights version of the TNG branch, and am getting the > following type of dialog with rpcclient when I try to create a trust account > for a NT WKS named calnet2 : > > /usr/local/samba/bin/rpcclient -S . -U root -l log > Enter Password: > [root@.]$ createuser calnet2$ > createuser calnet2$ > please use 'lsaquery' first, to ascertain the SID > [root@.]$ lsaquery > lsaquery > [root@.]$ createuser calnet2$ > createuser calnet2$ > please use 'lsaquery' first, to ascertain the SID > [root@.]$ quit > quit You don't have the latest samba tng code. The current cvs code doesn't need to do "lsaquery" anymore. Please delete your local samba tng source tree and follow http://www.kneschke.de/projekte/samba_tng/faq/installation_tng.php3 and then http://www.kneschke.de/projekte/samba_tng/faq/configuration.php3 After that you should have a working Samba TNG. If all goes well! :-) Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From Jean-Francois.Micouleau at dalalu.fr Thu Mar 2 09:15:21 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:52 2003 Subject: PLEASE PRINTER HELP!! In-Reply-To: <003f01bf83ec$63b9e170$0201a8c0@trt.cx> Message-ID: On Thu, 2 Mar 2000, Jason Jensen wrote: > I cannot get the printer to work AT ALL.. it has the printer port listen > when i goto My Network Places | SAMBA | SERVER | PRINTERS | ADD PRINTER > but when i go there and try to add a printer the the samba server.. it > gets all the way to the end and says "Printer was not installed. > Operation could not be completed". I don't care about being able to mess > with the printers from win2k right now.. is there a way i can share a > printer from like rpcclient or something? (i would think spoolss) Also i no. spoolss is totally broken in tng. > get a LOT of connection errors (sockets) to files... like "Connection to > /tmp/.spoolss/.blahblah (255.255.255.255:445) CONNECTION REFUSED.. DOES > ANYONE HAVE A CLUE? maybe i have somethign setup wrong that is messing > it up? PS: real men only use text in mail, stop sending html. J.F. From johanh at fusion.kth.se Thu Mar 2 10:40:55 2000 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:28:52 2003 Subject: Domain unavailable In-Reply-To: Message-ID: On Thu, 2 Mar 2000, Johan Hedin wrote: > We have the same problem since a few days. We run current versions > (updated today) och samba pre-3.0.0 smbd and nmbd and other daemons from > Samba TNG. Also browsing is broken. All the shares are there but named All works with pure TNG branch, but the combination of pre-3.0.0 smbd and nmbd give the behaviour above at our setup. /Johan Hedin From stef at hoes.li Thu Mar 2 11:55:06 2000 From: stef at hoes.li (Stef Hoesli Wiederwald) Date: Tue Dec 2 02:28:52 2003 Subject: problems after converting to NTFS Message-ID: <20000302125506.A10547@sos.ethz.ch> I use a Linux machine as PDC for our NT network. After I converted C: on one of the machines from FAT to NTFS, I get this message every time I log on as normal user: Incorrect password or unknown username for: \\MACHINE\C$ Connect As: Password: If I just hit cancel, I am logged on normally. But I get the same message, If I want to start a program trough a shortcut on the desktop, which resides in c:\WINNT\Profiles\All Users\. On http://www.jsiinc.com/TIP1000/rh1016.htm it says, that one should delete and re-add the machine using SRVMGR. (I guess this is a program used on Win NT Server?). I tried to delete the entry for that machine in smbpasswd, re-create it, and let MACHINE re-join the domain. But that didn't help... Any other suggestions? Stef -- IT freelancer President SOS-ETH ETH Zurich stef@hoes.li http://hoes.li From inge at cc.uit.no Thu Mar 2 12:05:13 2000 From: inge at cc.uit.no (=?iso-8859-1?Q?Inge=2DH=E5vard?= Hunstad) Date: Tue Dec 2 02:28:53 2003 Subject: Problems joining a domain with a Samba-TNG PDC References: <38BC4B8C.AED8B497@loudcloud.com> <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> <38BDFBE8.BC608D09@loudcloud.com> <38BE0CDE.FC5F4791@netuse.de> <005301bf841a$0762e100$85bc6dcb@int.calcc.qld.edu.au> Message-ID: <38BE58F8.F382EFD8@cc.uit.no> Richard Ham wrote: > > Hello, > > After catching up with the list archives and list traffic, it seems no one > is having the simple problem of just creating the trust account any more - > except for me? > > I am running last nights version of the TNG branch, and am getting the > following type of dialog with rpcclient when I try to create a trust account > for a NT WKS named calnet2 : > > /usr/local/samba/bin/rpcclient -S . -U root -l log > Enter Password: > [root@.]$ createuser calnet2$ > createuser calnet2$ > please use 'lsaquery' first, to ascertain the SID > [root@.]$ lsaquery > lsaquery > [root@.]$ createuser calnet2$ > createuser calnet2$ > please use 'lsaquery' first, to ascertain the SID > [root@.]$ quit > quit > You will get this "error" message if the samba daemons isn't running. But I can't explain why you don't get that message when you try to connect to the netbios name of the samba server instead of localhost. Also be aware that the rpcclient doesn't tell you if you type the password wrong. Cheers Inge > So then I try this : > > [root@coastal /tmp]# /usr/local/samba/bin/rpcclient -S coastal -U > root -l log > Enter Password: > [root@COASTAL]$ createuser calnet2$ > createuser calnet2$ > SAM Create Domain User > Domain: Name: calnet2$ ACB: [W ] > Create Domain User: FAILED > [root@COASTAL]$ > > It seems that it just can't get over the fact that /tmp/.sam.0/agent doesn't > exist...... > > Have I missed something important or am I just stupid?? > > Regards, > > Richard From simo.sorce at polimi.it Thu Mar 2 12:25:55 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:28:53 2003 Subject: [Fwd: problems after converting to NTFS] Message-ID: <38BE5DD3.9FEAFBED@polimi.it> Stef Hoesli Wiederwald wrote: > > I use a Linux machine as PDC for our NT network. After I converted C: > on one of the machines from FAT to NTFS, I get this message every time > I log on as normal user: > > Incorrect password or unknown username for: > > \\MACHINE\C$ > > Connect As: > Password: > > If I just hit cancel, I am logged on normally. But I get the same > message, If I want to start a program trough a shortcut on the > desktop, which resides in c:\WINNT\Profiles\All Users\. > > On http://www.jsiinc.com/TIP1000/rh1016.htm > it says, that one should delete and re-add the machine using SRVMGR. (I > guess this is a program used on Win NT Server?). I tried to delete the > entry for that machine in smbpasswd, re-create it, and let MACHINE > re-join the domain. But that didn't help... > > Any other suggestions? > It seems that your machine has started resolving shortcuts, stored in tour profile, with UNC names. You can stop this in two ways: 1. Enable administrative shares with poledit (this will enable the C$ and D$ and .... shares) 2. Again two options 2.1 Download the shortcut program from a win"blood" site and make the shortcut stupid. (IT works only with win9x so you must copy your c:\WINNT\Profiles\All Users\ directory on an win9x machine, shortcut every lnk file (the shortcuts) and copy again them back) 2.2 With service pack 6a I found on poledit a new option that prevent shorcut link lockup and seem to work. I use point 2 for load balancing with two servers (NT + Linux) and prevent WinNT to search for a particular server when the application statrts, and I think It should resolve your problem. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From jfaria at mediaone.net Thu Mar 2 12:50:42 2000 From: jfaria at mediaone.net (Jim Faria) Date: Tue Dec 2 02:28:53 2003 Subject: No subject Message-ID: Has anbody seen an implementation of ssh or telnet that uses PAM I'd like NT to authenicate users logging in to UNIX using ssh. I know telnet works, but the password goes clear text from the client to the PAM-NTDOM code, THEN it is encryppted and sent to NT for authentication. I'm looking for a secure login to UNIX. Any ideas ? From jphollan at earthlink.net Thu Mar 2 12:53:53 2000 From: jphollan at earthlink.net (jason holland) Date: Tue Dec 2 02:28:53 2003 Subject: In-Reply-To: Message-ID: <000501bf8446$5d73a3a0$0264a8c0@mickey.earthlink.net> Openssh uses pam. http://www.openssh.com some pam modules for redhat and suse are included with the latest source. Jason P. Holland Sprint Paranet - Unix Administrator jphollan@sprintparanet.com ]- ]- Has anbody seen an implementation of ssh or telnet that uses PAM ]- I'd like NT ]- to authenicate users logging in to UNIX using ssh. I know telnet ]- works, but ]- the password goes clear text from the client to the PAM-NTDOM ]- code, THEN it ]- is encryppted and sent to NT for authentication. I'm looking for a secure ]- login to UNIX. Any ideas ? ]- ]- From simo.sorce at polimi.it Thu Mar 2 12:59:59 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:28:53 2003 Subject: References: Message-ID: <38BE65CF.ACED2BCD@polimi.it> Jim Faria wrote: > > Has anbody seen an implementation of ssh or telnet that uses PAM I'd like NT > to authenicate users logging in to UNIX using ssh. I know telnet works, but > the password goes clear text from the client to the PAM-NTDOM code, THEN it > is encryppted and sent to NT for authentication. I'm looking for a secure > login to UNIX. Any ideas ? Have you tried OpenSSH ? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Elrond at Wunder-Nett.org Thu Mar 2 14:08:52 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:53 2003 Subject: Problems joining a domain with a Samba-TNG PDC In-Reply-To: <38BDFBE8.BC608D09@loudcloud.com>; from Paul Kennedy on Thu, Mar 02, 2000 at 04:26:52PM +1100 References: <38BC4B8C.AED8B497@loudcloud.com> <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> <38BDFBE8.BC608D09@loudcloud.com> Message-ID: <20000302150851.A14310@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Mar 02, 2000 at 04:26:52PM +1100, Paul Kennedy wrote: > I tried this suggestion, but the problem persists. From the message tot he list > over the last few days, quite a few people (everyone ?) building from the tip > of the SAMBA_TNG branch are experiencing this inability to login to a domain > from an NT workstation. > > Pk. Okay, the other thing, that worked this morning (but with an older TNG...): - rpcclient -S . -U root% createuser ntws$ samuserset ntws$ -p ntws - go to network-control-panel - Choose domain, enter domain-name. - _don't_ use the "create trust-account" check-box. Yes... This is insecure. (But how secure is the other method... and how secure is whole thing anyway?) Elrond > Elrond wrote: > > > On Wed, Mar 01, 2000 at 09:42:31AM +1100, Paul Kennedy wrote: > > [...] > > > After rebooting paulpc, I try to logon to the domain Airius and fail. The > > > message dialog which pops up says "The system cannot log you on to this > > > domain because the systems computer account in it's primary domain is > > > missing or the password on that account is incorrect". > > > > > [...] > > > > I got this too for a while (without ldap). > > The current best workarround, I know, is: > > - remove all reference to paulpc$ from ldap > > - give root a password in samba maybe like: > > samedit -S . -U root% > > createuser root -p pass > > - (possible checking of that with smbclient...) > > - use the create machine trust account checkbox in the join > > dialog. > > > > Hope, that helps a bit. > > > > Elrond From Elrond at Wunder-Nett.org Thu Mar 2 14:11:25 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:53 2003 Subject: Problems joining a domain with a Samba-TNG PDC In-Reply-To: <38BE0CDE.FC5F4791@netuse.de>; from Lars Kneschke on Thu, Mar 02, 2000 at 05:44:38PM +1100 References: <38BC4B8C.AED8B497@loudcloud.com> <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> <38BDFBE8.BC608D09@loudcloud.com> <38BE0CDE.FC5F4791@netuse.de> Message-ID: <20000302151125.B14310@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Mar 02, 2000 at 05:44:38PM +1100, Lars Kneschke wrote: [...] > Ahh, i had this too! Sorry i did not read correctly! > > After joining the domain, lsarpd doesn't work anymore. It doesn't > crash, but it doesn't work anymore. Try to restart the samba > daemons before you login again. After that i was abel to login. Weee... lsarpcd should not creash... and it didn't for a while on my box... Can you reproduce that? If so, could you give precise instructions on who to do so? Did you try gdb and the rest? (the usual questions, I know) Elrond [...] From hwimmer at bakerref.com Thu Mar 2 14:18:16 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:28:53 2003 Subject: PLEASE PRINTER HELP!! Message-ID: <002801bf8452$28819970$9f01a8c0@hwimmer.bakerref.com> i was adding the printer via a bsd style printer. in redhat startx and run control panel and add a printer there. they will showup if you set samba to show the printers. dblclick on the printer and the local machine will set it up. that is how it works 4 me -----Original Message----- From: Jason Jensen To: Multiple recipients of list SAMBA-NTDOM Date: Wednesday, March 01, 2000 9:09 PM Subject: PLEASE PRINTER HELP!! I cannot get the printer to work AT ALL.. it has the printer port listen when i goto My Network Places | SAMBA | SERVER | PRINTERS | ADD PRINTER but when i go there and try to add a printer the the samba server.. it gets all the way to the end and says "Printer was not installed. Operation could not be completed". I don't care about being able to mess with the printers from win2k right now.. is there a way i can share a printer from like rpcclient or something? (i would think spoolss) Also i get a LOT of connection errors (sockets) to files... like "Connection to /tmp/.spoolss/.blahblah (255.255.255.255:445) CONNECTION REFUSED.. DOES ANYONE HAVE A CLUE? maybe i have somethign setup wrong that is messing it up? -------------- next part -------------- HTML attachment scrubbed and removed From lk at netuse.de Thu Mar 2 14:29:43 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:53 2003 Subject: Problems joining a domain with a Samba-TNG PDC References: <38BC4B8C.AED8B497@loudcloud.com> <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> <38BDFBE8.BC608D09@loudcloud.com> <38BE0CDE.FC5F4791@netuse.de> <20000302151125.B14310@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <38BE7AD7.7600990F@netuse.de> Elrond wrote: > > On Thu, Mar 02, 2000 at 05:44:38PM +1100, Lars Kneschke wrote: > [...] > > Ahh, i had this too! Sorry i did not read correctly! > > > > After joining the domain, lsarpd doesn't work anymore. It doesn't > > crash, but it doesn't work anymore. Try to restart the samba > > daemons before you login again. After that i was abel to login. > > Weee... lsarpcd should not creash... and it didn't for a > while on my box... > Can you reproduce that? If so, could you give precise > instructions on who to do so? > Did you try gdb and the rest? I did try nothing, because i usually work with linux. But sometimes i boot NT to test samba tng! :-) lsarpcd is not crashing. But it responds not anymore or something like this. Don't know exactly. But i can check this tomorrow. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From ringram at acpl.lib.wy.us Thu Mar 2 14:45:03 2000 From: ringram at acpl.lib.wy.us (Russel H. Ingram) Date: Tue Dec 2 02:28:53 2003 Subject: References: Message-ID: <38BE7E6F.24116F5D@acpl.lib.wy.us> Jim Faria wrote: > > Has anbody seen an implementation of ssh or telnet that uses PAM I'd like NT > to authenicate users logging in to UNIX using ssh. I know telnet works, but > the password goes clear text from the client to the PAM-NTDOM code, THEN it > is encryppted and sent to NT for authentication. I'm looking for a secure > login to UNIX. Any ideas ? If you are just looking for a good free ssh client that will run on a WinNT machine, I use Tera Term SSH. I don't know about the PAM-NTDOM part of it, but if all you need is the functionality that the Windows telnet program gives plus secure shell support, Tera Term SSH is what you need. You should be able to find it on freshmeat.net or tucows.com. -- Russel Ingram | Computers are like air conditioners: They stop Linux.com Support Staff | working properly if you open Windows. gargoyle@linux.com | From ekellogg at mail.waynecountyhsa.org Thu Mar 2 15:46:04 2000 From: ekellogg at mail.waynecountyhsa.org (Ed Kellogg) Date: Tue Dec 2 02:28:53 2003 Subject: subscribe Message-ID: <000801bf845e$6b1c9210$1200a8c6@mis3> -------------- next part -------------- HTML attachment scrubbed and removed From ccegongw at nus.edu.sg Thu Mar 2 15:59:40 2000 From: ccegongw at nus.edu.sg (Gong Wei) Date: Tue Dec 2 02:28:53 2003 Subject: Message-ID: <762388C091FAD01180FF00A02462137801AC6124@exchange.nus.edu.sg> probably what I am asking is too much: anyone knows where is the PAM aware SSH2 client, or is there such thing on the earth? I've tried search around but seems all I can get is OpenSSH or patches to SSH1, none of them has SSH2 support. And worse yet, most of my machines have converted to SSH2 ... -----Original Message----- From: Simo Sorce [mailto:simo.sorce@polimi.it] Sent: Thursday, March 02, 2000 9:03 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Jim Faria wrote: > > Has anbody seen an implementation of ssh or telnet that uses PAM I'd like NT > to authenicate users logging in to UNIX using ssh. I know telnet works, but > the password goes clear text from the client to the PAM-NTDOM code, THEN it > is encryppted and sent to NT for authentication. I'm looking for a secure > login to UNIX. Any ideas ? Have you tried OpenSSH ? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Thu Mar 2 16:06:07 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:28:53 2003 Subject: References: <762388C091FAD01180FF00A02462137801AC6124@exchange.nus.edu.sg> Message-ID: <38BE916F.24475477@polimi.it> Gong Wei wrote: > > probably what I am asking is too much: anyone knows where is the PAM aware > SSH2 client, or is there such thing on the earth? I've tried search around > but seems all I can get is OpenSSH or patches to SSH1, none of them has SSH2 > support. > > And worse yet, most of my machines have converted to SSH2 ... > You can configure your machine to subvert to ssh1 protocol if ssh2 is not available! -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From jphollan at earthlink.net Thu Mar 2 16:03:25 2000 From: jphollan at earthlink.net (Jason Holland) Date: Tue Dec 2 02:28:53 2003 Subject: In-Reply-To: <762388C091FAD01180FF00A02462137801AC6124@exchange.nus.edu.sg> Message-ID: <000b01bf8460$d7866820$0264a8c0@mickey.earthlink.net> SecureCRT is an ssh version 2 aware client. However, that comes at a price. You can check it out at http://www.vandyke.com. And its not that the client is "Pam aware", the ssh daemon running on the server is. The client does not know the difference. Jason P. Holland Sprint Paranet - Unix Administrator jphollan@sprintparanet.com ]- ]- probably what I am asking is too much: anyone knows where is the ]- PAM aware ]- SSH2 client, or is there such thing on the earth? I've tried ]- search around ]- but seems all I can get is OpenSSH or patches to SSH1, none of ]- them has SSH2 ]- support. ]- ]- And worse yet, most of my machines have converted to SSH2 ... ]- ]- -----Original Message----- ]- From: Simo Sorce [mailto:simo.sorce@polimi.it] ]- Sent: Thursday, March 02, 2000 9:03 PM ]- To: Multiple recipients of list SAMBA-NTDOM ]- Subject: Re: ]- ]- ]- Jim Faria wrote: ]- > ]- > Has anbody seen an implementation of ssh or telnet that uses ]- PAM I'd like ]- NT ]- > to authenicate users logging in to UNIX using ssh. I know telnet works, ]- but ]- > the password goes clear text from the client to the PAM-NTDOM ]- code, THEN ]- it ]- > is encryppted and sent to NT for authentication. I'm looking ]- for a secure ]- > login to UNIX. Any ideas ? ]- ]- Have you tried OpenSSH ? ]- ]- ]- -- ]- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano ]- E-mail: simo.sorce@polimi.it ]- Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ]- ----------------------------------------------------------------- ]- Be happy, use Linux! ]- From pkennedy at loudcloud.com Thu Mar 2 20:36:24 2000 From: pkennedy at loudcloud.com (Paul Kennedy) Date: Tue Dec 2 02:28:53 2003 Subject: Problems joining a domain with a Samba-TNG PDC References: <38BC4B8C.AED8B497@loudcloud.com> <20000301171852.A14646@baerbel.mug.maschinenbau.tu-darmstadt.de> <38BDFBE8.BC608D09@loudcloud.com> <38BE0CDE.FC5F4791@netuse.de> <20000302151125.B14310@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <38BED0C8.2A4C5833@loudcloud.com> Elrond wrote: > On Thu, Mar 02, 2000 at 05:44:38PM +1100, Lars Kneschke wrote: > [...] > > Ahh, i had this too! Sorry i did not read correctly! > > > > After joining the domain, lsarpd doesn't work anymore. It doesn't > > crash, but it doesn't work anymore. Try to restart the samba > > daemons before you login again. After that i was abel to login. > > Weee... lsarpcd should not creash... and it didn't for a > while on my box... > Can you reproduce that? If so, could you give precise > instructions on who to do so? > Did you try gdb and the rest? > > (the usual questions, I know) > I tried the suggestion of restarting the lsarpcd daemon, to no avail, the problem persists. I'm not familiar with gdb at all, but I'm going to try to use it. And if anyone wants to see the lsarpcd logfile, at any debug level, I can produce one quickly. Send me mail. Pk. > > Elrond > > [...] From tony.nguyen at panteor.com Thu Mar 2 20:43:33 2000 From: tony.nguyen at panteor.com (tony nguyen) Date: Tue Dec 2 02:28:53 2003 Subject: Hi! Problem Message-ID: Hi! my name is Tony, and am having this weird problem. I want my Samba server to become a BDC in a NT Domain. When i execute this command : " smbpasswd -j %Domain_Name% -r %PDC_Server_name% i get this error message : cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine %Server_name%. Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT change_trust_account_password: Failed to change password for domain %Domain_name% Unable to join domain %Domain_name% Please help me out! Thanks! Tony Nguyen From kellermg at potsdam.edu Thu Mar 2 20:50:47 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:28:53 2003 Subject: Hi! Problem References: Message-ID: <38BED427.32CDAA4D@potsdam.edu> You need to create an account in the domain first, using server manager. Then, while Samba is NOT running, execute smbpasswd as you did. tony nguyen wrote: > > Hi! my name is Tony, and am having this weird problem. > > I want my Samba server to become a BDC in a NT Domain. When i execute this > command : > " smbpasswd -j %Domain_Name% -r %PDC_Server_name% -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From kellermg at potsdam.edu Thu Mar 2 21:02:50 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:28:53 2003 Subject: Hi! Problem References: <38BED427.32CDAA4D@potsdam.edu> Message-ID: <38BED6FA.CF7E5E90@potsdam.edu> Matthew Keller wrote: > > I want my Samba server to become a BDC in a NT Domain. When i execute this I just noticed you wanted Samba to become a BDC ... What version of Samba are you running? -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From hwimmer at bakerref.com Thu Mar 2 21:05:56 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:28:53 2003 Subject: Hi! Problem Message-ID: <009101bf848b$5ab316b0$9f01a8c0@hwimmer.bakerref.com> i had the same prob... i went in and deleted the account it created the first time and then tried again and it worked. there was a file that stored the info (i am a beginner so please excuse the vaugeness) i deleted it too... -----Original Message----- From: tony nguyen To: Multiple recipients of list SAMBA-NTDOM Date: Thursday, March 02, 2000 3:43 PM Subject: Hi! Problem >Hi! my name is Tony, and am having this weird problem. > >I want my Samba server to become a BDC in a NT Domain. When i execute this >command : > " smbpasswd -j %Domain_Name% -r %PDC_Server_name% > >i get this error message : > >cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > >cli_nt_setup_creds: auth2 challenge failed > >modify_trust_password: unable to setup the PDC credentials to machine >%Server_name%. Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT > >change_trust_account_password: Failed to change password for domain >%Domain_name% > >Unable to join domain %Domain_name% > > >Please help me out! > >Thanks! > >Tony Nguyen > From GLeblanc at cu-portland.edu Thu Mar 2 21:13:33 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:53 2003 Subject: configure check for pam_authenticate? Message-ID: Say, what's this checking for? I notice that it fails on my RH6.1 SPARC, haven't tried Solaris. Greg From mgeddes at xavier.sa.edu.au Thu Mar 2 22:20:08 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:53 2003 Subject: TNG 0.7 - can't join domain References: <38BAD256.47DD6EC4@siac.com> Message-ID: <38BEE918.42037F7A@xavier.sa.edu.au> Hi Patrick, > Could someone please document *once*, in one place, the precise set of > steps we are supposed to be using? And actually try it yourself in > the process? As near as I can tell, the procedure goes something like > this: I couldn't agree more, but given the rate of change at the moment, it is quite difficult to keep everything up to date. I personally have started trying to help with some of the documentation (those man pages are done Luke, I can mail them to you if you like), but it is hard to keep up. I think once things are more stable and standardised, it will all be OK. Maybe you can help the Team with some documentation stuff? Thanks, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Thu Mar 2 22:31:20 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:53 2003 Subject: moving on. References: Message-ID: <38BEEBB8.ECEB9D92@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > > hi, i'm no longer working for iss, as of... about 2 hours. i have a new > job to go to, more on that another time. > > i am therefore incommunicado, effectively, for at least a week. AAARRGH! > i am > borrowing a portable, however it's very slow and i don't have a modem, and > it's also the only computer i have access to, right now. Where abouts do you live? > > so, i am taking an enforced break from samba development and email for a > short while. Do you think your body can cope with that? > lots of love, > > luke -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From bkeats at spiff.chin.gc.ca Fri Mar 3 04:36:18 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:53 2003 Subject: NetLogon Service In-Reply-To: <003e01bf83e6$d483d6f0$2100a8c0@internal> Message-ID: Thanks for the reply Chris, No, I don't have a netlogon share defined. I was hoping I could get away without doing that. Our organization has a very large distributed NT domain. I was hoping I could get my Linux machine to validate users and pass along whatever logon batch file the NT domain admins have set up for each of their users, without me recreating or also storing their batch files on my linux machine. So far, my linux machine will validate users on the win95 machines even though they don't have an entry in /etc/passwd on my linux machine !!! (Which suprised me). They can map shares and browse the network !!! I was also hoping the NT PDC/BDC would also pass along the name and location of a users logon batch file. At one point, I copied all the hundreds of different batch files complete with correct directory structure to my linux machine in placed them in a netlogon path and also specified this root path in a netlogon service on my linux machine. Still didn't get the batch file passed along to the client. This is why I am wondering if I should be trying a newer version. I also tried with giving myself an /etc/passwd entry and smbpasswd entry. I can see one way of doing it which would be creating an 'account' for each of the thousands of accounts and place a copy of each batch file in a netlogon share (which would become a nightmare after a short period of time because I would have to constantly and manually syncronize my accounts with all the other PDC's in our enterprise). Not to mention how do I specify the correct batch if the NT domain guys are not using something that can be substituted by a samba variable. Such as some NT admins using a one of many geographically abbrev. for a batch file. How would that be represented in an smb.conf file ? Sorry for rambling on but I was curious if a newer samba version passes along the name of the batch file to the authenticating machine (i.e the Linux box) who in turn would check it's netlogon share and then pass along the appropriate batch file. Anyone have any ideas ? Regards On Thu, 2 Mar 2000, Christopher Kings-Lynne wrote: > Do you definitely have a 'netlogon' share defined and the directive: > > logon script = %U.bat > > in your smb.conf? > > Chris > > -- > Christopher Kings-Lynne > Family Health Network > chriskl@familyhealth.com.au > > > ----- Original Message ----- > From: Brian Keats > To: Multiple recipients of list SAMBA-NTDOM > Sent: Thursday, March 02, 2000 12:58 AM > Subject: NetLogon Service > > > > Hi, > > I realize this might not be the best place to post this message but it > > sure seems like there are a lot of knowledgable people on this list. I am > > currently using 2.05 as a member of an NT domain, with security = domain, > to > > process domain logons for a handfull of Win95 machines. The current setup > > works great for performing the logon service except that the NetLogon > service > > doesn't work the way I was expecting it to. This is just my assumption on > the > > NT NetLogon service, but I assume during the process it passes along the > > netlogon batch file (for the sake of a better term) to the requesting > client to > > process. I.E. %u.bat, or whatever. I also assume that the correct batch > file > > to pass along to the client is stored with username on the NT PDC/BDC's. > > Currently, users being validated by my samba server at not passed along > this > > batch file, but are validated on the domain. I can issue a 'net use' > command on > > the client with success. Is this a limitation of ver 2.05 and is handled > by > > TNG or a later version of samba ? Anyone have any further insight as to > how > > the netlogon service works, or any suggestions as to what I should try ? > > > > > > Regards in advance > > Brian Keats > > > > > > P.S. Good luck with your holiday and new job Luke ! > > > > > > From p.mayers at ic.ac.uk Fri Mar 3 08:55:02 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:28:53 2003 Subject: NetLogon Service References: Message-ID: <38BF7DE6.C7150073@ic.ac.uk> The netlogon share must exist *on the domain controller* that you're logging in at the time. Cheers, Phil Brian Keats wrote: > > Thanks for the reply Chris, > No, I don't have a netlogon share defined. I was hoping I could > get away without doing that. Our organization has a very large > distributed NT domain. I was hoping I could get my Linux machine to > validate users and pass along whatever logon batch file the NT domain > admins have set up for each of their users, without me recreating or also > storing their batch files on my linux machine. So far, my linux machine > will validate users on the win95 machines even though they don't have an > entry in /etc/passwd on my linux machine !!! (Which suprised me). They can > map shares and browse the network !!! I was also hoping the NT PDC/BDC > would also pass along the name and location of a users logon batch > file. At one point, I copied all the hundreds of different batch files > complete with correct directory structure to my linux machine in placed > them in a netlogon path and also specified this root path in a netlogon > service on my linux machine. Still didn't get the batch file passed along > to the client. This is why I am wondering if I should be trying a newer > version. I also tried with giving myself an /etc/passwd entry and > smbpasswd entry. I can see one way of doing it which would be creating an > 'account' for each of the thousands of accounts and place a copy of each > batch file in a netlogon share (which would become a nightmare after a > short period of time because I would have to constantly and manually > syncronize my accounts with all the other PDC's in our enterprise). Not to > mention how do I specify the correct batch if the NT domain guys are not > using something that can be substituted by a samba variable. Such as some > NT admins using a one of many geographically abbrev. for a batch > file. How would > that be represented in an smb.conf file ? > > Sorry for rambling on but I was curious if a newer samba version passes > along the name of the batch file to the authenticating machine (i.e the > Linux box) who in turn would check it's netlogon share and then pass along > the appropriate batch file. > > Anyone have any ideas ? > > Regards > On Thu, 2 Mar 2000, Christopher Kings-Lynne wrote: > > > Do you definitely have a 'netlogon' share defined and the directive: > > > > logon script = %U.bat > > > > in your smb.conf? > > > > Chris > > > > -- > > Christopher Kings-Lynne > > Family Health Network > > chriskl@familyhealth.com.au > > > > > > ----- Original Message ----- > > From: Brian Keats > > To: Multiple recipients of list SAMBA-NTDOM > > Sent: Thursday, March 02, 2000 12:58 AM > > Subject: NetLogon Service > > > > > > > Hi, > > > I realize this might not be the best place to post this message but it > > > sure seems like there are a lot of knowledgable people on this list. I am > > > currently using 2.05 as a member of an NT domain, with security = domain, > > to > > > process domain logons for a handfull of Win95 machines. The current setup > > > works great for performing the logon service except that the NetLogon > > service > > > doesn't work the way I was expecting it to. This is just my assumption on > > the > > > NT NetLogon service, but I assume during the process it passes along the > > > netlogon batch file (for the sake of a better term) to the requesting > > client to > > > process. I.E. %u.bat, or whatever. I also assume that the correct batch > > file > > > to pass along to the client is stored with username on the NT PDC/BDC's. > > > Currently, users being validated by my samba server at not passed along > > this > > > batch file, but are validated on the domain. I can issue a 'net use' > > command on > > > the client with success. Is this a limitation of ver 2.05 and is handled > > by > > > TNG or a later version of samba ? Anyone have any further insight as to > > how > > > the netlogon service works, or any suggestions as to what I should try ? > > > > > > > > > Regards in advance > > > Brian Keats > > > > > > > > > P.S. Good luck with your holiday and new job Luke ! > > > > > > > > > > From jerzy.schubert at bb-data.de Fri Mar 3 09:55:41 2000 From: jerzy.schubert at bb-data.de (Jerzy Schubert) Date: Tue Dec 2 02:28:53 2003 Subject: cannot configure samba-tng-alpha-0.7 Message-ID: <38BF8C1D.FF4F71A1@bb-data.de> Hello, under SuSe 6.3 i cannot configure configure samba-tng-alpha-0.7 i receive an error no locking available. daily snapshot samba-2.1-20000229.tar.gz from http://sernet.pair.com/?N=D doesn't have this error but in this snapshot a lot of daemons are missing (browserd ... wkssvcd) I don't have cvs access, so at the moment the snapshot is all i can acccess. What should i do ? Jerzy From lk at netuse.de Fri Mar 3 10:13:31 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:53 2003 Subject: cannot configure samba-tng-alpha-0.7 References: <38BF8C1D.FF4F71A1@bb-data.de> Message-ID: <38BF904B.7F00F9F2@netuse.de> Jerzy Schubert wrote: > > Hello, > > under SuSe 6.3 > i cannot configure configure samba-tng-alpha-0.7 > i receive an error > no locking available. > > daily snapshot samba-2.1-20000229.tar.gz > from http://sernet.pair.com/?N=D > doesn't have this error but in this snapshot > a lot of daemons are missing (browserd ... wkssvcd) > > I don't have cvs access, so at the moment the snapshot > is all i can acccess. > > What should i do ? > > Jerzy I have created a tar from my working version. http://www.kneschke.de/projekte/samba_tng/files/samba-tng-kneschke-03-03-2000.tar.gz Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From seth.thornberry at pcca.com Fri Mar 3 14:18:05 2000 From: seth.thornberry at pcca.com (Seth Thornberry) Date: Tue Dec 2 02:28:53 2003 Subject: NetLogon Service References: <38BF7DE6.C7150073@ic.ac.uk> Message-ID: <037301bf851b$4b590680$2101060a@pcca.com> Is it necessary to have the netlogon share be local, or would it be permissible to mount (smbfs?) to another share that contains the login scripts? Are there any inherent problems with this (besides the issue of not being a true backup)? Seth Thornberry http://chaos.greeny.org/~deadpan ----- Original Message ----- From: Phil Mayers To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, March 03, 2000 2:47 AM Subject: Re: NetLogon Service > The netlogon share must exist *on the domain controller* that you're > logging in at the time. > > Cheers, > Phil > > Brian Keats wrote: > > > > Thanks for the reply Chris, > > No, I don't have a netlogon share defined. I was hoping I could > > get away without doing that. Our organization has a very large > > distributed NT domain. I was hoping I could get my Linux machine to > > validate users and pass along whatever logon batch file the NT domain > > admins have set up for each of their users, without me recreating or also > > storing their batch files on my linux machine. So far, my linux machine > > will validate users on the win95 machines even though they don't have an > > entry in /etc/passwd on my linux machine !!! (Which suprised me). They can > > map shares and browse the network !!! I was also hoping the NT PDC/BDC > > would also pass along the name and location of a users logon batch > > file. At one point, I copied all the hundreds of different batch files > > complete with correct directory structure to my linux machine in placed > > them in a netlogon path and also specified this root path in a netlogon > > service on my linux machine. Still didn't get the batch file passed along > > to the client. This is why I am wondering if I should be trying a newer > > version. I also tried with giving myself an /etc/passwd entry and > > smbpasswd entry. I can see one way of doing it which would be creating an > > 'account' for each of the thousands of accounts and place a copy of each > > batch file in a netlogon share (which would become a nightmare after a > > short period of time because I would have to constantly and manually > > syncronize my accounts with all the other PDC's in our enterprise). Not to > > mention how do I specify the correct batch if the NT domain guys are not > > using something that can be substituted by a samba variable. Such as some > > NT admins using a one of many geographically abbrev. for a batch > > file. How would > > that be represented in an smb.conf file ? > > > > Sorry for rambling on but I was curious if a newer samba version passes > > along the name of the batch file to the authenticating machine (i.e the > > Linux box) who in turn would check it's netlogon share and then pass along > > the appropriate batch file. > > > > Anyone have any ideas ? > > > > Regards > > On Thu, 2 Mar 2000, Christopher Kings-Lynne wrote: > > > > > Do you definitely have a 'netlogon' share defined and the directive: > > > > > > logon script = %U.bat > > > > > > in your smb.conf? > > > > > > Chris > > > > > > -- > > > Christopher Kings-Lynne > > > Family Health Network > > > chriskl@familyhealth.com.au > > > > > > > > > ----- Original Message ----- > > > From: Brian Keats > > > To: Multiple recipients of list SAMBA-NTDOM > > > Sent: Thursday, March 02, 2000 12:58 AM > > > Subject: NetLogon Service > > > > > > > > > > Hi, > > > > I realize this might not be the best place to post this message but it > > > > sure seems like there are a lot of knowledgable people on this list. I am > > > > currently using 2.05 as a member of an NT domain, with security = domain, > > > to > > > > process domain logons for a handfull of Win95 machines. The current setup > > > > works great for performing the logon service except that the NetLogon > > > service > > > > doesn't work the way I was expecting it to. This is just my assumption on > > > the > > > > NT NetLogon service, but I assume during the process it passes along the > > > > netlogon batch file (for the sake of a better term) to the requesting > > > client to > > > > process. I.E. %u.bat, or whatever. I also assume that the correct batch > > > file > > > > to pass along to the client is stored with username on the NT PDC/BDC's. > > > > Currently, users being validated by my samba server at not passed along > > > this > > > > batch file, but are validated on the domain. I can issue a 'net use' > > > command on > > > > the client with success. Is this a limitation of ver 2.05 and is handled > > > by > > > > TNG or a later version of samba ? Anyone have any further insight as to > > > how > > > > the netlogon service works, or any suggestions as to what I should try ? > > > > > > > > > > > > Regards in advance > > > > Brian Keats > > > > > > > > > > > > P.S. Good luck with your holiday and new job Luke ! > > > > > > > > > > > > > > From kevinc at grainsystems.com Fri Mar 3 15:38:43 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:28:53 2003 Subject: NetLogon Service References: <38BF7DE6.C7150073@ic.ac.uk> <037301bf851b$4b590680$2101060a@pcca.com> Message-ID: <38BFDC83.8F48491A@grainsystems.com> Seth Thornberry wrote: > > Is it necessary to have the netlogon share be local, or would it > be permissible to mount (smbfs?) to another share that contains > the login scripts? Are there any inherent problems with this > (besides the issue of not being a true backup)? I bet you could do it, but as you hinted at, it doesn't sound like a good idea. If the PDC thrashes a disc, what good is this machine? Even a simple cron'd copy would be more useful. - Kevin Colby kevinc@grainsystems.com From robert.schuhl at ald-vt.de Fri Mar 3 16:09:41 2000 From: robert.schuhl at ald-vt.de (Robert Schuhl) Date: Tue Dec 2 02:28:53 2003 Subject: SPOOLSS how to configure Message-ID: <00a701bf852a$e2db80a0$020410ac@aldvt.de> Hi! Just a short question: Are there any new parameters to use the new spool system with NT? Autoloading of drivers from the client (Like NT-Server) already possible, and if how? Thanks. MfG Robert Schuhl --- Robert Schuhl, Leiter IT-S ALD Vacuum Technologies AG Address: Wilhelm Rohn Str. 35, D-63450 Hanau Tel: +49-6181-307-3211 Fax: +49-6181-307-3215 http://www.ald-vt.de -------------- next part -------------- A non-text attachment was scrubbed... Name: ALD Vacuum Technologies AG Schuhl, Robert (E-Mail).vcf Type: text/x-vcard Size: 416 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000303/da86f5f9/ALDVacuumTechnologiesAGSchuhlRobertE-Mail.vcf From computer at kneschke.de Fri Mar 3 16:24:45 2000 From: computer at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:53 2003 Subject: SPOOLSS how to configure References: <00a701bf852a$e2db80a0$020410ac@aldvt.de> Message-ID: <38BFE74D.2DBF16B4@kneschke.de> Robert Schuhl wrote: > > Hi! > > Just a short question: Are there any new parameters to use the new spool system with NT? Autoloading of drivers from > the client (Like NT-Server) already possible, and if how? Thanks. Printing is broken currently with samba tng. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From bkeats at spiff.chin.gc.ca Fri Mar 3 16:34:59 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:53 2003 Subject: Fwd: Re: NetLogon Service Message-ID: <00030311354401.01023@panther> First, allow me thank all of you who have taken the time to reply to my original post. I appreciated your suggestions .... (Did I mention I'm using secuity = domain ?) > It probably doesn't, so all you have to do is configure your 'logon script' > to point to the NT server where the scripts are held...easy... > > Same for roaming profiles dir, etc. > > Just ask the local NT admin what you have to set it to for the domain your > linux box is a member of. I think I might have tried to do this, but I'll try again. > > Not to > > mention how do I specify the correct batch if the NT domain guys are not > > using something that can be substituted by a samba variable. Such as some > > NT admins using a one of many geographically abbrev. for a batch > > file. How would > > that be represented in an smb.conf file ? > > Could you give me an example? (See below...) > > Sorry for rambling on but I was curious if a newer samba version passes > > along the name of the batch file to the authenticating machine (i.e the > > Linux box) who in turn would check it's netlogon share and then pass along > > the appropriate batch file. > > Some stuff to try: > > logon script = %U.bat I'm assuming this would work if the NT guys have named the batch file for my NT account to be my username.bat. What if they have been using something like (for users located in one part of the city) '\west\corporate\users.bat' for some users in there domains and other stuff like '\east\marketing\manager.bat` for other users in the same domain, etc... or would %U expand to '\west\corporate\users'.bat for a user named foo whom had this path and filename configured in the "User Manager for Domains" ? I'll give that one a try. > logon drive = H: > logon home = \\ntserver\homes\%U > logon path = \\ntserver\profiles\%U > > This, of course, will have to be set to the correct location of the files on > the ntserver (an example would help me here) I'm not interested at this point in roaming profiles (although a good idea) but I see where you're going. I believe they have the various logon batch files sub divided by region and division or something to that nature. Some are named common, others are named common1 others are named other things. I'm not sure if there is any consistentcy to their naming schemes ! Here is a fictious example of an entry in the "User Manager for Domains" (I think this is the NT application which manages this kinda thing. It's been a year or two since I've last used an NT machine and I can't rightfully recall what the application is called or what fields are contained in the application) User: Foo Logon Script Name: west\admin\startup.bat User: Bar Logon Script Name: east\corporate\common.bat > > L8r, > > Chris ------------------------------------------------------- From kevinc at grainsystems.com Fri Mar 3 16:47:04 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:28:53 2003 Subject: Fwd: Re: NetLogon Service References: <00030311354401.01023@panther> Message-ID: <38BFEC88.4608605B@grainsystems.com> Brian Keats wrote: > > (Did I mention I'm using secuity = domain ?) I do not understand what you are trying to do here. Is this a PDC, BDC, or a domain member? - Kevin Colby kevinc@grainsystems.com From p.mayers at ic.ac.uk Fri Mar 3 17:12:03 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:28:53 2003 Subject: NetLogon Service Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81369@icex1.cc.ic.ac.uk> smbmount in particular doesn't permission map, but that's not a problem. The important thing is that windows will do a tcon on the PDC for "netlogon" - if the logging in DC (PDC or a BDC) doesn't have a netlogon share, it won't look elsewhere. So yes, your system would work. Cheers, Phil ===================== The world is divided into two kinds of people, those who divide the world into two kinds of people, and those who don't... -----Original Message----- From: Seth Thornberry [mailto:seth.thornberry@pcca.com] Sent: Friday, March 03, 2000 2:21 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: NetLogon Service Is it necessary to have the netlogon share be local, or would it be permissible to mount (smbfs?) to another share that contains the login scripts? Are there any inherent problems with this (besides the issue of not being a true backup)? Seth Thornberry http://chaos.greeny.org/~deadpan ----- Original Message ----- From: Phil Mayers To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, March 03, 2000 2:47 AM Subject: Re: NetLogon Service > The netlogon share must exist *on the domain controller* that you're > logging in at the time. > > Cheers, > Phil > > Brian Keats wrote: > > > > Thanks for the reply Chris, > > No, I don't have a netlogon share defined. I was hoping I could > > get away without doing that. Our organization has a very large > > distributed NT domain. I was hoping I could get my Linux machine to > > validate users and pass along whatever logon batch file the NT domain > > admins have set up for each of their users, without me recreating or also > > storing their batch files on my linux machine. So far, my linux machine > > will validate users on the win95 machines even though they don't have an > > entry in /etc/passwd on my linux machine !!! (Which suprised me). They can > > map shares and browse the network !!! I was also hoping the NT PDC/BDC > > would also pass along the name and location of a users logon batch > > file. At one point, I copied all the hundreds of different batch files > > complete with correct directory structure to my linux machine in placed > > them in a netlogon path and also specified this root path in a netlogon > > service on my linux machine. Still didn't get the batch file passed along > > to the client. This is why I am wondering if I should be trying a newer > > version. I also tried with giving myself an /etc/passwd entry and > > smbpasswd entry. I can see one way of doing it which would be creating an > > 'account' for each of the thousands of accounts and place a copy of each > > batch file in a netlogon share (which would become a nightmare after a > > short period of time because I would have to constantly and manually > > syncronize my accounts with all the other PDC's in our enterprise). Not to > > mention how do I specify the correct batch if the NT domain guys are not > > using something that can be substituted by a samba variable. Such as some > > NT admins using a one of many geographically abbrev. for a batch > > file. How would > > that be represented in an smb.conf file ? > > > > Sorry for rambling on but I was curious if a newer samba version passes > > along the name of the batch file to the authenticating machine (i.e the > > Linux box) who in turn would check it's netlogon share and then pass along > > the appropriate batch file. > > > > Anyone have any ideas ? > > > > Regards > > On Thu, 2 Mar 2000, Christopher Kings-Lynne wrote: > > > > > Do you definitely have a 'netlogon' share defined and the directive: > > > > > > logon script = %U.bat > > > > > > in your smb.conf? > > > > > > Chris > > > > > > -- > > > Christopher Kings-Lynne > > > Family Health Network > > > chriskl@familyhealth.com.au > > > > > > > > > ----- Original Message ----- > > > From: Brian Keats > > > To: Multiple recipients of list SAMBA-NTDOM > > > Sent: Thursday, March 02, 2000 12:58 AM > > > Subject: NetLogon Service > > > > > > > > > > Hi, > > > > I realize this might not be the best place to post this message but it > > > > sure seems like there are a lot of knowledgable people on this list. I am > > > > currently using 2.05 as a member of an NT domain, with security = domain, > > > to > > > > process domain logons for a handfull of Win95 machines. The current setup > > > > works great for performing the logon service except that the NetLogon > > > service > > > > doesn't work the way I was expecting it to. This is just my assumption on > > > the > > > > NT NetLogon service, but I assume during the process it passes along the > > > > netlogon batch file (for the sake of a better term) to the requesting > > > client to > > > > process. I.E. %u.bat, or whatever. I also assume that the correct batch > > > file > > > > to pass along to the client is stored with username on the NT PDC/BDC's. > > > > Currently, users being validated by my samba server at not passed along > > > this > > > > batch file, but are validated on the domain. I can issue a 'net use' > > > command on > > > > the client with success. Is this a limitation of ver 2.05 and is handled > > > by > > > > TNG or a later version of samba ? Anyone have any further insight as to > > > how > > > > the netlogon service works, or any suggestions as to what I should try ? > > > > > > > > > > > > Regards in advance > > > > Brian Keats > > > > > > > > > > > > P.S. Good luck with your holiday and new job Luke ! > > > > > > > > > > > > > > From p.mayers at ic.ac.uk Fri Mar 3 17:18:58 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:28:53 2003 Subject: NetLogon Service Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8136A@icex1.cc.ic.ac.uk> Erm... What? I'm really confused now. Is the machine meant to be a PDC, BDC or just a server? "server = domain" (and yes, it is a badly named parameter dammit, but we've been through this discussion a million times, and I see no need to repeat it) makes the samba server a domain *member*. server = security domain logons = yes local master = yes make it a PDC, and the same with local master = no Make it a BDC, but that only kind-of works IIRC. So what are you trying to do? A security=domain machine will never serve logon requests because it's a domain member, hence the netlogon share issue isn't an issue... Wait... Reading your original email implies that you *know* you're using it as a domain member, but also: > currently using 2.05 as a member of an NT domain, with security = domain, to > process domain logons for a handful of Win95 machines. The current setup That certainly shouldn't work - what's your complete smb.conf? Are you sure that the samba server is actually the one serving the logon requests? It shouldn't be in security=domain. Cheers, Phil ===================== The world is divided into two kinds of people, those who divide the world into two kinds of people, and those who don't... -----Original Message----- From: Brian Keats [mailto:bkeats@spiff.chin.gc.ca] Sent: Friday, March 03, 2000 4:39 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Fwd: Re: NetLogon Service First, allow me thank all of you who have taken the time to reply to my original post. I appreciated your suggestions .... (Did I mention I'm using secuity = domain ?) > It probably doesn't, so all you have to do is configure your 'logon script' > to point to the NT server where the scripts are held...easy... > > Same for roaming profiles dir, etc. > > Just ask the local NT admin what you have to set it to for the domain your > linux box is a member of. I think I might have tried to do this, but I'll try again. > > Not to > > mention how do I specify the correct batch if the NT domain guys are not > > using something that can be substituted by a samba variable. Such as some > > NT admins using a one of many geographically abbrev. for a batch > > file. How would > > that be represented in an smb.conf file ? > > Could you give me an example? (See below...) > > Sorry for rambling on but I was curious if a newer samba version passes > > along the name of the batch file to the authenticating machine (i.e the > > Linux box) who in turn would check it's netlogon share and then pass along > > the appropriate batch file. > > Some stuff to try: > > logon script = %U.bat I'm assuming this would work if the NT guys have named the batch file for my NT account to be my username.bat. What if they have been using something like (for users located in one part of the city) '\west\corporate\users.bat' for some users in there domains and other stuff like '\east\marketing\manager.bat` for other users in the same domain, etc... or would %U expand to '\west\corporate\users'.bat for a user named foo whom had this path and filename configured in the "User Manager for Domains" ? I'll give that one a try. > logon drive = H: > logon home = \\ntserver\homes\%U > logon path = \\ntserver\profiles\%U > > This, of course, will have to be set to the correct location of the files on > the ntserver (an example would help me here) I'm not interested at this point in roaming profiles (although a good idea) but I see where you're going. I believe they have the various logon batch files sub divided by region and division or something to that nature. Some are named common, others are named common1 others are named other things. I'm not sure if there is any consistentcy to their naming schemes ! Here is a fictious example of an entry in the "User Manager for Domains" (I think this is the NT application which manages this kinda thing. It's been a year or two since I've last used an NT machine and I can't rightfully recall what the application is called or what fields are contained in the application) User: Foo Logon Script Name: west\admin\startup.bat User: Bar Logon Script Name: east\corporate\common.bat > > L8r, > > Chris ------------------------------------------------------- From bkeats at spiff.chin.gc.ca Fri Mar 3 17:52:14 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:53 2003 Subject: Fwd: Re: NetLogon Service In-Reply-To: <38BFEC88.4608605B@grainsystems.com> References: <00030311354401.01023@panther> <38BFEC88.4608605B@grainsystems.com> Message-ID: <00030312542402.01023@panther> On Fri, 03 Mar 2000, Kevin Colby wrote: > Brian Keats wrote: > > > > (Did I mention I'm using secuity = domain ?) > > I do not understand what you are trying to do here. > Is this a PDC, BDC, or a domain member? > > - Kevin Colby > kevinc@grainsystems.com It's a domain member. I'm trying to get it to act as a, for the lack of a better term, kind of proxy DOMAIN controller. It's almost doing that now except for the part of passing along the logon script to the client machine. In other words, the linux machine is validating users by contacting the PDC ( or one of the BDC's). From duke at heloc.com Fri Mar 3 17:56:43 2000 From: duke at heloc.com (Rob Dueckman) Date: Tue Dec 2 02:28:54 2003 Subject: Win 2K login and %U Message-ID: <1000303125643.ZM9504@frodo.heloc.com> I'm running TNG pulled down from CVS yesterday. I'm having problems getting login scripts to run. If I specify %U.bat, then nothing runs. If I specify bob.bat where bob is the login user (in all cases) then the login script runs. The same thing happens for roaming profiles... I am running under IRIX 6.5.6 and 6.5.7, with gcc 2.8.1. Attached is my smb.conf If log files are required, please let me know the log level, and wich log file you require. Also, in quite a few of the log files, I am getting a message: socket connect to /tmp/.msrpc/.srvsvc/agent failed: No such file or directory and socket connect to /tmp/.msrpc/.NETLOGON/agent failed: No such file or directory The directory .msrpc doesn't get created in /tmp. All sockets that I can find are created in /usr/samba/var/locks/.msrpc Thanks in advace for your help. Rob -------------- next part -------------- # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2000/03/03 12:35:10 # Global parameters workgroup = TESTDOM netbios name = MR_FRODO encrypt passwords = Yes server schannel = Auto map to guest = Bad User unix password sync = Yes max log size = 1000 time server = Yes read prediction = Yes local group map = /usr/samba/private/localgroup.map domain group map = /usr/samba/private/domaingroup.map domain user map = /usr/samba/private/domainuser.map logon script = %U.bat logon path = \\%N\profiles\%U logon drive = Z: domain logons = Yes preferred master = True domain master = True wins support = Yes comment = Samba %v print command = /usr/samba/bin/sambalp %p %s %U %m dont descend = /proc,/dev vfs option = [homes] comment = Home Directories read only = No browseable = No vfs option = [printers] comment = All Printers path = /usr/tmp create mask = 0700 guest ok = Yes print ok = Yes browseable = No vfs option = [tmp] comment = Temporary file space path = /usr/tmp read only = No guest ok = Yes vfs option = [CDROM] comment = CD ROM Drive path = /CDROM guest ok = Yes vfs option = [root] path = / vfs option = [Disk_2] path = /disk2 read only = No guest ok = Yes vfs option = [Jaz] path = /jaz read only = No guest ok = Yes vfs option = [netlogon] comment = PDC netlogon share path = /usr/samba/netlogon vfs option = [profiles] path = /usr/samba/profiles read only = No vfs option = [profile] path = /usr/samba/profile read only = No vfs option = From lajbi at lajli.gau.hu Fri Mar 3 18:09:32 2000 From: lajbi at lajli.gau.hu (Lajber Zoltan) Date: Tue Dec 2 02:28:54 2003 Subject: nt printing on cvs In-Reply-To: <00030312542402.01023@panther> Message-ID: Hi, I use an older (a few month?) cvs for PDC, it works ok for me, except one thing: the printing. I have no printer status: OK on nt clients, when clicking on the \\server\printer (one click, ofcos). I use debian linux (slink), with lprng. The simptome is same for lpr system too. I did "testparm | less", and I saw two options, which I coudn't find in documentaton (man page or docs/). This two options are: nt forms file = /usr/local/samba/lib/ntforms.def nt printer driver = /usr/local/samba/lib Do I need /usr/local/samba/lib/ntforms.def file? Should it be emtpy, or what? What I need to put in /usr/local/samba/lib ? It can be done like printer driver sharing for win9x, or this still under construction? I can live with working printrs on server, without suppling drivers. Thankx and Bye, -=Lajbi=-------------------------------------------------------------------- LAJBER Zoltan lajbi@jht.gau.hu http://jht.gau.hu/~lajbi GATE Jarmu- es Hotechnika Tanszek http://jht.gau.hu A member of HuLUG http://mlf.linux.rulez.org/mlf From bkeats at spiff.chin.gc.ca Fri Mar 3 17:57:12 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:54 2003 Subject: NetLogon Service In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F8136A@icex1.cc.ic.ac.uk> References: <0846B011B9A4D111A1EE006097DA4FCE02F8136A@icex1.cc.ic.ac.uk> Message-ID: <00030313234504.01023@panther> Ok, I guess now it's time to come clean. I've set up a few machines on a private network. The linux machine is acting as a firewall with IP_Masquerading turned on. To answer your question as to am I sure the linux machine is validating logon requests, yes I am certain it is. I've tried without SAMBA running and the machines don't seem to be able to find the domain controller. I've added the PDC and BDC's in the lmhosts file on the Win 95 machines and I've watched the packets flying through the "firewall". After reading some postings on the various IP MASQUERADING and IPCHAINS sites I've only come accross a 2 other people attempting to do what I'm trying to do and I saw a suggestion to try SAMBA. I'm impressed that it's performing the validation procedure and I can verify this because I can issue 'net use' commands from the WIN 95 machines and can also see the same machines through network neighborhood as I can when using another Win95 machine not behind my firewall. I've looked at the logs with logging turned up but have't been able to exactly figure out what's going on. The logs don't really show me which interface is being used when IPC services are initiated. Although, when I first attempted this I made the mistake of putting both the private and public interfaces in the smb.conf 'interfaces' section (without telling any of the NT admins that I was doing this !!!!). The linux machine then validated users both on the private and public networks but didn't process the logon scripts which are stored on the various network machines ! This is the only part I haven't much of an idea on how to handle. If you've read the previous postings it would very easy if the NT administrators used something like a username (%U).bat to name the logon scripts and kept them all in one directory, but they don't. It would also be very easy if I only had a couple of users to deal with, at which point I could syncronize a netlogon share with NT machines. I could possibly work around this if the NT PDC or BDC would pass along in its logon structure the name and path of the logon script for the validated user. Maybe NT does do this and a newer samba version would be able to pick this up ? Or maybe my answer is to create my own domain and then create a trust with the NT domain ? On Fri, 03 Mar 2000, Mayers, P J wrote: > Erm... What? I'm really confused now. Is the machine meant to be a PDC, BDC > or just a server? "server = domain" (and yes, it is a badly named parameter > dammit, but we've been through this discussion a million times, and I see no > need to repeat it) makes the samba server a domain *member*. > > server = security > domain logons = yes > local master = yes > > make it a PDC, and the same with > > local master = no > > Make it a BDC, but that only kind-of works IIRC. > > > > So what are you trying to do? A security=domain machine will never serve > logon requests because it's a domain member, hence the netlogon share issue > isn't an issue... > > Wait... > > Reading your original email implies that you *know* you're using it as a > domain member, but also: > > > currently using 2.05 as a member of an NT domain, with security = domain, > to > > process domain logons for a handful of Win95 machines. The current setup > > That certainly shouldn't work - what's your complete smb.conf? Are you sure > that the samba server is actually the one serving the logon requests? It > shouldn't be in security=domain. > > Cheers, > Phil > From David.Bear at asu.edu Fri Mar 3 18:27:12 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:28:54 2003 Subject: smbwrapper on freebsd Message-ID: When attempting to compile --with-smbwrapper on FreeBsd I get Linking bin/smbsh Compiling smbwrapper/smbw.c with -fpic smbwrapper/smbw.c: In function `smbw_server': smbwrapper/smbw.c:434: too many arguments to function `make_nmb_name' smbwrapper/smbw.c:435: too many arguments to function `make_nmb_name' smbwrapper/smbw.c:479: too many arguments to function `make_nmb_name' *** Error code 1 This is pre-3.0 Samba... Any pointers? Smbtar seems broken when I attempt to use it, and the tar option in smbclient make an empty tarball. Any pointers on getting smbtar to work? My hope was to get smbwrapper working and then use it to read an smbfile server and create tarballs. David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From computer at kneschke.de Fri Mar 3 18:45:56 2000 From: computer at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:54 2003 Subject: Win 2K login and %U References: <1000303125643.ZM9504@frodo.heloc.com> Message-ID: <38C00864.AFC9005E@kneschke.de> Rob Dueckman wrote: > > I'm running TNG pulled down from CVS yesterday. I'm having problems getting > login scripts to run. > > If I specify %U.bat, then nothing runs. If I specify bob.bat where bob is the > login user (in all cases) then the login script runs. > > The same thing happens for roaming profiles... %U doesn't work currently. Someone has psoted a little patch for this. > socket connect to /tmp/.msrpc/.srvsvc/agent failed: No such file or directory > and > socket connect to /tmp/.msrpc/.NETLOGON/agent failed: No such file or directory > > The directory .msrpc doesn't get created in /tmp. All sockets that I can find > are created in /usr/samba/var/locks/.msrpc Ignore it. It's unimportant. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From yohji at v-wave.com Fri Mar 3 18:52:30 2000 From: yohji at v-wave.com (Yohji) Date: Tue Dec 2 02:28:54 2003 Subject: samba-tng version? Message-ID: SGVsbG8gdGhlcmUsDQoNCkkganVzdCBkb3dubG9hZCB0aGUgbGF0ZXN0IHNhbWJhIHRuZyB1c2lu ZyBjdnMgYSBmZXcgZGF5cyBhZ28sIGNhbiBhbnlvbmUgdGVsbCBtZSB0aGF0IHdoYXQgdmVyc2lv biBpcyB0aGF0Pw0KQWxzbywgSSB0cmllZCB0byBjb25maWd1cmUgdG5nIHVzaW5nIHRoZSBpbnN0 cnVjdGlvbiBvbiBMYXJzJyBob21lcGFnZSwgSSBjb21waWxlZCB0aGUgU2FtYmEtVE5HIG9ubHkN CmFuZCBoZXJlIGlzIG15IHNtYi5jb25mDQpbZ2xvYmFsXQ0KDQpuZXRiaW9zIG5hbWUgPSB5b2hq aS1saW51eA0Kd29ya2dyb3VwID0gRE9NQUlODQoNCnNlY3VyaXR5ID0gdXNlcg0KZG9tYWluIGxv Z29ucyA9IHllcw0KZW5jcnlwdCBwYXNzd29yZHMgPSB5ZXMNCnNtYiBwYXNzd2QgZmlsZSA9IC9v cHQvc2FtYmEtdG5nL3ByaXZhdGUvc21icGFzc3dkDQoNCmxvZyBsZXZlbCA9IDEwMA0Kb3MgbGV2 ZWwgPSA2NQ0KZG9tYWluIG1hc3RlciA9IHllcw0KcHJlZmVycmVkIG1hc3RlciA9IHllcw0KbG9j YWwgbWFzdGVyID0geWVzDQoNCndpbnMgc3VwcG9ydCA9IHllcw0KdGltZSBzZXJ2ZXIgPSB5ZXMN Cg0KI2xvZ29uIHNjcmlwdCA9IGxvZ2luLmJhdA0KbG9nb24gZHJpdmUgPSBVOg0KbG9nb24gaG9t ZSA9IFxceW9oamktbGludXhcUHJvZmlsZVwlVQ0KbG9nb24gcGF0aCA9IFxceW9oamktbGludXhc UHJvZmlsZVwlVQ0KDQpbaG9tZXNdDQpicm93c2VhYmxlID0gbm8NCndyaXRhYmxlID0geWVzDQpj b21tZW50ID0gaG9tZSBkaXJlY3RvcnkNCg0KW25ldGxvZ29uXQ0KcGF0aCA9IC9vcHQvc2FtYmEt dG5nL25ldGxvZ29uDQp3cml0YWJsZSA9IG5vDQpndWVzdCBvayA9IG5vDQpjb21tZW50ID0gUERD IE5ldGxvZ29uDQoNCltQcm9maWxlXQ0KcGF0aCA9IC9vcHQvc2FtYmEtdG5nL3Byb2ZpbGUNCndy aXRlYWJsZSA9IHllcyAgIA0KDQpbcHVibGljXQ0KcGF0aCA9IC9vcHQvc2FtYmEtdG5nL3B1Ymxp Yw0KYnJvd3NlYWJsZSA9IHllcw0KcHVibGljID0geWVzDQpjb21tZW50ID0gUHVibGljIHNoYXJl DQoNCmFuZCBoZXJlIGlzIHRoZSBzbWJwYXNzd2QgZmlsZQ0Kcm9vdDowOjpbVSAgICAgICAgICBd OkxDVC0zOEJERkNGJA0KeW9oamk6NTAwOjpbRFUgICAgIF06TENULTM4QkRGRjQ3Og0KWU9ISkkk OjgwMzo6W1cgICAgICAgICAgXTpMQ1QtMzhCJA0KDQpNeSBTYW1iYSBpcyBjYWxsZWQgeW9oamkt bGludXggYW5kIG15IE5UIHNlcnZlciBpcyBjYWxsZWQgeW9oamkgYW5kIEkgZ290IGEgbGFwdG9w IHdoaWNoIHVzaW5nIHdpbjk4IGlzIGNhbGxlZCBtb2JpbGUteW9oamkNClNvIEkgc3RhcnRlZCBh bGwgdGhlIGRhZW1vbiBhbmQgdHJpZWQgdG8gbG9naW4sIEkgYW5kIHRyaWVkIHRvIGxvZ2luDQpm cm9tIG15IGxhcHRvcCBJIGNhbiBsb2dpbiBmaW5lLCBubyBwcm9ibGVtDQpidXQgd2hlbiBJIHRy aWVkIHRvIGxvZ2luIHVzaW5nIG15IE5UIHNlcnZlciwgaXQgd2lsbCBlaXRoZXIgc2FpZCBteSBw YXNzd29yZCBpcyBpbmNvcnJlY3Qgb3IgdGhlIHNlcnZlciBpcyBjdXJyZW50bHkgZG93bg0KYnR3 LCBJIGNhbiBydW4gc2FtYmEtMi4wLjYgZmluZSBhbmQgZ290IG5vIHByb2JsZW0gbG9nb24gd2l0 aCB0aGF0DQoNCkNhbiBzb21lb25lIGdpdmUgbWUgc29tZSB0aG91Z2h0IGFib3V0IHRoYXQNCg0K VGhhbngNCg0KWW8NCg== From lkcl at samba.org Fri Mar 3 20:16:15 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:54 2003 Subject: samba-tng-alpha-0.8.tar.gz Message-ID: released in ftp://samba.org/pub/samba/alpha. please use mirror site. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From thomas.uhl at to.com Sat Mar 4 11:37:46 2000 From: thomas.uhl at to.com (Thomas Uhl) Date: Tue Dec 2 02:28:54 2003 Subject: Problems with samba-tng-alpha-0.8.tar.gz References: Message-ID: <38C0F58A.85C63B1B@to.com> Hi there! I tried to login to a tng-alpha-0.8 smaba running as PDC. The logon does not work. The login file "log.smb" contains the following errors: authorise_login: TODO. split function, it's 6 levels! socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused socket connect to /tmp/.msrpc/.NETLOGON/agent failed: Connection refused There are no UNIX domain sockets visibile in /tmp. The name of the server is LT-TU the client is LT-TU2. The smbpasswd contains the following lines: LT-TU2$:56567:9A2A51AB1F6908A62A9D339293FFFC60: CE5996C74C3775EF9A3D80A43D1DBB17:[W ]:LCT-38C0E6CC: tuhl:1001:8E5BB7D376C288F2AAD3B435B51404EE: 869F05298ADC3D77531B83941C33FCF2:[DU ]:LCT-38C0F459: root:0:5E034F1C6B499EC1613E9293942509F0: EF49029314F29149CE1EACE20F5F9335:[DU ]:LCT-38C0F460: Yours T. Uhl -- ----------------------------------------------------------------------------- Thomas Uhl thomas.uhl@to.com Thinking Objects Software GmbH phone: +49 711 838981-50 Stuttgart, Germany fax: +49 711 838981-69 ----------------------------------------------------------------------------- From samba at cocos-net.de Sat Mar 4 12:31:39 2000 From: samba at cocos-net.de (Dominik Fritz) Date: Tue Dec 2 02:28:54 2003 Subject: Policies for Win95 Clients Message-ID: Hi I'm running a Samba 2.06 Server configured as PDC. In the Logon Share I put the ntconfig.pol file. With the NT Clients this works quit well. My Question is: how do I have to name the System policy file for Win95 Clients Thanks in advance Dominik Fritz From thomas.uhl at to.com Sat Mar 4 12:40:19 2000 From: thomas.uhl at to.com (Thomas Uhl) Date: Tue Dec 2 02:28:54 2003 Subject: Step by step instructions? Message-ID: <38C10433.AD05D83A@to.com> Hi all! Can anybody provide a _complete_ step by step instruction list with examples how to setup a Samba TNG v0.8 as an PDC and how to connect from a Windows NT client to that server. I read most of the e-mails on this list, but I was not sucessfull in setting my environment in the righ way to be able to login from my NT 4.0 workstation. Yours T. Uhl -- ----------------------------------------------------------------------------- Thomas Uhl thomas.uhl@to.com Thinking Objects Software GmbH phone: +49 711 838981-50 Stuttgart, Germany fax: +49 711 838981-69 ----------------------------------------------------------------------------- From lars at kneschke.de Sat Mar 4 12:41:42 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:54 2003 Subject: Step by step instructions? References: <38C10433.AD05D83A@to.com> Message-ID: <38C10486.FEBC3277@kneschke.de> Thomas Uhl wrote: > > Hi all! > > Can anybody provide a _complete_ step by step instruction list with > examples > how to setup a Samba TNG v0.8 as an PDC and how to connect from a > Windows NT > client to that server. > > I read most of the e-mails on this list, but I was not sucessfull in > setting > my environment in the righ way to be able to login from my NT 4.0 > workstation. I have setup a webpage for Samba TNG. See http://www.kneschke.de/projekte/samba-tng Cu From karl at Denninger.Net Sat Mar 4 14:38:06 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:54 2003 Subject: Step by step instructions? In-Reply-To: <38C10486.FEBC3277@kneschke.de>; from Lars Kneschke on Sun, Mar 05, 2000 at 01:29:28AM +1100 References: <38C10433.AD05D83A@to.com> <38C10486.FEBC3277@kneschke.de> Message-ID: <20000304083806.D71367@Denninger.Net> There is a problem though - the most recent CVS update I grabbed (last night) fails to compile, and with Luke out of the picture, I have no idea what (or when) it will be fixed. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Sun, Mar 05, 2000 at 01:29:28AM +1100, Lars Kneschke wrote: > Thomas Uhl wrote: > > > > Hi all! > > > > Can anybody provide a _complete_ step by step instruction list with > > examples > > how to setup a Samba TNG v0.8 as an PDC and how to connect from a > > Windows NT > > client to that server. > > > > I read most of the e-mails on this list, but I was not sucessfull in > > setting > > my environment in the righ way to be able to login from my NT 4.0 > > workstation. > I have setup a webpage for Samba TNG. See > http://www.kneschke.de/projekte/samba-tng > > Cu From mjwestkamper at weiinc.com Sat Mar 4 15:55:05 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:28:54 2003 Subject: Step by step instructions? References: <38C10433.AD05D83A@to.com> <38C10486.FEBC3277@kneschke.de> Message-ID: <38C131D9.D6C14CBF@weiinc.com> URL es it nicht. No URL there... Lars Kneschke wrote: > Thomas Uhl wrote: > > > > Hi all! > > > > Can anybody provide a _complete_ step by step instruction list with > > examples > > how to setup a Samba TNG v0.8 as an PDC and how to connect from a > > Windows NT > > client to that server. > > > > I read most of the e-mails on this list, but I was not sucessfull in > > setting > > my environment in the righ way to be able to login from my NT 4.0 > > workstation. > I have setup a webpage for Samba TNG. See > http://www.kneschke.de/projekte/samba-tng > > Cu From Elrond at Wunder-Nett.org Sat Mar 4 15:58:31 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:54 2003 Subject: Step by step instructions? In-Reply-To: <20000304083806.D71367@Denninger.Net>; from Karl Denninger on Sun, Mar 05, 2000 at 01:41:08AM +1100 References: <38C10433.AD05D83A@to.com> <38C10486.FEBC3277@kneschke.de> <20000304083806.D71367@Denninger.Net> Message-ID: <20000304165830.A18494@baerbel.mug.maschinenbau.tu-darmstadt.de> On Sun, Mar 05, 2000 at 01:41:08AM +1100, Karl Denninger wrote: > There is a problem though - the most recent CVS update I grabbed (last > night) fails to compile, and with Luke out of the picture, I have no idea > what (or when) it will be fixed. Could you be more specific? Elrond From jphollan at earthlink.net Sat Mar 4 15:57:18 2000 From: jphollan at earthlink.net (Jason Holland) Date: Tue Dec 2 02:28:54 2003 Subject: Step by step instructions? In-Reply-To: <38C131D9.D6C14CBF@weiinc.com> Message-ID: <000201bf85f2$51a7e240$0264a8c0@mickey.earthlink.net> http://www.kneschke.de/projekte/samba_tng/index.php3 ]- ]- URL es it nicht. ]- ]- No URL there... ]- ]- Lars Kneschke wrote: ]- ]- > Thomas Uhl wrote: ]- > > ]- > > Hi all! ]- > > ]- > > Can anybody provide a _complete_ step by step instruction list with ]- > > examples ]- > > how to setup a Samba TNG v0.8 as an PDC and how to connect from a ]- > > Windows NT ]- > > client to that server. ]- > > ]- > > I read most of the e-mails on this list, but I was not sucessfull in ]- > > setting ]- > > my environment in the righ way to be able to login from my NT 4.0 ]- > > workstation. ]- > I have setup a webpage for Samba TNG. See ]- > http://www.kneschke.de/projekte/samba-tng ]- > ]- > Cu ]- ]- From Jean-Francois.Micouleau at dalalu.fr Sat Mar 4 22:19:39 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:54 2003 Subject: Step by step instructions? In-Reply-To: <20000304083806.D71367@Denninger.Net> Message-ID: On Sun, 5 Mar 2000, Karl Denninger wrote: > There is a problem though - the most recent CVS update I grabbed (last > night) fails to compile, and with Luke out of the picture, I have no idea > what (or when) it will be fixed. Can you post the error messages to the list that would help to know where it fails. What OS are you running ? J.F. From karl at Denninger.Net Sat Mar 4 22:22:56 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:54 2003 Subject: Step by step instructions? In-Reply-To: ; from Jean Francois Micouleau on Sat, Mar 04, 2000 at 11:19:39PM +0100 References: <20000304083806.D71367@Denninger.Net> Message-ID: <20000304162256.A1092@Denninger.Net> On Sat, Mar 04, 2000 at 11:19:39PM +0100, Jean Francois Micouleau wrote: > > On Sun, 5 Mar 2000, Karl Denninger wrote: > > > There is a problem though - the most recent CVS update I grabbed (last > > night) fails to compile, and with Luke out of the picture, I have no idea > > what (or when) it will be fixed. > > Can you post the error messages to the list that would help to know where > it fails. What OS are you running ? > > J.F. > > Genesis:${PWD##}> make Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE="/usr/local/samba/var" -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/samba/bin" -DFORMSFILE="/usr/local/samba/lib/ntforms.def" -DNTDRIVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/local/samba/bin/smbpasswd" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" -DSAM_DIR="! /usr/local/samba/sam" -DSMB_PASSGRP_FILE="/usr/local/samba/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/local/samba/private/smbgroup" -DSMB_ALIAS_FILE="/usr/local/samba/private/smbalias" Using LIBS = -lreadline -lcrypt -lpam -lcurses Linking bin/svcctld svcctld/svcctld.o: In function `service_init': svcctld/svcctld.o(.text+0x24): undefined reference to `generate_wellknown_sids' *** Error code 1 FreeBSD Genesis.Denninger.Net 4.0-CURRENT FreeBSD 4.0-CURRENT #4: Tue Jan 18 16:12:18 CST 2000 karl@Genesis.Denninger.Net:/usr/src/sys/compile/KARL i386 PS: A missing function within the software (not a library call) is not operating system dependant :-) -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From maru at xpr.com Sat Mar 4 22:50:57 2000 From: maru at xpr.com (Tracey Maru) Date: Tue Dec 2 02:28:54 2003 Subject: Ideas Message-ID: This might be out of place but I have a problem that I think samba can solve but IM not sure. I want to validate incoming smtp and pop3 services in linux against an NT4sp4 PDC. Any ideas. From steve at genie96.com Sat Mar 4 22:31:43 2000 From: steve at genie96.com (Steve Williams) Date: Tue Dec 2 02:28:54 2003 Subject: March 4 CVS ( tng ) compile error on AIX 4.2 w. gcc2.95.2 Message-ID: <200003042231.PAA83724@spanner.genie96.com> Hi, Bored Saturday afternoon, so I thought I would do something useful & see if samba-tng would compile on AIX 4.2.1 using gcc 2.92.2. I am comfortable with the compiler installation as it has compiled Emacs and HylaFAX. I am a C programmer of old, and have done the HylaFAX port to AIX for the last 6 years or so. Is it productive for me ( at this point in time ) to try to get Samba_TNG to compile on AIX? I realize it will require resources from the list, and don't want to detract from development efforts. I have no screaming need to use Samba_TNG, just one of my "Putting back into the community". Do you want me to persue this, or leave it to a later date? Problem with final linking of shared libraries with libtool.. ... Compiling rpc_parse/parse_sec.c with libtool Compiling lib/msrpc-client.c with libtool mkdir bin Linking shared library bin/libmsrpc.la ld: 0711-934 SEVERE ERROR: Cannot create the output file: .libs/libmsrpc.so.0.0.1 ld:open() No such file or directory collect2: ld returned 12 exit status make: 1254-004 The error code from the last command is 1. Stop. Standard ./configure & make.. The flags being used to compile are: Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGE_FILES -DLOGFILEBASE="/usr/local/samba/var" -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/samba/bin" -DFORMSFILE="/usr/local/samba/lib/ntforms.def" -DNTDRIVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/local/samba/bin/smbpasswd" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" -DSAM_DIR="/usr/local/samba/sam" -DSMB_PASSGRP_FILE="/usr/local/samba/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/local/samba/private/smbgroup" -DSMB_ALIAS_FILE="/usr/local/samba/private/smbalias" Using LIBS = -lreadline -lcurses -- Steve Williams, Calgary, Alberta, Canada Genie Computer Systems Inc. steve@genie96.com "A man doesn't begin to attain wisdom until he recognizes that he is no longer indispensable." - Admiral Richard E. Byrd ( 1888-1957 ) From Jean-Francois.Micouleau at dalalu.fr Sat Mar 4 23:12:26 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:54 2003 Subject: Ideas In-Reply-To: Message-ID: On Sun, 5 Mar 2000, Tracey Maru wrote: > This might be out of place but I have a problem that I think samba can solve > but IM not sure. I want to validate incoming smtp and pop3 services in > linux against an NT4sp4 PDC. Any ideas. pop3 easy: get a PAMaware pop3 server and pam_ntdom. incoming smtp ? you mean checking the final recepient ? J.F. From Jean-Francois.Micouleau at dalalu.fr Sat Mar 4 23:14:34 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:54 2003 Subject: March 4 CVS ( tng ) compile error on AIX 4.2 w. gcc2.95.2 In-Reply-To: <200003042231.PAA83724@spanner.genie96.com> Message-ID: On Sun, 5 Mar 2000, Steve Williams wrote: > Compiling rpc_parse/parse_sec.c with libtool > Compiling lib/msrpc-client.c with libtool > mkdir bin > Linking shared library bin/libmsrpc.la > ld: 0711-934 SEVERE ERROR: Cannot create the output file: .libs/libmsrpc.so.0.0.1 > ld:open() No such file or directory > collect2: ld returned 12 exit status > make: 1254-004 The error code from the last command is 1. should work with ./configure --disable-shared. elrond, can you confirm ? J.F. From mg at plum.de Sun Mar 5 00:35:51 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:28:54 2003 Subject: Ideas References: Message-ID: <38C1ABE7.E52F4C8@plum.de> Jean Francois Micouleau wrote: > > On Sun, 5 Mar 2000, Tracey Maru wrote: > > > This might be out of place but I have a problem that I think samba can solve > > but IM not sure. I want to validate incoming smtp and pop3 services in > > linux against an NT4sp4 PDC. Any ideas. > > pop3 easy: get a PAMaware pop3 server and pam_ntdom. > incoming smtp ? you mean checking the final recepient ? > > J.F. by smtp he problably means SMTP AUTH and/or LOGIN support. Both are possible with the latest sendmail beta and the cyrus SASL I think it should be possible .. because SASL can be configured to configure against PAM. But beware .. the SASL documentation out there is even much more rare than the cyrus imapd documentation :))) (p.s. for those who don't know smtp auth: you "login" to an smtp server to permit relaying ... :) regards, Michael From peter at cadcamlab.org Sun Mar 5 12:24:33 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:54 2003 Subject: Step by step instructions? References: <38C10433.AD05D83A@to.com> Message-ID: <14530.20898.827735.737230@wire.cadcamlab.org> [Thomas Uhl] > Can anybody provide a _complete_ step by step instruction list with > examples how to setup a Samba TNG v0.8 as an PDC and how to connect > from a Windows NT client to that server. > > I read most of the e-mails on this list, but I was not sucessfull in > setting my environment in the righ way to be able to login from my NT > 4.0 workstation. This stuff changes too fast for most of us to really keep a good handle on it! The best you can do is probably to start with Lars Kneschke's SAMBA_TNG FAQ. If you really read most of the e-mail on this list, you should have no trouble finding the URL. Peter From s.striker at striker.nl Sun Mar 5 14:41:01 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:28:54 2003 Subject: Ideas In-Reply-To: Message-ID: Hi, >This might be out of place but I have a problem that I think samba >can solve >but IM not sure. I want to validate incoming smtp and pop3 services in >linux against an NT4sp4 PDC. Any ideas. Yes, don't do it. Ofcourse you can as someone suggested with a pam aware pop3 server. The problem is that pop3 sends username/password combinations in the clear over the wire. One network sniffer and security for a user that checks his mail remotely is compromised. Please consider this before implementing this. The reason why I get upset when I see this, is because at the university here, the same scheme was used and some students hacked up a little program which did just this, sniff for pop3 connections and record the username/password combination. This was detected after one day, which is a long period of time in which a lot of mail was checked... Sander Striker From p.mayers at ic.ac.uk Sun Mar 5 15:34:28 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:28:54 2003 Subject: NetLogon Service References: <0846B011B9A4D111A1EE006097DA4FCE02F8136A@icex1.cc.ic.ac.uk> <00030313234504.01023@panther> Message-ID: <38C27E84.68BD839F@ic.ac.uk> What! That's outrageous! :o) Basically, you're screwed. There's no design provision *anywhere* in samba for this kind of thing AFAIK. You're pretty much on your own (although that doesn't mean I wouldn't be interested in hearing how to do it). I think you'll probably have better success using a seperate domain and a trust relationship, but even that may prove flaky at best. Cheers, Phil Brian Keats wrote: > > Ok, I guess now it's time to come clean. > I've set up a few machines on a private network. The linux machine is acting > as a firewall with IP_Masquerading turned on. To answer your question as to am > I sure the linux machine is validating logon requests, yes I am certain it is. > I've tried without SAMBA running and the machines don't seem to be able to find > the domain controller. I've added the PDC and BDC's in the lmhosts file on the > Win 95 machines and I've watched the packets flying through the "firewall". > After reading some postings on the various IP MASQUERADING and IPCHAINS sites > I've only come accross a 2 other people attempting to do what I'm trying to do > and I saw a suggestion to try SAMBA. I'm impressed that it's performing the > validation procedure and I can verify this because I can issue 'net use' > commands from the WIN 95 machines and can also see the same machines through > network neighborhood as I can when using another Win95 machine not behind my > firewall. I've looked at the logs with logging turned up but have't been able > to exactly figure out what's going on. The logs don't really show me which > interface is being used when IPC services are initiated. Although, when I > first attempted this I made the mistake of putting both the private and public > interfaces in the smb.conf 'interfaces' section (without telling any of the NT > admins that I was doing this !!!!). The linux machine then validated users > both on the private and public networks but didn't process the logon scripts > which are stored on the various network machines ! > This is the only part I haven't much of an idea on how to handle. If you've > read the previous postings it would very easy if the NT administrators used > something like a username (%U).bat to name the logon scripts and kept them all > in one directory, but they don't. It would also be very easy if I only had a > couple of users to deal with, at which point I could syncronize a netlogon > share with NT machines. I could possibly work around this if the NT PDC > or BDC would pass along in its logon structure the name and path of the logon > script for the validated user. Maybe NT does do this and a newer samba version > would be able to pick this up ? Or maybe my answer is to create my own domain > and then create a trust with the NT domain ? > > On Fri, 03 Mar 2000, Mayers, P J wrote: > > Erm... What? I'm really confused now. Is the machine meant to be a PDC, BDC > > or just a server? "server = domain" (and yes, it is a badly named parameter > > dammit, but we've been through this discussion a million times, and I see no > > need to repeat it) makes the samba server a domain *member*. > > > > server = security > > domain logons = yes > > local master = yes > > > > make it a PDC, and the same with > > > > local master = no > > > > Make it a BDC, but that only kind-of works IIRC. > > > > > > > > So what are you trying to do? A security=domain machine will never serve > > logon requests because it's a domain member, hence the netlogon share issue > > isn't an issue... > > > > Wait... > > > > Reading your original email implies that you *know* you're using it as a > > domain member, but also: > > > > > currently using 2.05 as a member of an NT domain, with security = domain, > > to > > > process domain logons for a handful of Win95 machines. The current setup > > > > That certainly shouldn't work - what's your complete smb.conf? Are you sure > > that the samba server is actually the one serving the logon requests? It > > shouldn't be in security=domain. > > > > Cheers, > > Phil > > From bkeats at spiff.chin.gc.ca Sun Mar 5 17:35:11 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:54 2003 Subject: NetLogon Service In-Reply-To: <38C27E84.68BD839F@ic.ac.uk> Message-ID: I tried last week working with a trust relationship, only to arrive back at the same thing. I wonder if NT sends along the logon script info to a the linux machine (or even another NT machine) if there is a trust relationship set up from the linux machine to the NT PDC ? I tried last Friday to look at www.ntfaq.com but it appears the server was down. On Mon, 6 Mar 2000, Phil Mayers wrote: > What! That's outrageous! :o) > > Basically, you're screwed. There's no design provision *anywhere* in > samba for this kind of thing AFAIK. You're pretty much on your own > (although that doesn't mean I wouldn't be interested in hearing how to > do it). > > I think you'll probably have better success using a seperate domain and > a trust relationship, but even that may prove flaky at best. > > Cheers, > Phil > > Brian Keats wrote: > > > > Ok, I guess now it's time to come clean. > > I've set up a few machines on a private network. The linux machine is acting > > as a firewall with IP_Masquerading turned on. To answer your question as to am > > I sure the linux machine is validating logon requests, yes I am certain it is. > > I've tried without SAMBA running and the machines don't seem to be able to find > > the domain controller. I've added the PDC and BDC's in the lmhosts file on the > > Win 95 machines and I've watched the packets flying through the "firewall". > > After reading some postings on the various IP MASQUERADING and IPCHAINS sites > > I've only come accross a 2 other people attempting to do what I'm trying to do > > and I saw a suggestion to try SAMBA. I'm impressed that it's performing the > > validation procedure and I can verify this because I can issue 'net use' > > commands from the WIN 95 machines and can also see the same machines through > > network neighborhood as I can when using another Win95 machine not behind my > > firewall. I've looked at the logs with logging turned up but have't been able > > to exactly figure out what's going on. The logs don't really show me which > > interface is being used when IPC services are initiated. Although, when I > > first attempted this I made the mistake of putting both the private and public > > interfaces in the smb.conf 'interfaces' section (without telling any of the NT > > admins that I was doing this !!!!). The linux machine then validated users > > both on the private and public networks but didn't process the logon scripts > > which are stored on the various network machines ! > > This is the only part I haven't much of an idea on how to handle. If you've > > read the previous postings it would very easy if the NT administrators used > > something like a username (%U).bat to name the logon scripts and kept them all > > in one directory, but they don't. It would also be very easy if I only had a > > couple of users to deal with, at which point I could syncronize a netlogon > > share with NT machines. I could possibly work around this if the NT PDC > > or BDC would pass along in its logon structure the name and path of the logon > > script for the validated user. Maybe NT does do this and a newer samba version > > would be able to pick this up ? Or maybe my answer is to create my own domain > > and then create a trust with the NT domain ? > > > > On Fri, 03 Mar 2000, Mayers, P J wrote: > > > Erm... What? I'm really confused now. Is the machine meant to be a PDC, BDC > > > or just a server? "server = domain" (and yes, it is a badly named parameter > > > dammit, but we've been through this discussion a million times, and I see no > > > need to repeat it) makes the samba server a domain *member*. > > > > > > server = security > > > domain logons = yes > > > local master = yes > > > > > > make it a PDC, and the same with > > > > > > local master = no > > > > > > Make it a BDC, but that only kind-of works IIRC. > > > > > > > > > > > > So what are you trying to do? A security=domain machine will never serve > > > logon requests because it's a domain member, hence the netlogon share issue > > > isn't an issue... > > > > > > Wait... > > > > > > Reading your original email implies that you *know* you're using it as a > > > domain member, but also: > > > > > > > currently using 2.05 as a member of an NT domain, with security = domain, > > > to > > > > process domain logons for a handful of Win95 machines. The current setup > > > > > > That certainly shouldn't work - what's your complete smb.conf? Are you sure > > > that the samba server is actually the one serving the logon requests? It > > > shouldn't be in security=domain. > > > > > > Cheers, > > > Phil > > > > From JJones at nwnets.com Sun Mar 5 18:10:18 2000 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:28:54 2003 Subject: ./configure error --with-ldap Message-ID: <4128C0428F94D3118F1E00902773CED201B48C@NNSBOIS1> Hi all, With several different cvs checkouts of SAMBA_TNG over the last three weeks, I've been receiving an error when running ./configure --with-ldap. I have OpenLDAP 1.2.9, running on RH 6.1. The last TNG I tried was last night (3/4/00), but it has happened with several. Here's the last couple sections of the config.log: configure:9988: checking for two-argument statfs with struct fs_data (Ultrix) configure:10016: gcc -o conftest -O conftest.c -lreadline -ldl -lcrypt -lpam -lcurses -lldap -llber 1>&5 configure: In function `main': configure:10009: storage size of `fsd' isn't known configure: failed program was: #line 9996 "configure" #include "confdefs.h" #include #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_SYS_MOUNT_H #include #endif #ifdef HAVE_SYS_FS_TYPES_H #include #endif main () { struct fs_data fsd; /* Ultrix's statfs returns 1 for success, 0 for not mounted, -1 for failure. */ exit (statfs (".", &fsd) != 1); } configure:10049: gcc -o conftest -O conftest.c -lreadline -ldl -lcrypt -lpam -lcurses -lldap -llber 1>&5 /usr/lib/libldap.so: undefined reference to `res_search' /usr/lib/libldap.so: undefined reference to `dn_expand' collect2: ld returned 1 exit status configure: failed program was: #line 10045 "configure" #include "confdefs.h" #include "./tests/summary.c" Any ideas what I should do about this? Thanks! Jeremy Jones From keithd at zartis.com Sun Mar 5 20:01:51 2000 From: keithd at zartis.com (Keith Davey) Date: Tue Dec 2 02:28:54 2003 Subject: Nt4.0 clients will not connect to Samba-tng PDC Message-ID: <38C2BD2F.9C7645A9@zartis.com> Hi, I've set up a SAMBA-TNG PDC. Everything works fine with win98/95 and Unix based samba logins. However all my NT workstation client refuse to join. They respond "the system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect". I am using SAMEDIT to create the machine accounts as the -m switch in smbpasswd is disabled. Any ideas? Keith. From gleblanc at cu-portland.edu Sun Mar 5 21:38:34 2000 From: gleblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:54 2003 Subject: logins from win98 failing with TNG 3/02 Message-ID: <38C2D3DA.5805EE96@cu-portland.edu> I'm getting a "no domain server available" message trying to log in from win98. I've attached debuglevel=100 log.nmb gzipped to this message, because I couldn't make heads or tails of it. Anybody else care to try? Greg -------------- next part -------------- A non-text attachment was scrubbed... Name: log.nmb.save.gz Type: application/x-gzip Size: 10353 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000305/374681af/log.nmb.save.bin From mgeddes at xavier.sa.edu.au Sun Mar 5 22:03:23 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:54 2003 Subject: Success stories? Message-ID: <38C2D9AB.4809FDB8@xavier.sa.edu.au> Hi, since TNG alpha 0.4, I have not been able to get trust accounts working on samba TNG (PDC -> BDC, Workstation / Member server), and therefore cannot log into my domain. Less than handy ;-). Does anyone Out There have any success stories along with step by step destructions as to how they went about it? I am following the same method of doing things as I did while it was working and I did that with the help of Lars Kneschke's Samba TNG FAQ. Thanks in advance, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Sun Mar 5 22:19:49 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:54 2003 Subject: logins from win98 failing with TNG 3/02 References: <38C2D3DA.5805EE96@cu-portland.edu> Message-ID: <38C2DD85.7F3367F7@xavier.sa.edu.au> Gregory Leblanc wrote: > > I'm getting a "no domain server available" message trying to log in from > win98. I've attached debuglevel=100 log.nmb gzipped to this message, > because I couldn't make heads or tails of it. Anybody else care to try? > Greg > I take it your Win98 clients have WINS set up to point to the Samba WINS server. Your log file has an awful lot of stuff accessing the address 127.0.0.1, do you have a bind interfaces line in your smb.conf? I have seen a couple of problems on some versions of linux where the interface addresses couldn't be determined automagically. Hope it helps. Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Sun Mar 5 22:22:02 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:54 2003 Subject: Policies for Win95 Clients References: Message-ID: <38C2DE0A.FFDCCF64@xavier.sa.edu.au> Dominik Fritz wrote: > > Hi > > I'm running a Samba 2.06 Server configured as PDC. In the Logon Share I put > the ntconfig.pol file. With the NT Clients this works quit well. My Question > is: how do I have to name the System policy file for Win95 Clients > > Thanks in advance > > Dominik Fritz config.pol Make sure you use the Win95 version of poledit to edit it and when you save save it to \\PDC\netlogon\config.pol . I have had a few probs even on NT servers. Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From lars at kneschke.de Sun Mar 5 21:56:11 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:54 2003 Subject: Nt4.0 clients will not connect to Samba-tng PDC References: <38C2BD2F.9C7645A9@zartis.com> Message-ID: <38C2D7FB.18986AD0@kneschke.de> Keith Davey wrote: > > Hi, > > I've set up a SAMBA-TNG PDC. Everything works fine with win98/95 and > Unix based samba > logins. > > However all my NT workstation client refuse to join. They respond "the > system cannot log you on to this domain because the > system's computer account in its primary domain is missing or the > password > on that account is incorrect". > > I am using SAMEDIT to create the machine accounts as the -m switch in > smbpasswd is disabled. This is a bug in the current samba tng. I don't what it is, and i have no Windows NT at home. But other people have also this problem. It was working for me, but after restarting the daemons it want not work anymore. Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From GLeblanc at cu-portland.edu Sun Mar 5 23:35:05 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:54 2003 Subject: logins from win98 failing with TNG 3/02 Message-ID: > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Sunday, March 05, 2000 2:13 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: logins from win98 failing with TNG 3/02 > > > Gregory Leblanc wrote: > > > > I'm getting a "no domain server available" message trying > to log in from > > win98. I've attached debuglevel=100 log.nmb gzipped to > this message, > > because I couldn't make heads or tails of it. Anybody else > care to try? > > Greg > > > > I take it your Win98 clients have WINS set up to point to the > Samba WINS > server. > > Your log file has an awful lot of stuff accessing the address > 127.0.0.1, > do you have a bind interfaces line in your smb.conf? I have seen a > couple of problems on some versions of linux where the interface > addresses couldn't be determined automagically. Ahh, saw that warning at the end of configure, but it worked last time I compiled... Any idea why it can't determine interfaces automagically? Just finished a rebuild with today's CVS, we'll see if that fixes anything. Thanks, Grg From GLeblanc at cu-portland.edu Mon Mar 6 00:23:42 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:54 2003 Subject: (more) TNG questions Message-ID: I'd started off the weekend starting to learn C++ from my background in Pascal, but TNG is much more fun, so I'm back screwing around with it. I've added an interfaces line to smb.conf, and I don't see loopback so much anymore, makes things easier to read. Thanks. Question 1. When I start nmbd, I notice that it says "Samba server SPARC20 is now a domain master browser for workgroup DOMAINA on subnet UNICAST_SUBNET" and "Samba server SPARC20 is now a domain master browser for workgroup DOMAINA on subnet 192.168.1.50", which seems nice. I've noticed while watching log.nmb (level 100), that when it does a dump_workgroups() for the subnet at 192.168.1.50, SPARC20 is listed as the DMB, but when it does the same thing for UNICAST_SUBNET, the DMB is UNKNOWN. I don't think its breaking anything, but I'd like to see where to track that down. Question 2. At the end of the listing of parameters that it paid attention to in smb.conf, (the doing parameter... stuff), it comes back with what I think is screwing up my login. It says "lp_servicenumber: couldn't find homes". I don't understand why it can't find homes. I have created an account using 'smbpasswd -a' for the user who I'm trying to log in with. On login, it gives the error "The share name was not found. Be sure you typed it correctly." Seems to me that these are related. I'm using essentially the smb.conf from the TNG FAQ, with just a couple of changes. Can somebody point me to some clues as to why "homes" isn't being found? Greg From mgeddes at xavier.sa.edu.au Mon Mar 6 00:35:35 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:54 2003 Subject: logins from win98 failing with TNG 3/02 References: Message-ID: <38C2FD57.E3AE6762@xavier.sa.edu.au> > Ahh, saw that warning at the end of configure, but it worked last time I > compiled... Any idea why it can't determine interfaces automagically? Just > finished a rebuild with today's CVS, we'll see if that fixes anything. > Thanks, > Grg No idea. I could be wrong about it being the cause of the problem (it's happened). Try using the bind interfaces option in smb.conf and tell it which interfaces to bind to. I believe that it's still an option ...... I got the same message in the configure script in my multi-homed SuSE 6.2 box. It still works. Oh yeah, except for the whole trust account thing (workstations, servers the lot). Anyway, I hope this helps. Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Mon Mar 6 01:03:17 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:54 2003 Subject: (more) TNG questions References: Message-ID: <38C303D5.4AC0CCF@xavier.sa.edu.au> .. > Question 2. At the end of the listing of parameters that it paid attention > to in smb.conf, (the doing parameter... stuff), it comes back with what I > think is screwing up my login. It says "lp_servicenumber: couldn't find > homes". I don't understand why it can't find homes. I have created an > account using 'smbpasswd -a' for the user who I'm trying to log in with. On > login, it gives the error "The share name was not found. Be sure you typed > it correctly." Seems to me that these are related. I'm using essentially > the smb.conf from the TNG FAQ, with just a couple of changes. Can somebody > point me to some clues as to why "homes" isn't being found? > Greg Homes is a special share that shares out every valid SMB users's unix homes directory (I think I got that right). The smb.conf man page can explain it much better than I. It is not enough to be disallowing logins. The worst that can happen is if a login script has a line like: net use h: /home it won't map the drive and will give an error. This in turn may prevent profiles and things from working if they are set up on the user's home drives (which I think is default windows behaviour). I hope this helps. Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Mon Mar 6 02:33:39 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:54 2003 Subject: Fwd: Re: NetLogon Service References: <00030311354401.01023@panther> <38BFEC88.4608605B@grainsystems.com> <00030312542402.01023@panther> Message-ID: <38C31903.AACF1619@xavier.sa.edu.au> Brian Keats wrote: > > On Fri, 03 Mar 2000, Kevin Colby wrote: > > Brian Keats wrote: > > > > > > (Did I mention I'm using secuity = domain ?) > > > > I do not understand what you are trying to do here. > > Is this a PDC, BDC, or a domain member? > > > > - Kevin Colby > > kevinc@grainsystems.com > > It's a domain member. I'm trying to get it to act as a, for the lack of a > better term, kind of proxy DOMAIN controller. It's almost doing that now > except for the part of passing along the logon script to the client machine. > In other words, the linux machine is validating users by contacting the PDC ( > or one of the BDC's). I don't see how it can be physically possible. I was under the impression that if you have security=domain and no domain logons=yes line in your smb.conf file, you are rnuning a member server. It will not process any logons. Once you add the security=user and domain logons=yes, you are no longer a member, but a domain controller. If you join a domain, you are a Backup Domain Controller. Someone else will know for sure. At least you don't need to reinstall your unix to go from PDC -> BDC -> Member server. ;-). Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Mon Mar 6 03:42:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:54 2003 Subject: Domain Trusts Message-ID: <38C32943.D2187BC7@xavier.sa.edu.au> I've just got NTW to join my TNG prealpha-0.8 domain. It can log in. I created a user (that already existed on the Unix side of things) using User Manager for Domains. I still can't get TNG --> TNG working. When I do the createuser STUDENT$ -s -j (from rpcclient as root), the machine account is created OK, but it can't join the domain. I get: LSA_OPENSECRET: LSA_SETSECRET: Set $MACHINE.ACC: Failed I was reading (in Luke's wonderful new book) that Workstations use a known password (the machine's NetBIOS name?) to create the account. This apparently changed in SP4 and the NTW I used above was SP5. Could it be that the problem lies here somewhere? Does anyone have a pointer to something that will show me the exact conversation between the server and workstation (that sounds a little vague: I'm after something that an Administrator will understand that basically details exactly what is exchanged between the two when creating a Domain trust)? Or just a solution to my problem..... ;-) Thanks guys, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From bkeats at spiff.chin.gc.ca Mon Mar 6 03:56:12 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:54 2003 Subject: Fwd: Re: NetLogon Service In-Reply-To: <38C31903.AACF1619@xavier.sa.edu.au> Message-ID: Sorry Matt, I do have domain logons = yes ... On Mon, 6 Mar 2000, Matthew Geddes wrote: > Brian Keats wrote: > > > > On Fri, 03 Mar 2000, Kevin Colby wrote: > > > Brian Keats wrote: > > > > > > > > (Did I mention I'm using secuity = domain ?) > > > > > > I do not understand what you are trying to do here. > > > Is this a PDC, BDC, or a domain member? > > > > > > - Kevin Colby > > > kevinc@grainsystems.com > > > > It's a domain member. I'm trying to get it to act as a, for the lack of a > > better term, kind of proxy DOMAIN controller. It's almost doing that now > > except for the part of passing along the logon script to the client machine. > > In other words, the linux machine is validating users by contacting the PDC ( > > or one of the BDC's). > > I don't see how it can be physically possible. I was under the > impression that if you have security=domain and no domain logons=yes > line in your smb.conf file, you are rnuning a member server. It will not > process any logons. Once you add the security=user and domain > logons=yes, you are no longer a member, but a domain controller. If you > join a domain, you are a Backup Domain Controller. Someone else will > know for sure. > > At least you don't need to reinstall your unix to go from PDC -> BDC -> > Member server. ;-). > > Matt > > -- > "Our goal for the next release of Windows 2000 is to have zero bugs." > - Lucovsky, Microsoft > From gleblanc at cu-portland.edu Mon Mar 6 04:02:45 2000 From: gleblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:55 2003 Subject: (more) TNG questions References: Message-ID: <38C32DE5.4BEE2C7@cu-portland.edu> After removing login script = login.bat from smb.conf, win98 was able to log in just fine. However, now I'm trying to install NT server. I created a *nix user vm_nt_serv, then ran 'smbpasswd -a vm_nt_serv' and left the password blank. I've got the NT server install up to the point where it's trying to either join a Domain, or just be a part of a workgroup. I installed as a stand-alone, just for now. When I try to add it to my domain, I get "unable to connect to the domain controller for this domain. Have your administrator check your computer account on the domain." Or, when I check the little box saying "create a computer account in the domain", and I use root as the username/password, I get "The machine account for this computer either does not exist, or is inaccessable." I've tacked on my my log.nmb again, but I suspect that this is another PEBCAK (problem exists between chair and keyboard), and not something wrong with samba. Greg From mgeddes at xavier.sa.edu.au Mon Mar 6 04:25:04 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:55 2003 Subject: (more) TNG questions References: <38C32DE5.4BEE2C7@cu-portland.edu> Message-ID: <38C33320.FE7B423D@xavier.sa.edu.au> > When I try to > add it to my domain, I get "unable to connect to the domain controller > for this domain. Have your administrator check your computer account on > the domain." Or, when I check the little box saying "create a computer > account in the domain", and I use root as the username/password, I get > "The machine account for this computer either does not exist, or is > inaccessable." I've tacked on my my log.nmb again, but I suspect that > this is another PEBCAK (problem exists between chair and keyboard), and > not something wrong with samba. > Greg I have been having the same problem with TNG and workstations. It looks like a permissions problems. Do you have the 'domain group map = ' or 'domain alias map = ' lines in your smb.conf? I use domain group map = [smbroot]/private/domaingroup.map which contains: root="Domain Admins" users="Domain Users" I also have domain alias map=[smbroot]/private/domainalias.map with the line: root=Administrator It appears to have caused me to be able to log into the domain from an NT box. I'm not 100% sure about it, but it works, so I ain't touching it. Hope it helps, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Mon Mar 6 05:30:32 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:55 2003 Subject: Samba TNG joining domains Message-ID: <38C34278.B3A5FCD7@xavier.sa.edu.au> Hi guys, sorry to be filling you mailboxes up, but I am really eager to get TNG up and running. I am still not able to get a TNG box to join a domain controlled by TNG or NT. The trust account is created (even as a BDC or member server depending on what I try) It appears to be on the client side as I can join a domain controlled by TNG from an NTW and TNG won't join an NT or TNG domain. I think it may be something to do with permissions and changing the trust account password. When I start the daemons (before I go to join the domain) DOMAINNAME.SID is created, but it's different from the SID of the PDC. Does anyone know if the daemons need to be started in a certain order, or if there are some which should not be started when trying to join a domain? If it's a Samba problem, does anyone have any suggestions as to which would be the best daemon to run at -d 100? Has anyone had success with TNG 0.8 and be willing to share their experiences? As I said above, I (and my boss) are very eager to get TNG working. Any help is greatly appreciated. Thanks, Matt P.S. The yodl versions of the man pages are on their way. Any suggestions for the drafts yet? -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From peter at cadcamlab.org Mon Mar 6 06:39:49 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:55 2003 Subject: Step by step instructions? References: <20000304083806.D71367@Denninger.Net> <20000304162256.A1092@Denninger.Net> Message-ID: <14531.19048.329914.570961@wire.cadcamlab.org> [Jean Francois Micouleau] > > Can you post the error messages to the list that would help to know > > where it fails. What OS are you running ? [Karl Denninger] > Linking bin/svcctld > svcctld/svcctld.o: In function `service_init': > svcctld/svcctld.o(.text+0x24): undefined reference to `generate_wellknown_sids' > *** Error code 1 Strange, generate_wellknown_sids() is certainly present in lib/sids.c. Investigating, please stand by.... OK. I got a compile error on bin/svcctld but it was a different one. Looks like someone's in the middle of updating something there. I'm appending what I believe is a correct patch for my compile error. (Note that there will be other instances of the same problem elsewhere in the source.) > PS: A missing function within the software (not a library call) is not > operating system dependant :-) Yes, but there are many compile errors that *are* dependent on the OS. Maybe if you had posted the actual error the first time.... (: Peter Index: srv_svcctl_nt.c =================================================================== RCS file: /cvsroot/samba/source/svcctld/Attic/srv_svcctl_nt.c,v retrieving revision 1.1.2.5 diff -u -r1.1.2.5 srv_svcctl_nt.c --- srv_svcctl_nt.c 2000/02/18 21:43:53 1.1.2.5 +++ srv_svcctl_nt.c 2000/03/06 06:34:43 @@ -84,12 +84,6 @@ return NT_STATUS_OBJECT_NAME_INVALID; } - /* strikerXXXX Luke, is this line below needed, or does close_policy_hnd() - * take care of this? */ - - /* set up the REG unknown_1 response */ - bzero(pol->data, POL_HND_SIZE); - return NT_STATUS_NOPROBLEMO; } From peter at cadcamlab.org Mon Mar 6 06:42:56 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:55 2003 Subject: Ideas References: Message-ID: <14531.21260.623362.331303@wire.cadcamlab.org> [Sander Striker] > Yes, don't do it. Ofcourse you can as someone suggested with a pam > aware pop3 server. The problem is that pop3 sends username/password > combinations in the clear over the wire. What the world needs is pop3 over ssl. Anyone know what clients and servers, if any, support this? (I *think* Netscape Messenger does.) Peter From GLeblanc at cu-portland.edu Mon Mar 6 06:46:58 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:55 2003 Subject: (more) TNG questions Message-ID: > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Sunday, March 05, 2000 8:17 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: (more) TNG questions > > > > When I try to > > add it to my domain, I get "unable to connect to the domain > controller > > for this domain. Have your administrator check your > computer account on > > the domain." Or, when I check the little box saying > "create a computer > > account in the domain", and I use root as the > username/password, I get > > "The machine account for this computer either does not exist, or is > > inaccessable." I've tacked on my my log.nmb again, but I > suspect that > > this is another PEBCAK (problem exists between chair and > keyboard), and > > not something wrong with samba. > > Greg > > I have been having the same problem with TNG and > workstations. It looks > like a permissions problems. > > Do you have the 'domain group map = ' or 'domain alias map = > ' lines in > your smb.conf? I use domain group map = > [smbroot]/private/domaingroup.map which contains: > > root="Domain Admins" > users="Domain Users" > > I also have domain alias > map=[smbroot]/private/domainalias.map with the > line: > > root=Administrator Ahh, I saw those in the smb.conf in the FAQ, but nobody bothered to mention what to put in them (hint, hint), just commented them out. I've added them back now, and will restart samba and try again. > > It appears to have caused me to be able to log into the domain from an > NT box. > > I'm not 100% sure about it, but it works, so I ain't touching it. I know how that feels. >"Our goal for the next release of Windows 2000 is to have zero bugs." > - Lucovsky, Microsoft Hey, they're only about 65K off... Before I forget, are there startup scripts for samba_tng? Basically, I'm just running the executables that I need with -D from the command line, but I assume that there's a better way, since they do create lock files. ====================================================================== Well, after trying that again, still no go. :( It's too late to try anything else, but I've attached that log file, in case somebody wants to take a look at it. Later, Greg -------------- next part -------------- A non-text attachment was scrubbed... Name: log.nmb.save.gz Type: application/octet-stream Size: 10421 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000305/83124635/log.nmb.save.obj From peter at cadcamlab.org Mon Mar 6 06:46:38 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:55 2003 Subject: (more) TNG questions References: <38C32DE5.4BEE2C7@cu-portland.edu> Message-ID: <14531.21507.964048.807367@wire.cadcamlab.org> [Gregory Leblanc] > However, now I'm trying to install NT server. I created a *nix user > vm_nt_serv, then ran 'smbpasswd -a vm_nt_serv' and left the password > blank. You mean `vm_nt_serv$'. That's the obvious thing to check anyway. Peter From GLeblanc at cu-portland.edu Mon Mar 6 06:49:50 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:55 2003 Subject: (more) TNG questions Message-ID: > -----Original Message----- > From: Peter Samuelson [mailto:peter@cadcamlab.org] > Sent: Sunday, March 05, 2000 10:47 PM > To: gleblanc@cu-portland.edu > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: Re: (more) TNG questions > > > > [Gregory Leblanc] > > However, now I'm trying to install NT server. I created a *nix user > > vm_nt_serv, then ran 'smbpasswd -a vm_nt_serv' and left the password > > blank. > > You mean `vm_nt_serv$'. That's the obvious thing to check anyway. Append a dollar sign? I thought I'd gotten away from that $&!) when I got samba! What's the deal? Greg From GLeblanc at cu-portland.edu Mon Mar 6 06:52:41 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:55 2003 Subject: Ideas Message-ID: > -----Original Message----- > From: Peter Samuelson [mailto:peter@cadcamlab.org] > Sent: Sunday, March 05, 2000 10:46 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Ideas > > > > [Sander Striker] > > Yes, don't do it. Ofcourse you can as someone suggested with a pam > > aware pop3 server. The problem is that pop3 sends username/password > > combinations in the clear over the wire. > > What the world needs is pop3 over ssl. Anyone know what clients and > servers, if any, support this? (I *think* Netscape Messenger does.) Well, I don't know about servers, but Outlook Express does. Actually, you can hack around this, if you're clever. Say you've got everybody doing text mode email from a telnet server, and mail resides on another host. You can use ssh on both the client and the server to encrypt the whole deal. I don't know how well it would work with Win POP3 clients, but who knows? Greg From peter at cadcamlab.org Mon Mar 6 07:16:59 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:55 2003 Subject: (more) TNG questions References: Message-ID: <14531.23298.279039.535678@wire.cadcamlab.org> [Gregory Leblanc] > Append a dollar sign? I thought I'd gotten away from that $&!) when > I got samba! What's the deal? Like it or not, NT domain member machines identify themselves this way when authenticating against the server. I guess the $ was Microsoft's way of denoting "hidden", just like in share names. Or something. Peter From Jean-Francois.Micouleau at dalalu.fr Mon Mar 6 07:22:39 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:55 2003 Subject: Step by step instructions? In-Reply-To: <14531.19048.329914.570961@wire.cadcamlab.org> Message-ID: On Mon, 6 Mar 2000, Peter Samuelson wrote: > [Karl Denninger] > > Linking bin/svcctld > > svcctld/svcctld.o: In function `service_init': > > svcctld/svcctld.o(.text+0x24): undefined reference to `generate_wellknown_sids' > > *** Error code 1 > > Strange, generate_wellknown_sids() is certainly present in lib/sids.c. > Investigating, please stand by.... Does it show up in include/proto.h ? I think Luke forgot to do a 'make proto' before releasing tng-0.8. If you got it from the cvs archive, try again, it has been updated during the week-end > Yes, but there are many compile errors that *are* dependent on the OS. > Maybe if you had posted the actual error the first time.... (: That's what I replied to Karl in private. Alas his mail server thinks I'm a spammer because I'm not on his white-list. J.F. From peter at cadcamlab.org Mon Mar 6 07:26:29 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:55 2003 Subject: Step by step instructions? References: <14531.19048.329914.570961@wire.cadcamlab.org> Message-ID: <14531.23838.43569.115704@wire.cadcamlab.org> [Peter Samuelson] > > Strange, generate_wellknown_sids() is certainly present in lib/sids.c. > > Investigating, please stand by.... [Jean Francois Micouleau] > Does it show up in include/proto.h ? I think Luke forgot to do a > 'make proto' before releasing tng-0.8. Yes it does, in cvs. Shouldn't matter, though. Karl was getting a link-time error, not a compile-time warning, so it can't just be a missing prototype. Peter From vs at lasp.npi.msu.su Mon Mar 6 08:12:59 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:55 2003 Subject: nt priting Message-ID: Luck, I remember one month or more You mentioned some guys, who got enable nt printing with tng. Where they are? Also recently somebody in this list note, that printing at all are broken in tng currently. Is it true? If so, than I have keeping head branch, I can't use tng without printing. How to make print server with tng? Again, I remember You confirm my guess that printing configuration in head branch and tng should be done in different ways. Is it possible right now or we have wait better times? Note , there are lot of messages in this list of this topic with identical symptoms of the problem. From Jean-Francois.Micouleau at dalalu.fr Mon Mar 6 08:41:25 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:55 2003 Subject: nt priting In-Reply-To: Message-ID: On Mon, 6 Mar 2000, Vladimir Stavrinov wrote: > Luck, I remember one month or more You mentioned some guys, who got > enable nt printing with tng. Where they are? Also recently somebody in this > list note, that printing at all are broken in tng currently. Is it > true? yep printing is broken in TNG. It's much better in HEAD but still contains bugs. If so, than I have keeping head branch, I can't use tng without > printing. How to make print server with tng? Again, I remember You confirm > my guess that printing configuration in head branch and tng should be done > in different ways. printing in HEAD and TNG will be same code in some hours. J.F. From vs at lasp.npi.msu.su Mon Mar 6 09:10:34 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:55 2003 Subject: nt priting In-Reply-To: Message-ID: On Mon, 6 Mar 2000, Jean Francois Micouleau wrote: > yep printing is broken in TNG. It's much better in HEAD but still > contains bugs. But I have printing working in HEAD (may be two months old) while in TNG -- no. > printing in HEAD and TNG will be same code in some hours. Really? Right today it will become usable? From computer at kneschke.de Mon Mar 6 11:09:20 2000 From: computer at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:55 2003 Subject: compile problem, latest cvs Message-ID: <38C391E0.4AF20E56@kneschke.de> weigon{root} make Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE="/opt/samba-tng/var" -DSMBLOGFILE="/opt/samba-tng/var/log.smb" -DNMBLOGFILE="/opt/samba-tng/var/log.nmb" -DCONFIGFILE="/opt/samba-tng/lib/smb.conf" -DLMHOSTSFILE="/opt/samba-tng/lib/lmhosts" -DSWATDIR="/opt/samba-tng/swat" -DSBINDIR="/opt/samba-tng/bin" -DLOCKDIR="/opt/samba-tng/var/locks" -DSMBRUN="/opt/samba-tng/bin/smbrun" -DCODEPAGEDIR="/opt/samba-tng/lib/codepages" -DDRIVERFILE="/opt/samba-tng/lib/printers.def" -DBINDIR="/opt/samba-tng/bin" -DFORMSFILE="/opt/samba-tng/lib/ntforms.def" -DNTDRIVERSDIR="/opt/samba-tng/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/opt/samba-tng/bin/smbpasswd" -DSMB_PASSWD_FILE="/opt/samba-tng/private/smbpasswd" -DSAM_DIR="/opt/samba-tng/sam" -DSMB_PASSGRP_FILE="/opt/samba-tng/private/smbpassgrp" -DSMB_GROUP_FILE="/opt/samba-tng/private/smbgroup" -DSMB_ALIAS_FILE="/opt/samba-tng/private/smbalias" Using LIBS = -lsec -lsocket -lnsl -ldl -lpam Compiling samrd/srv_samr_passdb.c with libtool samrd/srv_samr_passdb.c: In function `_samr_open_user': samrd/srv_samr_passdb.c:1617: structure has no member named `data' samrd/srv_samr_passdb.c:1617: `POL_HND_SIZE' undeclared (first use in this function) samrd/srv_samr_passdb.c:1617: (Each undeclared identifier is reported only once samrd/srv_samr_passdb.c:1617: for each function it appears in.) samrd/srv_samr_passdb.c: In function `_samr_create_dom_alias': samrd/srv_samr_passdb.c:2191: `POL_HND_SIZE' undeclared (first use in this function) samrd/srv_samr_passdb.c: In function `_samr_create_dom_group': samrd/srv_samr_passdb.c:2243: `POL_HND_SIZE' undeclared (first use in this function) make: *** [samrd/srv_samr_passdb.lo] Error 1 weigon{root} uname -a SunOS weigon 5.7 Generic_106541-07 sun4u sparc SUNW,Ultra-5_10 Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From mg at plum.de Mon Mar 6 11:41:09 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:28:55 2003 Subject: Ideas References: <14531.21260.623362.331303@wire.cadcamlab.org> Message-ID: <38C39955.F1A8DC6E@plum.de> Peter Samuelson wrote: > > [Sander Striker] > > Yes, don't do it. Ofcourse you can as someone suggested with a pam > > aware pop3 server. The problem is that pop3 sends username/password > > combinations in the clear over the wire. > > What the world needs is pop3 over ssl. Anyone know what clients and > servers, if any, support this? (I *think* Netscape Messenger does.) Use sslwrap ! :) as for clients, Outlook express and Netscape Messenger support it ... :) (same goes for imap over ssl) look on freshmeat for sslwrap ! regards, Michael From jan.van.rensburg at epiuse.com Mon Mar 6 12:17:14 2000 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:28:55 2003 Subject: network recycle bin Message-ID: off topic question: is it possible to have a "network recycle bin" for samba shares? then every time when a user accidently delete files the admin doesn't have to do a restore from tapes... --jan van rensburg From tschweikle at FIDUCIA.de Mon Mar 6 13:35:25 2000 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:28:55 2003 Subject: network recycle bin Message-ID: <0057540004167848000002L482*@MHS> jan.van.rensburg@epiuse.com: > off topic question: > is it possible to have a "network recycle bin" for > samba shares? then every time when a user accidently > delete files the admin doesn't have to do a restore > from tapes... As far as I know, this isn't possible for a NT-Share. It isn't possible for SAMBA, because the client is to provide necessary functionally and Windows doesn't provide it... -- From jan.van.rensburg at epiuse.com Mon Mar 6 13:43:21 2000 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:28:55 2003 Subject: network recycle bin Message-ID: why do you need the functionality on the client? when the samba server receives the recquest for a delete, it can just put the file into some designated area. the client thinks the files is really deleted, although on the server side it was just moved. --jan > -----Original Message----- > From: tschweikle@FIDUCIA.de [mailto:tschweikle@FIDUCIA.de] > Sent: 06 March 2000 15:38 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: network recycle bin > > As far as I know, this isn't possible for a NT-Share. > It isn't possible for SAMBA, because the client is to > provide necessary functionally and Windows doesn't > provide it... > > -- > From Elrond at Wunder-Nett.org Mon Mar 6 16:11:53 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:28:55 2003 Subject: compile problem, latest cvs In-Reply-To: <38C391E0.4AF20E56@kneschke.de>; from Lars Kneschke on Mon, Mar 06, 2000 at 10:11:50PM +1100 References: <38C391E0.4AF20E56@kneschke.de> Message-ID: <20000306171153.A19800@baerbel.mug.maschinenbau.tu-darmstadt.de> Replace (line 1617) bzero(user_pol->data, POL_HND_SIZE); with: ZERO_STRUCTP(user_pol); and (line 2191) bzero(alias_pol, POL_HND_SIZE); with: ZERO_STRUCTP(alias_pol); and (line 2243) bzero(group_pol, POL_HND_SIZE); with: ZERO_STRUCTP(group_pol); Try to compile, and send the diff to Luke. ;) Elrond p.s.: Did you get my mail to "computer@kneschke.de" ? On Mon, Mar 06, 2000 at 10:11:50PM +1100, Lars Kneschke wrote: [...] > samrd/srv_samr_passdb.c: In function `_samr_open_user': > samrd/srv_samr_passdb.c:1617: structure has no member named > `data' > samrd/srv_samr_passdb.c:1617: `POL_HND_SIZE' undeclared (first > use in this function) > samrd/srv_samr_passdb.c:1617: (Each undeclared identifier is > reported only once > samrd/srv_samr_passdb.c:1617: for each function it appears in.) > samrd/srv_samr_passdb.c: In function `_samr_create_dom_alias': > samrd/srv_samr_passdb.c:2191: `POL_HND_SIZE' undeclared (first > use in this function) > samrd/srv_samr_passdb.c: In function `_samr_create_dom_group': > samrd/srv_samr_passdb.c:2243: `POL_HND_SIZE' undeclared (first > use in this function) From bkeats at spiff.chin.gc.ca Mon Mar 6 18:22:22 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:55 2003 Subject: Fwd: Re: NetLogon Service In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F8136E@icex1.cc.ic.ac.uk> References: <0846B011B9A4D111A1EE006097DA4FCE02F8136E@icex1.cc.ic.ac.uk> Message-ID: <00030613314400.20042@panther> Actually, it works fine with the validation portion (when set with security=domain, domain logon=yes, password server = [NT PDC name]). It validates users (on client machines behind the firewall) and also those clients can map drives on the NT domain, etc ... Also, I thought if I set up the SAMBA machine to be a PDC of its own domain a one way trust relationship from SAMBA to the NT domain would be perfect as I would want to trust that domain, but I wouldn't necessarily want the NT domain to trust my domain. I thought this was part of the strength of the NT domain trust relationship ideology. I.E. Both parties have to agree for users of both domains to have access to each others domains but users of one domain can be trusted in the other domain with the opposite being true. (I believe this changes with the domain model in Win 2000 though). Anyway, it's an interesting pickle, if I could only get it the netlogon portion work ! Thanks for your insight so far Phil. I'll keep trying different things and if I ever get this to work the way I want it to I'll let you know. In the meantime, I willing to try any other suggestions you might have .... On Mon, 06 Mar 2000, you wrote: > "security = user" for a PDC. > > Also, the trust relationship needs to be setup from the other side - you > can't just add one, the NT domain admin has to do it as well. > > I honestly don't think you're going to get a lot of mileage out of this. If > the samba "BDC-ish" isn't even bound to the LAN interface, it can't talk to > the PDC of the NT domain ever, and hence can't get any account parameters. > > It's just full of too many unknowns. I strongly doubt you'll ever get it to > work properly without the cooperation of your NT domain people. > > The BDC option is really a non-starter - your NT domain admins aren't going > to let you setup a BDC which you have complete control over, because that > compromises the security of the entire domain. > > The PDC/Trust option may work, but with varying success. You'll need an > admin of the domain you're trusting to set things up at the other side also, > so again cooperation is required. > > Cheers, > Phil > > -----Original Message----- > From: Brian Keats > To: Phil Mayers; bkeats@spiff.chin.gc.ca > Sent: 3/6/00 12:55 PM > Subject: Re: Fwd: Re: NetLogon Service > > Hey, thanks Phil. I wasn't sure if this was the case. I was kinda > wondering > about that. The beauty here is that although, as you say, it's acting > as a BDC > I do not have the NT lan interface in the 'interfaces' section of > smb.conf. > So, the Corporate NT domain doesn't see if as being a PDC. But on the > private > interface it is acting, I guess, as a BDC for the corporate domain. I > am > pointing to the WINS server on the NT domain as the primary WINS server > though > and I'm also pointing to the PDC on the corporate LAN as the password > server. > > So, now I need to know if an NT PDC does pass along to a BDC when it > performs > authentication, here is the location of the logon script, if you have it > on > your machine, pass it along to the client. In which case, I can mirror > the > NETLOGON for the PDC on my linux machine. Once again, I'm back to my > original > question, if this is case would a newer version of SAMBA possibly look > through > its netlogon service path for this logon script and pass it along to the > client > ? > > Btw, I also tried last week making SAMBA a PDC for a different domain > (on the > private interface) and setting up a trust relationship with the > corporate NT > PDC, with the hopes that the NT PDC would pass either the logon script, > or it's > name and path to the SAMBA machine who would in turn pass it along to > the > client. I'm not sure if I did it right but I changed the WORGROUP > parameter, > removed the reference to a password server and made sure things like > domain > master = yes and domain logons = yes and security = domain. With the > logging > set to 150, I couldn't determine if this information was being passed > along to > the SAMBA server. Anyone know if this is case ? > > > > On Mon, 06 Mar 2000, Phil Mayers wrote: > > Woah! So you have "security = domain, domain logons = yes"... You've > got > > it setup as a BDC?? I'd take it down before someone notices if I were > > you... > > > > Cheers, > > Phil > > > > Brian Keats wrote: > > > > > > Sorry Matt, I do have domain logons = yes ... > > > > > > On Mon, 6 Mar 2000, Matthew Geddes wrote: > > > > > > > Brian Keats wrote: > > > > > > > > > > On Fri, 03 Mar 2000, Kevin Colby wrote: > > > > > > Brian Keats wrote: > > > > > > > > > > > > > > (Did I mention I'm using secuity = domain ?) > > > > > > > > > > > > I do not understand what you are trying to do here. > > > > > > Is this a PDC, BDC, or a domain member? > > > > > > > > > > > > - Kevin Colby > > > > > > kevinc@grainsystems.com > > > > > > > > > > It's a domain member. I'm trying to get it to act as a, for the > lack of a > > > > > better term, kind of proxy DOMAIN controller. It's almost doing > that now > > > > > except for the part of passing along the logon script to the > client machine. > > > > > In other words, the linux machine is validating users by > contacting the PDC ( > > > > > or one of the BDC's). > > > > > > > > I don't see how it can be physically possible. I was under the > > > > impression that if you have security=domain and no domain > logons=yes > > > > line in your smb.conf file, you are rnuning a member server. It > will not > > > > process any logons. Once you add the security=user and domain > > > > logons=yes, you are no longer a member, but a domain controller. > If you > > > > join a domain, you are a Backup Domain Controller. Someone else > will > > > > know for sure. > > > > > > > > At least you don't need to reinstall your unix to go from PDC -> > BDC -> > > > > Member server. ;-). > > > > > > > > Matt > > > > > > > > -- > > > > "Our goal for the next release of Windows 2000 is to have zero > bugs." > > > > - Lucovsky, Microsoft > > > > From vurosevic at webplan.net Mon Mar 6 18:42:47 2000 From: vurosevic at webplan.net (Vojin Urosevic) Date: Tue Dec 2 02:28:55 2003 Subject: write_socket_data: write failure. Error = Broken pipe Message-ID: <003b01bf879b$c50b5c80$7a23efcf@webplan.net> I get a lot of these errors in log.U% logs I use 2.0.6 authenticating against an NT domain. write_socket_data: write failure. Error = Broken pipe [2000/02/25 18:28:47, 0] lib/util_sock.c:write_socket_data(537) Any ideas? cheers, vojin Vojin Urosevic WAN/LAN Administrator @plan. Three Landmark Square Suite 400 Stamford CT 06901 (p) 203-961-0340 x170 (f) 203-964-0136 beeper: 1 800 225-0256/65097 e-mail: vurosevic@webplan.net From vurosevic at webplan.net Mon Mar 6 18:46:40 2000 From: vurosevic at webplan.net (Vojin Urosevic) Date: Tue Dec 2 02:28:55 2003 Subject: smbd/nttrans.c:call_nt_transact_ioctl(2401) Message-ID: <003c01bf879c$4fd302a0$7a23efcf@webplan.net> Ah yes one more error! I get a lot of these errors in log.U% logs I use 2.0.6 authenticating against an NT domain. [2000/02/29 19:08:14, 0] smbd/nttrans.c:call_nt_transact_ioctl(2401) call_nt_transact_ioctl: Currently not implemented. Any ideas? cheers, vojin Vojin Urosevic WAN/LAN Administrator @plan. Three Landmark Square Suite 400 Stamford CT 06901 (p) 203-961-0340 x170 (f) 203-964-0136 beeper: 1 800 225-0256/65097 e-mail: vurosevic@webplan.net From bkeats at spiff.chin.gc.ca Mon Mar 6 20:17:13 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:55 2003 Subject: Netlogon Service Message-ID: <00030615233501.20042@panther> If anyone has been following my postings, I've been curious if an NT domain controller passes along the name and path of a "logon script". The below article was taken from the microsoft.com site. Does anyone know if SAMBA uses this information or can it be made to use this information if it is acting as a domain member with security = domain domain logons = yes password server = [nt PDC] WinNT Client Logon in Resource and Master Domain Environment The information in this article applies to: Microsoft Windows NT Workstation versions 3.5, 3.51, 4.0 Microsoft Windows NT Server versions 3.5, 3.51, 4.0 SUMMARY When a computer running Windows NT Workstation or Server that is a member of a domain starts, it tries to establish a secure channel to a domain controller in its domain to validate its machine account. This occurs before the user is presented with the CTRL+ALT+DEL logon screen. If the domain that the Windows NT client is a member of trusts another domain, a user can log on to that trusted domain at the console. If the user logs on to this trusted domain, the user's credentials are passed from the Windows NT client to a domain controller in its domain that it established a secure channel with at startup time. This resource domain controller then does pass-through authentication to a domain controller in the accounts or master domain that it established a secure channel with at startup time. If the user has a logon script, or if the client is Windows NT version 4.0 that implements Policies, the domain controller in the accounts domain that validated the user credentials through pass-through authentication, will also be used to service the log on script or Policies request. MORE INFORMATION The following Network Monitor frames summarize the critical communication between a computer running Windows NT Workstation and a domain controller in its domain, where its machine account resides: NAME QUERY FOR MEMBER WORKSTATION'S DOMAIN NAME: NBT: NS: Query req. for RANDYMCD <1C> MEMBER WORKSTATION INITIATING SECURE CHANNEL WITH ITS DOMAIN CONTROLLER. BROADCASTS FIRST, THEN TRIES LIST RETURNED BY WINS: NETLOGON: SAM LOGON request from client MEMBER WORKSTATION ESTABLISHING SESSION WITH ITS DOMAIN CONTROLLER: SMB: C session setup & X, Username = , and C tree connect & X, Share = \\RANDYMC1\IPC$ MEMBER WORKSTATION REQUESTING LIST OF TRUSTED DOMAINS: R_LSARPC: RPC Client call lsarpc:LsarEnumerateTrustedDomains(..) MEMBER WORKSTATION AUTHENTICATIONG ITS MACHINE ACCOUNT: SMB: C NT create & X, File = \NETLOGON R_LOGON: RPC Client call logon:NetrServerReqChallenge(..) R_LOGON: RPC Client call logon:NetrServerAuthenticate2(..) The following Network Monitor frames summarize the critical communication among the computer running Windows NT Workstation or Server in a resource domain, a domain controller in a resource domain, and a domain controller in an accounts domain. MEMBER WORKSTATION NAME QUERY FOR ITS DOMAIN CONTROLLER: NBT: NS: Query req. for RANDYMC1 MEMBER WORKSTATION ESTABLISHING SESSION WITH ITS DOMAIN CONTROLLER: NBT: SS: Session Request, Dest:RANDYMC1, Source: RANDYMC3<00>, Len: 68 SMB: C session setup & X, Username = , and C tree connect & X, Share = \\RANDYMC1\IPC$ NOTE: WINDOWS NT 4.0 UPDATES THE TRUSTED DOMAIN LIST CACHE EVERY 2 MINUTES BY DEFAULT: R_LSARPC: RPC Client call lsarpc:LsarEnumerateTrustedDomains(..) MEMBER WORKSTATION PASSING ITS MACHINE NAME, USERNAME, AND TRUSTED DOMAIN NAME TO ITS RESOURCE DOMAIN CONTROLLER: SMB: C NT create & X, File = \NETLOGON R_LOGON: RPC Client call logon:NetrLogonSamLogon(..) 00160: 0000000000000900 0000420050005300 ..........B.P.S. 00170: 490047004E004F00 4600460074000600 I.G.N.O.F.F.t... 00180: 0000000000000600 0000450053005300 ..........E.S.S. 00190: 44004F004D000900 0000000000000800 D.O.M........... 001A0: 0000520041004E00 440059004D004300 ..R.A.N.D.Y.M.C. 001B0: 33000300 3... RESOURCE DOMAIN CONTROLLER PASSING CLIENTS CREDENTIALS TO TRUSTED ACCOUNTS DOMAIN CONTROLLER: MSRPC: c/o RPC Request: call 0x4 opnum 0x2 context 0x0 hint 0x10A 00160: 0000090000004200 5000530049004700 ......B.P.S.I.G. 00170: 4E004F0046004600 0000060000000000 N.O.F.F......... 00180: 0000060000004500 5300530044004F00 ......E.S.S.D.O. 00190: 4D00090000000000 0000080000005200 M.............R. 001A0: 41004E0044005900 4D00430033000300 A.N.D.Y.M.C.3... ACCOUNTS DOMAIN CONTROLLER PASSING AUTHENTICATION TO RESOURCE DOMAIN CONTROLLER ALONG WITH LOGON SCRIPT NAME: MSRPC: c/o RPC Response: call 0x4 context 0x0 hint 0x198 cancels 0x0 00170: 0000000000000600 0000450053005300 ..........E.S.S. 00180: 44004F004D000B00 0000000000000A00 D.O.M........... 00190: 0000650073007300 64006F006D002E00 ..e.s.s.d.o.m... 001A0: 6200610074000300 0000010200000700 b.a.t........... 001B0: 0000000200000700 0000180400000700 ................ 001C0: 0000080000000000 0000070000004500 ..............E. 001D0: 5300530044004F00 4D0031006F000A00 S.S.D.O.M.1.o... 001E0: 0000000000000900 0000420050005300 ..........B.P.S. 001F0: 490047004E004F00 4600460070000400 I.G.N.O.F.F.p... RESOURCE DOMAIN CONTROLLER PASSING POSITIVE AUTHENTICATION RESPONES TO MEMBER WORKSTATION ALONG WITH ACCOUNTS DOMAIN CONTROLLER COMPUTER NAME THAT DID THE AUTHENTICATION: R_LOGON: RPC Server response logon:NetrLogonSamLogon(..) 00170: 0000000000000600 0000450053005300 ..........E.S.S. 00180: 44004F004D000B00 0000000000000A00 D.O.M........... 00190: 0000650073007300 64006F006D002E00 ..e.s.s.d.o.m... 001A0: 6200610074000300 0000010200000700 b.a.t........... 001B0: 0000000200000700 0000180400000700 ................ 001C0: 0000080000000000 0000070000004500 ..............E. 001D0: 5300530044004F00 4D00310000000A00 S.S.D.O.M.1..... 001E0: 0000000000000900 0000420050005300 ..........B.P.S. 001F0: 490047004E004F00 4600460000000400 I.G.N.O.F.F..... MEMBER WORKSTATION NAME QUERY FOR ACCOUNTS DOMAIN CONTROLLER COMPUTER NAME: NBT: NS: Query req. for ESSDOM1 MEMBER SERVER ESTABLISHING SESSION WITH ACCOUNTS DOMAIN CONTROLLER: SMB: C session setup & X, Username = ESSDOM, and C tree connect & X, Share = \\ESSDOM1\NETLOGON MEMBER WORKSTATION VERSION 4.0 CHECKING FOR A POLICY: SMB: C NT create & X, File = \ntconfig.pol MEMBER WORKSTATION CHECKING FOR ITS LOGON SCRIPT: SMB: C transact2 Query path info, File = \essdom.bat For additional information on Secure Channels, Windows NT Trusts, and Pass-Through Authentication, please see the following article in the Microsoft Knowledge Base: ARTICLE-ID: Q158148 TITLE : Domain Secure Channel Utility -- Nltest.exe Additional query words: Keywords : kbnetwork ntdomain NTSrvWkst Version : winnt:3.5,3.51,4.0 Platform : winnt Issue type : Last Reviewed: January 21, 2000 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. Article ID: Q165202 Last Reviewed: January 21, 2000 Provided by Microsoft Product Support Services. From GLeblanc at cu-portland.edu Mon Mar 6 20:51:29 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:55 2003 Subject: Netlogon Service Message-ID: > -----Original Message----- > From: Brian Keats [mailto:bkeats@spiff.chin.gc.ca] > Sent: Monday, March 06, 2000 12:29 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Netlogon Service > > > > If anyone has been following my postings, I've been curious > if an NT domain > controller passes along the name and path of a "logon > script". The below > article was taken from the microsoft.com site. Does anyone > know if SAMBA uses > this information or can it be made to use this information if > it is acting as a > domain member with > security = domain > domain logons = yes > password server = [nt PDC] > [publicly available Microsoft knowledge base article snipped] I missed the first few posts, but this article seems to be discussing how trust authentication works, with a little information on policies. From the two posts that I read before this one, I couldn't figure out what you're trying to accomplish. Could you explain that to me, off list, and I'll see if I can lend some ideas? Thanks, Greg From carey.sinclair at tait.co.nz Mon Mar 6 21:04:43 2000 From: carey.sinclair at tait.co.nz (Carey Sinclair) Date: Tue Dec 2 02:28:55 2003 Subject: network recycle bin References: Message-ID: <38C41D6A.BF854A03@tait.co.nz> Yes, surely this would be relatively simply to patch into the Samba code. I too, would be very eager if this facility was available. Our Novell guys continually hassle us for not being able to provide such a simple 'Novell' feature. I don't believe there is a need to provide automatic cleaning/purging of the 'trash-bin' area - all maintenance could be provided outside of Samba (ie. using Unix cron and scripts etc). -=- Carey Jan van Rensburg wrote: > why do you need the functionality on the client? when the samba server > receives the recquest for a delete, it can just put the file into some > designated area. the client thinks the files is really deleted, although on > the server side it was just moved. > > --jan > > > -----Original Message----- > > From: tschweikle@FIDUCIA.de [mailto:tschweikle@FIDUCIA.de] > > Sent: 06 March 2000 15:38 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: network recycle bin > > > > As far as I know, this isn't possible for a NT-Share. > > It isn't possible for SAMBA, because the client is to > > provide necessary functionally and Windows doesn't > > provide it... > > > > -- > > -- Carey Sinclair IT Project Engineer Tait Electronics Ltd, Christchurch, New Zealand Email: carey.sinclair@tait.co.nz Phone: +64 (03) 3583399 From hwimmer at bakerref.com Mon Mar 6 21:29:08 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:28:55 2003 Subject: network recycle bin Message-ID: <002401bf87b3$175addf0$9f01a8c0@hwimmer.bakerref.com> the recycle bin is a great idea!!! -----Original Message----- From: Carey Sinclair To: Multiple recipients of list SAMBA-NTDOM Date: Monday, March 06, 2000 4:03 PM Subject: Re: network recycle bin >Yes, surely this would be relatively simply to patch into the Samba code. I >too, would be very eager if this facility was available. > >Our Novell guys continually hassle us for not being able to provide such a >simple 'Novell' feature. > >I don't believe there is a need to provide automatic cleaning/purging of the >'trash-bin' area - all maintenance could be provided outside of Samba (ie. >using Unix cron and scripts etc). > >-=- > Carey > > >Jan van Rensburg wrote: > >> why do you need the functionality on the client? when the samba server >> receives the recquest for a delete, it can just put the file into some >> designated area. the client thinks the files is really deleted, although on >> the server side it was just moved. >> >> --jan >> >> > -----Original Message----- >> > From: tschweikle@FIDUCIA.de [mailto:tschweikle@FIDUCIA.de] >> > Sent: 06 March 2000 15:38 >> > To: Multiple recipients of list SAMBA-NTDOM >> > Subject: Re: network recycle bin >> > >> > As far as I know, this isn't possible for a NT-Share. >> > It isn't possible for SAMBA, because the client is to >> > provide necessary functionally and Windows doesn't >> > provide it... >> > >> > -- >> > > >-- > Carey Sinclair > IT Project Engineer > Tait Electronics Ltd, Christchurch, New Zealand > Email: carey.sinclair@tait.co.nz Phone: +64 (03) 3583399 > > > From clairroberts at home.com Mon Mar 6 22:55:14 2000 From: clairroberts at home.com (Clair Roberts) Date: Tue Dec 2 02:28:55 2003 Subject: Samba TNG start and stop script Message-ID: <38C43752.BCDAD098@home.com> Someone out there was looking for a start/stop script for samba. I have often wondered why samba distribution didn't contain one. Many a time I have found myself writting this same script. Again the other day when I started playing around with samba-tng, I found myself writting the darn thing. It wasn't so bad to start stop samba by hand when there was only two deamons, but now there seems to be a few more. I am just too lazy for that. Sooo, here is my feeble addition to the great wave that is affectionately reffered to as SAMBA. --- #!/sbin/sh # # # File : samba # Purpose : Start/Stop script for Samba TNG # # # # Modification History: # # DATE NAME COMMENTS # ------------ ----------------------- ---------------------------------------------- # 2000-02-25 C. Roberts Created. # 2000-03-03 C. Roberts modifed to Handel Multiple damons # # -------------------------------------------------------------------------------------- ROOTPATH=/opt/samba-tng LIBPATH=${ROOTPATH}/lib BINPATH=${ROOTPATH}/bin LOCKPATH=${ROOTPATH}/var/locks SMB_CMDS="smbd nmbd browserd lsarpcd netlogond samrd spoolssd srvsvcd svcctld winregd wkssvcd" # Make sure that our ROOTPATH is valid [ ! -d ${ROOTPATH} ] && exit 1 case "$1" in 'start') if [ -f ${LIBPATH}/smb.conf ]; then # Start all the required deamons echo Starting Samba Background Daemons for CMD in ${SMB_CMDS} ; do if [ -f ${BINPATH}/${CMD} ]; then # echo "${CMD}" ${BINPATH}/${CMD} -D fi done fi ;; 'stop') # # # Should probably be using smbstatus -p but it doesn't seem to be working in the TNG branch # echo Stopping Samba Background Daemons for CMD in ${SMB_CMDS} ; do PIDFILE=${LOCKPATH}/${CMD}.pid if [ -f ${PIDFILE} ]; then # echo "${CMD}" killpid=`/usr/bin/cat ${PIDFILE}` [ "$killpid" -gt 0 ] && kill -15 $killpid fi done ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0 # # END OF FILE # ---- From jphollan at earthlink.net Mon Mar 6 22:59:42 2000 From: jphollan at earthlink.net (Jason Holland) Date: Tue Dec 2 02:28:55 2003 Subject: Samba TNG start and stop script In-Reply-To: <38C43752.BCDAD098@home.com> Message-ID: <000001bf87bf$a8bfab20$0264a8c0@mickey.earthlink.net> Without a doubt, the Samba distribution does contain a sample rc start/stop script. look for samba-source/examples/svr4-startup/samba.server It can quickly be modified for any platform. However, your script is greatly appreciated. Thanks! Jason ]- ]- Someone out there was looking for a start/stop script for samba. I have ]- often wondered why samba distribution didn't contain one. Many a time I ]- have found myself writting this same script. Again the other day when I ]- started playing around with samba-tng, I found myself writting the darn ]- thing. It wasn't so bad to start stop samba by hand when there was only ]- two deamons, but now there seems to be a few more. I am just too lazy ]- for that. ]- ]- Sooo, here is my feeble addition to the great wave that is ]- affectionately reffered to as SAMBA. ]- ]- --- ]- #!/sbin/sh ]- # ]- # ]- # File : samba ]- # Purpose : Start/Stop script for Samba TNG ]- # ]- # ]- # ]- # Modification History: ]- # ]- # DATE NAME COMMENTS ]- # ------------ ----------------------- ]- ---------------------------------------------- ]- # 2000-02-25 C. Roberts Created. ]- # 2000-03-03 C. Roberts modifed to Handel Multiple ]- damons ]- # ]- # ]- ----------------------------------------------------------------- ]- --------------------- ]- ]- ROOTPATH=/opt/samba-tng ]- LIBPATH=${ROOTPATH}/lib ]- BINPATH=${ROOTPATH}/bin ]- LOCKPATH=${ROOTPATH}/var/locks ]- ]- SMB_CMDS="smbd nmbd browserd lsarpcd netlogond samrd spoolssd srvsvcd ]- svcctld winregd wkssvcd" ]- ]- # Make sure that our ROOTPATH is valid ]- [ ! -d ${ROOTPATH} ] && exit 1 ]- ]- case "$1" in ]- 'start') ]- if [ -f ${LIBPATH}/smb.conf ]; then ]- ]- # Start all the required deamons ]- echo Starting Samba Background Daemons ]- for CMD in ${SMB_CMDS} ; do ]- if [ -f ${BINPATH}/${CMD} ]; then ]- # echo "${CMD}" ]- ${BINPATH}/${CMD} -D ]- fi ]- done ]- ]- fi ]- ;; ]- ]- 'stop') ]- ]- # ]- # ]- # Should probably be using smbstatus -p but it doesn't seem to be ]- working in the TNG branch ]- # ]- ]- echo Stopping Samba Background Daemons ]- for CMD in ${SMB_CMDS} ; do ]- PIDFILE=${LOCKPATH}/${CMD}.pid ]- if [ -f ${PIDFILE} ]; then ]- # echo "${CMD}" ]- killpid=`/usr/bin/cat ${PIDFILE}` ]- [ "$killpid" -gt 0 ] && kill -15 $killpid ]- fi ]- done ]- ;; ]- ]- *) ]- echo "Usage: $0 { start | stop }" ]- exit 1 ]- ;; ]- esac ]- exit 0 ]- ]- # ]- # END OF FILE ]- # ]- ---- ]- ]- ]- From clairroberts at home.com Mon Mar 6 23:21:08 2000 From: clairroberts at home.com (Clair Roberts) Date: Tue Dec 2 02:28:56 2003 Subject: Samba TNG start and stop script References: <000001bf87bf$a8bfab20$0264a8c0@mickey.earthlink.net> Message-ID: <38C43D64.E547DCAC@home.com> I stand corrected. Seems as though I have seen that script before too. My mind is dissolving as of late. Probably the death by versions I am currently experiencing with Java. Allow me better qualify my note. Here is my start stop script for the multiple processes currently used in the samba-tng branch. C. Jason Holland wrote: > Without a doubt, the Samba distribution does contain a sample rc start/stop > script. look for > > samba-source/examples/svr4-startup/samba.server > > It can quickly be modified for any platform. However, your script is > greatly appreciated. Thanks! > > Jason From Glenn.Newbery at bnd.com.au Mon Mar 6 23:39:03 2000 From: Glenn.Newbery at bnd.com.au (Glenn Newbery) Date: Tue Dec 2 02:28:56 2003 Subject: Problems printing from Windows 2000 Message-ID: Hi, We are having problems printing from Windows 2000 to Samba version 1.9.16p11 running on our HP-UX 9.0 machine. Printing currently works fine from NT4.0, Win9x clients and now we are trying to setup a Win2000 machine and are running into problems. The problem is that we are trying to print to a HP 4050N PS printer which is served by our HP-UX machine. When we set the printer up, it allows us to set up the network printer using \\\ however as soon as we try to print a test page, we get the following message Test page failed to print. Would you like to view the print trouble shooter for assistance? Unable to create a print job. We have done everything that the troubleshooter has suggested without any luck, does anyone else have any ideas what might be going wrong? Any assistance would be greatly appreciated, can you please email your suggestions to me Glenn.Newbery@bnd.com.au Cheers Glenn _______________________________________________________ Glenn Newbery Email : Glenn.Newbery@bnd.com.au Systems & Network Voice : +612 9722 5631 Administrator Fax : +612 9772 3830 B&D Australia Web Page: www.bnd.com.au From p.mayers at ic.ac.uk Tue Mar 7 00:27:20 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:28:56 2003 Subject: network recycle bin References: <002401bf87b3$175addf0$9f01a8c0@hwimmer.bakerref.com> Message-ID: <38C44CE8.F9F20B56@ic.ac.uk> So write one! Take a look at the VFS code - simply change the delete option to a move option, and that's that. Pretty simple I think (although I haven't looked at it....) ... Yeah, change the unlink and rmdir functions to call move, and you're set. Cheers, Phil Hayden Wimmer wrote: > > the recycle bin is a great idea!!! > -----Original Message----- > From: Carey Sinclair > To: Multiple recipients of list SAMBA-NTDOM > Date: Monday, March 06, 2000 4:03 PM > Subject: Re: network recycle bin > > >Yes, surely this would be relatively simply to patch into the Samba code. I > >too, would be very eager if this facility was available. > > > >Our Novell guys continually hassle us for not being able to provide such a > >simple 'Novell' feature. > > > >I don't believe there is a need to provide automatic cleaning/purging of > the > >'trash-bin' area - all maintenance could be provided outside of Samba (ie. > >using Unix cron and scripts etc). > > > >-=- > > Carey > > > > > >Jan van Rensburg wrote: > > > >> why do you need the functionality on the client? when the samba server > >> receives the recquest for a delete, it can just put the file into some > >> designated area. the client thinks the files is really deleted, although > on > >> the server side it was just moved. > >> > >> --jan > >> > >> > -----Original Message----- > >> > From: tschweikle@FIDUCIA.de [mailto:tschweikle@FIDUCIA.de] > >> > Sent: 06 March 2000 15:38 > >> > To: Multiple recipients of list SAMBA-NTDOM > >> > Subject: Re: network recycle bin > >> > > >> > As far as I know, this isn't possible for a NT-Share. > >> > It isn't possible for SAMBA, because the client is to > >> > provide necessary functionally and Windows doesn't > >> > provide it... > >> > > >> > -- > >> > > > > >-- > > Carey Sinclair > > IT Project Engineer > > Tait Electronics Ltd, Christchurch, New Zealand > > Email: carey.sinclair@tait.co.nz Phone: +64 (03) 3583399 > > > > > > From p.mayers at ic.ac.uk Tue Mar 7 00:35:32 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:28:56 2003 Subject: Netlogon Service References: <00030615233501.20042@panther> Message-ID: <38C44ED4.D3DC13A3@ic.ac.uk> Ah, not yet answered: Yes it does (NT) pass along the login script. Samba may not do that yet (which change are you using again?) or it may, and you "non standard" (ahem :o) usage may be causing problems. Hmm... If you're using TNG, you could do a ./configure.developer, recompile with debugging enabled, and do a trace on what happens. But yes, that's the way it's supposed to work. Cheers, Phil Brian Keats wrote: > > If anyone has been following my postings, I've been curious if an NT domain > controller passes along the name and path of a "logon script". The below > article was taken from the microsoft.com site. Does anyone know if SAMBA uses > this information or can it be made to use this information if it is acting as a > domain member with > security = domain > domain logons = yes > password server = [nt PDC] > > WinNT Client Logon in Resource and Master Domain > Environment > > > The information in this article applies to: > > Microsoft Windows NT Workstation versions 3.5, 3.51, > 4.0 > Microsoft Windows NT Server versions 3.5, 3.51, 4.0 > > > > > SUMMARY > When a computer running Windows NT Workstation or Server > that is a member of a domain starts, it tries to > establish a secure channel to a domain controller in its > domain to validate its machine account. This occurs > before the user is presented with the CTRL+ALT+DEL logon > screen. If the domain that the Windows NT client is a > member of trusts another domain, a user can log on to > that trusted domain at the console. > > If the user logs on to this trusted domain, the user's > credentials are passed from the Windows NT client to a > domain controller in its domain that it established a > secure channel with at startup time. This resource > domain controller then does pass-through authentication > to a domain controller in the accounts or master domain > that it established a secure channel with at startup > time. If the user has a logon script, or if the client > is Windows NT version 4.0 that implements Policies, the > domain controller in the accounts domain that validated > the user credentials through pass-through > authentication, will also be used to service the log on > script or Policies request. > > > MORE INFORMATION > The following Network Monitor frames summarize the > critical communication between a computer running > Windows NT Workstation and a domain controller in its > domain, where its machine account resides: > > NAME QUERY FOR MEMBER WORKSTATION'S DOMAIN NAME: > NBT: NS: Query req. for RANDYMCD <1C> > > MEMBER WORKSTATION INITIATING SECURE CHANNEL WITH ITS DOMAIN CONTROLLER. > BROADCASTS FIRST, THEN TRIES LIST RETURNED BY WINS: > NETLOGON: SAM LOGON request from client > > MEMBER WORKSTATION ESTABLISHING SESSION WITH ITS DOMAIN CONTROLLER: > SMB: C session setup & X, Username = , and C tree connect & X, > Share = \\RANDYMC1\IPC$ > > MEMBER WORKSTATION REQUESTING LIST OF TRUSTED DOMAINS: > R_LSARPC: RPC Client call lsarpc:LsarEnumerateTrustedDomains(..) > > MEMBER WORKSTATION AUTHENTICATIONG ITS MACHINE ACCOUNT: > SMB: C NT create & X, File = \NETLOGON > R_LOGON: RPC Client call logon:NetrServerReqChallenge(..) > R_LOGON: RPC Client call logon:NetrServerAuthenticate2(..) > > The following Network Monitor frames summarize the > critical communication among the computer running > Windows NT Workstation or Server in a resource domain, a > domain controller in a resource domain, and a domain > controller in an accounts domain. > > MEMBER WORKSTATION NAME QUERY FOR ITS DOMAIN CONTROLLER: > NBT: NS: Query req. for RANDYMC1 > > MEMBER WORKSTATION ESTABLISHING SESSION WITH ITS DOMAIN CONTROLLER: > NBT: SS: Session Request, Dest:RANDYMC1, Source: RANDYMC3<00>, Len: 68 > SMB: C session setup & X, Username = , and C tree connect & X, > Share = \\RANDYMC1\IPC$ > > NOTE: WINDOWS NT 4.0 UPDATES THE TRUSTED DOMAIN LIST CACHE EVERY 2 > MINUTES BY DEFAULT: > R_LSARPC: RPC Client call lsarpc:LsarEnumerateTrustedDomains(..) > > MEMBER WORKSTATION PASSING ITS MACHINE NAME, USERNAME, AND TRUSTED > DOMAIN NAME TO ITS RESOURCE DOMAIN CONTROLLER: > SMB: C NT create & X, File = \NETLOGON > R_LOGON: RPC Client call logon:NetrLogonSamLogon(..) > 00160: 0000000000000900 0000420050005300 ..........B.P.S. > 00170: 490047004E004F00 4600460074000600 I.G.N.O.F.F.t... > 00180: 0000000000000600 0000450053005300 ..........E.S.S. > 00190: 44004F004D000900 0000000000000800 D.O.M........... > 001A0: 0000520041004E00 440059004D004300 ..R.A.N.D.Y.M.C. > 001B0: 33000300 3... > > RESOURCE DOMAIN CONTROLLER PASSING CLIENTS CREDENTIALS TO TRUSTED > ACCOUNTS DOMAIN CONTROLLER: > MSRPC: c/o RPC Request: call 0x4 opnum 0x2 context 0x0 hint 0x10A > 00160: 0000090000004200 5000530049004700 ......B.P.S.I.G. > 00170: 4E004F0046004600 0000060000000000 N.O.F.F......... > 00180: 0000060000004500 5300530044004F00 ......E.S.S.D.O. > 00190: 4D00090000000000 0000080000005200 M.............R. > 001A0: 41004E0044005900 4D00430033000300 A.N.D.Y.M.C.3... > > ACCOUNTS DOMAIN CONTROLLER PASSING AUTHENTICATION TO RESOURCE DOMAIN > CONTROLLER ALONG WITH LOGON SCRIPT NAME: > MSRPC: c/o RPC Response: call 0x4 context 0x0 hint 0x198 cancels 0x0 > 00170: 0000000000000600 0000450053005300 ..........E.S.S. > 00180: 44004F004D000B00 0000000000000A00 D.O.M........... > 00190: 0000650073007300 64006F006D002E00 ..e.s.s.d.o.m... > 001A0: 6200610074000300 0000010200000700 b.a.t........... > 001B0: 0000000200000700 0000180400000700 ................ > 001C0: 0000080000000000 0000070000004500 ..............E. > 001D0: 5300530044004F00 4D0031006F000A00 S.S.D.O.M.1.o... > 001E0: 0000000000000900 0000420050005300 ..........B.P.S. > 001F0: 490047004E004F00 4600460070000400 I.G.N.O.F.F.p... > > RESOURCE DOMAIN CONTROLLER PASSING POSITIVE AUTHENTICATION RESPONES TO > MEMBER WORKSTATION ALONG WITH ACCOUNTS DOMAIN CONTROLLER COMPUTER NAME > THAT DID THE AUTHENTICATION: > R_LOGON: RPC Server response logon:NetrLogonSamLogon(..) > 00170: 0000000000000600 0000450053005300 ..........E.S.S. > 00180: 44004F004D000B00 0000000000000A00 D.O.M........... > 00190: 0000650073007300 64006F006D002E00 ..e.s.s.d.o.m... > 001A0: 6200610074000300 0000010200000700 b.a.t........... > 001B0: 0000000200000700 0000180400000700 ................ > 001C0: 0000080000000000 0000070000004500 ..............E. > 001D0: 5300530044004F00 4D00310000000A00 S.S.D.O.M.1..... > 001E0: 0000000000000900 0000420050005300 ..........B.P.S. > 001F0: 490047004E004F00 4600460000000400 I.G.N.O.F.F..... > > MEMBER WORKSTATION NAME QUERY FOR ACCOUNTS DOMAIN CONTROLLER COMPUTER > NAME: > NBT: NS: Query req. for ESSDOM1 > > MEMBER SERVER ESTABLISHING SESSION WITH ACCOUNTS DOMAIN CONTROLLER: > SMB: C session setup & X, Username = ESSDOM, and C tree connect & X, > Share = \\ESSDOM1\NETLOGON > > MEMBER WORKSTATION VERSION 4.0 CHECKING FOR A POLICY: > SMB: C NT create & X, File = \ntconfig.pol > > MEMBER WORKSTATION CHECKING FOR ITS LOGON SCRIPT: > SMB: C transact2 Query path info, File = \essdom.bat > > For additional information on Secure Channels, Windows > NT Trusts, and Pass-Through Authentication, please see > the following article in the Microsoft Knowledge Base: > ARTICLE-ID: Q158148 > TITLE : Domain Secure Channel Utility -- Nltest.exe > Additional query words: > Keywords : kbnetwork ntdomain NTSrvWkst > Version : winnt:3.5,3.51,4.0 > Platform : winnt > Issue type : > > > Last Reviewed: January 21, 2000 > (c) 2000 Microsoft Corporation. All rights reserved. Terms > of Use. > > > > Article ID: Q165202 > Last Reviewed: > January 21, 2000 > Provided by Microsoft Product Support Services. > > > From peter at cadcamlab.org Tue Mar 7 00:35:22 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:56 2003 Subject: compile problem, latest cvs References: <38C391E0.4AF20E56@kneschke.de> <20000306171153.A19800@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <14532.19657.255774.522527@wire.cadcamlab.org> [Elrond] > Replace (line 1617) > bzero(user_pol->data, POL_HND_SIZE); > with: > ZERO_STRUCTP(user_pol); And cut the bzero entirely out in some places, like svcctld/srv_svcctl_nt.c. It's not needed there. Peter From pkennedy at loudcloud.com Tue Mar 7 05:27:15 2000 From: pkennedy at loudcloud.com (Paul Kennedy) Date: Tue Dec 2 02:28:56 2003 Subject: Success stories? References: <38C2D9AB.4809FDB8@xavier.sa.edu.au> Message-ID: <38C49333.E6865555@loudcloud.com> Matthew Geddes wrote: > Hi, > > since TNG alpha 0.4, Is TNG 0.4 that last version where this actually worked ? I'm about to roll-back to a previous version in order to get something working, can anyone confirm that 0.4 was functional ? Pk. > I have not been able to get trust accounts working > on samba TNG (PDC -> BDC, Workstation / Member server), and therefore > cannot log into my domain. Less than handy ;-). Does anyone Out There > have any success stories along with step by step destructions as to how > they went about it? I am following the same method of doing things as I > did while it was working and I did that with the help of Lars Kneschke's > Samba TNG FAQ. > > Thanks in advance, > Matt > > -- > "Our goal for the next release of Windows 2000 is to have zero bugs." > - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Tue Mar 7 06:04:42 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:56 2003 Subject: Success stories? References: <38C2D9AB.4809FDB8@xavier.sa.edu.au> <38C49333.E6865555@loudcloud.com> Message-ID: <38C49BFA.5190D137@xavier.sa.edu.au> Paul Kennedy wrote: > > Matthew Geddes wrote: > > > Hi, > > > > since TNG alpha 0.4, > > Is TNG 0.4 that last version where this actually worked ? I'm about to > roll-back to a previous version in order to get something working, can > anyone confirm that 0.4 was functional ? > TNG 0.3 was the last one I had working. TNG 0.8 works as a server, but the client side stuff is broke. From what I can gather anyway.... Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From GLeblanc at cu-portland.edu Tue Mar 7 06:18:20 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:56 2003 Subject: (more) TNG questions Message-ID: ok, still no joy here. I'm getting the same errors as before. Again, here's what I've done. useradd vm_nt_serv$ smbpasswd -a vm_nt_serv$ no password entered Go through NT server install, try to make computer part of the domain. Put in domain string, and try with the "create account" box both checked and unchecked. when checked, use "root" and "root_password". TNG still won't let me in. :( BTW, did anybody else notice that the check box says "create a computer account IN the domain", while the error that I get says "have your administrator check the account for this computer ON the domain"? Those aren't exact, but they're close. Seems that even M$ can't decide what to do on this. Later! Greg > -----Original Message----- > From: Peter Samuelson [mailto:peter@cadcamlab.org] > Sent: Sunday, March 05, 2000 11:17 PM > To: Gregory Leblanc > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: RE: (more) TNG questions > > > > [Gregory Leblanc] > > Append a dollar sign? I thought I'd gotten away from that $&!) when > > I got samba! What's the deal? > > Like it or not, NT domain member machines identify themselves this way > when authenticating against the server. I guess the $ was Microsoft's > way of denoting "hidden", just like in share names. Or something. > > Peter > From peter at cadcamlab.org Tue Mar 7 07:56:27 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:56 2003 Subject: network recycle bin In-Reply-To: <38C41D6A.BF854A03@tait.co.nz> References: <38C41D6A.BF854A03@tait.co.nz> Message-ID: <14532.41707.499705.374005@wire.cadcamlab.org> [Carey Sinclair] > Yes, surely this would be relatively simply to patch into the Samba > code. I too, would be very eager if this facility was available. I don't feel like I need such a feature, but it sounded like fun. And I wanted a break from doing the work I'm supposed to be doing right now. Besides, as you reassured us, it's "relatively simple". Well, "relatively simple" turns out to be in the eye of the beholder. In my case, as a relative Samba-hacking newbie, the first cut has taken several hours. But the patch below is functional (if barely so) at least at my end. It is NOT well-tested -- minimally and against NT only. Please test! Features/notes: * Adds per-share parameter "recycle bin = /some/directory" into which deleted files go. * Files are never overwritten; each file gets a suffix ~N where N is the first available nonnegative integer. * /some/directory must be on the same filesystem as the share, and must be writable by all necessary users. Sticky bit recommended. Bugs/TODO: * Crossing mount points. Doable but not at all trivial to get right. * Flat namespace. Should not be all that hard to fix. Maybe later. * Filenames are munged even if original name is not in use. Should be easy to fix. * Interesting things could happen if you put the recycle bin in the share itself. Loops might be possible if a user tries to delete it, I'm not sure. If you need to do this, use `veto files' to make it invisible. I have no intention of fixing this. Peter diff -urNX../xp samba-2.0.6/source/include/proto.h samba-recycle/source/include/proto.h --- samba-2.0.6/source/include/proto.h Wed Nov 10 20:36:01 1999 +++ samba-recycle/source/include/proto.h Mon Mar 6 23:43:20 2000 @@ -1146,6 +1146,7 @@ char *lp_hide_files(int ); char *lp_veto_oplocks(int ); char *lp_driverlocation(int ); +char *lp_recyclebin(int ); BOOL lp_preexec_close(int ); BOOL lp_rootpreexec_close(int ); BOOL lp_revalidate(int ); diff -urNX../xp samba-2.0.6/source/param/loadparm.c samba-recycle/source/param/loadparm.c --- samba-2.0.6/source/param/loadparm.c Wed Nov 10 20:36:05 1999 +++ samba-recycle/source/param/loadparm.c Mon Mar 6 23:44:06 2000 @@ -295,6 +295,7 @@ char *writelist; char *volume; char *fstype; + char *recycle_bin; int iMinPrintSpace; int iCreate_mask; int iCreate_force_mode; @@ -396,6 +397,7 @@ NULL, /* writelist */ NULL, /* volume */ NULL, /* fstype */ + NULL, /* recycle_bin */ 0, /* iMinPrintSpace */ 0744, /* iCreate_mask */ 0000, /* iCreate_force_mode */ @@ -831,6 +833,7 @@ {"fake directory create times", P_BOOL,P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_SHARE|FLAG_GLOBAL}, {"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, 0}, + {"recycle bin", P_STRING, P_LOCAL, &sDefault.recycle_bin, NULL, NULL, FLAG_SHARE|FLAG_GLOBAL}, {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0} }; @@ -1341,6 +1344,7 @@ FN_LOCAL_STRING(lp_hide_files,szHideFiles) FN_LOCAL_STRING(lp_veto_oplocks,szVetoOplockFiles) FN_LOCAL_STRING(lp_driverlocation,szPrinterDriverLocation) +FN_LOCAL_STRING(lp_recyclebin,recycle_bin) FN_LOCAL_BOOL(lp_preexec_close,bPreexecClose) FN_LOCAL_BOOL(lp_rootpreexec_close,bRootpreexecClose) diff -urNX../xp samba-2.0.6/source/smbd/reply.c samba-recycle/source/smbd/reply.c --- samba-2.0.6/source/smbd/reply.c Wed Nov 10 20:36:11 1999 +++ samba-recycle/source/smbd/reply.c Tue Mar 7 01:27:21 2000 @@ -1916,6 +1916,43 @@ return(True); } +/******************************************************************** +move file to recycle bin, if there is one + +The NAME parameter is a DOS filename; RECYCLE_BIN is verbatim. +Currently, use of a recycle bin across filesystems is b0rken. +*********************************************************************/ +static int recycle(char *name, char *recycle_bin) +{ + char *base; + pstring bin; + char buf[9]; + int i=0, len, addlen, rcode; + + if(!recycle_bin || !*recycle_bin) + return dos_unlink(name); + + base = strrchr(name, '/') + 1; + if(base == (char*)1) + base = name; + + /* empty files can just be deleted */ + if(dos_file_size(name) == 0) + return dos_unlink(name); + + pstrcpy(bin, recycle_bin); + pstrcat(bin, "/"); + pstrcat(bin, base); + len = strlen(bin); + addlen = sizeof(pstring)-len-1; + do { + slprintf(bin+len, addlen, "~%d", i++); + } while(dos_file_exist(bin, NULL)); + +DEBUG(3, ("recycle bin: source='%s' dest='%s'\n", name, bin)); + return rename (name, bin); +} + /**************************************************************************** Reply to a unlink ****************************************************************************/ @@ -1934,6 +1973,7 @@ BOOL exists=False; BOOL bad_path = False; BOOL rc = True; + char *recycle_bin = lp_recyclebin(SNUM(conn)); *directory = *mask = 0; @@ -1972,7 +2012,7 @@ if (!has_wild) { pstrcat(directory,"/"); pstrcat(directory,mask); - if (can_delete(directory,conn,dirtype) && !dos_unlink(directory)) + if (can_delete(directory,conn,dirtype) && !recycle(directory, recycle_bin)) count++; if (!count) exists = dos_file_exist(directory,NULL); @@ -2005,7 +2045,7 @@ error = ERRnoaccess; slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname); if (!can_delete(fname,conn,dirtype)) continue; - if (!dos_unlink(fname)) count++; + if (!recycle(fname, recycle_bin)) count++; DEBUG(3,("reply_unlink : doing unlink on %s\n",fname)); } CloseDir(dirptr); From lars at kneschke.de Tue Mar 7 10:19:42 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:56 2003 Subject: network recycle bin References: <14532.41707.499705.374005@wire.cadcamlab.org> Message-ID: <38C4D7BE.40924EC9@kneschke.de> Peter Samuelson wrote: > > [Carey Sinclair] > > Yes, surely this would be relatively simply to patch into the Samba > > code. I too, would be very eager if this facility was available. > > I don't feel like I need such a feature, but it sounded like fun. And > I wanted a break from doing the work I'm supposed to be doing right > now. Besides, as you reassured us, it's "relatively simple". > > Well, "relatively simple" turns out to be in the eye of the beholder. > In my case, as a relative Samba-hacking newbie, the first cut has taken > several hours. But the patch below is functional (if barely so) at > least at my end. It is NOT well-tested -- minimally and against NT > only. Please test! Wow! This was really simple! If you know where to look! :-) But the code is not so complex, like i had expected. Very nice. This is a very nice feature. Can some of the "samba-guru's" think about integrating this in samba for ever? This would be a very big plus for samba. Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From peter at cadcamlab.org Tue Mar 7 10:44:09 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:56 2003 Subject: network recycle bin References: <14532.41707.499705.374005@wire.cadcamlab.org> <38C4D7BE.40924EC9@kneschke.de> Message-ID: <14532.56148.690496.770225@wire.cadcamlab.org> [Lars Kneschke] > Wow! This was really simple! If you know where to look! :-) Relatively speaking, yes. For me, it wasn't so easy -- I've never really hacked on Samba much before so I had to figure everything out from the beginning. I learned a lot about the Samba string-handling functions, for example.... > Very nice. This is a very nice feature. Thanks. > Can some of the "samba-guru's" think about integrating this in samba > for ever? This would be a very big plus for samba. Don't anyone start thinking about it yet, of course! As soon as I add in a hierarchical namespace and (possibly) the ability to cross mount points, I think I'll be satisfied. (A little error handling might be nice, too. (: ) I just got tired of hacking on it for tonight.... Peter From johanh at fusion.kth.se Tue Mar 7 13:41:24 2000 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:28:56 2003 Subject: Domain unavailable In-Reply-To: Message-ID: > On Thu, 2 Mar 2000, Johan Hedin wrote: > > > We have the same problem since a few days. We run current versions > > (updated today) och samba pre-3.0.0 smbd and nmbd and other daemons from > > Samba TNG. Also browsing is broken. All the shares are there but named > > All works with pure TNG branch, but the combination of pre-3.0.0 smbd and > nmbd give the behaviour above at our setup. > Could this be a unicode problem? Running todays CVS version of pre-3.0.0 as a stand alone server (No PDC) with a NT4sp6 client does not work. I see the files, but can not open one. Browsing says access denied. Combining with TNG gives the same result. One guess is that this is since som fixes in ntrans.c. Do I have to create a unicode map or do anything else in order to get this work. Is TNG + pre-3.0.0 the prefered way of running, or is it better to have a pre-3.0.0 for file access and an extra TNG as PDC? /Johan Hedin /---------------------------------------------------------------------\ | Johan Hedin | johanh@fusion.kth.se | | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | \---------------------------------------------------------------------/ From patrick.li at v-wave.com Tue Mar 7 14:45:25 2000 From: patrick.li at v-wave.com (Patrick Li) Date: Tue Dec 2 02:28:56 2003 Subject: No Printing after upgraded to Tng-0.8 Message-ID: SGVsbG8gdGhlcmUsDQoNCkZpbmFsbHkgSSBnb3QgbXkgdzJrIGpvaW5lZCBteSBUbmctMC44IFBE QywgSSBzdGlsbCBoYXZlIHRvIHRlc3QgaXQgd2l0aCBteSB3OTggY2xpZW50cyB5ZXQuDQpCdXQg b24gbXkgdzJrLCBJIHRyaWVkIG1hcCBhIG5ldHdvcmsgcHJpbnRlciwgSSBnb3Qgbm8gc3VjY2Vz cy4NClRoZSBwcmludGVyIGlzIGF0dGFjaGVkIG9uIG15IExpbnV4LCBhbmQgaSBjYW4gdXNlIGl0 IHdoZW4gSSdtIHVzaW5nIHNhbWJhLTIuMC42DQpidXQgcmlnaHQgYWZ0ZXIgSSB1cGdyYWRlZCwg aXQgZG9lc24ndCB3b3JrLg0KSGVyZSBpcyBteSBzbWIuY29uZg0KW2dsb2JhbF0NCg0KI05ldEJJ T1MgbmFtZSBpc24ndCBuZWVkZWQgaWYgaXQncyB0aGUgc2FtZSBhcyB0aGUgaG9zdG5hbWUNCm5l dGJpb3MgbmFtZSA9IHlvaGppLWxpbnV4DQp3b3JrZ3JvdXAgPSBET01BSU4NCg0KI2ZsYXQgZmls ZXMgdGhhdCBtYXAgVW5peCBncm91cHMgdG8gTlQgdHlwZSBncm91cHMuDQojdGhlc2UgZmlsZXMg dGFrZSB0aGUgZm9ybSB1bml4X2dyb3VwID0gYFdpbmRvd3MgTlQgZ3JvdXAnJw0KI2RvbWFpbiBn cm91cCBtYXAgPSAvb3B0L3NhbWJhLXRuZy9wcml2YXRlL2RvbWFpbmdyb3VwLm1hcA0KI2RvbWFp biBhbGlhcyBtYXAgPSAvb3B0L3NhbWJhLXRuZy9wcml2YXRlL2RvbWFpbmFsaWFzLm1hcA0KDQoj RG9tYWluIGNvbnRyb2xsZXJzIHVzZSB1c2VyIHNlY3VyaXR5IGFuZCB3ZSBuZWVkIGVuY3J5cHRl ZA0KI3Bhc3N3b3JkcyAoc2VlIEVOQ1JZUFRJT04udHh0KQ0Kc2VjdXJpdHkgPSB1c2VyDQpkb21h aW4gbG9nb25zID0geWVzDQplbmNyeXB0IHBhc3N3b3JkcyA9IHllcw0KcHJpbnRjYXAgbmFtZSA9 IC9ldGMvcHJpbnRjYXANCmxvYWQgcHJpbnRlcnMgPSB5ZXMNCg0KI0FuZCBpbiBvcmRlciBmb3Ig dXMgdG8gYmUgKnN1cmUqIHRvIHdpbiBicm93c2VyIGVsZWN0aW9ucw0Kb3MgbGV2ZWwgPSA2NQ0K ZG9tYWluIG1hc3RlciA9IHllcw0KcHJlZmVycmVkIG1hc3RlciA9IHllcw0KbG9jYWwgbWFzdGVy ID0geWVzDQoNCiNXSU5TIGlzIHRoZSBlcXVpdmFsZW50IG9mIEROUyBmb3IgTmV0QklPUy4NCndp bnMgc3VwcG9ydCA9IHllcw0KdGltZSBzZXJ2ZXIgPSB5ZXMNCg0KI3RoZSBuZXh0IGxpbmVzIGFy ZSBlcXVpdmFsZW50IHRvIHRoZSB2YXJpb3VzIHByb2ZpbGUgZGV0YWlscw0KI2ZvdW5kIGluIE5U J3MgVXNlciBNYW5hZ2VyDQojbG9nb24gZHJpdmUgPSBVOg0KbG9nb24gaG9tZSA9IFxceW9oamkt bGludXhccHJvZmlsZVwlVQ0KbG9nb24gcGF0aCA9IFxceW9oamktbGludXhccHJvZmlsZVwlVQ0K DQojc2hhcmUgYWxsIGhvbWUgZGlyZWN0b3JpZXMNCltob21lc10NCmJyb3dzZWFibGUgPSBubw0K d3JpdGFibGUgPSB5ZXMNCmNvbW1lbnQgPSBVc2VycycgaG9tZSBkaXJlY3Rvcmllcw0KDQojc2V0 IHVwIG5ldGxvZ29uIHNoYXJlIGZvciBzeXN0ZW0gcG9saWNpZXMgYW5kIGxvZ2luIHNjcmlwdHMN CltuZXRsb2dvbl0NCnBhdGggPSAvb3B0L3NhbWJhLXRuZy9uZXRsb2dvbg0Kd3JpdGFibGUgPSBu bw0KZ3Vlc3Qgb2sgPSBubw0KDQpjb21tZW50ID0gUERDIG5ldGxvZ29uIHNoYXJlDQoNCiN0aGUg cHJvZmlsZXMgc2hhcmUNCiN0byBjcmVhdGUgYXV0b21hdGljIHN1YmRpcnMgZm9yIHRoZSBkaWZm ZXJlbnQgdXNlcnMNCiNjaG1vZCAxNzc3IC9vcHQvc2FtYmEtdG5nL3Byb2ZpbGUgICANCltwcm9m aWxlXQ0KcGF0aCA9IC9vcHQvc2FtYmEtdG5nL3Byb2ZpbGVzDQp3cml0ZWFibGUgPSB5ZXMNCltw dWJsaWNdDQpwYXRoID0gL29wdC9zYW1iYS10bmcvcHVibGljDQpicm93c2VhYmxlID0geWVzDQpw dWJsaWMgPSB5ZXMNCmNvbW1lbnQgPSBQdWJsaWMgc2hhcmUNCg0KI1ByaW50ZXINCltwcmludGVy c10NCiAgIGNvbW1lbnQgPSBBbGwgUHJpbnRlcnMgICANCiAgIHBhdGggPSAvdXNyL3Nwb29sL3Nh bWJhDQogICBicm93c2VhYmxlID0gbm8gDQojIFNldCBwdWJsaWMgPSB5ZXMgdG8gYWxsb3cgdXNl ciAnZ3Vlc3QgYWNjb3VudCcgdG8gcHJpbnQNCiAgIGd1ZXN0IG9rID0gbm8NCiAgIHdyaXRhYmxl ID0gbm8NCiAgIHByaW50YWJsZSA9IHllcw0KDQpbSFBfTGozUF0NCiAgIHByaW50ZXIgPSByYXcN CiAgIGNvbW1lbnQgPSBIUCBMYXNlckpldCAzUCBQcmludGVyDQogICBwYXRoID0gL3Zhci9zcG9v bC9zYW1iYSAgDQogICBicm93c2VhYmxlID0geWVzDQojIFNldCBwdWJsaWMgPSB5ZXMgdG8gYWxs b3cgdXNlciAnZ3Vlc3QgYWNjb3VudCcgdG8gcHJpbnQNCiAgZ3Vlc3Qgb2sgPSB5ZXMNCiAgIHB1 YmxpYyA9IHllcw0KICAgd3JpdGFibGUgPSBubw0KICAgcHJpbnRhYmxlID0geWVzDQogICBwcmlu dCBjb21tYW5kID0gL3Vzci9iaW4vbHByIC1iIC1yIC1QSFBfTGozUCAlcw0KICAgbHBxIGNvbW1h bmQgPSBscHEgLVBIUF9MajNQDQogICBscHJtIGNvbW1hbmQgPSBscHJtIC1QSFBfTGozUCAlag0K DQpIZXJlIGlzIG15IGxvZy5zbWINCmF1dGhvcmlzZV9sb2dpbjogVE9ETy4gc3BsaXQgZnVuY3Rp b24sIGl0J3MgNiBsZXZlbHMhDQpzb2NrZXQgY29ubmVjdCB0byAvdG1wLy5tc3JwYy8uc3Bvb2xz cy9hZ2VudCBmYWlsZWQ6IENvbm5lY3Rpb24gcmVmdXNlZA0KRVJST1I6IHNldGdyb3VwcyBjYWxs IGZhaWxlZCENCnNvY2tldCBjb25uZWN0IHRvIC90bXAvLm1zcnBjLy5zcG9vbHNzL2FnZW50IGZh aWxlZDogQ29ubmVjdGlvbiByZWZ1c2VkDQpFUlJPUjogc2V0Z3JvdXBzIGNhbGwgZmFpbGVkIQ0K YXV0aG9yaXNlX2xvZ2luOiBUT0RPLiBzcGxpdCBmdW5jdGlvbiwgaXQncyA2IGxldmVscyENCg0K Q2FuIHNvbWVvbmUgdGVsbCBtZSB3aGF0IEkgZGlkIHdyb25nPw0KDQpUaGFueA0KDQpQYXQ= From bkeats at spiff.chin.gc.ca Tue Mar 7 15:44:32 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:28:56 2003 Subject: Netlogon Service In-Reply-To: <38C44ED4.D3DC13A3@ic.ac.uk> References: <00030615233501.20042@panther> <38C44ED4.D3DC13A3@ic.ac.uk> Message-ID: <00030711163402.20042@panther> Thank Phil, That was what I needed to know. I'm currently using 2.05a, maybe I'll try a newer version to see if it works then. I am currently using the latest Slackware distribution, but without the source code, which maybe I could make some modifications somewhere to see if it does indeed attempt to make use of this information. Unless some knowledgable reader knows if a specific samba version will pass along the logon script to a client or knows which part of the code would be responsible for doing or checking this. (It would save me alot of time !!!!) Greg, If you're still interested, I can send you the previous postings I've made or you could probably find them in the list archives. Regards P.S. Thanks for your replies so far guys, they have been very helpfull .... On Mon, 06 Mar 2000, Phil Mayers wrote: > Ah, not yet answered: > > Yes it does (NT) pass along the login script. Samba may not do that yet > (which change are you using again?) or it may, and you "non standard" > (ahem :o) usage may be causing problems. Hmm... > > If you're using TNG, you could do a ./configure.developer, recompile > with debugging enabled, and do a trace on what happens. But yes, that's > the way it's supposed to work. > > Cheers, > Phil > > Brian Keats wrote: > > > > If anyone has been following my postings, I've been curious if an NT domain > > controller passes along the name and path of a "logon script". The below > > article was taken from the microsoft.com site. Does anyone know if SAMBA uses > > this information or can it be made to use this information if it is acting as a > > domain member with > > security = domain > > domain logons = yes > > password server = [nt PDC] > > > > WinNT Client Logon in Resource and Master Domain > > Environment > > > > > > The information in this article applies to: > > > > Microsoft Windows NT Workstation versions 3.5, 3.51, > > 4.0 > > Microsoft Windows NT Server versions 3.5, 3.51, 4.0 > > > > > > > > > > SUMMARY > > When a computer running Windows NT Workstation or Server > > that is a member of a domain starts, it tries to > > establish a secure channel to a domain controller in its > > domain to validate its machine account. This occurs > > before the user is presented with the CTRL+ALT+DEL logon > > screen. If the domain that the Windows NT client is a > > member of trusts another domain, a user can log on to > > that trusted domain at the console. > > > > If the user logs on to this trusted domain, the user's > > credentials are passed from the Windows NT client to a > > domain controller in its domain that it established a > > secure channel with at startup time. This resource > > domain controller then does pass-through authentication > > to a domain controller in the accounts or master domain > > that it established a secure channel with at startup > > time. If the user has a logon script, or if the client > > is Windows NT version 4.0 that implements Policies, the > > domain controller in the accounts domain that validated > > the user credentials through pass-through > > authentication, will also be used to service the log on > > script or Policies request. > > > > > > MORE INFORMATION > > The following Network Monitor frames summarize the > > critical communication between a computer running > > Windows NT Workstation and a domain controller in its > > domain, where its machine account resides: > > > > NAME QUERY FOR MEMBER WORKSTATION'S DOMAIN NAME: > > NBT: NS: Query req. for RANDYMCD <1C> > > > > MEMBER WORKSTATION INITIATING SECURE CHANNEL WITH ITS DOMAIN CONTROLLER. > > BROADCASTS FIRST, THEN TRIES LIST RETURNED BY WINS: > > NETLOGON: SAM LOGON request from client > > > > MEMBER WORKSTATION ESTABLISHING SESSION WITH ITS DOMAIN CONTROLLER: > > SMB: C session setup & X, Username = , and C tree connect & X, > > Share = \\RANDYMC1\IPC$ > > > > MEMBER WORKSTATION REQUESTING LIST OF TRUSTED DOMAINS: > > R_LSARPC: RPC Client call lsarpc:LsarEnumerateTrustedDomains(..) > > > > MEMBER WORKSTATION AUTHENTICATIONG ITS MACHINE ACCOUNT: > > SMB: C NT create & X, File = \NETLOGON > > R_LOGON: RPC Client call logon:NetrServerReqChallenge(..) > > R_LOGON: RPC Client call logon:NetrServerAuthenticate2(..) > > > > The following Network Monitor frames summarize the > > critical communication among the computer running > > Windows NT Workstation or Server in a resource domain, a > > domain controller in a resource domain, and a domain > > controller in an accounts domain. > > > > MEMBER WORKSTATION NAME QUERY FOR ITS DOMAIN CONTROLLER: > > NBT: NS: Query req. for RANDYMC1 > > > > MEMBER WORKSTATION ESTABLISHING SESSION WITH ITS DOMAIN CONTROLLER: > > NBT: SS: Session Request, Dest:RANDYMC1, Source: RANDYMC3<00>, Len: 68 > > SMB: C session setup & X, Username = , and C tree connect & X, > > Share = \\RANDYMC1\IPC$ > > > > NOTE: WINDOWS NT 4.0 UPDATES THE TRUSTED DOMAIN LIST CACHE EVERY 2 > > MINUTES BY DEFAULT: > > R_LSARPC: RPC Client call lsarpc:LsarEnumerateTrustedDomains(..) > > > > MEMBER WORKSTATION PASSING ITS MACHINE NAME, USERNAME, AND TRUSTED > > DOMAIN NAME TO ITS RESOURCE DOMAIN CONTROLLER: > > SMB: C NT create & X, File = \NETLOGON > > R_LOGON: RPC Client call logon:NetrLogonSamLogon(..) > > 00160: 0000000000000900 0000420050005300 ..........B.P.S. > > 00170: 490047004E004F00 4600460074000600 I.G.N.O.F.F.t... > > 00180: 0000000000000600 0000450053005300 ..........E.S.S. > > 00190: 44004F004D000900 0000000000000800 D.O.M........... > > 001A0: 0000520041004E00 440059004D004300 ..R.A.N.D.Y.M.C. > > 001B0: 33000300 3... > > > > RESOURCE DOMAIN CONTROLLER PASSING CLIENTS CREDENTIALS TO TRUSTED > > ACCOUNTS DOMAIN CONTROLLER: > > MSRPC: c/o RPC Request: call 0x4 opnum 0x2 context 0x0 hint 0x10A > > 00160: 0000090000004200 5000530049004700 ......B.P.S.I.G. > > 00170: 4E004F0046004600 0000060000000000 N.O.F.F......... > > 00180: 0000060000004500 5300530044004F00 ......E.S.S.D.O. > > 00190: 4D00090000000000 0000080000005200 M.............R. > > 001A0: 41004E0044005900 4D00430033000300 A.N.D.Y.M.C.3... > > > > ACCOUNTS DOMAIN CONTROLLER PASSING AUTHENTICATION TO RESOURCE DOMAIN > > CONTROLLER ALONG WITH LOGON SCRIPT NAME: > > MSRPC: c/o RPC Response: call 0x4 context 0x0 hint 0x198 cancels 0x0 > > 00170: 0000000000000600 0000450053005300 ..........E.S.S. > > 00180: 44004F004D000B00 0000000000000A00 D.O.M........... > > 00190: 0000650073007300 64006F006D002E00 ..e.s.s.d.o.m... > > 001A0: 6200610074000300 0000010200000700 b.a.t........... > > 001B0: 0000000200000700 0000180400000700 ................ > > 001C0: 0000080000000000 0000070000004500 ..............E. > > 001D0: 5300530044004F00 4D0031006F000A00 S.S.D.O.M.1.o... > > 001E0: 0000000000000900 0000420050005300 ..........B.P.S. > > 001F0: 490047004E004F00 4600460070000400 I.G.N.O.F.F.p... > > > > RESOURCE DOMAIN CONTROLLER PASSING POSITIVE AUTHENTICATION RESPONES TO > > MEMBER WORKSTATION ALONG WITH ACCOUNTS DOMAIN CONTROLLER COMPUTER NAME > > THAT DID THE AUTHENTICATION: > > R_LOGON: RPC Server response logon:NetrLogonSamLogon(..) > > 00170: 0000000000000600 0000450053005300 ..........E.S.S. > > 00180: 44004F004D000B00 0000000000000A00 D.O.M........... > > 00190: 0000650073007300 64006F006D002E00 ..e.s.s.d.o.m... > > 001A0: 6200610074000300 0000010200000700 b.a.t........... > > 001B0: 0000000200000700 0000180400000700 ................ > > 001C0: 0000080000000000 0000070000004500 ..............E. > > 001D0: 5300530044004F00 4D00310000000A00 S.S.D.O.M.1..... > > 001E0: 0000000000000900 0000420050005300 ..........B.P.S. > > 001F0: 490047004E004F00 4600460000000400 I.G.N.O.F.F..... > > > > MEMBER WORKSTATION NAME QUERY FOR ACCOUNTS DOMAIN CONTROLLER COMPUTER > > NAME: > > NBT: NS: Query req. for ESSDOM1 > > > > MEMBER SERVER ESTABLISHING SESSION WITH ACCOUNTS DOMAIN CONTROLLER: > > SMB: C session setup & X, Username = ESSDOM, and C tree connect & X, > > Share = \\ESSDOM1\NETLOGON > > > > MEMBER WORKSTATION VERSION 4.0 CHECKING FOR A POLICY: > > SMB: C NT create & X, File = \ntconfig.pol > > > > MEMBER WORKSTATION CHECKING FOR ITS LOGON SCRIPT: > > SMB: C transact2 Query path info, File = \essdom.bat > > > > For additional information on Secure Channels, Windows > > NT Trusts, and Pass-Through Authentication, please see > > the following article in the Microsoft Knowledge Base: > > ARTICLE-ID: Q158148 > > TITLE : Domain Secure Channel Utility -- Nltest.exe > > Additional query words: > > Keywords : kbnetwork ntdomain NTSrvWkst > > Version : winnt:3.5,3.51,4.0 > > Platform : winnt > > Issue type : > > > > > > Last Reviewed: January 21, 2000 > > (c) 2000 Microsoft Corporation. All rights reserved. Terms > > of Use. > > > > > > > > Article ID: Q165202 > > Last Reviewed: > > January 21, 2000 > > Provided by Microsoft Product Support Services. > > > > > > From johanh at fusion.kth.se Tue Mar 7 16:26:45 2000 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:28:56 2003 Subject: Samba pre-3.0.0 + TNG Message-ID: Do I need to join the Samba server to the domain, using a combination of pre-3.0.0 and TNG as PDC and file server? TIA Johan Hedin /---------------------------------------------------------------------\ | Johan Hedin | johanh@fusion.kth.se | | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | \---------------------------------------------------------------------/ From p.mayers at ic.ac.uk Tue Mar 7 16:35:48 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:28:56 2003 Subject: Samba pre-3.0.0 + TNG Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81370@icex1.cc.ic.ac.uk> I think the combination TNG+3.0 stuff stopped working some time ago. Does anyone know if it was ever fixed? This may be a problem for you. Cheers, Phil > -----Original Message----- > From: Johan Hedin [SMTP:johanh@fusion.kth.se] > Sent: Tuesday, March 07, 2000 4:28 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Samba pre-3.0.0 + TNG > > Do I need to join the Samba server to the domain, using a combination of > pre-3.0.0 and TNG as PDC and file server? > > TIA > > Johan Hedin > /---------------------------------------------------------------------\ > | Johan Hedin | johanh@fusion.kth.se | > | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | > \---------------------------------------------------------------------/ > From tom at ee.ucl.ac.uk Tue Mar 7 16:47:22 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:28:56 2003 Subject: Experiences with Win 2000 and samba-TNG Message-ID: <200003071647.QAA14338@picard.ee.ucl.ac.uk> Hello, I have finally taken the plunge and downloaded TNG using cvs. This report relates to a cvs update of 7th March 2000. The domain controller is a SUN E450 running Solaris 2.7. samba built cleanly (barring a few warnings of initialisations from non-compatible pointers and discarding of consts). If anyone wants the gory details let me know. What works: A Windows 2000 box which was joined to the domain (EE) using the cvs from 6th March, will allow domain logins, will run a netlogon script (most of the time) and will implement roaming profiles. Problems we have had with this include, profiles not being downloaded when the %U substitution is used, but we used the %username% workaround posted a few days ago. I have not tested the %U substitution today, but saw no evidence of anything in the cvs updates to suggest that it had been fixed since yesterday. What doesn't work: Joining another Win 2000 box to the domain. It appears to join in that you can go all the way through the windows Identification wizard. It then pauses for a long time and then offers you the opportunity to add a user to the local machine. If you try to do that, you get an error message: The trust relationship between this workstation and the primary domain failed. If I look in the smbpasswd file though, a machine account is added for the workstation. Logging onto the domain on the system then fails with the error: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. Has anyone any ideas why this might occur? Is there any way to get debug/log messages to be timestamped? I find it very difficult to relate the lines in each of the 8 or 9 log files to a particular action taken on a client. Thanks to everyone who is putting effort into getting TNG working well, especially Luke. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From p.mayers at ic.ac.uk Tue Mar 7 16:58:31 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:28:56 2003 Subject: Experiences with Win 2000 and samba-TNG Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81372@icex1.cc.ic.ac.uk> Heh! Luke changed the default for TNG: "debug timestamps = yes" IIRC. It's in the man page for smb.conf Cheers, Phil > -----Original Message----- > From: Tom Crummey [SMTP:tom@ee.ucl.ac.uk] > Sent: Tuesday, March 07, 2000 4:50 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Experiences with Win 2000 and samba-TNG > > Hello, > > I have finally taken the plunge and downloaded TNG using cvs. This report > relates to a cvs update of 7th March 2000. The domain controller is a > SUN E450 running Solaris 2.7. samba built cleanly (barring a few > warnings of initialisations from non-compatible pointers and discarding > of consts). If anyone wants the gory details let me know. > > What works: > > A Windows 2000 box which was joined to the domain (EE) using the cvs from > 6th March, will allow domain logins, will run a netlogon script (most of > the time) and will implement roaming profiles. Problems we have had with > this include, profiles not being downloaded when the %U substitution > is used, but we used the %username% workaround posted a few days ago. > I have not tested the %U substitution today, but saw no evidence of > anything in the cvs updates to suggest that it had been fixed since > yesterday. > > What doesn't work: > > Joining another Win 2000 box to the domain. It appears to join in that > you can go all the way through the windows Identification wizard. It then > pauses for a long time and then offers you the opportunity to add a user > to the local machine. If you try to do that, you get an error message: > > The trust relationship between this workstation and the primary domain > failed. > > If I look in the smbpasswd file though, a machine account is added > for the workstation. > > Logging onto the domain on the system then fails with the error: > > The system cannot log you on to this domain because the system's computer > account in its primary domain is missing or the password on that account > is incorrect. > > Has anyone any ideas why this might occur? > > Is there any way to get debug/log messages to be timestamped? I find > it very difficult to relate the lines in each of the 8 or 9 log files > to a particular action taken on a client. > > Thanks to everyone who is putting effort into getting TNG working well, > especially Luke. > > Tom. > > -------------------------------------------------------------------------- > -- > Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk > Department of Electronic and Electrical Engineering, > University College London, TEL: +44 (0)20 7679 3898 > > Torrington Place, FAX: +44 (0)20 7388 9307 > London, UK, WC1E 7JE. > -------------------------------------------------------------------------- > -- > From tom at ee.ucl.ac.uk Tue Mar 7 18:04:49 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:28:56 2003 Subject: Follow up on: Experiences with Win 2000 and samba-TNG Message-ID: <200003071804.SAA17987@picard.ee.ucl.ac.uk> Hello, I have some more detail on what happens when I try to log on to a domain controlled by samba_TNG and it fails with: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. With debug level at 10, it appears that the credentials check is wrong. Extract from log.netlogon: [2000/03/07 17:56:48, 5] rpc_parse/parse_prs.c:_prs_uint8s(694) 005c data: 5a d3 79 6b 0f b3 8b 7e [2000/03/07 17:56:48, 6] rpc_parse/parse_prs.c:prs_debug(37) 000064 net_io_neg_flags [2000/03/07 17:56:48, 5] rpc_parse/parse_prs.c:_prs_uint32(656) 0064 neg_flags: 400001ff [2000/03/07 17:56:48, 10] netlogond/creds_db.c:cred_get(59) cred_get: [2000/03/07 17:56:48, 10] netlogond/creds_db.c:make_creds_key(46) make_creds_key: pid: 57af dom EE wks TOMPC [2000/03/07 17:56:48, 10] lib/util.c:dump_data(2790) [000] 00 00 57 AF 65 65 00 74 6F 6D 70 63 00 ..W.ee.t ompc. [2000/03/07 17:56:48, 4] libsmb/credentials.c:cred_create(95) cred_create [2000/03/07 17:56:48, 5] libsmb/credentials.c:cred_create(97) sess_key : 28EA6517CC3C0052 [2000/03/07 17:56:48, 5] libsmb/credentials.c:cred_create(98) stor_cred: C3656B6C722AFC98 [2000/03/07 17:56:48, 5] libsmb/credentials.c:cred_create(99) timestamp: 0 [2000/03/07 17:56:48, 5] libsmb/credentials.c:cred_create(100) timecred : C3656B6C722AFC98 [2000/03/07 17:56:48, 5] libsmb/credentials.c:cred_create(101) calc_cred: 12B93E9A4F81F03C [2000/03/07 17:56:48, 4] libsmb/credentials.c:cred_assert(126) cred_assert [2000/03/07 17:56:48, 5] libsmb/credentials.c:cred_assert(128) challenge : 5AD3796B0FB38B7E [2000/03/07 17:56:48, 5] libsmb/credentials.c:cred_assert(129) calculated: 12B93E9A4F81F03C [2000/03/07 17:56:48, 5] libsmb/credentials.c:cred_assert(138) credentials check wrong This PC is running Win NT 4.0 with service pack 4.0. I joined the domain EE using the network control panel and it gave the welcome to the EE domain message. I used the root account which is in the sampasswd file. If anyone wants any more information or has any hints as to what I'm doing wrong, please email me... Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From abrock at georgefox.edu Tue Mar 7 16:44:30 2000 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:28:56 2003 Subject: TNG no longer works ... Message-ID: <4.2.2.20000307103912.00a4aba0@localhost> I have a small network of about 4 machines, with one Linux RedHat 6.1 Server running samba CVS from last Saturday. Since upgrading, the NT Workstation (4.0 SP 6a) slowed to a crawl (it took about 10 minutes just to login). In desperation, I decided to rebuild the domain from scratch. So I removed the NT Workstations from the domain, and then scratched everything but my smb.conf file. I reinstalled, and restored the smb.conf file. I then re-joined the domain with the NT Workstation, which worked perfectly. However, all attempts to login to the domain now fail. I get back a messages stating that I have used an incorrect password. However, the same username and password works on the Samba server when using rpcclient. The good news is that speed is back to normal, though I can't access any resources on the network now ... :/ Any clues? Tonight, when I get home, I am going to download the latest CVS to see if this makes a difference. Tony ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From mbreuer at siac.com Tue Mar 7 19:18:12 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:56 2003 Subject: TNG 0.9 compiler errors Message-ID: <38C555F4.B77EC504@siac.com> samrd/srv_samr_als_nt5ldap.c,, samrd/srv_samr_passdb.c and winregd/srv_reg_nt.c contain references to "POL_HND_SIZE" while include/rpc_spoolss.h defines POLICY_HND_SIZE. From rajeeva at research.bell-labs.com Tue Mar 7 20:00:02 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:28:56 2003 Subject: head branch Message-ID: <38C55FC2.73791B14@research.bell-labs.com> I cannot connect from an NT 4.0 (SP4) machine to latest HEAD branch code running on a RH6.1 system. I get the following error in logs: [2000/03/07 14:57:51, 4] smbd/nttrans.c:nt_open_pipe(527) nt_open_pipe: Opening pipe wsv. [2000/03/07 14:57:51, 3] smbd/error.c:error_packet(138) error packet at line 535 cmd=162 (SMBntcreateX) eclass=2 ecode=4 However, I can connect to HEAD branch code from 1 week ago. Is there anything I need to change? Thanks, rajeev From lkcl at samba.org Tue Mar 7 20:11:40 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:56 2003 Subject: formats changed Message-ID: hi! due to lots of bug fixes, some of the formats for data structures have changed, and joining domains now should actually work on a non-intel-byte-order machine. ah, i hear you say - that explains why my sparc ultra won';t work and my 486 will, as a tng pdc :) i recommend that you delete the var/locks directory and recreate it, and if you are using --with-sam-pwdb=tdb, you delete the sam/ dirtectory (which will destroy all user accounts) and rejoin to the domain all workstations. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mgeddes at xavier.sa.edu.au Tue Mar 7 21:45:37 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:56 2003 Subject: network recycle bin References: <14532.41707.499705.374005@wire.cadcamlab.org> <38C4D7BE.40924EC9@kneschke.de> Message-ID: <38C57881.83EF8706@xavier.sa.edu.au> Lars Kneschke wrote: > Wow! This was really simple! If you know where to look! :-) > But the code is not so complex, like i had expected. Very nice. This is > a very nice feature. > Can some of the "samba-guru's" think about integrating this in samba for > ever? This would be a very big plus for samba. > Sounds very good and I think that when it has been tested it should be included as long as we can turn it off when we want to. Matt P.S. To Luke and Jean, I haven't converted those man pages to yodl yet, due to an unexpected smiting from NT 4.0. It decided that my linux partition was less than valid and made some mods to the partition table. Thanks NT. -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From lkcl at samba.org Tue Mar 7 21:58:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:56 2003 Subject: samba-tng-alpha-0.10.tar.gz Message-ID: now available in ftp://samba.org/pub/samba/alpha and all mirror sites. some significant bugs have been fixed (word order issues). join nt5 and nt4 to domain now works. user logins _other_ than root now also work :) luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From tschweikle at FIDUCIA.de Tue Mar 7 22:16:59 2000 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:28:56 2003 Subject: network recycle bin Message-ID: <0057540004181188000002L482*@MHS> jan.van.rensburg@epiuse.com: > why do you need the functionality on the client? when > the samba server receives the recquest for a delete, > it can just put the file into some designated area. > the client thinks the files is really deleted, although > on the server side it was just moved. Korrect, but this would not give you the same behavour: Win NT/9x is able to move something put into trash back to its old place if you decide to recyle it. With samba providing this facility will be difficult if not impossible. hmm --- Windows does it storing this data in a hidden INFO2 file within the ?:\RECYCLED directories. These having system attribute set. Creating a directory having the same contents as the original RECYCLED one may reveal this functionality for at least one client. I will give this a try. Maybe Windows itself does Provide the functionality without changes to samba. Second: suppose two users having different files with the same name. Putting them in one trash would clobber the one put there first. You would have to provide for as many trashes as there are users to make this work savely and reliable. -- From GLeblanc at cu-portland.edu Tue Mar 7 22:25:18 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:28:56 2003 Subject: formats changed Message-ID: > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Tuesday, March 07, 2000 12:32 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: formats changed > > > hi! due to lots of bug fixes, some of the formats for data structures > have changed, and joining domains now should actually work on a > non-intel-byte-order machine. > > ah, i hear you say - that explains why my sparc ultra won';t > work and my > 486 will, as a tng pdc :) Wow, that explains why my SPARCstation 20 doesn't work as my TNG PDC! :) (I'm sorry, I couldn't resist) I just killed my old install, and ran make distclean on the sources. Should I be running with just plain old configure, or configure.developer, or configure.nodebug.developer for the time being? Thanks, Greg From lkcl at samba.org Tue Mar 7 23:04:29 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:56 2003 Subject: formats changed In-Reply-To: Message-ID: > > ah, i hear you say - that explains why my sparc ultra won';t > > work and my > > 486 will, as a tng pdc :) > > Wow, that explains why my SPARCstation 20 doesn't work as my TNG PDC! :) :) > (I'm sorry, I couldn't resist) I just killed my old install, and ran make > distclean on the sources. Should I be running with just plain old > configure, or configure.developer, or configure.nodebug.developer for the > time being? Thanks, ddoesn't matter. From lars at kneschke.de Tue Mar 7 20:35:54 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:56 2003 Subject: Follow up on: Experiences with Win 2000 and samba-TNG References: <200003071804.SAA17987@picard.ee.ucl.ac.uk> Message-ID: <38C5682A.23E02142@kneschke.de> Tom Crummey wrote: > This PC is running Win NT 4.0 with service pack 4.0. I joined the domain > EE using the network control panel and it gave the welcome to the EE > domain message. I used the root account which is in the sampasswd file. > If anyone wants any more information or has any hints as to what I'm > doing wrong, please email me... You did nothing wrong. Many other users also report this problem. Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From mgeddes at xavier.sa.edu.au Wed Mar 8 00:25:30 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:56 2003 Subject: TNG-10 References: Message-ID: <38C59DFA.5F535AAF@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: >stuff Welcome back Luke. ;-) I tried running TNG 10 and there are a number of daemons (lsarpcd, netlogond, samrd and smbd mostly) that die when I start them. Here's a log file. The last couple of lines are the same in each log file for each daemon. Thanks, Matt P.S. it's a REdHat 6.0 box. -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft -------------- next part -------------- [2000/03/08 10:36:51, 1] smbd/server.c:main(637) smbd version TNG-prealpha started. Copyright Andrew Tridgell 1992-1998 [2000/03/08 10:36:51, 2] smbd/server.c:main(641) uid=0 gid=0 euid=0 egid=0 [2000/03/08 10:36:51, 3] param/loadparm.c:init_globals(894) Initialising global parameters [2000/03/08 10:36:51, 3] param/params.c:pm_process(538) params.c:pm_process() - Processing configuration file "/opt/tng-10/lib/smb.conf" [2000/03/08 10:36:51, 3] param/loadparm.c:do_section(2455) Processing section "[global]" doing parameter workgroup = xavier2 doing parameter security = domain doing parameter domain logons = no doing parameter encrypt passwords = yes doing parameter wins server = 10.1.1.2 [2000/03/08 10:36:51, 3] param/loadparm.c:lp_load(2794) pm_process() returned Yes [2000/03/08 10:36:51, 7] param/loadparm.c:lp_servicenumber(2873) lp_servicenumber: couldn't find homes [2000/03/08 10:36:51, 3] param/loadparm.c:lp_add_ipc(1691) adding IPC service lp_servicenumber: couldn't find printers lp_servicenumber: couldn't find printers lp_file_list_changed() file /opt/tng-10/lib/smb.conf -> /opt/tng-10/lib/smb.conf last mod_time: Wed Mar 8 10:26:13 2000 Derived broadcast address 10.1.255.255 Added interface ip=10.1.1.26 bcast=10.1.255.255 nmask=255.255.0.0 file_init: Information only: requested 10000 open files, 1014 are available. No DFS map, Samba is running in NON DFS mode codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) get_sam_domain_name: Dom-MemMATTS read_sid: Domain: MATTS sid_to_string returning S-1-5-21-2614443133-3255267052-2964164621 read_sid_from_file /opt/tng-10/private/MATTS.SID: sid S-1-5-21-2614443133-3255267052-2964164621 get_member_domain_sid: get_any_dc_name: domain XAVIER2 local domain server list: cli_connection_init_auth: \\. \PIPE\lsarpc copy_nt_creds: null creds ncalrpc_l_use_add ncalrpc_l_find: lsarpc [14318,0] root is in 7 groups: 0, 1, 2, 3, 4, 6, 10 uid 0 registered to name root Clearing default real name uid 0 vuid 100 registered to unix name root vuid_init_db: opened storing user 37ee,64 000000 vuid_io_key key 0000 pid : 000037ee 0004 vuid: 0064 000000 vuid_io_user_struct usr 0000 uid: 00000000 0004 gid: 00000000 0008 name: root 0010 requested_name: root 0018 real_name: 0024 guest: 00000000 0028 n_groups: 00000007 002c : 00000000 0030 : 00000001 0034 : 00000002 0038 : 00000003 003c : 00000004 0040 : 00000006 0044 : 0000000a 000048 lsa_io_lsa_user_info usr 000048 smb_io_time time 0048 low : 00000000 004c high: 00000000 000050 smb_io_time time 0050 low : 00000000 0054 high: 00000000 000058 smb_io_time time 0058 low : 00000000 005c high: 00000000 000060 smb_io_time time 0060 low : 00000000 0064 high: 00000000 000068 smb_io_time time 0068 low : 00000000 006c high: 00000000 000070 smb_io_time time 0070 low : 00000000 0074 high: 00000000 000078 smb_io_unihdr unihdr 0078 uni_str_len: 0000 007a uni_max_len: 0000 007c buffer : 00000000 000080 smb_io_unihdr unihdr 0080 uni_str_len: 0000 0082 uni_max_len: 0000 0084 buffer : 00000000 000088 smb_io_unihdr unihdr 0088 uni_str_len: 0000 008a uni_max_len: 0000 008c buffer : 00000000 000090 smb_io_unihdr unihdr 0090 uni_str_len: 0000 0092 uni_max_len: 0000 0094 buffer : 00000000 000098 smb_io_unihdr unihdr 0098 uni_str_len: 0000 009a uni_max_len: 0000 009c buffer : 00000000 0000a0 smb_io_unihdr unihdr 00a0 uni_str_len: 0000 00a2 uni_max_len: 0000 00a4 buffer : 00000000 00a8 logon_count : 0000 00aa bad_pw_count : 0000 00ac user_id : 00000000 00b0 group_id : 00000000 00b4 num_groups : 00000000 00b8 buffer_groups : 00000000 00bc user_flgs : 00000000 00c0 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000d0 smb_io_unihdr unihdr 00d0 uni_str_len: 0000 00d2 uni_max_len: 0000 00d4 buffer : 00000000 0000d8 smb_io_unihdr unihdr 00d8 uni_str_len: 0000 00da uni_max_len: 0000 00dc buffer : 00000000 00e0 buffer_dom_id : 00000000 00e4 padding : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 010c num_other_sids: 00000000 0110 buffer_other_sids: 00000000 000114 smb_io_unistr2 - NULL unistr2 000114 smb_io_unistr2 - NULL unistr2 000114 smb_io_unistr2 - NULL unistr2 000114 smb_io_unistr2 - NULL unistr2 000114 smb_io_unistr2 - NULL unistr2 000114 smb_io_unistr2 - NULL unistr2 0114 num_groups2 : 00000000 000118 smb_io_unistr2 - NULL unistr2 000118 smb_io_unistr2 - NULL unistr2 000118 smb_io_dom_sid2 sid 0118 num_auths: 00000000 00011c smb_io_dom_sid sid 011c sid_rev_num: 00 011d num_auths : 00 011e id_auth[0] : 00 011f id_auth[1] : 00 0120 id_auth[2] : 00 0121 id_auth[3] : 00 0122 id_auth[4] : 00 0123 id_auth[5] : 00 0124 auth_resp : 00000000 ncalrpc_l_establish_connection: connecting to lsarpc socket open succeeded. file name: /tmp/.msrpc/.lsarpc/agent socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused redirect failed, attempt direct connection socket open succeeded. file name: /opt/tng-10/var/locks/.msrpc/lsarpc socket connect to /opt/tng-10/var/locks/.msrpc/lsarpc failed: Connection refused ncalrpc_l_establish_connection: failed lsarpc) ncalrpc_l_use_add: connection failed cli_connection_free: 206 cli_connection_free: closed: No LSA Query Info Policy make_q_query 000000 lsa_io_q_query 000000 smb_io_pol_hnd 0000 ptr: 40009e70 000004 smb_io_rpc_iface uuid 0004 time_low: 25252525 0008 time_mid: 5245 000a time_hiv: 0032 000c rem: 10 05 03 40 68 33 01 40 0014 info_class: 0005 cache->Policy not found: [000] 70 9E 00 40 25 25 25 25 45 52 32 00 10 05 03 40 p..@%%%% ER2....@ [010] 68 33 01 40 h3.@ Error getting policy state Error getting policy con state lsa query info failed From mgeddes at xavier.sa.edu.au Wed Mar 8 01:06:11 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:56 2003 Subject: TNG-10 References: <38C59DFA.5F535AAF@xavier.sa.edu.au> Message-ID: <38C5A783.24AFDF80@xavier.sa.edu.au> Matthew Geddes wrote: > > Luke Kenneth Casson Leighton wrote: > >stuff > > Welcome back Luke. ;-) > > I tried running TNG 10 and there are a number of daemons (lsarpcd, > netlogond, samrd and smbd mostly) that die when I start them. Here's a > log file. The last couple of lines are the same in each log file for > each daemon. > > Thanks, > Matt > That was when configured as a domain member. Domain Controller appears OK (PDC at least - haven't checked BDC). Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From lkcl at samba.org Wed Mar 8 05:45:49 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:56 2003 Subject: TNG-10 Message-ID: hi matt, yes i happen to be trying this, too. [security = domain]. guess what? i forgot to put "password server = thepdc" and wondered why imy daemons were dying *duur*. once i did this, it kinda-worked. i found some more bugs. time for a 0.11 soon. later tonight, probly. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lars at kneschke.de Wed Mar 8 07:03:26 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:56 2003 Subject: samba-tng-alpha-0.10.tar.gz References: Message-ID: <38C5FB3E.286F93B5@kneschke.de> Luke Kenneth Casson Leighton wrote: > > now available in ftp://samba.org/pub/samba/alpha and all mirror sites. > > some significant bugs have been fixed (word order issues). join nt5 and > nt4 to domain now works. user logins _other_ than root now also work :) Are you really shure about the logins? :-) Today afternoon i have a windows nt server at home. Than i'm able to test samba tng every day. I hope that i can create then a daily updated overwiew, whats working an what's not. Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From lkcl at samba.org Wed Mar 8 07:38:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:56 2003 Subject: samba-tng-alpha-0.10.tar.gz In-Reply-To: <38C5FB3E.286F93B5@kneschke.de> Message-ID: On Wed, 8 Mar 2000, Lars Kneschke wrote: > Luke Kenneth Casson Leighton wrote: > > > > now available in ftp://samba.org/pub/samba/alpha and all mirror sites. > > > > some significant bugs have been fixed (word order issues). join nt5 and > > nt4 to domain now works. user logins _other_ than root now also work :) > Are you really shure about the logins? :-) yep! i'm here at the cifs connectathon in san hose, using a sun ultrasparc, LOADS of machines around to play with (including sun's cascade, AS/U, nt5, nt4, nt this, nt that). i just got security = domain working, too. 0.11 soon. From vs at lasp.npi.msu.su Wed Mar 8 08:12:28 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:56 2003 Subject: samba-tng-alpha-0.10.tar.gz In-Reply-To: <38C5FB3E.286F93B5@kneschke.de> Message-ID: On Wed, 8 Mar 2000, Lars Kneschke wrote: > test samba tng every day. I hope that i can create then a daily > updated overwiew, whats working an what's not. Printing doesn't working, as usual. Where is Jean F.? Recently he told something about uniting tng and head printing code. I expect tng become printing as head does, but now may be both unusable... From lkcl at samba.org Wed Mar 8 08:17:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:57 2003 Subject: samba-tng-alpha-0.11.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha or mirror sites. this version has security = domain tested and, shock-horror, working. it is possible to do SMB connections with WORKSTATIONNAME\username (wow) and actually, this is _necessary_, because otherwise, how are you going to join it to a domain? :-) :-) as root: samedit -S . -U root% -l log [] createuser root -p rootpassword [] exit samedit -S thepdc -U admin%password -W remotedom -l log [] use \\mylocaltngwksta -U root%rootpassword -W mylocaltngwksta [] createuser mylocaltngwksta$ -j create trust account: OK create $MACHINE.ACC: OK and you're done. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From s.striker at striker.nl Wed Mar 8 08:41:39 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:28:57 2003 Subject: samba-tng-alpha-0.10.tar.gz In-Reply-To: Message-ID: >On Wed, 8 Mar 2000, Lars Kneschke wrote: > >> test samba tng every day. I hope that i can create then a daily >> updated overwiew, whats working an what's not. > >Printing doesn't working, as usual. Where is Jean F.? Try jfm@samba.org >Recently he told >something about uniting tng and head printing code. I expect tng become >printing as head does, but now may be both unusable... There has been some sort of a merger. Luke updated the diffs J.F. did because there were some complications with access to the TNG branch for J.F. I guess we can expect more updates later, it's all in movement :-) Sander From tom at ee.ucl.ac.uk Wed Mar 8 11:59:51 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:28:57 2003 Subject: Joining a domain with TNG cvs from 8th March Message-ID: <200003081159.LAA22449@picard.ee.ucl.ac.uk> Hello, I was encouraged by reports on the list that a number of bugs had been found and fixed and that I should be able to now join a domain with an NT workstation that failed to join properly yesterday. Unfortunately, I still cannot join the domain. I did a cvs update at 11:00am GMT, a make clean and a configure. I then installed everything, removed the /opt/samba-TNG/var/locks directory and restarted the daemons. (BTW I have expanded the daemon start/stop script to cope with all the extra daemons in TNG and also rename the log files on startup. It's attached if anyone is interested) As, yesterday, I can joun the domain on NT4 SP6, but when I try to log in I get the error message that the computer's domain account is missing or the password is wrong. The logs again reveal the fact that the credentials don't match. Has anyone else with a Solaris server got this to work today? Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- -------------- next part -------------- -------------- next part -------------- -------------- next part -------------- #! /bin/sh # USAGE: rotate file [limit] # This script will rotate a file using the .0 .1 .. .n convention. The limit # parameter (if given) will limit n provided 2 <= n <= 7, if not given 7 is # assumed. # # NOTE this script has only been executed on SunOS 4.1.3 but should be safe to # to execute on SunOS 5.2, BSD 4.3 and 386BSD # # IMPORTANT # _________ For safe execution of this script it is vital that the uname # command is in a consistant place on all machines i.e. it should be in # /usr/bin , this command is used to determine the architecture and operating # system type, its presence and location should be the only assumptions in # this script. # UNAME=/usr/bin/uname # # Test host machine and its operating system then setup the command paths case `$UNAME -s` in SunOS) case `$UNAME -r` in 4.1.2 | 4.1.3 | 4.1.3_U1 | 4.1.4) # SunOS 4.1.x MV=/usr/bin/mv CP=/usr/bin/cp ;; 5.2 | 5.3 | 5.5 | 5.5.1 | 5.6 | 5.7 ) # SunOS 5.x (Solaris) MV=/usr/bin/mv CP=/usr/bin/cp ;; *) # Unknown OS version paths may need revising echo "$0: Unknown SunOS version number - aborted" exit 1 ;; esac ;; BSD) case `$UNAME -r` in 4.3) # BSD 4.3 MV=/bin/mv CP=/bin/cp ;; *) # Unknown OS version paths may need revising echo "$0: Unknown BSD version number - aborted" exit 1 ;; esac ;; 386BSD) case `$UNAME -r` in 0.1) # 386BSD MV=/bin/mv CP=/bin/cp ;; *) # Unknown OS version paths may need revising echo "$0: Unknown 386bsd version number - aborted" exit 1 ;; esac ;; FreeBSD) case `$UNAME -r` in 2.1.7-RELEASE | 2.1.5-RELEASE | 2.1.0-RELEASE | 2.0.5-RELEASE | 2.2.1-RELEASE) # FreeBSD MV=/bin/mv CP=/bin/cp ;; *) # Unknown OS version paths may need revising echo "$0: Unknown FreeBSD version number - aborted" exit 1 ;; esac ;; *) # Unknown OS type echo "$0: Unknown OS type - aborted" exit 1 ;; esac # # if [ -s $1 ] then case $2 in 2) if [ -f $1.0 ] ; then $MV $1.0 $1.1 ; fi ;; 3) if [ -f $1.1 ] ; then $MV $1.1 $1.2 ; fi if [ -f $1.0 ] ; then $MV $1.0 $1.1 ; fi ;; 4) if [ -f $1.2 ] ; then $MV $1.2 $1.3 ; fi if [ -f $1.1 ] ; then $MV $1.1 $1.2 ; fi if [ -f $1.0 ] ; then $MV $1.0 $1.1 ; fi ;; 5) if [ -f $1.3 ] ; then $MV $1.3 $1.4 ; fi if [ -f $1.2 ] ; then $MV $1.2 $1.3 ; fi if [ -f $1.1 ] ; then $MV $1.1 $1.2 ; fi if [ -f $1.0 ] ; then $MV $1.0 $1.1 ; fi ;; 6) if [ -f $1.4 ] ; then $MV $1.4 $1.5 ; fi if [ -f $1.3 ] ; then $MV $1.3 $1.4 ; fi if [ -f $1.2 ] ; then $MV $1.2 $1.3 ; fi if [ -f $1.1 ] ; then $MV $1.1 $1.2 ; fi if [ -f $1.0 ] ; then $MV $1.0 $1.1 ; fi ;; *) if [ -f $1.5 ] ; then $MV $1.5 $1.6 ; fi if [ -f $1.4 ] ; then $MV $1.4 $1.5 ; fi if [ -f $1.3 ] ; then $MV $1.3 $1.4 ; fi if [ -f $1.2 ] ; then $MV $1.2 $1.3 ; fi if [ -f $1.1 ] ; then $MV $1.1 $1.2 ; fi if [ -f $1.0 ] ; then $MV $1.0 $1.1 ; fi ;; esac $CP -p $1 $1.0 $CP /dev/null $1 fi exit 0 -------------- next part -------------- #!/bin/sh #ident "@(#)samba.server 1.0 96/06/19 TK" /* SVr4.0 1.1.13.1*/ # # Please send info on modifications to knuutila@cs.utu.fi # # This file should have uid root, gid sys and chmod 744 # if [ ! -d /usr/bin ] then # /usr not mounted exit fi killproc() { # kill the named process(es) pid=`/usr/bin/ps -e | /usr/bin/grep -w $1 | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` [ "$pid" != "" ] && kill $pid } # Start/stop processes required for samba server case "$1" in 'start') # # Edit these lines to suit your installation (paths, workgroup, host) # /opt/samba-TNG/bin/smbd -D /opt/samba-TNG/bin/nmbd -D /opt/samba-TNG/bin/browserd /opt/samba-TNG/bin/lsarpcd /opt/samba-TNG/bin/netlogond /opt/samba-TNG/bin/samrd /opt/samba-TNG/bin/spoolssd /opt/samba-TNG/bin/srvsvcd /opt/samba-TNG/bin/svcctld /opt/samba-TNG/bin/winregd /opt/samba-TNG/bin/wkssvcd ;; 'stop') killproc nmbd killproc smbd killproc browserd killproc lsarpcd killproc netlogon killproc samrd killproc srvsvcd killproc svcctld killproc spoolssd killproc winregd killproc wkssvcd /home/manager/bin/rotate /var/log/samba/log.nmb 9 /home/manager/bin/rotate /var/log/samba/log.smb 9 /home/manager/bin/rotate /var/log/samba/log.browser 9 /home/manager/bin/rotate /var/log/samba/log.srvsvc 9 /home/manager/bin/rotate /var/log/samba/log.svcctl 9 /home/manager/bin/rotate /var/log/samba/log.spoolss 9 /home/manager/bin/rotate /var/log/samba/log.winreg 9 /home/manager/bin/rotate /var/log/samba/log.netlogon 9 /home/manager/bin/rotate /var/log/samba/log.lsarpc 9 /home/manager/bin/rotate /var/log/samba/log.samr 9 /home/manager/bin/rotate /var/log/samba/log.wkssvc 9 ;; *) echo "Usage: /etc/init.d/samba.server { start | stop }" ;; esac From vs at lasp.npi.msu.su Wed Mar 8 12:32:54 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:57 2003 Subject: samba-tng-alpha-0.11.tar.gz In-Reply-To: Message-ID: Printing still broken. From mbreuer at siac.com Wed Mar 8 15:12:21 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:57 2003 Subject: TNG 0.11 - IRIX linking issue References: Message-ID: <38C66DD4.CB18DEC6@siac.com> On IRIX, the order of linking for RPC_PARSE_OBJ2 is incorrect. Moving RPC_PARSE_OBJ2 to the front of the "CLIENT_LIBS" and "NMBD_LIBS" definitions fixes the problem. I can't say what this might do to other platforms. From jfh at cise.ufl.edu Wed Mar 8 15:26:20 2000 From: jfh at cise.ufl.edu (James F. Hranicky) Date: Tue Dec 2 02:28:57 2003 Subject: Joining a domain with TNG cvs from 8th March In-Reply-To: Message from Tom Crummey of "Wed, 08 Mar 2000 23:02:03 +1100." <200003081159.LAA22449@picard.ee.ucl.ac.uk> Message-ID: <20000308152620.D066ED809@mail.cise.ufl.edu> Tom Crummey wrote: > > As, yesterday, I can joun the domain on NT4 SP6, but when I try to log > in I get the error message that the computer's domain account is missing > or the password is wrong. > > The logs again reveal the fact that the credentials don't match. > > Has anyone else with a Solaris server got this to work today? I'm experiencing the same problems on Solaris 2.6, with tng-a11. I also am unable (after logging into the local machine as Admin) to use "Map Network Drive" to mount a share from my Samba PDC (domain SAMBA) with the following info: Drive: J: Share: \\PDC\user -> Connect As: user Pass: userpass *however*, I am able to mount a share from my Samba PDC with this info: Drive: J: Share: \\PDC\user -> Connect As: SAMBA\user Pass: userpass When I prepend the domain name ("SAMBA\") to the username, I can successfully mount up the share. I got the idea for trying this after I compared the snoop output of a successful smbclient mount with an attempted mount from the NT4.0 client, and noticed that the smbclient mount appeared to qualify the username with "SAMBA\" , and the mount from the NT box did not. ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | jfh@cise.ufl.edu http://www.cise.ufl.edu/~jfh | ---------------------------------------------------------------------- - Encryption: its use by criminals is far less - - frightening than its banishment by governments - - Vote for Privacy - From Tru.Pham at nokia.com Wed Mar 8 15:37:29 2000 From: Tru.Pham at nokia.com (Tru.Pham@nokia.com) Date: Tue Dec 2 02:28:57 2003 Subject: Samba TNG 0.9 Strange Behavior Message-ID: <7B5C0390ACE7D211BC9C0008C7EABA2B731D75@daeis07nok> Ok...I joined the Domain and everything, but whenever I browse the Domain for a list of users to add it into my local Windows 2000 box. An error message saying something about memory blah blah popup. Anyone experiencing this type of problem??? Thanks...! From abrock at georgefox.edu Wed Mar 8 13:39:53 2000 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:28:57 2003 Subject: Joining a domain with TNG cvs from 8th March In-Reply-To: Message-ID: <4.2.2.20000308073838.00a5a380@localhost> I tried the latest CVS from home last night, and the logins are still not working. I receive the same symptoms as Tom below. Tony At 04:02 AM 3/8/00 -0800, tom@ee.ucl.ac.uk wrote: >Hello, > >I was encouraged by reports on the list that a number of bugs had been >found and fixed and that I should be able to now join a domain with >an NT workstation that failed to join properly yesterday. > >Unfortunately, I still cannot join the domain. I did a cvs update at >11:00am GMT, a make clean and a configure. I then installed everything, >removed the /opt/samba-TNG/var/locks directory and restarted the daemons. > >(BTW I have expanded the daemon start/stop script to cope with all the >extra daemons in TNG and also rename the log files on startup. It's >attached >if anyone is interested) > >As, yesterday, I can joun the domain on NT4 SP6, but when I try to log in >I get the error message that the computer's domain account is missing or >the password is wrong. > >The logs again reveal the fact that the credentials don't match. > >Has anyone else with a Solaris server got this to work today? > >Tom. > >---------------------------------------------------------------------------- > Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk > Department of Electronic and Electrical Engineering, > University College London, TEL: +44 (0)20 7679 3898 > > Torrington Place, FAX: +44 (0)20 7388 9307 > London, UK, WC1E 7JE. >---------------------------------------------------------------------------- > > > > > ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From mbreuer at siac.com Wed Mar 8 16:03:11 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:57 2003 Subject: TNG 0.11 - samrd panic Message-ID: <38C679BF.AD33B136@siac.com> This is reproducible --- scenario: Run user manager for domains (from NT5). Attempt to view properties of a user on the samba domain. I have a level 100 log... but it's huge and there is nothing obvious. If anyone wants specifics or the whole file, just ask. -------------- next part -------------- _kill() ["kill.s":15] _raise() ["raise.c":27] abort() ["abort.c":52] smb_panic(why = 0x5feba610 = "internal error") ["util.c":2384] fault_report(sig = 11) ["fault.c":46] sig_fault(sig = 11) ["fault.c":70] _sigtramp() ["sigtramp.s":71] strlen() ["strlen.s":58] _doprnt() ["doprnt.c":1337] _vsnprintf() ["vsnprintf.c":35] vslprintf(str = 0x7fff1c88 = "lookupsmbpwnam: unix user name p oracle\n", n = 1023, format = 0x5fdda6a8 = "lookupsmbpwnam: unix user name %s\n", ap = 0x7fff20a8 = "") ["slprintf.c":32] dbgtext(format_str = 0x5fdda6a8 = "lookupsmbpwnam: unix user name %s\n", ... = ) ["debug.c":571] lookupsmbpwnam(unix_usr_name = 0x3a726f6f, grp = 0x7fff2128) ["domain_namemap.c":700] get_unixgroup_members(grp = 0x7fff21e8, num_mem = 0x7fff26e8, members = 0x7fff26e4) ["groupunix.c":117] getgrpunixpwent(vp = 0x100544d8, mem = 0x7fff26e4, num_mem = 0x7fff26e8) ["groupunix.c":245] getgroupent(vp = 0x100544d8, mem = 0x7fff26e4, num_mem = 0x7fff26e8) ["groupdb.c":343] iterate_getusergroupsnam(user_name = 0x5fdddb30 = "MichaelBR", grps = 0x7fff2790, num_grps = 0x7fff2848) ["groupdb.c":239] getusergroupsntnam(user_name = 0x5fdddb30 = "MichaelBR", grp = 0x7fff2790, num_grps = 0x7fff2848) ["groupdb.c":436] _samr_query_usergroups(pol = 0x7fff2850, num_groups = 0x7fff2848, gids = 0x7fff2844) ["srv_samr_passdb.c":2174] api_samr_query_usergroups(p = 0x1005a640, data = 0x1005a640, rdata = 0x1005a670) ["srv_samr.c":882] api_rpc_command(l = 0x1005a640, rpc_name = 0x10029018 = "api_samr_rpc", api_rpc_cmds = 0x1002a208) ["srv_pipe_srv.c":689] api_rpcTNP(l = 0x1005a640, rpc_name = 0x10029018 = "api_samr_rpc", api_rpc_cmds = 0x1002a208) ["srv_pipe_srv.c":723] api_samr_rpc(p = 0x1005a640) ["srv_samr.c":1160] api_pipe_request(l = 0x1005a640, name = 0x7fff2d70 = "samr", resp = 0x1005a6d4) ["srv_pipe_srv.c":473] rpc_redir_local(l = 0x1005a640, req = 0x1005a6a4, resp = 0x1005a6d4, name = 0x7fff2d70 = "samr") ["srv_pipe_srv.c":603] rpc_local(l = 0x1005a640, data = 0x1005adb0 = "\005", len = 44, name = 0x7fff2d70 = "samr") ["srv_pipe_srv.c":750] process_msrpc(l = 0x1005a640, name = 0x7fff2d70 = "samr", pdu = 0x7fff2c20) ["msrpcd_process.c":167] msrpcd_process(fn = 0x1002a1d8, l = 0x1005a640, name = 0x7fff2d70 = "samr") ["msrpcd_process.c":515] main(argc = 2, argv = 0x7fff2f24) ["msrpcd.c":568] __start() ["crt1text.s":177] From mbreuer at siac.com Wed Mar 8 16:22:40 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:57 2003 Subject: TNG 0.11 - additional password & mounting woes. Message-ID: <38C67E50.AC7BBBDE@siac.com> >From a workstation (W2K) which is a member of the domain, most everything works fine. But... I can't mount shares from a machine which is not a member of the domain, even if entering valid credentials... even with guest access. Related issue (SID problem?): When a member of the domain is a laptop and connects via a modem (instead of the office network), it can not connect to the domain or mount shares. The domain login works OK (offline), but when the dial-up connection is established, all attempts to connect to the domain (samba) result in bad password messages. Do I need to join with every possible IP address? Also... there are still issues with usernamemap. Despite the smbpasswd users... despite the usernamemap entry, if the UNIX user name is in /etc/passwd before the NT user name, Samba becomes confused... sometimes returning the unix name, sometimes the nt name. For example, when running user manager for domains, the user names presented are the Unix names. When logging in, the NT name is required, but roaming profiles acquire the Unix user name (this is bad). From mbreuer at siac.com Wed Mar 8 17:20:35 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:57 2003 Subject: More weird TNG behavoir (0.11) Message-ID: <38C68BE2.12E8A1B@siac.com> I can't log in to Administrators on the domain... "The stub received bad data." BUT... I can log in as any other ID??? There is nothing obvious in the log, and the password does not matter. To clarify, I can log in locally to the NT workstation as "Administrator" but not on the domain. I've created an "Administrator" user on the domain, it's included in "Domain Admins" as well as "Administrators (per domain group map & /etc/group). There is a /etc/passwd and smbpasswd entry. I can log in using rpcclient. I've tried mapping upper/lower case (administrator), but no change. I can create and use other accounts, including those with domain admin rights. My only issue with those accounts have to do with profiles (issue for another day). I'd be happy to provide whatever log and diagnostic information anyone needs. From karl at Denninger.Net Wed Mar 8 17:35:09 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:57 2003 Subject: Argh! :-) Message-ID: <20000308113509.A19167@Denninger.Net> Hi folks, I updated my SAMBA-TNG sources this morning, and lo and behold, it built again (thanks to whoever did that) :-) HOWEVER, now I can't log in! I get a "password incorrect"... Client is Win2000, Server is on FreeBSD. This was working until the rebuild/reinstall. Ideas on how to start troubleshooting this? No, I didn't change the location of the password file :-) Snippet from the DEBUG 100 log: [000] A4 3A 8B 73 9A BC 6D AF 77 4F 7E 4F 08 DF 81 6F .:.s..m. wO~O...o [010] 54 C8 05 BF 0A B1 AF C3 0A 9D 9E B2 88 BC D6 FF T....... ........ [020] DE 3F 5D DE 27 64 12 69 E6 80 92 8F 45 29 28 D3 .?].'d.i ....E)(. [030] 6B 61 72 6C 00 4B 41 52 4C 53 2D 50 43 00 57 69 karl.KAR LS-PC.Wi [040] 6E 64 6F 77 73 20 32 30 30 30 20 32 31 39 35 00 ndows 20 00 2195. [050] 57 69 6E 64 6F 77 73 20 32 30 30 30 20 35 2E 30 Windows 2000 5.0 [060] 00 00 .. switch message SMBsesssetupX (pid 19239) passlen1: 24 passlen2: 24 passlen: 24 24 Domain=[KARLS-PC] NativeOS=[Windows 2000 2195] NativeLanMan=[Win dows 2000 5.0] sesssetupX:name=[karl] lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_ti me: Wed Mar 8 11:27:52 2000 lookupsmbpwntnam: nt user name KARLS-PC\karl name 'KARLS-PC\karl' split into domain:KARLS-PC and nt name:karl' Checking SMB password, user karl domain KARLS-PC password_ok: check SMB auth check_domain_security: GENESIS(2) domain_client_validate: karl KARLS-PC get_any_dc_name: domain KARLS-PC domain_client_validate: could not find domain KARLS-PC password_ok: check Unix auth Checking password for user karl (l=24) SMB LM/NT Password did not match! error packet at line 633 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 error string = No such file or directory I'm not in the domain on this machine (due to the PDC functionality not working properly for roaming profiles) but the mount of the home directory should still work as long as the password given is correct, yes? It certainly used to! And YES, the password IS set correctly. I even changed it (twice) thinking that perhaps something in the algorythm changed. No dice. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From ely at txc.com Wed Mar 8 17:37:06 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:28:57 2003 Subject: More weird TNG behavoir (0.11) References: <38C68BE2.12E8A1B@siac.com> Message-ID: <38C68FC2.6DB65779@txc.com> I have exactly the same problem. Michael Breuer wrote: > I can't log in to Administrators on the domain... "The stub received bad data." BUT... I can log in as any other ID??? There is > nothing obvious in the log, and the password does not matter. > > To clarify, I can log in locally to the NT workstation as "Administrator" but not on the domain. I've created an "Administrator" > user on the domain, it's included in "Domain Admins" as well as "Administrators (per domain group map & /etc/group). There is a > /etc/passwd and smbpasswd entry. I can log in using rpcclient. I've tried mapping upper/lower case (administrator), but no > change. I can create and use other accounts, including those with domain admin rights. My only issue with those accounts have to > do with profiles (issue for another day). > > I'd be happy to provide whatever log and diagnostic information anyone needs. From Tru.Pham at nokia.com Wed Mar 8 18:00:49 2000 From: Tru.Pham at nokia.com (Tru.Pham@nokia.com) Date: Tue Dec 2 02:28:57 2003 Subject: More weird TNG behavoir (0.11) Message-ID: <7B5C0390ACE7D211BC9C0008C7EABA2B731D78@daeis07nok> Sorry, I didn't mean to send a private message! I clicked "Reply" instead of "Reply All." I encountered the same problem as you did. What I did to solve it was as follow: 1. samedit -S . -U root 2. createuser Administrator 3. exit 4. [root@..]# smbpasswd Administrator New Password: **** Retype Password: **** 6. Restart the daemons. 7. It works for me. Hope this will help! -----Original Message----- From: EXT Ely Zavin [mailto:ely@txc.com] Sent: Wednesday, March 08, 2000 11:45 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: More weird TNG behavoir (0.11) I have exactly the same problem. Michael Breuer wrote: > I can't log in to Administrators on the domain... "The stub received bad data." BUT... I can log in as any other ID??? There is > nothing obvious in the log, and the password does not matter. > > To clarify, I can log in locally to the NT workstation as "Administrator" but not on the domain. I've created an "Administrator" > user on the domain, it's included in "Domain Admins" as well as "Administrators (per domain group map & /etc/group). There is a > /etc/passwd and smbpasswd entry. I can log in using rpcclient. I've tried mapping upper/lower case (administrator), but no > change. I can create and use other accounts, including those with domain admin rights. My only issue with those accounts have to > do with profiles (issue for another day). > > I'd be happy to provide whatever log and diagnostic information anyone needs. From Jonathan.W.Miner at lmco.com Wed Mar 8 18:27:33 2000 From: Jonathan.W.Miner at lmco.com (JONATHAN W MINER) Date: Tue Dec 2 02:28:57 2003 Subject: Auditin NT Logins Message-ID: <38C69B95.86837279@lmco.com> Hello- I'm using samba-2.0.6 on a Solaris 2.5.1 server. Is there any way to log NT logins in the same manner that UNIX logins are logged? Example: sucessfull logins get logged to wtmp, and unsucessfull login attempts get logged to syslog? Thanks for any insite to this problem. -- Jonathan Miner - Lockheed Martin EIS/SAI LM-Xpress: jonathan.w.miner@lmco.com Phone: 603 885 UNIX - Fax: 603 885 3850 USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 -------------- next part -------------- HTML attachment scrubbed and removed From mbreuer at siac.com Wed Mar 8 18:38:06 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:57 2003 Subject: More weird TNG behavoir (0.11) References: <7B5C0390ACE7D211BC9C0008C7EABA2B731D78@daeis07nok> Message-ID: <38C69E0D.178FA8E1@siac.com> OK... again, for the record: this didn't solve it for me. Were you using 0.11? Tru.Pham@nokia.com wrote: > Sorry, I didn't mean to send a private message! I clicked "Reply" > instead of "Reply All." > > I encountered the same problem as you did. What I did to solve it > was as follow: > > 1. samedit -S . -U root > 2. createuser Administrator > 3. exit > 4. [root@..]# smbpasswd Administrator > New Password: **** > Retype Password: **** > 6. Restart the daemons. > 7. It works for me. > > Hope this will help! > > -----Original Message----- > From: EXT Ely Zavin [mailto:ely@txc.com] > Sent: Wednesday, March 08, 2000 11:45 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: More weird TNG behavoir (0.11) > > I have exactly the same problem. > > Michael Breuer wrote: > > > I can't log in to Administrators on the domain... "The stub received bad > data." BUT... I can log in as any other ID??? There is > > nothing obvious in the log, and the password does not matter. > > > > To clarify, I can log in locally to the NT workstation as "Administrator" > but not on the domain. I've created an "Administrator" > > user on the domain, it's included in "Domain Admins" as well as > "Administrators (per domain group map & /etc/group). There is a > > /etc/passwd and smbpasswd entry. I can log in using rpcclient. I've > tried mapping upper/lower case (administrator), but no > > change. I can create and use other accounts, including those with domain > admin rights. My only issue with those accounts have to > > do with profiles (issue for another day). > > > > I'd be happy to provide whatever log and diagnostic information anyone > needs. From Tru.Pham at nokia.com Wed Mar 8 19:00:02 2000 From: Tru.Pham at nokia.com (Tru.Pham@nokia.com) Date: Tue Dec 2 02:28:57 2003 Subject: More weird TNG behavoir (0.11) Message-ID: <7B5C0390ACE7D211BC9C0008C7EABA2B731D79@daeis07nok> No..I was using 0.10 I believe...but I'll try to compile TNG 0.11 tonite and see what's going to happen. I'll inform you guys with the good news (if any :)) -----Original Message----- From: EXT Michael Breuer [mailto:mbreuer@siac.com] Sent: Wednesday, March 08, 2000 12:41 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: More weird TNG behavoir (0.11) OK... again, for the record: this didn't solve it for me. Were you using 0.11? Tru.Pham@nokia.com wrote: > Sorry, I didn't mean to send a private message! I clicked "Reply" > instead of "Reply All." > > I encountered the same problem as you did. What I did to solve it > was as follow: > > 1. samedit -S . -U root > 2. createuser Administrator > 3. exit > 4. [root@..]# smbpasswd Administrator > New Password: **** > Retype Password: **** > 6. Restart the daemons. > 7. It works for me. > > Hope this will help! > > -----Original Message----- > From: EXT Ely Zavin [mailto:ely@txc.com] > Sent: Wednesday, March 08, 2000 11:45 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: More weird TNG behavoir (0.11) > > I have exactly the same problem. > > Michael Breuer wrote: > > > I can't log in to Administrators on the domain... "The stub received bad > data." BUT... I can log in as any other ID??? There is > > nothing obvious in the log, and the password does not matter. > > > > To clarify, I can log in locally to the NT workstation as "Administrator" > but not on the domain. I've created an "Administrator" > > user on the domain, it's included in "Domain Admins" as well as > "Administrators (per domain group map & /etc/group). There is a > > /etc/passwd and smbpasswd entry. I can log in using rpcclient. I've > tried mapping upper/lower case (administrator), but no > > change. I can create and use other accounts, including those with domain > admin rights. My only issue with those accounts have to > > do with profiles (issue for another day). > > > > I'd be happy to provide whatever log and diagnostic information anyone > needs. From clairroberts at home.com Wed Mar 8 20:44:24 2000 From: clairroberts at home.com (Clair Roberts) Date: Tue Dec 2 02:28:57 2003 Subject: unable to login to NT4 Message-ID: <38C6BBA8.539BFAE8@home.com> I have unsuccessfully been trying to get samba-tng to run as a PDC in my environment for a couple of days now. I have been following this mailing list and see that several others are experiencing the same troubles. This morning I got energized and tried it again. Still notta, I though this time I would post my logs and a detailed list of my steps onto this mailing list in hopes that someone out there can sort out the problem. My environment is as follows : Server is a Sun E250 running Solaris 2.7 Workstation is NT4 SP6a. (I also have some Win98(yuk) machines and one other NT4SP3 or maybe SP5 can't remember) Here is a blow by blow playback - - Samba TNG checked out from cvs today around 9:30PST. Config/compiled/install just peachy. - compiled it with gcc 2.95.2 - deleted my smbpasswd file - wiped out everything in the var directory and locks dir. - started the daemons - smbpasswd -a root - rpcclient -S . - createuser croberts (the unix accounts were already done) - createuser dingo (the name of NT workstation) - quit -smbpasswd croberts (gave my user a password ) - at this point the smbpasswd file looked fine to me, account were there and the format looked fine. - right clicked on network neighborhood properties - clicked "CHANGE" - entered in the domain name in this case CCCC ( during my testing I have tried multiple different domain names hoping to avoid any strange caching that NT might be doing) - clicked OK, ( it failed saying it couldn't find the domain controller) - I checked to see if the daemons were running and they were - tried again but this time clicked "create computer account in domain" and used root/password (in the past couple of days I have successfully joined the domain without using the create computer account option, but not today) - clicked okay and got "Welcome to Domain CCCC" - clicked close - it prompted me to reboot, so what the heck it is a windows os after all. - Login screen came up, username - croberts password - what i had set it to Domain - CCCC, clicked okay.... - error message "The system could not log you on to the domain because the system's computer account in the primary domain is missing or the password on the account is incorrect". - I tried it a few times, but still notta. - that's it. I have included a snippit from log.dingo below. Let me know if you need more of the log or anything from another log. The log level was set to 100 during this test and they are pretty big. Oh and one other thing I noticed in all my mucking around. If you change the Domain logons to equal no, or comment it out completely from the smb.conf file then the smbpasswd command stops working. I found this when I decided to try and get samba-TNG to simply work at the user auth level. I hope this level of detail helps. Let me know if I am doing anything fatal during this procedure, or if you want any other information or specific testing done, I currently have the time and the equipment to play around with. C. log.dingo --- switch message SMBsesssetupX (pid 3802) passlen1: 24 passlen2: 24 passlen: 24 24 Domain=[DINGO] NativeOS=[Windows NT 1381] NativeLanMan=[] sesssetupX:name=[croberts] lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Wed Mar 8 10:18:26 2000 lookupsmbpwntnam: nt user name DINGO\croberts name 'DINGO\croberts' split into domain:DINGO and nt name:croberts' initialising map /opt/samba-tng/private/domainuser.map file_modified: /opt/samba-tng/private/domainuser.map modified load_name_map: Scanning name map /opt/samba-tng/private/domainuser.map load_name_map: Added 0 entries to name map. Scanning username map /opt/samba-tng/private/usermap Checking SMB password, user croberts domain DINGO password_ok: check SMB auth check_domain_security: ELKPDC(2) domain_client_validate: croberts DINGO get_any_dc_name: domain DINGO domain_client_validate: could not find domain DINGO password_ok: check Unix auth Checking password for user croberts (l=24) SMB LM/NT Password did not match! error packet at line 633 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 error string = Bad file number ---- From mbreuer at siac.com Wed Mar 8 20:51:59 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:57 2003 Subject: TNG 0.11 - smbd runs as root... Message-ID: <38C6BD6F.7E60BF18@siac.com> regardless of login. Shouldn't smbd acquire the UID of the connected user? This may account for some of my other problems (portions of users directories are NFS mounted, and root doesn't work there). From admin at rogatec.ch Wed Mar 8 21:10:11 2000 From: admin at rogatec.ch (=?iso-8859-1?Q?Patrick_M=FCller?=) Date: Tue Dec 2 02:28:57 2003 Subject: Step by Step Profiles Message-ID: Hi I've been trying for 4 days and 3 nights to setup roaming profiles with samba 2.0.6 and Win 98. I searched all the faqs and the docs and the archives but I didn't find any CLEAR step by step guid how to install it. So I tried and tried but nothing worked. Is it possible that one of you professionals in samba can post a STEP BY STEP guide for setting up a samba PDC with roaming profiles for windows 98? especially the configuration of the win 98 machine is a problem. My logon scripts work already. Thanks for this. Pat From thomas.uhl at to.com Wed Mar 8 21:18:32 2000 From: thomas.uhl at to.com (Thomas Uhl) Date: Tue Dec 2 02:28:57 2003 Subject: unable to login to NT4 References: <38C6BBA8.539BFAE8@home.com> Message-ID: <38C6C3A8.92FE1C5E@to.com> Hi there! The login works with the user "root" after changing the login policy in the domain user manager. Yours T. Uhl > > I have unsuccessfully been trying to get samba-tng to run as a PDC in my > > environment for a couple of days now. I have been following this > mailing list and see that several others are experiencing the same > troubles. This morning I got energized and tried it again. Still > notta, I though this time I would post my logs and a detailed list of my > > steps onto this mailing list in hopes that someone out there can sort > out the problem. > > My environment is as follows : > Server is a Sun E250 running Solaris 2.7 > Workstation is NT4 SP6a. (I also have some Win98(yuk) machines and one > other NT4SP3 or maybe SP5 can't remember) > > Here is a blow by blow playback - > > - Samba TNG checked out from cvs today around 9:30PST. > Config/compiled/install just peachy. > - compiled it with gcc 2.95.2 > - deleted my smbpasswd file > - wiped out everything in the var directory and locks dir. > - started the daemons > - smbpasswd -a root > - rpcclient -S . > - createuser croberts (the unix accounts were already done) > - createuser dingo (the name of NT workstation) > - quit > -smbpasswd croberts (gave my user a password ) > - at this point the smbpasswd file looked fine to me, account were there > > and the format looked fine. > - right clicked on network neighborhood properties > - clicked "CHANGE" > - entered in the domain name in this case CCCC ( during my testing I > have tried multiple different domain names hoping to avoid any strange > caching that NT might be doing) > - clicked OK, ( it failed saying it couldn't find the domain > controller) > - I checked to see if the daemons were running and they were > - tried again but this time clicked "create computer account in domain" > and used root/password (in the past couple of days I have successfully > joined the domain without using the create computer account option, but > not today) > - clicked okay and got "Welcome to Domain CCCC" > - clicked close > - it prompted me to reboot, so what the heck it is a windows os after > all. > - Login screen came up, username - croberts password - what i had set > it to Domain - CCCC, clicked okay.... > - error message "The system could not log you on to the domain because > the system's computer account in the primary domain is missing or the > password on the account is incorrect". > - I tried it a few times, but still notta. > - that's it. > > I have included a snippit from log.dingo below. Let me know if you need > more of the log or anything from another log. The log level was set to > 100 during this test and they are pretty big. > > Oh and one other thing I noticed in all my mucking around. If you > change the Domain logons to equal no, or comment it out completely from > the smb.conf file then the smbpasswd command stops working. I found > this when I decided to try and get samba-TNG to simply work at the user > auth level. > > I hope this level of detail helps. Let me know if I am doing anything > fatal during this procedure, or if you want any other information or > specific testing done, I currently have the time and the equipment to > play around with. > > C. > > log.dingo --- > switch message SMBsesssetupX (pid 3802) > passlen1: 24 passlen2: 24 > passlen: 24 24 Domain=[DINGO] NativeOS=[Windows NT 1381] > NativeLanMan=[] > sesssetupX:name=[croberts] > lp_file_list_changed() > file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf > last mod_time: Wed Mar 8 10:18:26 2000 > > lookupsmbpwntnam: nt user name DINGO\croberts > name 'DINGO\croberts' split into domain:DINGO and nt name:croberts' > initialising map /opt/samba-tng/private/domainuser.map > file_modified: /opt/samba-tng/private/domainuser.map modified > load_name_map: Scanning name map /opt/samba-tng/private/domainuser.map > load_name_map: Added 0 entries to name map. > Scanning username map /opt/samba-tng/private/usermap > Checking SMB password, user croberts domain DINGO > password_ok: check SMB auth > check_domain_security: ELKPDC(2) > domain_client_validate: croberts DINGO > get_any_dc_name: domain DINGO > domain_client_validate: could not find domain DINGO > password_ok: check Unix auth > Checking password for user croberts (l=24) > SMB LM/NT Password did not match! > error packet at line 633 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 > error string = Bad file number > > ---- -- ----------------------------------------------------------------------------- Thomas Uhl thomas.uhl@to.com Thinking Objects Software GmbH phone: +49 711 838981-50 Stuttgart, Germany fax: +49 711 838981-69 ----------------------------------------------------------------------------- From ccoupal at justice.gov.sk.ca Wed Mar 8 21:20:34 2000 From: ccoupal at justice.gov.sk.ca (ccoupal@justice.gov.sk.ca) Date: Tue Dec 2 02:28:57 2003 Subject: added/new functionality? Message-ID: <96A36F668926D31185480000F81AE18D1A30D3@appsrv.justice.gov.sk.ca> Greetings, I am currently working on a land management system. We are using a typical Microsoft three-tier development environment (MTS, SQL7.0). However, in the midst of all this Microsoft influence, we are using samba as the back end data store. We are using samba on a large IBM box to store images, with image details stored on an SQL7.0 box. Transactional ability is preserved for writing the images through MTS. An MTS component is given the location of the file, and it them moves the file to the data store (samba) on behalf of the user. We want the users to retrieve the file direct through a UNC. Samba is configured as a member of the NT domain Configuring samba and the component to allow writing is fairly easy; we have a typical samba set up with one UNIX, Samaba, and NT account configured for this purpose. Configuring samba to allow read has been done through the use of a guest account and guest ok priviledges on the shares. Here is where samba's abilities seem to be falling short: We would like to have read shares created (ie. RS1, RS2, RS3) with read permissions for specific NT groups of users (ie. NTUG1, NTUG2, NTUG3). We would like user management to be done on the NT side with minimal accounts on the samba/UNIX side. Our thoughts: - Samba knows how to authenticate with an NT domain. - Samba suid's to the UNIX account before performing file operations, so what if we map user groups to specific samba/unix accounts (removing the requirement for individual user groups) through another map file for example: We map 1 NT user group to 1 samba account such that on a user's request for access to a share, samba checks the user's group membership to see if the user's membership includes a group which matches a mapping, and then all access to the share is provided as that account. (Notice that with this, there would be no authentication between the client and samba/unix). If someone knows of current direction to this ends, or another way to provide this functionality, please let me know, else I'll start fighting my way through the source and see how difficult it would be to do (but I don't really want to do this). Chris Coupal From thomas.uhl at to.com Wed Mar 8 21:33:12 2000 From: thomas.uhl at to.com (Thomas Uhl) Date: Tue Dec 2 02:28:57 2003 Subject: General question References: <38C68BE2.12E8A1B@siac.com> Message-ID: <38C6C718.3719BC43@to.com> Hi all! Lots of people are loosing time with testing new snapshots. After a time consuming try and error session I was able to login to a Linux box running samba TNG 0.11. But the setup does not run very stable. A question to the developers: Is it possible for you to do something like a regression test to make shure that a new snapshot works in principle? The should be a FAQ which is maintained on a daily base which describes the current state and which functionality is available and which is broken. Here is my current state: 1. compile an install TNG 0.11 2. smbpasswd -a root 3. useradd -m tuhl 4. rpcclient: createuser tuhl 5. start NT 4.0 (SP4) and login as local Administrator: - join the domain using the created root account - reboot NT (easy for VMware users :-)) - NT domain user manager: assign local login permission to account "root" 6. Login as root to domain will work 7. edit smbpasswd: delete "D" in the [ ] section, this obviously disables user accounts 8. Login as user tuhl will work I am not able to use the NT user manager to add/edit users. Should this work? Yours T. Uhl -- ----------------------------------------------------------------------------- Thomas Uhl thomas.uhl@to.com Thinking Objects Software GmbH phone: +49 711 838981-50 Stuttgart, Germany fax: +49 711 838981-69 ----------------------------------------------------------------------------- From clairroberts at home.com Wed Mar 8 21:39:03 2000 From: clairroberts at home.com (Clair Roberts) Date: Tue Dec 2 02:28:57 2003 Subject: unable to login to NT4 References: <38C6BBA8.539BFAE8@home.com> <38C6C3A8.92FE1C5E@to.com> Message-ID: <38C6C877.309F8F23@home.com> What policy change are you referring to? On my NT workstation or in Samba? Thomas Uhl wrote: > Hi there! > > The login works with the user "root" after changing the login policy > in the domain user manager. > > Yours > T. Uhl > --snip-- From ed at schernau.com Wed Mar 8 21:44:55 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:28:57 2003 Subject: General question References: <38C68BE2.12E8A1B@siac.com> <38C6C718.3719BC43@to.com> Message-ID: <38C6C9D7.7BC2921F@schernau.com> Thomas Uhl wrote: > Hi all! > Lots of people are loosing time with testing new snapshots. After a time > consuming try and error session I was able to login to a Linux box > running > samba TNG 0.11. But the setup does not run very stable. > A question to the developers: Is it possible for you to do something > like > a regression test to make shure that a new snapshot works in principle? > The should be a FAQ which is maintained on a daily base which describes > the current state and which functionality is available and which is > broken. You're asking a lot for volunteer work Thomas, and its always been pretty clear that the samba-tng was a work-in-progress, i.e. beta or alpha. -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA From thomas.uhl at to.com Wed Mar 8 21:47:30 2000 From: thomas.uhl at to.com (Thomas Uhl) Date: Tue Dec 2 02:28:57 2003 Subject: unable to login to NT4 References: <38C6BBA8.539BFAE8@home.com> <38C6C3A8.92FE1C5E@to.com> <38C6C877.309F8F23@home.com> Message-ID: <38C6CA72.FAAA4F0C@to.com> Clair Roberts wrote: > > What policy change are you referring to? On my NT workstation or in Samba? On the local NT station. I logged in as local Administrator and granted the user root the right for local logons. > Thomas Uhl wrote: > > > Hi there! > > > > The login works with the user "root" after changing the login policy > > in the domain user manager. > > > > Yours > > T. Uhl > > > > --snip-- -- ----------------------------------------------------------------------------- Thomas Uhl thomas.uhl@to.com Thinking Objects Software GmbH phone: +49 711 838981-50 Stuttgart, Germany fax: +49 711 838981-69 ----------------------------------------------------------------------------- From cartegw at Eng.Auburn.EDU Wed Mar 8 21:50:56 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:28:57 2003 Subject: General question References: <38C68BE2.12E8A1B@siac.com> <38C6C718.3719BC43@to.com> Message-ID: <38C6CB40.719E6753@eng.auburn.edu> Thomas Uhl wrote: > > A question to the developers: Is it possible for you to > do something like a regression test to make shure that > a new snapshot works in principle? You should remember that TNG is strictly a development branch. Features will be merged into the HEAD branch, but TNG will never see daylight in a stable release. Once the features are merged and support becomes official, regression testing will become an integral part of the release cycle as it is already in place for the HEAD branch. I say this with all sincerity and mean no disrespect, but if you are going to use development code, you have to accept the state of flux it will be in by nature. > The should be a FAQ which is maintained on a daily > base which describes the current state and which > functionality is available and which is > broken. Wonderful idea. I believe this is what Lars has been attempting to do with the FAQ. However, volunteer time is always in a shortage. I'm sure he would gladly accept help. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mgeddes at xavier.sa.edu.au Wed Mar 8 22:03:44 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:57 2003 Subject: General question References: <38C68BE2.12E8A1B@siac.com> <38C6C718.3719BC43@to.com> <38C6C9D7.7BC2921F@schernau.com> Message-ID: <38C6CE40.2A5345D5@xavier.sa.edu.au> Edward Schernau wrote: > > Thomas Uhl wrote: > > Hi all! > > Lots of people are loosing time with testing new snapshots. After a time > > consuming try and error session I was able to login to a Linux box > > running > > samba TNG 0.11. But the setup does not run very stable. > > A question to the developers: Is it possible for you to do something > > like > > a regression test to make shure that a new snapshot works in principle? > > The should be a FAQ which is maintained on a daily base which describes > > the current state and which functionality is available and which is > > broken. Time is also a factor. Given the rate at which things are changing, there isn't really a lot of time for people like Luke to do anything else. What are your coding skills like? Would you be able to write a quick test type program? If you can't program much (like me), try spending some time on documentation or testing (you could have an FAQ that you update daily,. containing the status of Samba TNG) ;-). Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mbreuer at siac.com Wed Mar 8 21:54:48 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:57 2003 Subject: TNG 0.11 & Roaming profiles... Message-ID: <38C6CC28.AFD8045C@siac.com> Does anyone have this working? No matter how I configure (including the sample file at the TNG site) I "can't find the network device." Once logged in, I can see the profile share, write my local profile to the share, etc. The only event which seems related in the log (level 100) is that W2K is looking for \\\netlogon\ntuser.man. It *was* my understanding that this file is not required and is only used if present. From lkcl at samba.org Wed Mar 8 21:59:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:57 2003 Subject: Joining a domain with TNG cvs from 8th March Message-ID: tom thx 4 bringing this to my attention. i am being more strict about what domain names are accepted etc. i will fix this as a special case. luke From hwimmer at bakerref.com Wed Mar 8 22:01:07 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:28:57 2003 Subject: General question Message-ID: <001401bf8949$ceec6500$9f01a8c0@hwimmer.bakerref.com> does anyone know when the pdc support will be out & supported??? From thomas.uhl at to.com Wed Mar 8 22:24:40 2000 From: thomas.uhl at to.com (Thomas Uhl) Date: Tue Dec 2 02:28:57 2003 Subject: General question References: <38C68BE2.12E8A1B@siac.com> <38C6C718.3719BC43@to.com> <38C6C9D7.7BC2921F@schernau.com> <38C6CE40.2A5345D5@xavier.sa.edu.au> Message-ID: <38C6D328.6925EF50@to.com> Matthew Geddes wrote: > > Edward Schernau wrote: > > > > Thomas Uhl wrote: > > > Hi all! > > > Lots of people are loosing time with testing new snapshots. After a time > > > consuming try and error session I was able to login to a Linux box > > > running > > > samba TNG 0.11. But the setup does not run very stable. > > > A question to the developers: Is it possible for you to do something > > > like > > > a regression test to make shure that a new snapshot works in principle? > > > The should be a FAQ which is maintained on a daily base which describes > > > the current state and which functionality is available and which is > > > broken. > > Time is also a factor. Given the rate at which things are changing, > there isn't really a lot of time for people like Luke to do anything > else. > > What are your coding skills like? Would you be able to write a quick > test type program? Probably one of my employees. > If you can't program much (like me), try spending some time on > documentation or testing (you could have an FAQ that you update daily,. > containing the status of Samba TNG) ;-). One question for me is, what features are expected to work? Is the any development roadmap or a feature list available? Yours Tom > Matt > > -- > "Our goal for the next release of Windows 2000 is to have zero bugs." > - Lucovsky, Microsoft -- ----------------------------------------------------------------------------- Thomas Uhl thomas.uhl@to.com Thinking Objects Software GmbH phone: +49 711 838981-50 Stuttgart, Germany fax: +49 711 838981-69 ----------------------------------------------------------------------------- From lkcl at samba.org Wed Mar 8 22:44:03 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:57 2003 Subject: Joining a domain with TNG cvs from 8th March In-Reply-To: Message-ID: scratch that, i just checked this over. it would appear that this is the _correct_ behaviour. namely, that if a local workstation attempts to contact a machine, the local sam database should be used. i _think_ this may actually be, if the domain name is unrecognised, use the local sam database (including if the domain name is the local workstation). i'm going to code that up. On Thu, 9 Mar 2000, Luke Kenneth Casson Leighton wrote: > tom thx 4 bringing this to my attention. i am being more strict about > what domain names are accepted etc. i will fix this as a special case. > > luke > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Mar 8 23:12:37 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:57 2003 Subject: Argh! :-) Message-ID: karl, i just fixed this, now, it's same problem as reported earler. From karl at Denninger.Net Wed Mar 8 23:42:01 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:57 2003 Subject: Still broken (for Luke and others) Message-ID: <20000308174201.B36182@Denninger.Net> With an update of about 5 minutes ago I still get a failure on attempting to map directories. The salient error from the log (debug 100) is: Transaction 109 of length 69 size=65 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=2055 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=12608 smt_wct=4 smb_vwv[0]=255 (0xFF) smb_vwv[1]=65 (0x41) smb_vwv[2]=8 (0x8) smb_vwv[3]=1 (0x1) smb_bcc=22 [000] 00 5C 5C 47 45 4E 45 53 49 53 5C 4B 41 52 4C 00 .\\GENES IS\KARL. [010] 3F 3F 3F 3F 3F 00 ?????. switch message SMBtconX (pid 36069) Got device type ????? lookupsmbpwntnam: nt user name DENNINGER\ name 'DENNINGER\' split into domain:DENNINGER and nt name:' Allowed connection from D1.Denninger.Net (192.168.3.1) authorise_login: TODO. split function, it's 6 levels! password_ok: check Unix auth password_ok: check Unix auth Invalid username/password for karl error packet at line 175 cmd=117 (SMBtconX) eclass=2 ecode=2 Oh no its not (this is attempting to click on an already-mounted disk from the session, but after stopping 2.0.6 and restarting TNG)! The password is definitely right! :-) -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From abrock at georgefox.edu Thu Mar 9 03:09:24 2000 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:28:57 2003 Subject: Login to domain still failing ... Message-ID: A few minutes ago (6:30 pm PST, 3/8/2000) I updated against the CVS tree, and am still unable to login to the domain. While I am unfamiliar with the rpcclient command, I was able to do the following: rpcclient -S \. -U abrock%pass Added interface ip=10.0.0.10 bcast=10.0.0.255 nmask=255.255.255.0 [abrock@.]$ ntlogin IT\abrock pass ntlogin IT\abrock fhm06l socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused socket connect to /tmp/.msrpc/.NETLOGON/agent failed: Connection refused cli_nt_setup_creds: request challenge failed cmd_nt_login: login (abrock) test succeeded: No [abrock@.]$ Is there anything I can do to assist in fixing this problem? Would it help if I post a log at a certain level? Post my smb.conf file again? Whatever it would take to get logins working again, I would GREATLY appreciate any assistance! Tony lkcl@samba.org writes: >scratch that, i just checked this over. it would appear that this is the >_correct_ behaviour. > >namely, that if a local workstation attempts to contact a machine, the >local sam database should be used. > >i _think_ this may actually be, if the domain name is unrecognised, use >the local sam database (including if the domain name is the local >workstation). > >i'm going to code that up. > >On Thu, 9 Mar 2000, Luke Kenneth Casson Leighton wrote: > >> tom thx 4 bringing this to my attention. i am being more strict about >> what domain names are accepted etc. i will fix this as a special case. >> >> luke >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > >ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > From karl at Denninger.Net Thu Mar 9 03:20:38 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:57 2003 Subject: Login to domain still failing ... In-Reply-To: ; from Anthony Brock on Thu, Mar 09, 2000 at 02:07:24PM +1100 References: Message-ID: <20000308212037.C41786@Denninger.Net> Yep. Its still broken. Connecting to shares that have no password works. Luke appears to have narrowed it down to something in lsarpcd, but for the life of me I can't make headway on this one. No core dumps, but also no communication (although it *does* start up when a request is made to it). -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Thu, Mar 09, 2000 at 02:07:24PM +1100, Anthony Brock wrote: > A few minutes ago (6:30 pm PST, 3/8/2000) I updated against the CVS tree, > and am still unable to login to the domain. While I am unfamiliar with > the rpcclient command, I was able to do the following: > > rpcclient -S \. -U abrock%pass > Added interface ip=10.0.0.10 bcast=10.0.0.255 nmask=255.255.255.0 > [abrock@.]$ ntlogin IT\abrock pass > ntlogin IT\abrock fhm06l > socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused > socket connect to /tmp/.msrpc/.NETLOGON/agent failed: Connection refused > cli_nt_setup_creds: request challenge failed > cmd_nt_login: login (abrock) test succeeded: No > [abrock@.]$ > > Is there anything I can do to assist in fixing this problem? Would it > help if I post a log at a certain level? Post my smb.conf file again? > Whatever it would take to get logins working again, I would GREATLY > appreciate any assistance! > > Tony > > lkcl@samba.org writes: > >scratch that, i just checked this over. it would appear that this is the > >_correct_ behaviour. > > > >namely, that if a local workstation attempts to contact a machine, the > >local sam database should be used. > > > >i _think_ this may actually be, if the domain name is unrecognised, use > >the local sam database (including if the domain name is the local > >workstation). > > > >i'm going to code that up. > > > >On Thu, 9 Mar 2000, Luke Kenneth Casson Leighton wrote: > > > >> tom thx 4 bringing this to my attention. i am being more strict about > >> what domain names are accepted etc. i will fix this as a special case. > >> > >> luke > >> > >> > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > >ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > From mgeddes at xavier.sa.edu.au Thu Mar 9 03:49:01 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:57 2003 Subject: Login to domain still failing ... References: <20000308212037.C41786@Denninger.Net> Message-ID: <38C71F2D.25B1799B@xavier.sa.edu.au> Karl Denninger wrote: > > Yep. Its still broken. > > Connecting to shares that have no password works. > > Luke appears to have narrowed it down to something in lsarpcd, but for the > life of me I can't make headway on this one. No core dumps, but also no > communication (although it *does* start up when a request is made to it). > > -- My lsarpcd seems to be running fine. samrd keeps the LSA_LOOKUPNAMES thing and dies in the end (I'm following Luke's destructions from the E-Mail titled, Samba-tng-alpha-0.11.tar.gz). netlogond, on the other hand really isn't happy and keeps 'INTERNAL ERROR'ing but I can't find and core. Does anyone have any tech stuff on the login sequence? Of ideas for where I can start to help? Thanks, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Thu Mar 9 03:51:04 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:57 2003 Subject: Login to domain still failing ... References: <20000308212037.C41786@Denninger.Net> <38C71F2D.25B1799B@xavier.sa.edu.au> Message-ID: <38C71FA8.DE0D4D89@xavier.sa.edu.au> Matthew Geddes wrote: > My lsarpcd seems to be running fine. samrd keeps the LSA_LOOKUPNAMES > thing and dies in the end (I'm following Luke's destructions from the > E-Mail titled, Samba-tng-alpha-0.11.tar.gz). netlogond, on the other > hand really isn't happy and keeps 'INTERNAL ERROR'ing but I can't find > and core. Does anyone have any tech stuff on the login sequence? Of > ideas for where I can start to help? Sorry, not login sequence. Trust relationship creation. > > Thanks, > Matt > -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From lkcl at samba.org Thu Mar 9 03:42:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:58 2003 Subject: Login to domain still failing ... Message-ID: here is a typescriptt of a createuser plus nt login. it _does_ work. you _may_, as i mentioned earlier, have to delete the var/locks directory and restart. the first enumu returns nothing, because there are zero entries in the sam database. i then create two users. i then check that the login works. i then re-run using smbd (-S sambateam-1) instead of direct-access-to-msrpc-daemons-on-loopback-as-root (.S .) and using the root mb password (test :). and then test the ntlogin command with that, with the "test" user. Script started on Thu Mar 9 03:33:57 2000 [root@sambateam-1 source]# bin/rpcclient -S . -U root%test -l log [root@.]$ enumu enumu SAM Enumerate Users [root@.]$ createuser root -p test createuser root -p test SAM Create Domain User Domain: SAMBA-TNG Name: root ACB: [U ] cCreate Domain User: OK [root@.]$ createuser test -p test createuser test -p test SAM Create Domain User Domain: SAMBA-TNG Name: test ACB: [U ] Create Domain User: OK [root@.]$ ntlogin SAMBA-TNG\root test ntlogin SAMBA-TNG\root test cmd_nt_login: login (root) test succeeded: Yes [root@.]$ ntlogin SAMBA-TNG\root tttt ntlogin SAMBA-TNG\root tttt cmd_nt_login: login (root) test succeeded: No [root@.]$ exit exit [root@sambateam-1 source]# bin/rpcclient -S sambateam-1 -U root%test -l log [root@SAMBATEAM-1]$ enumu enumu SAM Enumerate Users User RID: 3e8 User Name: root User RID: bbc User Name: test [root@SAMBATEAM-1]$ ntlogin SAMBA-TNG\test test ntlogin SAMBA-TNG\test test cmd_nt_login: login (test) test succeeded: Yes [root@SAMBATEAM-1]$ ntlogin SAMBA-TNG\test tttttbadpw ntlogin SAMBA-TNG\test tttttbadpw cmd_nt_login: login (test) test succeeded: No [root@SAMBATEAM-1]$ quit quit [root@sambateam-1 source]# exit Script done on Thu Mar 9 03:35:39 2000 Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mgeddes at xavier.sa.edu.au Thu Mar 9 06:08:12 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:28:58 2003 Subject: Login to domain still failing ... References: Message-ID: <38C73FCC.FDEEDF29@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > > here is a typescriptt of a createuser plus nt login. it _does_ work. > > you _may_, as i mentioned earlier, have to delete the var/locks directory > and restart. Missed that bit. Sorry. All fixed now. > > the first enumu returns nothing, because there are zero entries in the sam > database. i then create two users. i then check that the login works. I'm with you. Creating the users is possible. I can even create users on my NT server using this method. When it comes to: a) joining the domain with the createuser machine$ -j command or b) using ntlogin to Authenticate against the PDC (even if it's an NT PDC) It fails. I get the message cmd_nt_login: login (username) test succeeded: No. This I tried with both accounts on the TNG PDC and I tried my four accounts on the NT PDC. I keep getting signal 11 in lsarpcd. This happened with gcc a while back in a machine with dodgy RAM, so I tried it on another. Same deal. Did you want a bug report? Or would you much rather I just left you alone? ;-) Thanks for all your help Luke, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mike at sag.mephi.ru Thu Mar 9 08:27:44 2000 From: mike at sag.mephi.ru (khlebnikov Michael) Date: Tue Dec 2 02:28:58 2003 Subject: Samba TNG code Message-ID: <000c01bf89a1$58280160$6600a8c0@sag1> How can I get Samba TNG code -------------- next part -------------- HTML attachment scrubbed and removed From vs at lasp.npi.msu.su Thu Mar 9 09:09:09 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:58 2003 Subject: Samba TNG code In-Reply-To: <000c01bf89a1$58280160$6600a8c0@sag1> Message-ID: On Thu, 9 Mar 2000, khlebnikov Michael wrote: > How can I get Samba TNG code > cvs -d :pserver:cvs@samba.org:/cvsroot login cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_TNG or: wget ftp://samba.org/pub/samba/alpha/samba-tng-alpha.0.11.tar.gz Please send plain text, we don't need duplicated letter and in attachments. From snail_talk at yahoo.com Thu Mar 9 10:32:20 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:28:58 2003 Subject: General question In-Reply-To: <001401bf8949$ceec6500$9f01a8c0@hwimmer.bakerref.com> Message-ID: <000b01bf89b2$c0028d80$0200000a@workstation1> hi, limited pdc functionality is available for samba stable >= 2.0.3 if you want better functionality, i encourage you to try out luke's samba-tng. it's not as stable as you may want it to be, but it does have some very nice features. i don't know what kind of support you want..if you find a bug with pdc functionality, i'm suer that luke will be most willing to help you (or anyone who can, for that matter.). just reproduce the error with loglevel up at a nice high number, and if you can, send in smb.conf too, with all security sensitive stuff removed of course. geoff. > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Hayden Wimmer > Sent: Thursday, March 09, 2000 6:14 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: General question > > > does anyone know when the pdc support will be out & supported??? > > From nial at energo.kai.ru Thu Mar 9 08:05:55 2000 From: nial at energo.kai.ru (Igor Mammedov) Date: Tue Dec 2 02:28:58 2003 Subject: can't join to domain as BDC Message-ID: <001b01bf899e$e37a89c0$4403a8c0@ap3.kai.ru> Hi! I'am get latest TNG code and try setup it's as BDC, but falied. when I connect to my PCD (NTS 4.0 sp5 ) and type command : createuser DOC$ -j I see what mashine acc created but can't join to domain . What's worng I to do. All config I take from http://www.kneschke.de/projekte/samba_tng/ ----------------------------------------------- part lof from rpcclient---------------------------------------------- msrpc_sam_create_dom_user: succeeded Create Domain User: OK Join DOC to Domain RCET LSA Create Secret make_q_create_secret000000 lsa_io_q_create_secret 0000 data: 00 00 00 00 01 00 00 00 00 00 00 00 1f 4c c7 38 73 67 00 00 0014 uni_str_len: 0018 0016 uni_max_len: 0018 0018 buffer : 00000001 001c uni_max_len: 0000000c 0020 undoc : 00000000 0024 uni_str_len: 0000000c 0028 buffer : $.M.A.C.H.I.N.E...A.C.C. 0040 des_access: 00020003 Found policy hnd[9] [000] 00 00 00 00 01 00 00 00 00 00 00 00 1F 4C C7 38 ........ .....L.8 [010] 73 67 00 00 sg.. policy(pnum=9 LSA_OPENPOL): Getting policy state Getting policy con state create_rpc_request: opnum: 0x10 data_len: 0x5c 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type : 10 00 00 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000030 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 opnum : 0010 cli_send_and_rcv_pdu_trans: cmd:26 fnum:702d cli_send_trans_data: data_len: 92 cmd:26 fnum:702d size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=16 smb_vwv[0]=0 (0x0) smb_vwv[1]=92 (0x5C) smb_vwv[2]=0 (0x0) smb_vwv[3]=2048 (0x800) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=76 (0x4C) smb_vwv[11]=92 (0x5C) smb_vwv[12]=76 (0x4C) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=28717 (0x702D) smb_bcc=101 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=48 (0x30) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=48 (0x30) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=49 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=48 (0x30) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=48 (0x30) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=49 Realloc asked for 0 bytes rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type : 10 00 00 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000030 rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 cli_pipe: len left: 0 smbtrans read: 48 rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type : 10 00 00 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000030 rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000000 lsa_io_r_create_secret 0000 data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0014 status: c0000022 LSA_OPENSECRET: LSA Open Secret make_q_open_secret000000 lsa_io_q_open_secret 0000 data: 00 00 00 00 01 00 00 00 00 00 00 00 1f 4c c7 38 73 67 00 00 0014 uni_str_len: 0018 0016 uni_max_len: 0018 0018 buffer : 00000001 001c uni_max_len: 0000000c 0020 undoc : 00000000 0024 uni_str_len: 0000000c 0028 buffer : $.M.A.C.H.I.N.E...A.C.C. 0040 des_access: 00020003 Found policy hnd[9] [000] 00 00 00 00 01 00 00 00 00 00 00 00 1F 4C C7 38 ........ .....L.8 [010] 73 67 00 00 sg.. policy(pnum=9 LSA_OPENPOL): Getting policy state Getting policy con state create_rpc_request: opnum: 0x1c data_len: 0x5c 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type : 10 00 00 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000031 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000044 0014 context_id: 0000 0016 opnum : 001c cli_send_and_rcv_pdu_trans: cmd:26 fnum:702d cli_send_trans_data: data_len: 92 cmd:26 fnum:702d size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=16 smb_vwv[0]=0 (0x0) smb_vwv[1]=92 (0x5C) smb_vwv[2]=0 (0x0) smb_vwv[3]=2048 (0x800) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=76 (0x4C) smb_vwv[11]=92 (0x5C) smb_vwv[12]=76 (0x4C) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=28717 (0x702D) smb_bcc=101 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=48 (0x30) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=48 (0x30) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=49 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=48 (0x30) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=48 (0x30) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=49 Realloc asked for 0 bytes rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type : 10 00 00 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000031 rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 cli_pipe: len left: 0 smbtrans read: 48 rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type : 10 00 00 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000031 rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000000 lsa_io_r_open_secret 0000 data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0014 status: c0000022 LSA_OPENSECRET: Set $MACHINE.ACC: FAILED LSA Close make_lsa_q_close 000000 lsa_io_q_close 0000 data: 00 00 00 00 01 00 00 00 00 00 00 00 1f 4c c7 38 73 67 00 00 Found policy hnd[9] [000] 00 00 00 00 01 00 00 00 00 00 00 00 1F 4C C7 38 ........ .....L.8 [010] 73 67 00 00 sg.. policy(pnum=9 LSA_OPENPOL): Getting policy state Getting policy con state create_rpc_request: opnum: 0x0 data_len: 0x2c 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type : 10 00 00 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000032 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000014 0014 context_id: 0000 0016 opnum : 0000 cli_send_and_rcv_pdu_trans: cmd:26 fnum:702d cli_send_trans_data: data_len: 44 cmd:26 fnum:702d size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=16 smb_vwv[0]=0 (0x0) smb_vwv[1]=44 (0x2C) smb_vwv[2]=0 (0x0) smb_vwv[3]=2048 (0x800) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=76 (0x4C) smb_vwv[11]=44 (0x2C) smb_vwv[12]=76 (0x4C) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=28717 (0x702D) smb_bcc=53 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=48 (0x30) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=48 (0x30) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=49 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=48 (0x30) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=48 (0x30) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=49 Realloc asked for 0 bytes rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type : 10 00 00 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000032 rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 cli_pipe: len left: 0 smbtrans read: 48 rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type : 10 00 00 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000032 rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 000000 lsa_io_r_close 0000 data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0014 status: 00000000 Found policy hnd[9] [000] 00 00 00 00 01 00 00 00 00 00 00 00 1F 4C C7 38 ........ .....L.8 [010] 73 67 00 00 sg.. policy(pnum=9 LSA_OPENPOL): Closing size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=28717 (0x702D) smb_vwv[1]=65535 (0xFFFF) smb_vwv[2]=65535 (0xFFFF) smb_bcc=0 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=26479 smb_uid=100 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 [RCET\root@PC5]$ ----------------------------------------------------end lof rpcclient----------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: log.lsarpc Type: application/octet-stream Size: 8671 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000309/34fa4db3/log.obj From dean.scothern at wwgsolutions.com Thu Mar 9 10:51:52 2000 From: dean.scothern at wwgsolutions.com (dean.scothern@wwgsolutions.com) Date: Tue Dec 2 02:28:58 2003 Subject: simple nt client question Message-ID: <8525689D.003B7D16.00@wg.com> Hello, This is a simple question with hopefully a simple answer. samba 2.0.6 on HPUC 10 using security = domain and an NT PDC, as per the FAQ (6.1) and book v1. I can connect direct to shares using win9x and NT using dos net and smbclient, but not navigating via explorer or neighbourhood on the desktop. When I click on the server icon I am asked to authenticate but no username:password works. The NT / unix (nis) usernames are the same. What do I need to do? Thanks Dino No smbpasswd file conf = : [global] netbios name = eng05 security = domain # domain logons = yes encrypt passwords = yes workgroup = PLYMOUTH password server = CCP_PDC server string = Samba Server %v on (%L) guest account = pcguest # log level = 100 log level = 2 max log size = 50 deadtime = 35 browsable = yes local master = no dns proxy = yes interfaces = 141.169.124.5/255.255.248.0 socket options = TCP_NODELAY #============================ Share Definitions ============================== [homes] comment = Home Directories guest ok = no browsable = no writable = yes [temp] path = /tmp public = yes [public] path = /usr/users/public public = yes browsable = yes only guest = yes writable = yes printable = no create mask = 660 directory mask = 770 force create mode = 660 force directory mode = 770 force user = pcguest force group = dsmuser # prevent links leaving tree wide links = no From karl at Denninger.Net Thu Mar 9 13:14:42 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:58 2003 Subject: Login to domain still failing ... In-Reply-To: <38C71F2D.25B1799B@xavier.sa.edu.au>; from Matthew Geddes on Thu, Mar 09, 2000 at 02:43:29PM +1100 References: <20000308212037.C41786@Denninger.Net> <38C71F2D.25B1799B@xavier.sa.edu.au> Message-ID: <20000309071442.A43141@Denninger.Net> On Thu, Mar 09, 2000 at 02:43:29PM +1100, Matthew Geddes wrote: > Karl Denninger wrote: > > > > Yep. Its still broken. > > > > Connecting to shares that have no password works. > > > > Luke appears to have narrowed it down to something in lsarpcd, but for the > > life of me I can't make headway on this one. No core dumps, but also no > > communication (although it *does* start up when a request is made to it). > > > > -- > > My lsarpcd seems to be running fine. samrd keeps the LSA_LOOKUPNAMES > thing and dies in the end (I'm following Luke's destructions from the > E-Mail titled, Samba-tng-alpha-0.11.tar.gz). netlogond, on the other > hand really isn't happy and keeps 'INTERNAL ERROR'ing but I can't find > and core. Does anyone have any tech stuff on the login sequence? Of > ideas for where I can start to help? > > Thanks, > Matt Mine appears to be running fine too Matt - it just never returns the data it is supposed to. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From Loo at littongcs.com Thu Mar 9 14:50:41 2000 From: Loo at littongcs.com (Loo, Joseph) Date: Tue Dec 2 02:28:58 2003 Subject: simple nt client question Message-ID: <9DD60A65AD75D211816700A0C9E93F910278FE12@whntmail1.littongcs.com> Have you tried adding wins server = xxx.xxx.xxx.xxx I couldn't get mine to work until that was set. In addition I set my password server = * instead to a specific machine. It seems to work fine. Joseph Loo Litton Guidance & Control 5500 Canoga Ave Woodland Hills, CA 91367-6698 Phone #: (818) 715-2961 Fax #: (818) 715-2752 -----Original Message----- From: dean.scothern@wwgsolutions.com [mailto:dean.scothern@wwgsolutions.com] Sent: Thursday, March 09, 2000 2:54 AM To: Multiple recipients of list SAMBA-NTDOM Subject: simple nt client question Hello, This is a simple question with hopefully a simple answer. samba 2.0.6 on HPUC 10 using security = domain and an NT PDC, as per the FAQ (6.1) and book v1. I can connect direct to shares using win9x and NT using dos net and smbclient, but not navigating via explorer or neighbourhood on the desktop. When I click on the server icon I am asked to authenticate but no username:password works. The NT / unix (nis) usernames are the same. What do I need to do? Thanks Dino No smbpasswd file conf = : [global] netbios name = eng05 security = domain # domain logons = yes encrypt passwords = yes workgroup = PLYMOUTH password server = CCP_PDC server string = Samba Server %v on (%L) guest account = pcguest # log level = 100 log level = 2 max log size = 50 deadtime = 35 browsable = yes local master = no dns proxy = yes interfaces = 141.169.124.5/255.255.248.0 socket options = TCP_NODELAY #============================ Share Definitions ============================== [homes] comment = Home Directories guest ok = no browsable = no writable = yes [temp] path = /tmp public = yes [public] path = /usr/users/public public = yes browsable = yes only guest = yes writable = yes printable = no create mask = 660 directory mask = 770 force create mode = 660 force directory mode = 770 force user = pcguest force group = dsmuser # prevent links leaving tree wide links = no From ccoupal at justice.gov.sk.ca Thu Mar 9 14:59:08 2000 From: ccoupal at justice.gov.sk.ca (ccoupal@justice.gov.sk.ca) Date: Tue Dec 2 02:28:58 2003 Subject: Login to domain still failing ... Message-ID: <96A36F668926D31185480000F81AE18D1A30D9@appsrv.justice.gov.sk.ca> I have quite a bit of experience with NT, and I thought I would confirm the following: If a connection attempt is made to an NT machine, the username is authenticated as such: 1) check the PDC (NT Domain) for an account which matches, if found, authenticate. if authentication fails, continue else break with succes. If not found, continue. 2) check all PDC of trusted domains for an account which matches, if found, authenticate. if authentication fails, continue else break with succes. If not found, continue. 3) loop 2 until all trusted PDC are tried 4) check local SAM database for an account which matches, if found, authenticate. if authentication fails, continue else break with succes. If not found, continue. 5) stop with authentication failure -----Original Message----- From: abrock@georgefox.edu [SMTP:abrock@georgefox.edu] Sent: Wednesday, March 08, 2000 9:06 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Login to domain still failing ... A few minutes ago (6:30 pm PST, 3/8/2000) I updated against the CVS tree, and am still unable to login to the domain. While I am unfamiliar with the rpcclient command, I was able to do the following: rpcclient -S \. -U abrock%pass Added interface ip=10.0.0.10 bcast=10.0.0.255 nmask=255.255.255.0 [abrock@.]$ ntlogin IT\abrock pass ntlogin IT\abrock fhm06l socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused socket connect to /tmp/.msrpc/.NETLOGON/agent failed: Connection refused cli_nt_setup_creds: request challenge failed cmd_nt_login: login (abrock) test succeeded: No [abrock@.]$ Is there anything I can do to assist in fixing this problem? Would it help if I post a log at a certain level? Post my smb.conf file again? Whatever it would take to get logins working again, I would GREATLY appreciate any assistance! Tony lkcl@samba.org writes: >scratch that, i just checked this over. it would appear that this is the >_correct_ behaviour. > >namely, that if a local workstation attempts to contact a machine, the >local sam database should be used. > >i _think_ this may actually be, if the domain name is unrecognised, use >the local sam database (including if the domain name is the local >workstation). > >i'm going to code that up. > >On Thu, 9 Mar 2000, Luke Kenneth Casson Leighton wrote: > >> tom thx 4 bringing this to my attention. i am being more strict about >> what domain names are accepted etc. i will fix this as a special case. >> >> luke >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > >ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > From vurosevic at webplan.net Thu Mar 9 15:14:56 2000 From: vurosevic at webplan.net (Vojin Urosevic) Date: Tue Dec 2 02:28:58 2003 Subject: simple nt client question In-Reply-To: <8525689D.003B7D16.00@wg.com> Message-ID: <000601bf89da$3ad1ff60$7a23efcf@webplan.net> I have this and it works just fine. Hope this helps vojin # Global parameters [global] workgroup = WHATEVER netbios name = SANTANA server string = Samba on Sun E450 interfaces = eth0 security = SERVER encrypt passwords = Yes update encrypted = Yes min passwd length = 3 password server = pdc unix password sync = Yes log file = /usr/local/samba/logs/log.%m max log size = 500 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = 192.168.1.1 192.168.1.2 < I have this line below "remote anounce" because of my WAN link to a west cost box to sync WINS server there>> remote announce = 202.234.56.2 #remote brows sync = 202.234.56.2 hosts allow = 192.168. 127. domain controller=pdc [homes] comment = Home Directories read only = No browseable = No [Accounting] comment = Accounting Department path = /usr2/Accounting writable = yes valid users = @accounting locking = yes create mode = 0770 directory mode = 0660 [Executives] comment = Executive Management path = /usr2/executive writable = yes valid users = @executives locking = yes create mode = 0770 directory mode = 0660 From Tru.Pham at nokia.com Thu Mar 9 15:28:23 2000 From: Tru.Pham at nokia.com (Tru.Pham@nokia.com) Date: Tue Dec 2 02:28:58 2003 Subject: Step by Step Profiles Message-ID: <7B5C0390ACE7D211BC9C0008C7EABA2B731D7C@daeis07nok> Hi! I think I messed with it before I came to play with Samba TNG for Windows 2000. Here's what I did: 1. log into windows 98 2. Launch Control Panel 3. Double click on Users and password 4. Try to create a user (local) I named mine guest. (At this point, Windows 98 will install Profiles stuff) 5. Logout of Windows 98 6. Re-login with your Samba User ID. 7. Windows 98 will ask you to create profiles. Say Yes to this. Then profiles will be created. 8. Profiles will be transfered to Samba Server whenever you logout. Hope this will help!!!! -----Original Message----- From: EXT Patrick M?ller [mailto:admin@rogatec.ch] Sent: Wednesday, March 08, 2000 3:15 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Step by Step Profiles Hi I've been trying for 4 days and 3 nights to setup roaming profiles with samba 2.0.6 and Win 98. I searched all the faqs and the docs and the archives but I didn't find any CLEAR step by step guid how to install it. So I tried and tried but nothing worked. Is it possible that one of you professionals in samba can post a STEP BY STEP guide for setting up a samba PDC with roaming profiles for windows 98? especially the configuration of the win 98 machine is a problem. My logon scripts work already. Thanks for this. Pat From Tru.Pham at nokia.com Thu Mar 9 15:33:44 2000 From: Tru.Pham at nokia.com (Tru.Pham@nokia.com) Date: Tue Dec 2 02:28:58 2003 Subject: Updates on Administrator issues. Message-ID: <7B5C0390ACE7D211BC9C0008C7EABA2B731D7D@daeis07nok> As posted yesterday, someone was having problem with log into Windows with Administrator account of Samba. This is what I did to get it working for Samba-tng 0.12: 1. rpcclient -S . -U root 2. createuser Workstation$ 3. Exit 4. smbpasswd -a Administrator New password: **** Retype password: **** 5. Restart all the daemons just for sure. :) 6. Login on NT workstation. NOTE: Do *NOT* create a Normal User with rpcclient or samedit. I tried but not working. From mbreuer at siac.com Thu Mar 9 18:06:42 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:58 2003 Subject: TNG 0.12 - Still some issues Message-ID: <38C7E832.E556A9C6@siac.com> 1) Roaming profiles are not working (same symptoms as 0.11, 0.10). 2) smbd is still not running as the connected user... only as root (this may actually be causing my roaming profile issues). 3) I still can't mount a share from a machine which is not a member of the domain. 4) When I attempt to run usrmgr from a W2K workstation which is a member of and logged into the domain (tng pdc) (as a domain admin) I get a variety of errors: a) runas DOMAIN\root: RPC protocol error b) runas DOMAIN\administrator: "The stub received bad data" c) runas DOMAIN\: samrd PANIC. I have extensive log files, core files, etc. Nothing seems obvious. All of the above users are mapped to domain administrative users, all can log in and mount appropriate shares. Using rpcclient, all of the above work correctly and seem to have proper administrative credentials. The logs indicate that proper administrative groups were assigned. 5) I have two IRIX specific Makefile.in and configure.in patches. I don't have cvs access, and I'm not sure if these adversely affect other platforms. If someone could validate the patches and include them in cvs, the IRIX community would be appreciative. (patch file attached.) -------------- next part -------------- diff -c -r samba-tng-alpha.0.12/source/Makefile.in samba-tng-alpha.0.12.IRIX/source/Makefile.in *** samba-tng-alpha.0.12/source/Makefile.in Tue Mar 7 15:01:26 2000 --- samba-tng-alpha.0.12.IRIX/source/Makefile.in Thu Mar 9 09:36:00 2000 *************** *** 440,446 **** nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o NMBD_OBJ = $(NMBD_OBJ1) ! NMBD_LIBS = $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(UBIQXLIB) $(RPC_PARSE_OBJ2) SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ web/swat.o libsmb/passchange.o $(LOCKING_OBJ) \ --- 440,446 ---- nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o NMBD_OBJ = $(NMBD_OBJ1) ! NMBD_LIBS = $(RPC_PARSE_OBJ2) $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(UBIQXLIB) SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ web/swat.o libsmb/passchange.o $(LOCKING_OBJ) \ *************** *** 604,610 **** smbwrapper/realcalls.o smbwrapper/shared.o CLIENT_OBJ = client/client.o client/clitar.o ! CLIENT_LIBS = $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(RPC_PARSE_OBJ2) MOUNT_OBJ = client/smbmount.o client/clientutil.o \ $(RPC_PARSE_OBJ2) --- 604,610 ---- smbwrapper/realcalls.o smbwrapper/shared.o CLIENT_OBJ = client/client.o client/clitar.o ! CLIENT_LIBS = $(RPC_PARSE_OBJ2) $(SMBLIB) $(NMBLIB) $(SAMBALIB) MOUNT_OBJ = client/smbmount.o client/clientutil.o \ $(RPC_PARSE_OBJ2) diff -c -r samba-tng-alpha.0.12/source/configure.in samba-tng-alpha.0.12.IRIX/source/configure.in *** samba-tng-alpha.0.12/source/configure.in Fri Mar 3 15:10:05 2000 --- samba-tng-alpha.0.12.IRIX/source/configure.in Thu Mar 9 09:12:41 2000 *************** *** 58,63 **** --- 58,73 ---- *aix4*) CPPFLAGS="$CPPFLAGS -D_LARGE_FILES" ;; + # + # Irix needs standards.h to detect netinet + # + *irix*) + AC_CHECK_HEADERS(standards.h, + cat >> confdefs.h < + EOF + ) + ;; esac AC_INLINE From mbreuer at siac.com Thu Mar 9 18:24:34 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:58 2003 Subject: TNG 0.12 - Still some issues References: <38C7E832.E556A9C6@siac.com> Message-ID: <38C7EC61.5958CCB9@siac.com> Whoops... #2 is resolved. I had entered myself as an "admin user" when troubleshooting some of these issues. Michael Breuer wrote: > 2) smbd is still not running as the connected user... only as root (this may actually be causing my roaming profile issues). [snip] From clairroberts at home.com Thu Mar 9 18:44:33 2000 From: clairroberts at home.com (Clair Roberts) Date: Tue Dec 2 02:28:58 2003 Subject: Login to domain still failing ... Message-ID: <38C7F110.8B457AE4@home.com> I tried the example Luke put up, word, for word and had troubles. Here is my typescript of events after I checked the code today at 9am. Compiled it, wiped out the entire var dir and the .SID files plus wiped out my smbpasswd file. (btw samba is running on my solaris 2.7 E250.) [root] elk /opt/samba-tng $> rpcclient -S . -U root%test -l log [root@.]$ enumu enumu SAM Enumerate Users [root@.]$ createuser root -p test createuser root -p test SAM Create Domain User Domain: SAMBA-TNG Name: root ACB: [U ] Create Domain User: OK [root@.]$ createuser test -p test createuser test -p test SAM Create Domain User Domain: SAMBA-TNG Name: test ACB: [U ] Create Domain User: OK [root@.]$ ntlogin SAMBA-TNG\root test ntlogin SAMBA-TNG\root test Segmentation Fault (core dumped) -- so I checked the smbpasswd file and root:0:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NDU ]:LCT-38C7EA2F: test:2004:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NDU ]:LCT-38C7EAA1: -- No password ehh ??? okay then..... smbpasswd root --- now smbpasswd looks like... root:0:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[DU ]:LCT-38C7ED4F: test:2004:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NDU ]:LCT-38C7ECCF: -- okay now try the ntlogin again ..... [root] elk /opt/samba-tng $> rpcclient -S . -U root%test -l log [root@ELK]$ ntlogin SAMBA-TNG\root test ntlogin SAMBA-TNG\root test cmd_nt_login: login (root) test succeeded: No [root@ELK]$ - damn !!!! must be that damn [DU ] businesss.. manually do a little tweaking to SMBPASSWD - might as well set test's password while I am here and ... root:0:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U ]:LCT-38C7ED4F: test:2004:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U ]:LCT-38C7EE5B: - now try the ntlogin ... [root@ELK]$ ntlogin SAMBA-TNG\root test ntlogin SAMBA-TNG\root test cmd_nt_login: login (root) test succeeded: Yes [root@ELK]$ ntlogin SAMBA-TNG\test test ntlogin SAMBA-TNG\test test cmd_nt_login: login (test) test succeeded: Yes -- looking good... now try it with a bad password..... [root@ELK]$ ntlogin SAMBA-TNG\root ARGHHH ntlogin SAMBA-TNG\root ARGHHH Segmentation Fault (core dumped) -- ut oh!!!! On my NT4SP6a machine I was able to join the domain, but still not able to log into it. Anybody else having the same problems. From tom at ee.ucl.ac.uk Thu Mar 9 19:26:57 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:28:58 2003 Subject: Login to domain still failing ... Message-ID: <200003091926.TAA10642@picard.ee.ucl.ac.uk> Hello Clair, I have the same problem with being able to (apparently) join the domain, but am unable to log in to the workstations. The error is: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. This applies to both NT4 SP6a and Win 2000. Interestingly, I can still log into a Win 2000 workstation that was joined to the domain on Monday under an earlier version of TNG. This would indicate to me that the joining to the domain is putting the wrong password in the smbpasswd file. I'm not too clear on the algorithms used to generate workstation passwords. Is there always a well known plaintext start point (i.e. the workstation name in lower case) which is encrypted? How does the first section of the password line relate to the second? (I believe that the first section is the LANMAN version of the password and the second is the NT version, which is ecrypted from the LANMAN one, but I'm not sure I've got that 100% right). Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From mbreuer at siac.com Thu Mar 9 20:56:09 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:58 2003 Subject: TNG 0.12 Samrd Stack Trace & patch attached. Message-ID: <38C80FE8.DA63BB16@siac.com> This may be related to the on-going login issues. Looking at the core file, it seems that the proximate cause of the PANIC is a an attempt to print a debug level 10 message at domain_namemap.c:700. Working backward, "unix_name" at groupunix.c:117 is not a valid pointer. In this trace, the value of "i" (loop iterator) is 1. Again...working backward... in groupunix.c:245, the call to getgrgid is not validated. A "NULL" return (group not found) is not good. In fact, the code here was looking for a group which was defined in /etc/passwd, but not in /etc/group. Checking further... it seems that at least on my system, I'm misconfigured and getting groups from NIS and passwd from files. So I have users without valid groups, and groups without valid users. The attached patch covers the case of a NULL group, but not the case of a missing or invalid user within the group (i.e., I'm still trapping). In the second case (which I haven't patched), I still fail at domain_namemap.c:700 with a bogus unix_usr_name. It seems that IRIX is returning a bad value when misconfigured (as noted before). -------------- next part -------------- int _kill() ["kill.s":15] int _raise() ["raise.c":27] int abort() ["abort.c":52] void smb_panic(unsigned char * why = 0x5feba610 = "internal error") ["util.c":2384] void fault_report(int sig = 11) ["fault.c":46] void sig_fault(int sig = 11) ["fault.c":70] int _sigtramp() ["sigtramp.s":71] int strlen() ["strlen.s":58] int _doprnt() ["doprnt.c":1337] int _vsnprintf() ["vsnprintf.c":35] int vslprintf(unsigned char * str = 0x7fff1c88 = "lookupsmbpwnam: unix user name p oracle\n", int n = 1023, unsigned char * format = 0x5fdda6a8 = "lookupsmbpwnam: unix user name %s\n", va_list ap = 0x7fff20a8 = "") ["slprintf.c":32] BOOL dbgtext(unsigned char * format_str = 0x5fdda6a8 = "lookupsmbpwnam: unix user name %s\n", void ... = ) ["debug.c":571] BOOL lookupsmbpwnam(unsigned char * unix_usr_name = 0x61656c42, DOM_NAME_MAP * grp = 0x7fff2128) ["domain_namemap.c":700] BOOL get_unixgroup_members(struct group * grp = 0x7fff21e8, int * num_mem = 0x7fff26e8, DOMAIN_GRP_MEMBER ** members = 0x7fff26e4) ["groupunix.c":117] DOMAIN_GRP * getgrpunixpwent(int * vp = 0x100543e8, DOMAIN_GRP_MEMBER ** mem = 0x7fff26e4, int * num_mem = 0x7fff26e8) ["groupunix.c":245] DOMAIN_GRP * getgroupent(int * vp = 0x100543e8, DOMAIN_GRP_MEMBER ** mem = 0x7fff26e4, int * num_mem = 0x7fff26e8) ["groupdb.c":343] BOOL iterate_getusergroupsnam(unsigned char * user_name = 0x5fdddb30 = "root", DOMAIN_GRP ** grps = 0x7fff2790, int * num_grps = 0x7fff2848) ["groupdb.c":239] BOOL getusergroupsntnam(unsigned char * user_name = 0x5fdddb30 = "root", DOMAIN_GRP ** grp = 0x7fff2790, int * num_grps = 0x7fff2848) ["groupdb.c":436] unsigned int _samr_query_usergroups(POLICY_HND * pol = 0x7fff2850, unsigned int * num_groups = 0x7fff2848, DOM_GID ** gids = 0x7fff2844) ["srv_samr_passdb.c":2174] BOOL api_samr_query_usergroups(rpcsrv_struct * p = 0x1005a3f0, prs_struct * data = 0x1005a3f0, prs_struct * rdata = 0x1005a420) ["srv_samr.c":882] BOOL api_rpc_command(rpcsrv_struct * l = 0x1005a3f0, unsigned char * rpc_name = 0x10029018 = "api_samr_rpc", struct api_struct * api_rpc_cmds = 0x1002a208) ["srv_pipe_srv.c":689] BOOL api_rpcTNP(rpcsrv_struct * l = 0x1005a3f0, unsigned char * rpc_name = 0x10029018 = "api_samr_rpc", struct api_struct * api_rpc_cmds = 0x1002a208) ["srv_pipe_srv.c":723] BOOL api_samr_rpc(rpcsrv_struct * p = 0x1005a3f0) ["srv_samr.c":1160] BOOL api_pipe_request(rpcsrv_struct * l = 0x1005a3f0, unsigned char * name = 0x7fff2d70 = "samr", prs_struct * resp = 0x1005a484) ["srv_pipe_srv.c":473] BOOL rpc_redir_local(rpcsrv_struct * l = 0x1005a3f0, prs_struct * req = 0x1005a454, prs_struct * resp = 0x1005a484, unsigned char * name = 0x7fff2d70 = "samr") ["srv_pipe_srv.c":603] BOOL rpc_local(rpcsrv_struct * l = 0x1005a3f0, unsigned char * data = 0x10058138 = "\005", int len = 44, unsigned char * name = 0x7fff2d70 = "samr") ["srv_pipe_srv.c":750] void process_msrpc(rpcsrv_struct * l = 0x1005a3f0, unsigned char * name = 0x7fff2d70 = "samr", prs_struct * pdu = 0x7fff2c20) ["msrpcd_process.c":167] void msrpcd_process(msrpc_service_fns * fn = 0x1002a1d8, rpcsrv_struct * l = 0x1005a3f0, unsigned char * name = 0x7fff2d70 = "samr") ["msrpcd_process.c":515] int main(int argc = 2, unsigned char ** argv = 0x7fff2f24) ["msrpcd.c":568] int __start() ["crt1text.s":177] -------------- next part -------------- diff -c -r samba-tng-alpha.0.12/source/groupdb/groupunix.c samba-tng-alpha.0.12.PATCH/source/groupdb/groupunix.c *** samba-tng-alpha.0.12/source/groupdb/groupunix.c Tue Feb 8 12:36:42 2000 --- samba-tng-alpha.0.12.PATCH/source/groupdb/groupunix.c Thu Mar 9 15:11:57 2000 *************** *** 170,175 **** --- 170,176 ---- /* Static buffers we will return. */ static DOMAIN_GRP gp_buf; struct group unix_grp; + struct group *tmp_unix_grp; struct unix_entries *grps = (struct unix_entries *)vp; if (grps == NULL) *************** *** 240,248 **** { (*mem) = NULL; (*num_mem) = 0; ! ! memcpy(&unix_grp, getgrgid(unix_grp.gr_gid), sizeof(unix_grp)); ! get_unixgroup_members(&unix_grp, num_mem, mem); } { --- 241,251 ---- { (*mem) = NULL; (*num_mem) = 0; ! if ((tmp_unix_grp=getgrgid(unix_grp.gr_gid)) != NULL) { ! memcpy(&unix_grp, tmp_unix_grp, sizeof(unix_grp)); ! get_unixgroup_members(&unix_grp, num_mem, mem); ! } ! } { From jasonjensen at home.com Thu Mar 9 21:53:43 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:28:58 2003 Subject: General question References: <000b01bf89b2$c0028d80$0200000a@workstation1> Message-ID: <002701bf8a11$f02cfae0$0201a8c0@jason> by LIMITED PDC support what is meant? can i do NT domain logins? profiles? ----- Original Message ----- From: "geoffrey lee" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Thursday, March 09, 2000 4:20 AM Subject: RE: General question > hi, > > limited pdc functionality is available for samba stable >= 2.0.3 > > if you want better functionality, i encourage you to try out luke's > samba-tng. it's not as stable as you may want it to be, but it does have > some very nice features. > > i don't know what kind of support you want..if you find a bug with pdc > functionality, i'm suer that luke will be most willing to help you (or > anyone who can, for that matter.). just reproduce the error with loglevel up > at a nice high number, and if you can, send in smb.conf too, with all > security sensitive stuff removed of course. > > geoff. > > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Hayden Wimmer > > Sent: Thursday, March 09, 2000 6:14 AM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: General question > > > > > > does anyone know when the pdc support will be out & supported??? > > > > > From jasonjensen at home.com Thu Mar 9 22:04:47 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:28:58 2003 Subject: Windows 2000 profiles Message-ID: <005601bf8a13$7c21e0f0$0201a8c0@jason> Is there an easy way to transfer a local profile to a roaming one? cause i have my profile exactly how i want it and if login to the domain i loose 1/2 the programs i have installed, my settings, favs, old mail, the WORKS.. when you copy it over.. it doesn't seem to work.. samba seems to die on long/weird filenames.. how to i get around this? From mbreuer at siac.com Thu Mar 9 22:07:02 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:28:58 2003 Subject: Windows 2000 profiles References: <005601bf8a13$7c21e0f0$0201a8c0@jason> Message-ID: <38C82085.EFE8F388@siac.com> Yes... right-click on "My Computer" select "properties" then select the "User Profiles" tab. Select the profile you want to copy, and copy away. Caveat: you must make sure the the allowed user(s) are correct for the copied profile. If it's for the same user AND domain AND machine, then all should be OK. Otherwise... you *might* get some errors. That said, which version of samba is this for... if it's TNG, please let me know how you have roaming profiles working! Jason Jensen wrote: > Is there an easy way to transfer a local profile to a roaming one? cause i > have my profile exactly how i want it and if login to the domain i loose 1/2 > the programs i have installed, my settings, favs, old mail, the WORKS.. when > you copy it over.. it doesn't seem to work.. samba seems to die on > long/weird filenames.. how to i get around this? From lkcl at samba.org Fri Mar 10 02:01:59 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:58 2003 Subject: write pipe issues Message-ID: apparently, i am supposed to use a write-loop-wrapper function, not just a write() call, so please, thse people who have been having "odd" problems with tng not operating, cvs update, recompile and please report if it works. thx, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Fri Mar 10 02:14:40 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:58 2003 Subject: to tom crummey Message-ID: tom, i got the one about the login from rpcclient failing (core dump) with wrong password. at present i don't have test environment access, sorry. check _samr_set_userinfo2() in srv_samr_passdb.c: that should be changing [DUX ] to [U ] - disabled user no password to user. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From jffolliott at home.com Fri Mar 10 05:19:25 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:28:58 2003 Subject: write pipe issues In-Reply-To: Message-ID: Wonderful. With CVS update from 11pm EST March 9th, I'm able to access samba shares as a non-root user. This was a problem only in the last 2-3 alpha releases (up to alpha 0.11 but I skipped alpha 0.12). So I suspect that mounting of samba-tng shares from Win2K and NT has been fixed now (the incorrect password problem). Jamie > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Luke Kenneth Casson Leighton > Sent: March 9, 2000 9:04 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: write pipe issues > > > apparently, i am supposed to use a write-loop-wrapper function, not just a > write() call, so please, thse people who have been having "odd" problems > with tng not operating, cvs update, recompile and please report if it > works. > > thx, > > luke > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > From Herve.Cimadomo at imag.fr Fri Mar 10 07:34:13 2000 From: Herve.Cimadomo at imag.fr (CIMADOMO =?iso-8859-1?Q?herv=E9?=) Date: Tue Dec 2 02:28:58 2003 Subject: TNG0.12 - samba as bdc (seem) no work Message-ID: <38C8A575.C4C0BAFC@imag.fr> taking instruction from http://www.kneschke.de/projekte/samba_tng/ , i can't make my samba server as BDC. When i try to execute createuser command, i have no message "create trust account: OK" and "join domain: OK". i have : " ROOT(zidane)[174] /softs/samba-tng # rpcclient -S chauvet -U root%if+26lplmdp -W ADELE99 Can't find include file /softs/samba-tng/lib/smb.conf. Can't find include file /softs/samba-tng/lib/%U.conf socket connect to /tmp/.smb.0/agent failed: No such file or directory error connecting to 129.88.103.26:445 (Connection refused) session setup ok Domain=[ADELE99] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] [ADELE99\root@CHAUVET]$ lsaquery lsaquery LSA Query Info Policy Domain Member - Domain: ADELE99 SID: S-1-5-21-1822582468-1085545095-1734353810 Domain Controller - Domain: ADELE99 SID: S-1-5-21-1822582468-1085545095-1734353810 [ADELE99\root@CHAUVET]$ createuser zidane$ -s -j createuser zidane$ -s -j SAM Create Domain User Domain: ADELE99 Name: zidane$ ACB: [W ] Create Domain User: OK [ADELE99\root@CHAUVET]$ samsync samsync LSA_QUERYSECRET: cmd_sam_sync: no trust account password [ADELE99\root@CHAUVET]$ " In log.smb, i found strange error messages : " error connecting to 129.88.103.26:445 (Connection refused) socket connect to /tmp/.smb.0/agent failed: No such file or directory error connecting to 129.88.103.26:445 (Connection refused) error connecting to 129.88.103.26:445 (Connection refused) socket connect to /tmp/.msrpc/.lsarpc/agent failed: No such file or directory socket connect to /tmp/.smb.0/agent failed: No such file or directory error connecting to 129.88.103.26:445 (Connection refused) cli_nt_setup_creds: auth2 challenge failed. status: c0000022 domain_client_validate: credentials failed (\\CHAUVET) ??] SMB LM/NT Password did not match!afe_strcpy [=?;??3Q??2+??? e " in this doc, it's say that "you will need to have created unix /etc/passwd entries in advance of doing the samsync command". what are this entries ? (samba server acccount, pdc account ?). is the security to apply for act as a bdc is security=user or security=domain ? thank for help. -- Herve Cimadomo Email: Herve.Cimadomo@imag.fr LSR ACTIMART, bat 8, avenue de Vignate 38610 Gieres tel : 04.76.63.34.61 From dean.scothern at wwgsolutions.com Fri Mar 10 11:10:43 2000 From: dean.scothern at wwgsolutions.com (dean.scothern@wwgsolutions.com) Date: Tue Dec 2 02:28:58 2003 Subject: simple nt client question resolved and 2nd question Message-ID: <8525689E.003D368C.00@wg.com> Hello Again, I found that my configuration worked, the problem was that when authenticating I had to specify the user as DOMAIN/USER for it to work. Looking at the samba logs I determined that without specifying the domain the machine (NT4) would use its name as the domain, which then obviously failed. The correct domain was specified in the machine's config. Is this normal behaviour? Is there a fix? Regards Dino Thanks for help From hanak at IRIS.osu.cz Fri Mar 10 12:12:03 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:28:59 2003 Subject: NMBLOOKUP problem Message-ID: Hi samba gurus! Can anybody explain this: I have WINS server set in smb.conf. When i use smbclinet -L name correctly WINS server answers on query and computer IP is sent back. When i use nmblookup -U wins_server_ip name then name_query fails. I have same problem in WinNT (SP6). Only one segment computers i can see in browse list. Yes i have WINS server set correctly. WINS server runs on WinNT Server. But i think that there is not problem in WINS server, cause smbclient -L works fine. Can anybody help me?! Thanx for any tips, guys! O.H. From hanak at IRIS.osu.cz Fri Mar 10 12:48:05 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:28:59 2003 Subject: NMBLOOKUP correction Message-ID: I must correct this: nmblookup -U wins_server_ip -R name works fine. But i can't still do this: nmblookup -U wins_server_ip -R mygroup#1b -> no answer for workgroup. Can this be malfunction of WINS server, that runs on WinNT Server? madness is coming... O.H. From tschweikle at FIDUCIA.de Fri Mar 10 13:35:47 2000 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:28:59 2003 Subject: NMBLOOKUP correction Message-ID: <0057540004209120000002L402*@MHS> hanak@IRIS.osu.cz: > I must correct this: > nmblookup -U wins_server_ip -R name works fine. > But i can't still do this: > nmblookup -U wins_server_ip -R mygroup#1b -> no answer for workgroup. This works. But you forgott to encapsulate mygroup#1b within ' nmblookup -U wins_server_ip -R 'mygroup#1b' -- From hanak at IRIS.osu.cz Fri Mar 10 14:16:08 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:28:59 2003 Subject: NMBLOOKUP correction In-Reply-To: <0057540004209120000002L402*@MHS> Message-ID: I think that my problem is, that Win9x and WinNT works. can't correctly works with WINS server as domain master browser. You know, when master browser registered with WINS server is not samba or WinNT Server, then WINS server fails for this query: nmblookup -U wins_server_ip -R name#1b even with ' '. When i query workgroup (domain), where samba (as master browser) or WinNT Server exists, then response is the ip_address of master browser computer. Is this my theory o.k.? O.H. On Sat, 11 Mar 2000 tschweikle@FIDUCIA.de wrote: > > hanak@IRIS.osu.cz: > > > I must correct this: > > nmblookup -U wins_server_ip -R name works fine. > > But i can't still do this: > > nmblookup -U wins_server_ip -R mygroup#1b -> no answer for workgroup. > > This works. But you forgott to encapsulate mygroup#1b within ' > > nmblookup -U wins_server_ip -R 'mygroup#1b' > > > -- > From lkcl at samba.org Fri Mar 10 18:25:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:59 2003 Subject: simple nt client question resolved and 2nd question Message-ID: hi, if you can provide me with a test case that shows that nt workstation (stand-alone) does not need DOMAIN\user but can just have user to access shares, i will change the default behaviour to change the domain name from WORKSTATION\user to SAMBADOMAIN\user, otherwise, it stays as-is. [an nt workstation (stand-alone), when you do not specify a domain name, specifies a domain name of ITSOWNWORKSTATION]. From jasonjensen at home.com Fri Mar 10 20:43:26 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:28:59 2003 Subject: smbd? Message-ID: <000501bf8ad1$48ccea10$0201a8c0@jason> Is it possible to use the regular SMBD instead of the TNG one with TNG? From jasonjensen at home.com Fri Mar 10 20:50:03 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:28:59 2003 Subject: Pizza Bribe.. Message-ID: <000501bf8ad2$357f3e80$0201a8c0@jason> The bribe with the pizza is still there once the printer works :) From lkcl at samba.org Sat Mar 11 00:25:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:59 2003 Subject: [samba-tng] "invalid users = root" causes tng to fail. Message-ID: if you add this to the global section, or if you do not have "valid users = root ....", TNG at present will FAIL to operate. i will investigate this and find a solution. in the mean-time, _copy_ each "valid users" / "invalid users" set into each [share], ok? i realise this is a pain, and it probably explains a lot of the "it works for him but not for me" issues. which brings us to another possible approach to debug these TNG issues: keep the smb.conf _really_ simple, and expand upwards from there. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From karl at Denninger.Net Sat Mar 11 00:42:37 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:59 2003 Subject: [samba-tng] "invalid users = root" causes tng to fail. In-Reply-To: ; from Luke Kenneth Casson Leighton on Sat, Mar 11, 2000 at 11:28:19AM +1100 References: Message-ID: <20000310184237.A43104@Denninger.Net> "valid users = root" does NOT have to be there. Its NOT in my smb.conf, and TNG now DOES work. However, the "invalid users = root" line in the global section WILL screw you. That's what was screwing me (Luke and I finally figured it out). BTW, Win98 is quite slow (delays of ~10 seconds or so) validating against TNG. Win2k is almost immediate. Win98 is NOT slow validating against 2.0.6. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Sat, Mar 11, 2000 at 11:28:19AM +1100, Luke Kenneth Casson Leighton wrote: > if you add this to the global section, or if you do not have "valid users > = root ....", TNG at present will FAIL to operate. > > i will investigate this and find a solution. in the mean-time, _copy_ > each "valid users" / "invalid users" set into each [share], ok? > > i realise this is a pain, and it probably explains a lot of the "it works > for him but not for me" issues. > > which brings us to another possible approach to debug these TNG issues: > keep the smb.conf _really_ simple, and expand upwards from there. > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sat Mar 11 00:48:31 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:59 2003 Subject: [samba-tng] "invalid users = root" causes tng to fail. In-Reply-To: <20000310184237.A43104@Denninger.Net> Message-ID: On Fri, 10 Mar 2000, Karl Denninger wrote: > "valid users = root" does NOT have to be there. correct. actually, what i've done, because it's become_vuser() and only used in dce/rpc daemons, is to disable check_vuser_ok() which means that valid users and invalid users doesn't apply to the msrpc services, any more. if anyone _really_ wants to be able to deny or permit access to msrpc services, let me know, and i'll arrange something. the ultimate intention is to have security descriptors on a per-pipe basis, allowing a clear, fine-grained access control that will have sensible defaults such as, allow all access to everyone anonymously (just like nt) except to \PIPE\winreg and \PIPE\svcctl, which will have user-only-access and administrator-only-access or some-such. > Its NOT in my smb.conf, and TNG now DOES work. > > However, the "invalid users = root" line in the global section WILL screw > you. That's what was screwing me (Luke and I finally figured it out). thx 4 help, karl! > BTW, Win98 is quite slow (delays of ~10 seconds or so) validating against > TNG. Win2k is almost immediate. Win98 is NOT slow validating against > 2.0.6. interesting. i wonder if that's possibly because win95 only sends a LM#, which is tried as an NT# first and _then_ a LM#, which will be _two_ calls to domain_client_validate, which will be _two_ loopback connection attempts to \PIPE\NETLOGON. hmmm. From lynn at cis.usouthal.edu Sat Mar 11 01:10:03 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:59 2003 Subject: Auditin NT Logins In-Reply-To: <38C69B95.86837279@lmco.com> Message-ID: One way I'm experimenting with is to use the preexec and postexec options in smb.conf. On Thu, 9 Mar 2000, JONATHAN W MINER wrote: > Hello- > > I'm using samba-2.0.6 on a Solaris 2.5.1 server. Is there any way to > log NT logins in the same manner that UNIX logins are logged? Example: > sucessfull logins get logged to wtmp, and unsucessfull login attempts > get logged to syslog? Thanks for any insite to this problem. > > -- > Jonathan Miner - Lockheed Martin EIS/SAI > LM-Xpress: jonathan.w.miner@lmco.com > Phone: 603 885 UNIX - Fax: 603 885 3850 > USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 > > > From karl at Denninger.Net Sat Mar 11 01:15:30 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:59 2003 Subject: [samba-tng] "invalid users = root" causes tng to fail. In-Reply-To: ; from Luke Kenneth Casson Leighton on Sat, Mar 11, 2000 at 11:48:31AM +1100 References: <20000310184237.A43104@Denninger.Net> Message-ID: <20000310191530.A43266@Denninger.Net> On Sat, Mar 11, 2000 at 11:48:31AM +1100, Luke Kenneth Casson Leighton wrote: > On Fri, 10 Mar 2000, Karl Denninger wrote: > > > "valid users = root" does NOT have to be there. > > correct. actually, what i've done, because it's become_vuser() and only > used in dce/rpc daemons, is to disable check_vuser_ok() which means that > valid users and invalid users doesn't apply to the msrpc services, any > more. > > if anyone _really_ wants to be able to deny or permit access to msrpc > services, let me know, and i'll arrange something. Isn't there a potential problem if you can do msrpc things in general? > the ultimate intention is to have security descriptors on a per-pipe > basis, allowing a clear, fine-grained access control that will have > sensible defaults such as, allow all access to everyone anonymously (just > like nt) except to \PIPE\winreg and \PIPE\svcctl, which will have > user-only-access and administrator-only-access or some-such. > > > Its NOT in my smb.conf, and TNG now DOES work. > > > > However, the "invalid users = root" line in the global section WILL screw > > you. That's what was screwing me (Luke and I finally figured it out). > > thx 4 help, karl! > > > BTW, Win98 is quite slow (delays of ~10 seconds or so) validating against > > TNG. Win2k is almost immediate. Win98 is NOT slow validating against > > 2.0.6. > > interesting. i wonder if that's possibly because win95 only sends a LM#, > which is tried as an NT# first and _then_ a LM#, which will be _two_ calls > to domain_client_validate, which will be _two_ loopback connection > attempts to \PIPE\NETLOGON. > > hmmm. Possibly, yes. The time delay is VERY noticable. It *does* log in, but you may think it has hung up while waiting. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From lkcl at samba.org Sat Mar 11 01:32:38 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:59 2003 Subject: samba-tng-alpha-0.14.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha and mirror sites. finally resolved some of the niggling issues that have kept tng from working: in particular, thanks to karl denninger for helping track down "invalid users = root" in the [global] section which stops root from being able to access anything, including being able to add user accounts! tng is now back where it was about 6 weeks ago: - logins work - file access works - profiles work (i believe) on nt4 and 95. - printing doesn't - profiles on nt5 are dubious - browsing on nt5 doesn't work, this i believe is due to nt5 issuing new, undocumented browsing dce/rpc calls which we know exist but do not know about. - a stand-alone workstation (member of a workgroup) MUST specify net use \\samba-tng\share /user:TNG-DOMAIN-NAME\username and this i believe to also be the case even when accessing an nt pdc, so i'm not going to make an exception for this unless someone demonstrates that i am wrong about this. thx, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sat Mar 11 01:34:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:59 2003 Subject: [samba-tng] "invalid users = root" causes tng to fail. In-Reply-To: <20000310191530.A43266@Denninger.Net> Message-ID: On Fri, 10 Mar 2000, Karl Denninger wrote: > On Sat, Mar 11, 2000 at 11:48:31AM +1100, Luke Kenneth Casson Leighton wrote: > > On Fri, 10 Mar 2000, Karl Denninger wrote: > > > > > "valid users = root" does NOT have to be there. > > > > correct. actually, what i've done, because it's become_vuser() and only > > used in dce/rpc daemons, is to disable check_vuser_ok() which means that > > valid users and invalid users doesn't apply to the msrpc services, any > > more. > > > > if anyone _really_ wants to be able to deny or permit access to msrpc > > services, let me know, and i'll arrange something. > > Isn't there a potential problem if you can do msrpc things in general? it's a long story, karl. pipes themselves are the "first line of defence". from thereon, it's a per-function permission issue, on a case-by-case basis. From peter at cadcamlab.org Sat Mar 11 07:48:49 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:28:59 2003 Subject: Auditin NT Logins References: <38C69B95.86837279@lmco.com> Message-ID: <14537.63775.705928.888492@wire.cadcamlab.org> [Jonathan W Miner] > I'm using samba-2.0.6 on a Solaris 2.5.1 server. Is there any way to > log NT logins in the same manner that UNIX logins are logged? 2.0.7, when it is released, will have support for the `utmpx' variant of utmp/wtmp. Assuming Solaris uses `utmpx', which I don't remember (I haven't used Solaris since 1994), this sounds like what you want. If you want to try it out and see, 2.0.7pre1 is out already. I don't know about logging unsuccessful logins to syslog -- whether this would even be a good idea. Windows machines often try two different sets of credentials in what is eventually a successful login, so you could get a *lot* of false positives). I don't know the details of this -- which clients do this or why. Peter From sharpe at ns.aus.com Sat Mar 11 09:09:02 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:59 2003 Subject: Auditin NT Logins In-Reply-To: <14537.63775.705928.888492@wire.cadcamlab.org> References: <38C69B95.86837279@lmco.com> Message-ID: <3.0.6.32.20000311190902.0087f960@203.16.214.248> At 06:51 PM 3/11/00 +1100, Peter Samuelson wrote: > >[Jonathan W Miner] >> I'm using samba-2.0.6 on a Solaris 2.5.1 server. Is there any way to >> log NT logins in the same manner that UNIX logins are logged? > >2.0.7, when it is released, will have support for the `utmpx' variant >of utmp/wtmp. Assuming Solaris uses `utmpx', which I don't remember (I >haven't used Solaris since 1994), this sounds like what you want. If >you want to try it out and see, 2.0.7pre1 is out already. > >I don't know about logging unsuccessful logins to syslog -- whether >this would even be a good idea. Windows machines often try two >different sets of credentials in what is eventually a successful login, >so you could get a *lot* of false positives). I don't know the details >of this -- which clients do this or why. Hmmm, I have seen a lot of traces of Windows machines trying to log in, and I have seen the following: 1. When browsing, NT will often log in with a null account and password, or an invalid set of credentials, but Samba maps bad credentials on the IPC$ share to guest. 2. Some early Win95 versions would convert the user's password to upper case before submitting it. However, this can be handled by 'password level = 4' or some other value. 3. Windows clients that insist on sending encrypted passwords. I would be really interested in Windows clients that try with multiple sets of credentials other than the above examples. Got a book to finish, you see :-) >Peter > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From sean at compu-aid.com Sat Mar 11 18:36:39 2000 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:28:59 2003 Subject: NT 4 in domain won't allow login Message-ID: I have finally gotten around to installing TNG. I am trying to get NT to login to my TNG PDC but am having some difficulty. I currently have two user accounts and one machine account. They are in /etc/passwd and smbpasswd. I (apparently) successfully joined the domain from NT. At the login box I try logging in as root or the other user and I get the message: "The local policy of this system does not permit you to logon interactively" I load up the User Manager for Domains and try to select my domain and get "The specified network password is not correct." Which password is that? My machine account password? I feel that there is some option I could grant to the domain users in order to let them login if I could get into the User Manager. It *has* worked before but it's been sporratic and I'm not sure what I do to get it to actually talk to the PDC. I scanned the archives and I don't seem the be the only one with similar problems but OTOH, I didn't see any solutions. Any help would be greatly appreciated. Thanks Sean BTW: The TNG version I'm using was obtained from CVS about 4 hours ago. ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From cristianv at zeropiu.it Sun Mar 12 14:01:46 2000 From: cristianv at zeropiu.it (Christian Verdelli) Date: Tue Dec 2 02:28:59 2003 Subject: Ldap Problem Message-ID: <122c1affbf786af.bf786af122c1aff@apollo.zeropiu.it> I have download SAMBA_TNG for my linux REDHAT 5.2 box , but running the configure script with the option --with-ldap it bombs whit : checking configure summary: configure: error: summary failure . Aborting config. I Have netscape directory server 4.xx, and I think it's a library problem. If so what libraries are needed and where I can specify the path ? From jasonjensen at home.com Sun Mar 12 20:57:25 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:28:59 2003 Subject: tell me what i gotta do.. Message-ID: <001501bf8c65$922e5a00$0201a8c0@jason> What ever it takes to help you get the printer work.. will do.. just let me know how i can help.. (i can program c++ but have never messed around in linux..) -Temper From karl at Denninger.Net Sun Mar 12 21:16:35 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:59 2003 Subject: tell me what i gotta do.. In-Reply-To: <001501bf8c65$922e5a00$0201a8c0@jason>; from Jason Jensen on Mon, Mar 13, 2000 at 07:56:08AM +1100 References: <001501bf8c65$922e5a00$0201a8c0@jason> Message-ID: <20000312151635.A52871@Denninger.Net> Printers work fine for me in TNG.... I can print to a printer attached to a TNG server from a Win98 and Win2k machine.... no longer have any NT machines to test against, but have no reason to believe that wouldn't work too. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Mon, Mar 13, 2000 at 07:56:08AM +1100, Jason Jensen wrote: > What ever it takes to help you get the printer work.. will do.. just let me > know how i can help.. (i can program c++ but have never messed around in > linux..) > > -Temper > From vs at lasp.npi.msu.su Mon Mar 13 00:41:37 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:59 2003 Subject: tell me what i gotta do.. In-Reply-To: <20000312151635.A52871@Denninger.Net> Message-ID: On Mon, 13 Mar 2000, Karl Denninger wrote: > Printers work fine for me in TNG.... > > I can print to a printer attached to a TNG server from a Win98 and > Win2k machine.... no longer have any NT machines to test against, but > have no reason to believe that wouldn't work too. TNG printing is broken. How do You get it working? From karl at Denninger.Net Mon Mar 13 00:44:49 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:59 2003 Subject: tell me what i gotta do.. In-Reply-To: ; from Vladimir Stavrinov on Mon, Mar 13, 2000 at 03:41:37AM +0300 References: <20000312151635.A52871@Denninger.Net> Message-ID: <20000312184449.A53991@Denninger.Net> On Mon, Mar 13, 2000 at 03:41:37AM +0300, Vladimir Stavrinov wrote: > On Mon, 13 Mar 2000, Karl Denninger wrote: > > > Printers work fine for me in TNG.... > > > > I can print to a printer attached to a TNG server from a Win98 and > > Win2k machine.... no longer have any NT machines to test against, but > > have no reason to believe that wouldn't work too. > > TNG printing is broken. How do You get it working? No its not. I didn't change a thing in the 2.0.6 smb.conf file's printer section when I loaded TNG. Picks up and uses the Unix printers just fine. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From vs at lasp.npi.msu.su Mon Mar 13 00:55:49 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:59 2003 Subject: tell me what i gotta do.. In-Reply-To: <20000312184449.A53991@Denninger.Net> Message-ID: On Sun, 12 Mar 2000, Karl Denninger wrote: > On Mon, Mar 13, 2000 at 03:41:37AM +0300, Vladimir Stavrinov wrote: > > On Mon, 13 Mar 2000, Karl Denninger wrote: > > > Printers work fine > for me in TNG.... > TNG printing is broken. How do You get it working? > > No its not. I didn't change a thing in the 2.0.6 smb.conf file's > printer section when I loaded TNG. Picks up and uses the Unix > printers just fine. > There are lot of messages about broken printing in the list, but You are first who report success. From karl at Denninger.Net Mon Mar 13 01:03:49 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:28:59 2003 Subject: tell me what i gotta do.. In-Reply-To: ; from Vladimir Stavrinov on Mon, Mar 13, 2000 at 03:55:49AM +0300 References: <20000312184449.A53991@Denninger.Net> Message-ID: <20000312190349.A54144@Denninger.Net> On Mon, Mar 13, 2000 at 03:55:49AM +0300, Vladimir Stavrinov wrote: > On Sun, 12 Mar 2000, Karl Denninger wrote: > > > On Mon, Mar 13, 2000 at 03:41:37AM +0300, Vladimir Stavrinov wrote: > > > On Mon, 13 Mar 2000, Karl Denninger wrote: > > > Printers work fine > > for me in TNG.... > TNG printing is broken. How do You get it working? > > > > No its not. I didn't change a thing in the 2.0.6 smb.conf file's > > printer section when I loaded TNG. Picks up and uses the Unix > > printers just fine. > > > There are lot of messages about broken printing in the list, but You are > first who report success. That may be true (the other reports), but I've never had trouble with it under TNG. I can't browse for them in TNG (I can in 2.0.6), but I can connect to a printer as long as I know its name. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From p.grimmerink at home.nl Mon Mar 13 10:52:28 2000 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:28:59 2003 Subject: tng-0.14 & administrator login Message-ID: I tried to install samba-tng-0.14 this weekend, it's getting better than the previous versions, but I could no longer log in as administrator (samba user, no special rights in the domain) I tried this on NT4.0 (log in as local administrator worked fine, administrator as domain user would not allow me to log in (password did not match)) On win9x this also happened. In the log.smb file, I noticed that smbd also thought the password did not match. Best regards, Pieter From Frank.Wiegerinck at cs.utwente.nl Mon Mar 13 10:53:46 2000 From: Frank.Wiegerinck at cs.utwente.nl (Frank Wiegerinck (Faculteit)) Date: Tue Dec 2 02:28:59 2003 Subject: Networkprinter Message-ID: <002d01bf8cda$681b1df0$2001a8c0@student.utwente.nl> Has anyone managed it to get a networkprinter working under Samba TNG er Samba 2.0.6?? Frank Wiegerinck -------------- next part -------------- HTML attachment scrubbed and removed From lk at netuse.de Mon Mar 13 11:28:25 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:59 2003 Subject: Latest cvs(make proto) Message-ID: <38CCD0D9.7FEA7819@netuse.de> Hello! The latest cvs only compiles if you do a "make proto", before make. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From hanak at IRIS.osu.cz Mon Mar 13 12:23:45 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:28:59 2003 Subject: Local login restriction Message-ID: Hi, can anybody give any tips how restrict users from login to local? For example when connection with PDC (SAMBA 2.1 pre) failed. But it seems, that new user (without profile on server) without password or bad password (it's the same) can logon to local. We can see dialog that "connection is slow..." Can anybody explain this? Thaks folks. O.H. From Jean-Francois.Micouleau at dalalu.fr Mon Mar 13 13:17:07 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:28:59 2003 Subject: Latest cvs(make proto) In-Reply-To: <38CCD0D9.7FEA7819@netuse.de> Message-ID: On Mon, 13 Mar 2000, Lars Kneschke wrote: > The latest cvs only compiles if you do a "make proto", before > make. which branch ? From gerhard.schaller at kuester.net Mon Mar 13 14:16:27 2000 From: gerhard.schaller at kuester.net (Gerhard Schaller) Date: Tue Dec 2 02:28:59 2003 Subject: Samba-Server as a domain-member Message-ID: I read several times on the Samba-webpages, that Samba does not act as a BDC. Strange to say my Samba server is displayed as BDC in the server manager of the PDC. I cannot explain this myself. Is there anybody, who has a tip for me? Thanks, G. Schaller From lk at netuse.de Mon Mar 13 14:52:22 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:59 2003 Subject: Latest cvs(make proto) References: Message-ID: <38CD00A6.569AC957@netuse.de> Jean Francois Micouleau wrote: > > On Mon, 13 Mar 2000, Lars Kneschke wrote: > > > The latest cvs only compiles if you do a "make proto", before > > make. > > which branch ? -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Mon Mar 13 14:52:38 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:28:59 2003 Subject: Latest cvs(make proto) References: Message-ID: <38CD00B6.9C29355F@netuse.de> Jean Francois Micouleau wrote: > > On Mon, 13 Mar 2000, Lars Kneschke wrote: > > > The latest cvs only compiles if you do a "make proto", before > > make. > > which branch ? TNG -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From agalinot at kast-telecom.com Mon Mar 13 15:11:23 2000 From: agalinot at kast-telecom.com (Aubin Galinotti) Date: Tue Dec 2 02:28:59 2003 Subject: Ldap Problem References: <122c1affbf786af.bf786af122c1aff@apollo.zeropiu.it> Message-ID: <38CD051B.97D4BAFD@kast-telecom.com> Christian Verdelli wrote: > I have download SAMBA_TNG for my linux REDHAT 5.2 box , but > running the configure script with the option --with-ldap > it bombs whit : > > checking configure summary: > configure: error: summary failure . Aborting config. I had the same problem ... I have 2 computers, on one of them the configure works well -with ldap) one the other I have the same error you have when using the --with-ldap flag the 2 computer are the same model, with the same OS but on the first one openldap is installed ... and not on the second one I think that a devel distrib of onpenldap exists try installing it and it should work Aubin "NoxIn" Galinotti Kast - Telecom From Franz at hanau.ihk.de Mon Mar 13 15:16:39 2000 From: Franz at hanau.ihk.de (Franz, Michael IHKHAN) Date: Tue Dec 2 02:28:59 2003 Subject: workstation login in domain failed Message-ID: <7959C52B7B44D1119CB500A0C9430A4E8DFD12@smssvr.frankfurt-main.ihk.de> Hello, I have a real big problem (imho) but I?m shure you can help me ;-) On 08.03.2000 I have downloaded the latest TNG-code from CVS - then my journey begins. Many downloads later I get the following problems: when I try to login to the domain I get the error-message : "The trust relaitionship between this workstation and the primary domain failed" on an other machine I get : "...can?t login to domain ... password of this machine is wrong..." (or a kind of that - I had to translate from german in english) Both machines with NT 4.0 SP 5 and SP 6a in my log-files I always found : socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused ERROR: setgroups call failed! or remove on /usr/local/samba/var/locks/.msrpc/XXXXX failed I get the same error-message (socket connect...) when I start RPCCLIENT ... Please, who can help ? Michael Franz BTW: in the latest CVS-update (15 minutes ago) rpcclient won?t work is this a bug or a feature ;-) From jphollan at earthlink.net Mon Mar 13 15:14:43 2000 From: jphollan at earthlink.net (Jason Holland) Date: Tue Dec 2 02:28:59 2003 Subject: Ldap Problem In-Reply-To: <38CD051B.97D4BAFD@kast-telecom.com> Message-ID: <000201bf8cfe$dc11d040$0264a8c0@mickey.earthlink.net> Are you using the TNG Branch? Or the main samba 2.0x branch? It was my understanding that LDAP was not yet functional in samba TNG yet. Jason ]- Christian Verdelli wrote: ]- ]- > I have download SAMBA_TNG for my linux REDHAT 5.2 box , but ]- > running the configure script with the option --with-ldap ]- > it bombs whit : ]- > ]- > checking configure summary: ]- > configure: error: summary failure . Aborting config. ]- ]- I had the same problem ... ]- I have 2 computers, on one of them the configure works well -with ldap) ]- one the other I have the same error you have when using the --with-ldap ]- flag ]- ]- the 2 computer are the same model, with the same OS ]- but on the first one openldap is installed ... and not on the second one ]- ]- I think that a devel distrib of onpenldap exists try installing it and ]- it should work ]- ]- Aubin "NoxIn" Galinotti ]- Kast - Telecom From keithd at zartis.com Mon Mar 13 15:29:02 2000 From: keithd at zartis.com (Keith Davey) Date: Tue Dec 2 02:28:59 2003 Subject: NT4 Client login References: <122c1affbf786af.bf786af122c1aff@apollo.zeropiu.it> <38CD051B.97D4BAFD@kast-telecom.com> Message-ID: <38CD093E.1B2B8C0E@zartis.com> Hi, If anyone has found out how to log NT4 clients onto a Samba-tng PDC can they post a blow by blow account of how to do it. I've just done a cvs pull and its still not working. Should security be USER or DOMAIN? Keith. From JJones at nwnets.com Mon Mar 13 15:25:23 2000 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:28:59 2003 Subject: Ldap Problem Message-ID: <4128C0428F94D3118F1E00902773CED201B4A5@NNSBOIS1> Hey all, You may need to re-config OpenLDAP. I just worked out this problem myself over the weekend. Get the OpenLDAP source and ./configure --enable-shared. The shared libs are not enabled by default when you configure OpenLDAP 1.2.9--and I'm not sure about other versions. This solved the same problem for me. Jeremy Jones NNS mailto:jjones@nwnets.com -----Original Message----- From: Jason Holland [mailto:jphollan@earthlink.net] Sent: Monday, March 13, 2000 8:23 AM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: Ldap Problem Are you using the TNG Branch? Or the main samba 2.0x branch? It was my understanding that LDAP was not yet functional in samba TNG yet. Jason ]- Christian Verdelli wrote: ]- ]- > I have download SAMBA_TNG for my linux REDHAT 5.2 box , but ]- > running the configure script with the option --with-ldap ]- > it bombs whit : ]- > ]- > checking configure summary: ]- > configure: error: summary failure . Aborting config. ]- ]- I had the same problem ... ]- I have 2 computers, on one of them the configure works well -with ldap) ]- one the other I have the same error you have when using the --with-ldap ]- flag ]- ]- the 2 computer are the same model, with the same OS ]- but on the first one openldap is installed ... and not on the second one ]- ]- I think that a devel distrib of onpenldap exists try installing it and ]- it should work ]- ]- Aubin "NoxIn" Galinotti ]- Kast - Telecom From JJones at nwnets.com Mon Mar 13 15:27:42 2000 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:28:59 2003 Subject: Ldap Problem Message-ID: <4128C0428F94D3118F1E00902773CED201B4A6@NNSBOIS1> Sorry, didn't notice you were using Netscape DS. That I can't help with... Jeremy -----Original Message----- I have download SAMBA_TNG for my linux REDHAT 5.2 box , but running the configure script with the option --with-ldap it bombs whit : checking configure summary: configure: error: summary failure . Aborting config. I Have netscape directory server 4.xx, and I think it's a library problem. If so what libraries are needed and where I can specify the path ? From IJamison at iss-dsp.com Mon Mar 13 15:53:18 2000 From: IJamison at iss-dsp.com (Ian Jamison) Date: Tue Dec 2 02:28:59 2003 Subject: Which versions to use? Message-ID: <38CD0EEE.A9561CD7@iss-dsp.com> Apologies if this is a FAQ. I've been away from the list for a while... What's agood mix to use for reasonably stable file & domain serving? I've got this... samba-2_0_7pre1_tar.gz for the file server and samba-tng-alpha_0_14_tar.gz for the login server. Is this OK, or would I be better with 2.0.6 for the fileserver? Or do I still need two versions? Has the big merge happened while I've been away? 'Bye, IanJ. ------------------------------------------------------------ Integrated Silicon Systems Ltd. Tel: +44 28 90 50 4000 50 Malone Road Fax: +44 28 90 50 4002 Belfast BT9 5BS Web: www.iss-dsp.com From snail_talk at yahoo.com Mon Mar 13 16:14:26 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:28:59 2003 Subject: NT4 Client login In-Reply-To: <38CD093E.1B2B8C0E@zartis.com> Message-ID: <000001bf8d07$33c2b8b0$0200000a@workstation1> hi, if you want samba to be your pdc server, it should be server. if you have another pdc server in the domain, such as an NT pdc server, then it sholuld be set at security=domain. should someone make a small and simple faq on how to do stuff wiht samba tng, such as how to join the domain, how to get NT to join the domain, etc? > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Keith Davey > Sent: Monday, March 13, 2000 11:25 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: NT4 Client login > > > Hi, > > > If anyone has found out how to log NT4 clients onto a Samba-tng > PDC can they > post a blow by blow account of how to do it. I've just done a cvs pull and > its still not working. > > Should security be USER or DOMAIN? > > > Keith. > From keithd at zartis.com Mon Mar 13 16:32:36 2000 From: keithd at zartis.com (Keith Davey) Date: Tue Dec 2 02:29:00 2003 Subject: NT4 Client login References: <000001bf8d07$33c2b8b0$0200000a@workstation1> Message-ID: <38CD1824.3809E8CE@zartis.com> geoffrey lee wrote: > hi, > > if you want samba to be your pdc server, it should be server. Do mean security = server or security = user? > > > if you have another pdc server in the domain, such as an NT pdc server, then > it sholuld be set at security=domain. > > should someone make a small and simple faq on how to do stuff wiht samba > tng, such as how to join the domain, how to get NT to join the domain, etc? > That would be great, I know there is some information but its getting rapidly out of date. I would be happy to some documentation. If anyone else wants to help we could try and keep up to date with the code. > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Keith Davey > > Sent: Monday, March 13, 2000 11:25 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: NT4 Client login > > > > > > Hi, > > > > > > If anyone has found out how to log NT4 clients onto a Samba-tng > > PDC can they > > post a blow by blow account of how to do it. I've just done a cvs pull and > > its still not working. > > > > Should security be USER or DOMAIN? > > > > > > Keith. > > -- Keith Davey Chief Technical Officer _____________________ Zartis.com 3015 Lake Drive National Digital Park Citywest Dublin 24 Ph: +353 1 4038470 Fax: +353 1 4661002 Web: www.zartis.com From jffolliott at home.com Mon Mar 13 16:44:16 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:00 2003 Subject: NT4 Client login In-Reply-To: <38CD093E.1B2B8C0E@zartis.com> Message-ID: Yes it works again in TNG Alpha 0.14. Grab the source from mirrors or ftp://samba.org/pub/linux/alpha And follow the TNG FAQ at, http://www.kneschke.de/projekte/samba_tng/ cheers, Jamie > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Keith Davey > Sent: March 13, 2000 10:26 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: NT4 Client login > > > Hi, > > > If anyone has found out how to log NT4 clients onto a Samba-tng > PDC can they > post a blow by blow account of how to do it. I've just done a cvs pull and > its still not working. > > Should security be USER or DOMAIN? > > > Keith. > > From mbreuer at siac.com Mon Mar 13 17:09:55 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:00 2003 Subject: TNG 0.14 - Administrator/Domain Admin/profile issues... Message-ID: <38CD20E3.FE85D9B3@siac.com> 1) I can't run usrmgr: As myself (in Administrators and Domain Admin) group: invalid password (even though I'm already logged into the domain. The log files confirm that samba rejects the password (I believe someone else has also reported this). As "root" I get a "overlapped I/O" message. (Unless I log in as root first, in which case I just get "access denied.") As "Administrator" I get "The stub received bad data." [Note: this is also true when I attempt to log on from W2K to the domain as "Administrator."] 2) Does anyone know how to configure group domain policy using Samba TNG? Specifically, when I log into the domain from a laptop (running W2K) which is offline, I'm told I can't access the domain... period. When I connect the laptop to a W2K PDC, I am able to log in to the domain and use my cached profile when the network is disconnected. I assume that there is a setting for this at thedomain level, but I haven't a) found it and b) know where to put it if I did. 3) The above aside, TNG 14 is a vast improvement. Profiles are now working correctly (for me) and speed seems improved. From lkcl at samba.org Mon Mar 13 18:57:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:00 2003 Subject: patch (fwd) Message-ID: hi, pleases could people review and try out this patch and let me know if it breaks your system or not. the last patch of this type (for irix) i applied it broke aix, redhat linux and a few others. thank you, and thanks to michael breuer for the patch. -------------- next part -------------- diff -c -r samba-tng-alpha.0.14/source/Makefile.in samba-tng-alpha.0.14.IRIX.PATCH/source/Makefile.in *** samba-tng-alpha.0.14/source/Makefile.in Fri Mar 10 15:02:00 2000 --- samba-tng-alpha.0.14.IRIX.PATCH/source/Makefile.in Mon Mar 13 09:07:24 2000 *************** *** 441,447 **** nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o NMBD_OBJ = $(NMBD_OBJ1) ! NMBD_LIBS = $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(UBIQXLIB) $(RPC_PARSE_OBJ2) SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ web/swat.o libsmb/passchange.o $(LOCKING_OBJ) \ --- 441,447 ---- nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o NMBD_OBJ = $(NMBD_OBJ1) ! NMBD_LIBS = $(RPC_PARSE_OBJ2) $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(UBIQXLIB) SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ web/swat.o libsmb/passchange.o $(LOCKING_OBJ) \ *************** *** 605,611 **** smbwrapper/realcalls.o smbwrapper/shared.o CLIENT_OBJ = client/client.o client/clitar.o ! CLIENT_LIBS = $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(RPC_PARSE_OBJ2) MOUNT_OBJ = client/smbmount.o client/clientutil.o \ $(RPC_PARSE_OBJ2) --- 605,611 ---- smbwrapper/realcalls.o smbwrapper/shared.o diff -c -r samba-tng-alpha.0.14/source/configure.in samba-tng-alpha.0.14.IRIX.PATCH/source/configure.in *** samba-tng-alpha.0.14/source/configure.in Fri Mar 10 15:02:14 2000 --- samba-tng-alpha.0.14.IRIX.PATCH/source/configure.in Mon Mar 13 09:05:51 2000 *************** *** 79,84 **** --- 79,94 ---- *aix4*) CPPFLAGS="$CPPFLAGS -D_LARGE_FILES" ;; + # + # Irix needs standards.h to detect netinet + # + *irix*) + AC_CHECK_HEADERS(standards.h, + cat >> confdefs.h < + EOF + ) + ;; esac AC_INLINE From pkennedy at loudcloud.com Mon Mar 13 19:08:37 2000 From: pkennedy at loudcloud.com (Paul Kennedy) Date: Tue Dec 2 02:29:00 2003 Subject: Ldap Problem References: <122c1affbf786af.bf786af122c1aff@apollo.zeropiu.it> Message-ID: <38CD3CB4.D2EA6026@loudcloud.com> I had problems on Friday when running ./configure, it would fail at the step where it was "checking configure summary". But anyway, if using the iPlanet/Netscape C SDK, be aware that the .so is named either libldapssl30.so or libldapssl40.so. As far as I'm aware, the openldap .so's are named libldap.so. So in order to build with the iPlanet/Netscape C SDK, you need to copy libldapssl30.so to /usr/lib, ldap.h and friends to /usr/include, and then you need to modify the configure.in file, replacing the three instances of this line LIBS="$LIBS -lldap -llber" with this line LIBS="$LIBS -lldapssl40 -lpthread" Then run ./configure --with-ldap etc. Pk. Christian Verdelli wrote: > I have download SAMBA_TNG for my linux REDHAT 5.2 box , but > running the configure script with the option --with-ldap > it bombs whit : > > checking configure summary: > configure: error: summary failure . Aborting config. > > I Have netscape directory server 4.xx, and I think it's a library > problem. > If so what libraries are needed and where I can specify the path ? From jffolliott at home.com Mon Mar 13 17:30:49 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:00 2003 Subject: domain admin in tng-alpha0.14 Message-ID: With this config for a Domain Administrator, localgroup.map: wheel=BUILTIN\Administrators domainuser.map: adm="Domain Admins" root=Administrator (as per the ntdom faq) I login as 'root', and NT generates the roaming profile as if I were the 'root' user (stored in winnt\profiles\root). ctrl-alt-del shows that I'm logged in as root. On the start menu, it shows "Log off Administrator". When I logout, samba saves the roaming profile to /home/profiles/Administrator. Is there any way to fool NT into thinking that I'm really the "Administrator" ? More importantly, I don't get local Administrative rights with the above config, so the BUILTIN\Administrators group doesn't seem to be effective. Has the configuration changed, or do you want some level 100 logs Luke? Jamie From jffolliott at home.com Mon Mar 13 17:29:06 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:00 2003 Subject: roaming profiles in tng-alpha0.14 Message-ID: Hi, Here's my success with roaming profiles, with NT4 SP5 client and tng-alpha0.14 server. They're basically working in general but still some rough edges. If anyone understands some more details, could you toss in your comments? - user1 first logs in, gets the roaming profile. After logout, the 'profiles' share is left open for a period of time and all other shares are closed (home, netlogon & others). - user1 logs in 2nd time, roaming profile loads, and smbstatus shows the old profiles share is still open on the same PID from the first login along with the regular shares that were opened again on this PID. After logout, both the profiles and netlogon shares are left open on this PID. I've noticed this is the place where roaming profiles usually break down the next time a user logs in from this machine. - user2 logs in for the first time, and smbstatus shows the regular shares open along with profiles and netlogon all using the same old PID, but profiles and netlogon are still open as user1 and the rest of the shares are open as user2. user2 logs out and leaves only the profiles share open as user1. * I think there's been a lot of discussion before about the netlogon share that is left open, and it's been explained to be a client bug and not a problem with Samba per se, however NT Server somehow deals with it. - user2 logs back in and waits awhile (anytime over 10 mins and 15 secs), then logs out. On the logout, user2 has regained the profiles share under a new PID and left it open. After a while of idleness (again about 10mins) samba-tng has closed the profiles share that user2 had left open. I have no idea why the timing is important, but this is always reproducible. * why does these shares close after 10 minutes, and why does it not happen instead when the user who opened them logs out? It seems what happens on networks with more users/workstations, that over time users start to 'lose' their roaming profile and I've noticed this happens when the netlogon and profiles shares are left open by the previous user. NT complains on login that it was unable to retrieve the profile and creates a new one from the default profile. You see the new roaming profile named winnt\profiles\user1.001 on the client. I'm guessing that maybe a different smbd PID is handling the new share connections than the one that currently holds the old netlogon and profiles shares that were left open, however most of my experience with this problem was with samba HEAD from a year ago (march 1999). So how do you make sense of this? I propose one solution that smbd (or netlogond?) should close connections to any open shares when samba receives a new logon request from a different user coming from the same machine (ie. check uid and machine and IP of any open connections). Or end the smbd PID that maintains those connections if new connections are opened (from the same machine) on a different smbd PID. Closing shares shouldn't pose a problem for NT since it just reopens them as needed (not sure how win95 handles this, but the proposed solution could give exception to win9x logins and leave them open). Some other weirdness.. - with level 100 logs turned on, some new messages pop up probably because samba is slowed down on my P75 with all the logging ;) On the first login, I get "A slow network connection has been detected" - I select download anyway and the roaming profile works anyway. On logout, it takes over a minute of delay at a blank screen (after network connections are closed). On the next login, I get "A domain controller for your domain could not be found. You will be logged in with cached...". Not sure if this behaviour should be considered a bug, but it could make testing a bit more confusing. I have about 6megs of level 100 logs separated for all the above points - if you'd like them or if you have an idea what I should look for let me know. It's a lot to go through though if I don't know what to look for ;) cheers, Jamie From jffolliott at home.com Mon Mar 13 16:48:22 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:00 2003 Subject: NT4 Client login In-Reply-To: <38CD1824.3809E8CE@zartis.com> Message-ID: > > if you want samba to be your pdc server, it should be server. > > Do mean security = server or security = user? To make samba-tng a PDC, use security = user and a few other settings. See a sample smb.conf at http://www.kneschke.de/projekte/samba_tng/files/pdc.php3 Jamie From lkcl at samba.org Mon Mar 13 21:16:14 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:00 2003 Subject: samba-tng-0.15.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha and mirror sites. thanks to elrond for spotting an issue where groups were not being returned in a login. this is likely to fix some of the profile issues reported, plus an nt login of administrator will allow the expected privileges (right to shut down the box, etc). we're getting there. we've had one report sayin that printing works (but printer browsing doesn't) using an explicit connection to a known printer. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From karl at Denninger.Net Mon Mar 13 21:33:41 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:29:00 2003 Subject: samba-tng-0.15.tar.gz In-Reply-To: ; from Luke Kenneth Casson Leighton on Tue, Mar 14, 2000 at 08:19:31AM +1100 References: Message-ID: <20000313153341.A70365@Denninger.Net> On Tue, Mar 14, 2000 at 08:19:31AM +1100, Luke Kenneth Casson Leighton wrote: > ftp://samba.org/pub/samba/alpha and mirror sites. > > thanks to elrond for spotting an issue where groups were not being > returned in a login. this is likely to fix some of the profile issues > reported, plus an nt login of administrator will allow the expected > privileges (right to shut down the box, etc). > > we're getting there. > > we've had one report sayin that printing works (but printer browsing > doesn't) using an explicit connection to a known printer. > > luke That's me, and it definitely does work. I've printed a couple thousand pages from Microsoft Office and other applications (Quicken, etc) since cutting over to TNG. This is from Win2k; Win98 also works. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From keithd at zartis.com Mon Mar 13 21:49:50 2000 From: keithd at zartis.com (Keith Davey) Date: Tue Dec 2 02:29:00 2003 Subject: NT4 Client login References: Message-ID: <38CD627E.AA970CA1@zartis.com> Yes, I used all the correct settings but I still can't log in NT4 Clients. I'm using a build I made from cvs today. I get the same "the computer account cannot be found on the PDC etc... Have I missed something in the threads of the last few days? Is there a fix for this yet. I've seen several mails saying NT login works again, but not for me. Keith. Jamie ffolliott wrote: > > > if you want samba to be your pdc server, it should be server. > > > > Do mean security = server or security = user? > > To make samba-tng a PDC, use security = user > and a few other settings. > See a sample smb.conf at > http://www.kneschke.de/projekte/samba_tng/files/pdc.php3 > > Jamie -- Keith Davey Chief Technical Officer _____________________ Zartis.com 3015 Lake Drive National Digital Park Citywest Dublin 24 Ph: +353 1 4038470 Fax: +353 1 4661002 Web: www.zartis.com From jasonjensen at home.com Mon Mar 13 21:51:54 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:29:00 2003 Subject: samba-tng-0.15.tar.gz References: <20000313153341.A70365@Denninger.Net> Message-ID: <000b01bf8d36$58c15980$0201a8c0@jason> I wanna know how you do it.. cause mine won't connect ----- Original Message ----- From: "Karl Denninger" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Monday, March 13, 2000 3:40 PM Subject: Re: samba-tng-0.15.tar.gz > On Tue, Mar 14, 2000 at 08:19:31AM +1100, Luke Kenneth Casson Leighton wrote: > > ftp://samba.org/pub/samba/alpha and mirror sites. > > > > thanks to elrond for spotting an issue where groups were not being > > returned in a login. this is likely to fix some of the profile issues > > reported, plus an nt login of administrator will allow the expected > > privileges (right to shut down the box, etc). > > > > we're getting there. > > > > we've had one report sayin that printing works (but printer browsing > > doesn't) using an explicit connection to a known printer. > > > > luke > > That's me, and it definitely does work. I've printed a couple thousand > pages from Microsoft Office and other applications (Quicken, etc) since > cutting over to TNG. > > This is from Win2k; Win98 also works. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > From karl at Denninger.Net Mon Mar 13 21:57:18 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:29:00 2003 Subject: samba-tng-0.15.tar.gz In-Reply-To: <000b01bf8d36$58c15980$0201a8c0@jason>; from Jason Jensen on Mon, Mar 13, 2000 at 03:51:54PM -0600 References: <20000313153341.A70365@Denninger.Net> <000b01bf8d36$58c15980$0201a8c0@jason> Message-ID: <20000313155718.A70737@Denninger.Net> Just put in \\SERVER\printer-name when it asks you for the name of the network printer. Attempting to *browse* for it does NOT work; you get "printers" as a folder, which doesn't have anything in it (and that is VERY different behavior then you get under 2.0.6, which also works) -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Mon, Mar 13, 2000 at 03:51:54PM -0600, Jason Jensen wrote: > I wanna know how you do it.. cause mine won't connect > ----- Original Message ----- > From: "Karl Denninger" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Monday, March 13, 2000 3:40 PM > Subject: Re: samba-tng-0.15.tar.gz > > > > On Tue, Mar 14, 2000 at 08:19:31AM +1100, Luke Kenneth Casson Leighton > wrote: > > > ftp://samba.org/pub/samba/alpha and mirror sites. > > > > > > thanks to elrond for spotting an issue where groups were not being > > > returned in a login. this is likely to fix some of the profile issues > > > reported, plus an nt login of administrator will allow the expected > > > privileges (right to shut down the box, etc). > > > > > > we're getting there. > > > > > > we've had one report sayin that printing works (but printer browsing > > > doesn't) using an explicit connection to a known printer. > > > > > > luke > > > > That's me, and it definitely does work. I've printed a couple thousand > > pages from Microsoft Office and other applications (Quicken, etc) since > > cutting over to TNG. > > > > This is from Win2k; Win98 also works. > > > > -- > > -- > > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > > Isn't it time we started putting KIDS first? See the above URL for > > a plan to do exactly that! > > > From lkcl at samba.org Mon Mar 13 22:51:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:00 2003 Subject: NT4 Client login Message-ID: keith, saying "it doesn't work for me"is never, ever sufficient. please send your smb.conf file to the list, included as traight text inline (ntot an attachment). we'll go from there. please be prepared to follow the debuggin instructions outlined in the FAQ (wich starts ith a rcompile with ./configure/developer). by the way, does anyone know how to stop redhat from switching on this STUPID keyboard assistance which makes ~, 'and " all escape keys? it? really irritating to have to type in quotespace instead. i can't stand it! ??????? argh! Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From jweber at math.cudenver.edu Mon Mar 13 22:56:09 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:29:00 2003 Subject: Help getting started please Message-ID: Hi, I've been watching this list for a week or so and it's all very exciting. I wound up here after reading the O'Reilly book "Using Samba" and got to the section for setting up a PDC with samba. On page 186 it referrs to downloading at least versioon 2.1 to be able to use it with NT clients. I followed the instructions and compiled up whatever I got with the default cvs download command cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba This gave me a smbd that claimed it was version 3.0.0 (smbd -V) and the closest I could get to what the book said was that the NT box said "Unable to update local security to join domain". Is this version 3.0.0 part of the TNG project and I need to follow TNG setup instructions? Is there a cvs command to get a version of somthing that follows the book so I can get started, or is that line of development been dropped in favor of TNG? I've tried to use the cvs command such as cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r BRANCH_1_9_17 samba with different arguments for the -r switch, but I couldn't find what's valid. I'll take any recommendation as to how to get started here. I've successfully gotten basic samba services (file and print shares) up including encrypted passwords with version 2.0.6. I'm busy reading up on NT and windows networking, but I'd like to start from something that I can get some confidence in before I dive into the cutting edge. Thanks, John S. Weber System Administrator Center for Computational Mathematics University of Colorado at Denver Phone: (303)556-5394 Fax: (303)556-8550 jweber@math.cudenver.edu http://www-math.cudenver.edu/~jweber From sean at compu-aid.com Mon Mar 13 23:13:29 2000 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:29:00 2003 Subject: NT 4 login problems Message-ID: I just cvs up'd after the announcement of TNG 0.15 I have an NT4 server installed in standalone server mode which I am effectively using as a workstation just to test TNG. I followed the TNG FAQ, used the sample PDC configuration files there and started Samba. I have test user accounts with passwords in smbpasswd, a machine account, etc. I then joined NT to the domain and Windows said that it went successfully. However, I got the following in log.netlogon: ERROR: setgroups call failed! socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused ERROR: setgroups call failed! socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused ERROR: setgroups call failed! TODO: verify that the rid exists ERROR: setgroups call failed! I thought 0.15 was supposed to fix the "setgroups call failed" message (Which I had been getting earlier too with code checked out Saturday) I also saw this in log.lsarpc which bothered me: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=99, egid=99 _lsa_open_secret failed with 0xc0000022 _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=99, egid=99 _lsa_open_secret failed with 0xc0000022 _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=99, egid=99 _lsa_open_secret failed with 0xc0000022 I'm not sure what this "secret_db" is. I didn't see any mention of it in the TNG FAQ. Then NT booted and I got added in the logfile (without typing anything at NT): to log.lsarpc: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=99, egid=99 _lsa_open_secret failed with 0xc0000022 _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=99, egid=99 _lsa_open_secret failed with 0xc0000022 _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=99, egid=99 _lsa_open_secret failed with 0xc0000022 and to log.netlogon: TODO: verify that the rid exists TODO: verify that the rid exists (which I didn't think were significant) Then I try to logon to the NT domain as my "standard domain user" and I get: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." I checked and the machine account IS listed in the smbpasswd file, so I'm a bit lost. Anyone have any ideas/suggestions on what I might be doing wrong? Thanks. Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From keithd at zartis.com Mon Mar 13 23:23:38 2000 From: keithd at zartis.com (Keith Davey) Date: Tue Dec 2 02:29:00 2003 Subject: NT4 Client login References: Message-ID: <38CD787A.76F7BD78@zartis.com> Ok, Sorry about that. Heres my smb.conf. I'm working fine from win98 and Solaris and other unixes. The PDC is a redhat 6.1 server. The NT machines I have are NT4 SP4. By the way, printing works fine for me. Thanks, Keith. [global] #NetBIOS name isn't needed if it's the same as the hostname netbios name = ALDERAN workgroup = ZARTIS.COM #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /opt/samba-tng/private/domaingroup.map domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\ALDERAN\%U logon path = \\ALDERAN\profile\%U #share all home directories [homes] browseable = yes writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba-tng/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /opt/samba-tng/profile writeable = yes #a public share [public] path = /opt/samba-tng/public browseable = yes public = yes comment = Public share Luke Kenneth Casson Leighton wrote: > keith, saying "it doesn't work for me"is never, ever sufficient. please > send your smb.conf file to the list, included as traight text inline (ntot > an attachment). > > we'll go from there. please be prepared to follow the debuggin > instructions outlined in the FAQ (wich starts ith a rcompile with > /configure/developer). > > by the way, does anyone know how to stop redhat from switching on this > STUPID keyboard assistance which makes ~, 'and " all escape keys? it? > really irritating to have to type in quotespace instead. i can't stand > it! ??????? argh! > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals -- Keith Davey Chief Technical Officer _____________________ Zartis.com 3015 Lake Drive National Digital Park Citywest Dublin 24 Ph: +353 1 4038470 Fax: +353 1 4661002 Web: www.zartis.com From thien at ac.housing.berkeley.edu Tue Mar 14 00:43:11 2000 From: thien at ac.housing.berkeley.edu (Thien Vu) Date: Tue Dec 2 02:29:00 2003 Subject: Beta documentation on Unifying Linux, WindowsNT/98, and Macs Message-ID: I have written up some documentation on how to unify a secured authentication mechanism for Linux, WindowsNT/98 and Macs. Most of this document is written from memory, so it might contain some errors, but for the most part, it should be correct. If you could review it and point out any corrections or improvements, it would be really helpful. Well, let her rip... http://ac.housing.berkeley.edu/~thien/network.html Good luck, Thien Vu Rookie systems administrator =) From peter at cadcamlab.org Tue Mar 14 01:20:36 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:29:00 2003 Subject: NT4 Client login References: Message-ID: <14541.37650.704382.789671@wire.cadcamlab.org> [Luke Kenneth Casson Leighton] > by the way, does anyone know how to stop redhat from switching on > this STUPID keyboard assistance which makes ~, 'and " all escape > keys? I once had this option turned on in Debian just to see what it did. I soon turned it off again. Now I don't remember where the option is.... A little digging suggests that you should be able to do something like zcat /etc/console-tools/default.kmap.gz | sed s/dead_//g | gzip > /tmp/kmap.gz && mv /tmp/kmap.gz /etc/console-tools/default.kmap.gz /sbin/loadkeys -d Untested. Peter From lkcl at samba.org Tue Mar 14 02:27:37 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:00 2003 Subject: NT4 Client login In-Reply-To: <14541.37650.704382.789671@wire.cadcamlab.org> Message-ID: thx peter, i tracked it down: default keyboard was us-latin!!! > > by the way, does anyone know how to stop redhat from switching on > > this STUPID keyboard assistance which makes ~, 'and " all escape > > keys? > I once had this option turned on in Debian just to see what it did. I > soon turned it off again. Now I don't remember where the option is.... > > A little digging suggests that you should be able to do something like From lkcl at samba.org Tue Mar 14 03:01:27 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:00 2003 Subject: NT 4 login problems Message-ID: sean, it's not going nevcessarilty to be something you did, however let's check it out. follow standard procedure, see TNG faq debug instructions. first thing, send smb.conf. second thing prepare to recompile with ./configure.developer. third thing,, prepare debug logs level 100. now, i know you ar running the tng daemons as root, but it doesn't look that way, the euid=99 means that an incoming connetion is being made as non-root, which is why the access is failing. only root can read the seret_db (which contains $MACHINE.ACC trust account secret). therefore, access denied (0xc000022). so, why? why you, when i tested this last week, and it worked. why you, when other people report it's ok? maybe there is a previous connection, but that can't be right, beause you just did a reboot, right? maybe it's because you use nt-srv standalone (as an nt wksta). create some log files and send them to me, and send the smb.conf to the list, ok? thx, luek Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From sean at compu-aid.com Tue Mar 14 03:09:55 2000 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:29:00 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: On Tue, 14 Mar 2000, Luke Kenneth Casson Leighton wrote: > maybe it's because you use nt-srv standalone (as an nt wksta). oooooo... would that do it? I was under the impression that nt-srv standalone (not PDC or BDC) was essentially a NT wkst with the ability of handling lots of incoming connections. I take it that's a false assumption? I was using NT server. I didn't realize that would be a problem. If that shouldn't be a problem then I'll go prepare the debugging info :) Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From sean at compu-aid.com Tue Mar 14 03:11:38 2000 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:29:00 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: *sigh* I so hate to follow up to myself... I just reread what you wrote luke, sorry, I misunderstood it. I thought you were saying that NT server in standalone server mode *did* cause problems. I get on preparing some more info. Sorry Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From jffolliott at home.com Tue Mar 14 03:12:55 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:00 2003 Subject: samba-tng-0.15.tar.gz In-Reply-To: Message-ID: Luke, > thanks to elrond for spotting an issue where groups were not being > returned in a login. this is likely to fix some of the profile issues > reported, plus an nt login of administrator will allow the expected > privileges (right to shut down the box, etc). yes, administrator privileges do work now ;) which profile issues do you mean? I tested tng 0.15 tonight and get the same behaviour (more detailed in my email - subject - roaming profiles in tng-alpha0.14) user1 logs in, then logs out (profiles and netlogon shares left open). user2 logs in (slow network connection detected), and all his shares are opened on the same PID as user1 used, except netlogon and profiles are still opened for user1 and the other shares are opened as user2. I believe this will cause problems down the road with multiple workstations and roaming users (eg. roaming profile can not be accessed by user2, so a new default profile is generated and all of user2's data in his profile is lost). Jamie From lkcl at samba.org Tue Mar 14 04:04:11 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:00 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: well, we don't know. send the smb.conf file, let's take a look-see. i doubt it's the problem. but yes, we need that debug info. On Mon, 13 Mar 2000, Sean E. Millichamp wrote: > On Tue, 14 Mar 2000, Luke Kenneth Casson Leighton wrote: > > > maybe it's because you use nt-srv standalone (as an nt wksta). > > oooooo... would that do it? > > I was under the impression that nt-srv standalone (not PDC or BDC) was > essentially a NT wkst with the ability of handling lots of incoming > connections. I take it that's a false assumption? > > I was using NT server. I didn't realize that would be a problem. > > If that shouldn't be a problem then I'll go prepare the debugging info :) > > Sean > > ------------------------------------------ > Sean E. Millichamp, Consultant > Ingematics - A Division of Compu-Aid, Inc. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From nazard at dragoninc.on.ca Tue Mar 14 07:42:21 2000 From: nazard at dragoninc.on.ca (nazard@dragoninc.on.ca) Date: Tue Dec 2 02:29:00 2003 Subject: patch (fwd) In-Reply-To: Message-ID: <20000314074247Z13176754-23442+66611@samba.anu.edu.au> On 14 Mar, Luke Kenneth Casson Leighton wrote: > hi, pleases could people review and try out this patch and let me know if > it breaks your system or not. the last patch of this type (for irix) i > applied it broke aix, redhat linux and a few others. > *** samba-tng-alpha.0.14/source/configure.in Fri Mar 10 15:02:14 2000 > --- samba-tng-alpha.0.14.IRIX.PATCH/source/configure.in Mon Mar 13 09:05:51 2000 > *************** > *** 79,84 **** > --- 79,94 ---- > *aix4*) > CPPFLAGS="$CPPFLAGS -D_LARGE_FILES" > ;; > + # > + # Irix needs standards.h to detect netinet > + # > + *irix*) > + AC_CHECK_HEADERS(standards.h, > + cat >> confdefs.h < + #include > + EOF > + ) > + ;; > esac > > AC_INLINE This has the same problem as last time AFAICS. The problem was that AC_CHECK_HEADERS adds some special code the FIRST time it is outputed to detect how to call the pre-processor. The way I fixed it when this first happened was to add an explicit check for the pre-processor. Index: configure.in =================================================================== RCS file: /cvsroot/samba/source/configure.in,v retrieving revision 1.102.2.19 diff -u -w -r1.102.2.19 configure.in --- configure.in 2000/03/10 19:53:25 1.102.2.19 +++ configure.in 2000/03/14 07:40:48 @@ -34,6 +34,7 @@ dnl Checks for programs. AC_PROG_CC +AC_PROG_CPP AC_PROG_INSTALL AC_PROG_AWK -- Doug Nazar Dragon Computer Consultants Inc. Tel: (416) 708-1578 Fax: (416) 708-8081 From lkcl at samba.org Tue Mar 14 07:50:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:00 2003 Subject: patch (fwd) In-Reply-To: <20000314074252Z13093101-23442+66612@samba.anu.edu.au> Message-ID: thx doug. so i still can't add this patch in. sorry, michaeel. On Tue, 14 Mar 2000 nazard@dragoninc.on.ca wrote: > On 14 Mar, Luke Kenneth Casson Leighton wrote: > > hi, pleases could people review and try out this patch and let me know if > > it breaks your system or not. the last patch of this type (for irix) i > > applied it broke aix, redhat linux and a few others. > > > > *** samba-tng-alpha.0.14/source/configure.in Fri Mar 10 15:02:14 2000 > > --- samba-tng-alpha.0.14.IRIX.PATCH/source/configure.in Mon Mar 13 09:05:51 2000 > > *************** > > *** 79,84 **** > > --- 79,94 ---- > > *aix4*) > > CPPFLAGS="$CPPFLAGS -D_LARGE_FILES" > > ;; > > + # > > + # Irix needs standards.h to detect netinet > > + # > > + *irix*) > > + AC_CHECK_HEADERS(standards.h, > > + cat >> confdefs.h < > + #include > > + EOF > > + ) > > + ;; > > esac > > > > AC_INLINE > > > This has the same problem as last time AFAICS. The problem was that > AC_CHECK_HEADERS adds some special code the FIRST time it is outputed > to detect how to call the pre-processor. The way I fixed it when this > first happened was to add an explicit check for the pre-processor. > > Index: configure.in > =================================================================== > RCS file: /cvsroot/samba/source/configure.in,v > retrieving revision 1.102.2.19 > diff -u -w -r1.102.2.19 configure.in > --- configure.in 2000/03/10 19:53:25 1.102.2.19 > +++ configure.in 2000/03/14 07:40:48 > @@ -34,6 +34,7 @@ > > dnl Checks for programs. > AC_PROG_CC > +AC_PROG_CPP > AC_PROG_INSTALL > AC_PROG_AWK > > > -- > Doug Nazar > Dragon Computer Consultants Inc. > Tel: (416) 708-1578 Fax: (416) 708-8081 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mike at sag.mephi.ru Tue Mar 14 12:11:38 2000 From: mike at sag.mephi.ru (Khlebnikov Michael) Date: Tue Dec 2 02:29:00 2003 Subject: Nt domain Admin Message-ID: <000e01bf8dae$76886760$6600a8c0@sag1> I can successfully log into Samba(2.0.6) domain. How can I add domain groups and domain administrator? From lars at kneschke.de Tue Mar 14 12:27:41 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:29:00 2003 Subject: NT 4 login problems References: Message-ID: <38CE303D.A5DD6F@kneschke.de> Luke Kenneth Casson Leighton wrote: > maybe it's because you use nt-srv standalone (as an nt wksta). Could this be a potential problem? I have installed nt server standalone at home. Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From snail_talk at yahoo.com Tue Mar 14 12:54:58 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:29:00 2003 Subject: Nt domain Admin In-Reply-To: <000e01bf8dae$76886760$6600a8c0@sag1> Message-ID: <000001bf8db4$80f36e10$0200000a@workstation1> hi, set this to yoru smb.conf domain admin group = @your_group and that should do it. geoff. > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Khlebnikov Michael > Sent: Tuesday, March 14, 2000 8:13 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Nt domain Admin > > > I can successfully log into Samba(2.0.6) domain. > How can I add domain groups and domain administrator? > From tom at ee.ucl.ac.uk Tue Mar 14 13:02:29 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:00 2003 Subject: Still have logon problems Message-ID: <200003141302.NAA28347@picard.ee.ucl.ac.uk> Hello, I saw that TNG was now fixed for logins etc, so I did a cvs update this morning (14/3/00 10:45GMT) and rebuilt and installed it. There has been a change in behaviour, but I still can't login on an NT 4 SP4 workstation authenticating on the domain. The change in behaviour is that when I try to add the workstation to the domain, it gives me the error that the account I am using does not have sufficient priviledges to add workstations to the domain. I am using the root account and I also tried another account in the domain administrator's group. If I add the workstation account to the TNG PDC using rpcclient, the workstation will join the domain (I get the Welcome to the EE domain message) but domain logins still result in the message that the computer account is missing or the password is wrong. I have debug logs at level 100 and the smb.conf file is copied below. Any hints on how to pursue this problem would be greatly appreciated. The log files will are at: http://www.ee.ucl.ac.uk/~tom/log.netlogon.html http://www.ee.ucl.ac.uk/~tom/log.lsarpc.html If you need to see any others, just email me. Thanks. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 1964 bytes Desc: smb.conf Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000314/cfafa0f7/smb.obj From johanh at fusion.kth.se Tue Mar 14 13:16:28 2000 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:29:00 2003 Subject: Question about groups Message-ID: I have a question about how the groups are handled in Samba. The reson for asking is because of the AFS renewable ticket patch I made. I works like a charm with Samba pre-3.0.0 combined with Samba TNG until a few weeks ago. I give a short orientation for those who have not been using AFS. An AFS file server will not give the user a access to a file unless the users has a valid token. These tokens are obtained through using the clear text passwords or Kerberos V tickets (problem I). Of course these passwords are not transmitted in clear over the net. The tokens have a limited lifetime. The user must then renew the token (problem II). All file access is controlled by the token. The uid is not used for file access. A token is passed on from a PID to its forked childs. By creating a pag, a new token can be used from the current PID and forked childs. The pag is identified by setting two aux groups. The patch addresses problem I & II, but storing the users password on file on the Samba server. Encrypted passwords can the be used from the SMB-clients, and still a token can be obtained. The patch also forks a process who renews the token in the pag before is expires. Now for the problem. Connecting with a combination of Samba pre 3.0.0 and TNG works. I can browse the shares, create directories and delete directories. However, double clicking on a Power Point presentation, the tocken somehows gets destroyed. In a pure TNG configuration, it's get destroyed right away. I think this is due to that the two aux groups gets "unset", and hence the smbd server process loses it's pag. It falls then back to the pag of the process who started the server, potantially dangerous. This is also an issue for the clear text login using a PAM giving a token. Is the groups of the users set in Samba? Is it modified during the connection? Can I disable it? Do any other daemon besides smbd need user file access and thereby a pag and a tocken? TIA Johan Hedin /---------------------------------------------------------------------\ | Johan Hedin | johanh@fusion.kth.se | | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | \---------------------------------------------------------------------/ From boehm at nortelnetworks.com Tue Mar 14 13:29:38 2000 From: boehm at nortelnetworks.com (Eric Boehm) Date: Tue Dec 2 02:29:00 2003 Subject: Need help/advice configuring Samba for ClearCase and multiple network interfaces Message-ID: <20000314082937.C2501@brtpsfac.nortelnetworks.com> I'm looking for suggestions in configuring Samba for use with ClearCase and multiple network interfaces. My "wish" is to be able to use a single UNC name for the Samba/ClearCase host and have a particular NT client use the "right" interface for their subnet. I have interfaces on 47.111.64.0/20 47.140.0.0/20 47.202.32.0/20 I have the interfaces listed in the "interfaces =" entry in smb.conf However, there is a different hostname associated with each interface. NT clients on the different subnets would use a different hostname in their UNC name for my share, e.g., \\host1\vobstore for client 47.111.65.76 \\host2\vobstore for client 47.140.7.148 \\host3\vobstore for client 47.202.34.73 I would like some way for the UNC path to be \\Some Name\vobstore but have the client go through the interface appropriate for their subnet. I can get a similar result with the automounter under UNIX if I have multiple IP addresses associated with a hostname in DNS. The automounter will select the right interface for the subnet. Is this even possible? Do I need to use NetBIOS aliases? Do I need to have multiple IP addresses associated with "Some Name" and WINS/DNS will do the right thing? I have tried searching the samba, samba-ntdom and CCIUG archives but haven't turned up anything. Any pointers would be greatly appreciated. Thanks in advance, -- Eric M. Boehm boehm@nortelnetworks.com From greg at discreet.com Tue Mar 14 14:10:34 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:00 2003 Subject: [cciug] Need help/advice configuring Samba for ClearCase and In-Reply-To: <20000314082937.C2501@brtpsfac.nortelnetworks.com> Message-ID: Hi Eric, I know we accomplish this with NFS on UNIX because DNS will return the "closest" address to the client by default (ie: on the same subnet). My VOB server has 5 ethernet interfaces and they are all referred to by the same name. I believe if you set up one name in DNS with multiple IPs and then set the client to use DNS for WINS resolution it will work. Greg On 14-Mar-00 Eric Boehm wrote: > > I'm looking for suggestions in configuring Samba for use with ClearCase and > multiple network interfaces. > > My "wish" is to be able to use a single UNC name for the Samba/ClearCase host > and have a particular NT client use the "right" interface for their subnet. > > I have interfaces on > > 47.111.64.0/20 > 47.140.0.0/20 > 47.202.32.0/20 > > I have the interfaces listed in the "interfaces =" entry in smb.conf > > However, there is a different hostname associated with each interface. NT > clients on the different subnets would use a different hostname in their UNC > name for my share, e.g., > > \\host1\vobstore for client 47.111.65.76 > \\host2\vobstore for client 47.140.7.148 > \\host3\vobstore for client 47.202.34.73 > > I would like some way for the UNC path to be > > \\Some Name\vobstore > > but have the client go through the interface appropriate for their subnet. > > I can get a similar result with the automounter under UNIX if I have multiple > IP addresses associated with a hostname in DNS. The automounter will select > the right interface for the subnet. > > Is this even possible? Do I need to use NetBIOS aliases? Do I need to have > multiple IP addresses associated with "Some Name" and WINS/DNS will do the > right thing? > > I have tried searching the samba, samba-ntdom and CCIUG archives but haven't > turned up anything. > > Any pointers would be greatly appreciated. > > Thanks in advance, > -- > Eric M. Boehm boehm@nortelnetworks.com > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > [ To unsubscribe, send email to majordomo@rational.com with body > "unsubscribe cciug" (the subject is ignored). You can also unsubscribe > using the sign-up form at the ClearCase customers-only website > accessed at http://clearcase.rational.com/cciug/mailing_list.html] --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From wilson at unity.ncsu.edu Tue Mar 14 14:16:34 2000 From: wilson at unity.ncsu.edu (Brian Wilson) Date: Tue Dec 2 02:29:00 2003 Subject: win2k with 2.0.6 Message-ID: What do I have to do in order to get a win2k box to become a member of a domain? All of my NT4 clients have successfully joined the domain, yet win2k machines continue to fail. The error messages are as follows: [2000/03/14 08:56:40, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 207.59.223.107: code = 7 The only info I've been able to track down about a "code = 7" error was being caused by 2 machines fighting for master control of the domain, but this error was also accompanied by an error message saying that another master existed and that an election would be held, and I'm not seeing anything of the sort. And yes, encrypted passwords are enabled on both the client and the server, and I can even map the shares from the win2k box, just can't become a member of the domain so users can authenticate via samba. Any help would be appriciated. Thanks, Brian -- Brian Wilson -- NCSU, Systems Programmer -- wilson@ncsu.edu -- 919.515.5498 If you choose not to decide you still have made a choice. -- Rush, Freewill From karl at Denninger.Net Tue Mar 14 14:27:00 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:29:00 2003 Subject: win2k with 2.0.6 In-Reply-To: ; from Brian Wilson on Wed, Mar 15, 2000 at 01:20:23AM +1100 References: Message-ID: <20000314082700.A83341@Denninger.Net> It will not work with 2.0.x. It *does* work with TNG, but TNG is Alpha code. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Wed, Mar 15, 2000 at 01:20:23AM +1100, Brian Wilson wrote: > > What do I have to do in order to get a win2k box to become a member of a > domain? All of my NT4 clients have successfully joined the domain, yet > win2k machines continue to fail. The error messages are as follows: > > [2000/03/14 08:56:40, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) > process_logon_packet: Logon from 207.59.223.107: code = 7 > > The only info I've been able to track down about a "code = 7" error was > being caused by 2 machines fighting for master control of the domain, but > this error was also accompanied by an error message saying that another > master existed and that an election would be held, and I'm not seeing > anything of the sort. > > And yes, encrypted passwords are enabled on both the client and the > server, and I can even map the shares from the win2k box, just can't > become a member of the domain so users can authenticate via samba. > > Any help would be appriciated. > > Thanks, > Brian > > -- > Brian Wilson -- NCSU, Systems Programmer -- wilson@ncsu.edu -- 919.515.5498 > If you choose not to decide you still have made a choice. -- Rush, Freewill > > From timothy_d_cole at md.northgrum.com Tue Mar 14 15:11:17 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:29:00 2003 Subject: NT4 Client login Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB563234@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Monday, March 13, 2000 21:30 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: NT4 Client login > > thx peter, i tracked it down: default keyboard was us-latin!!! > You think that's bad? A couple weeks ago, Potato decided that I had an AZERTY keyboard after a dist-upgrade. I still have to put the keymaps back occasionally. :P From Roberto.LoCascio at italtel.it Tue Mar 14 15:46:43 2000 From: Roberto.LoCascio at italtel.it (Roberto Lo Cascio) Date: Tue Dec 2 02:29:00 2003 Subject: How admin domain user from client? Message-ID: <38CE5EE3.C0E93A27@ipaws15.palermo.italtel.it> Hy, I have succesfully install samba 2.0.6 on my Tru64 Alpha system. I try to configure samba like PDC (that's OK!) but I cannot admin domain user from windows NT client? It's impossible ??? Thanks in advance, Roberto. -------------- next part -------------- A non-text attachment was scrubbed... Name: locascio.vcf Type: text/x-vcard Size: 265 bytes Desc: Card for Roberto Lo Cascio Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000314/d957fdd9/locascio.vcf From snail_talk at yahoo.com Tue Mar 14 16:08:32 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:29:00 2003 Subject: How admin domain user from client? References: <38CE5EE3.C0E93A27@ipaws15.palermo.italtel.it> Message-ID: <38CE6400.E4D3BE8F@yahoo.com> Roberto Lo Cascio wrote: > > Hy, > > I have succesfully install samba 2.0.6 on my Tru64 Alpha system. I try > to configure samba like PDC (that's OK!) but I cannot admin domain user > from windows NT client? It's impossible ??? > > Thanks in advance, > > Roberto. hi, i guess this question should get the "FAQ" status... anyway, have you got domain logons working yet? if you have, ti's a simple matter of adding domain admin group = @your_group to your smb.conf, and then restart samba. (e.g. su to root, /etc/rc.d/init.d/samba restart) -- #!/bin/sh cat < pour la france je cherche a administr? un park de station sous NT workstation mais en utilision un serveur LINUX a la place de NT server. Si c'est possible ?crire SVP au dune2@libertysurf.fr me?i d'avance :-) -------------- next part -------------- HTML attachment scrubbed and removed From mbreuer at siac.com Tue Mar 14 16:35:41 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:00 2003 Subject: samba-tng-0.15.tar.gz References: Message-ID: <38CE6A5D.29865234@siac.com> Well... for better or worse, I create machine-specific profiles using %m. In my case, the machines are sufficiently different in the capabilities and installed software that use of the same profiles caused too much grief. Longer term, I'd like to configure a single profile which is modifiable using startup-scripts to strip hkey_user settings for software which is not available, or perhaps add settings for software which *is* available. If anyone else has experience with this either using Samba or W2K server I'd be interesting in knowing how this has been implemented. Jamie ffolliott wrote: [snip] > user1 logs in, then logs out (profiles and netlogon shares left open). > user2 logs in (slow network connection detected), and all his shares are > opened on the same PID as user1 used, except netlogon and profiles are still > opened for user1 and the other shares are opened as user2. I believe this > will cause problems down the road with multiple workstations and roaming > users (eg. roaming profile can not be accessed by user2, so a new default > profile is generated and all of user2's data in his profile is lost). > > Jamie From jffolliott at home.com Tue Mar 14 16:39:01 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:01 2003 Subject: Still have logon problems In-Reply-To: <200003141302.NAA28347@picard.ee.ucl.ac.uk> Message-ID: Hi Tom, You will need to create a Domain Administrator account, and use this account to add the workstation to the domain. This works recently with samba-tng-alpha 0.15 (from monday this week) or later. (Note: this does NOT work with samba 2.0.X) There's two examples of how to do this, one from Lars' page: http://www.kneschke.de/projekte/samba_tng/faq/administrator.php3 Or, Follow the instructions in the ntdom faq: http://us1.samba.org/samba/docs/ntdom_faq/page4.html#4-3-1 - this method actually lets you login as 'root' or Administrator, where 'root' is just mapped to Administrator. I prefer the second method, personally. If these don't work, it helps to copy your smb.conf and related map files in your email and forward to the list. cheers, Jamie > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Tom Crummey > Sent: March 14, 2000 8:05 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Still have logon problems > > > Hello, > > I saw that TNG was now fixed for logins etc, so I did a cvs update > this morning (14/3/00 10:45GMT) and rebuilt and installed it. > There has been a > change in behaviour, but I still can't login on an NT 4 SP4 workstation > authenticating on the domain. > > The change in behaviour is that when I try to add the workstation to the > domain, it gives me the error that the account I am using does not have > sufficient priviledges to add workstations to the domain. I am using the > root account and I also tried another account in the domain > administrator's > group. > > If I add the workstation account to the TNG PDC using rpcclient, the > workstation will join the domain (I get the Welcome to the EE > domain message) > but domain logins still result in the message that the computer account > is missing or the password is wrong. > > I have debug logs at level 100 and the smb.conf file is copied below. > Any hints on how to pursue this problem would be greatly appreciated. > > The log files will are at: > > http://www.ee.ucl.ac.uk/~tom/log.netlogon.html > http://www.ee.ucl.ac.uk/~tom/log.lsarpc.html > > If you need to see any others, just email me. > > Thanks. > > Tom. > > ------------------------------------------------------------------ > ---------- > Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk > Department of Electronic and Electrical Engineering, > University College London, TEL: +44 (0)20 > 7679 3898 > Torrington Place, FAX: +44 (0)20 7388 9307 > London, UK, WC1E 7JE. > ------------------------------------------------------------------ > ---------- From mbreuer at siac.com Tue Mar 14 16:53:19 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:01 2003 Subject: patch (fwd) References: <20000314074247Z13176754-23442+66611@samba.anu.edu.au> Message-ID: <38CE6E7F.5E878DC8@siac.com> Ok... consider me an autoconf newbie. In this particular case, IRIX requires that be included before . The "patch" I created seemed reasonable to me... if configure is running on IRIX and standards.h exists then source it in. I'm not sure how creating a new macro is warranted here, and this patch should only be invoked on IRIX. That said, could you suggest an alternative which would not break other implementations? Thanks, Michael Breuer mbreuer@siac.com nazard@dragoninc.on.ca wrote: > On 14 Mar, Luke Kenneth Casson Leighton wrote: > > hi, pleases could people review and try out this patch and let me know if > > it breaks your system or not. the last patch of this type (for irix) i > > applied it broke aix, redhat linux and a few others. > > > *** samba-tng-alpha.0.14/source/configure.in Fri Mar 10 15:02:14 2000 > > --- samba-tng-alpha.0.14.IRIX.PATCH/source/configure.in Mon Mar 13 09:05:51 2000 > > *************** > > *** 79,84 **** > > --- 79,94 ---- > > *aix4*) > > CPPFLAGS="$CPPFLAGS -D_LARGE_FILES" > > ;; > > + # > > + # Irix needs standards.h to detect netinet > > + # > > + *irix*) > > + AC_CHECK_HEADERS(standards.h, > > + cat >> confdefs.h < > + #include > > + EOF > > + ) > > + ;; > > esac > > > > AC_INLINE > > This has the same problem as last time AFAICS. The problem was that > AC_CHECK_HEADERS adds some special code the FIRST time it is outputed > to detect how to call the pre-processor. The way I fixed it when this > first happened was to add an explicit check for the pre-processor. > > Index: configure.in > =================================================================== > RCS file: /cvsroot/samba/source/configure.in,v > retrieving revision 1.102.2.19 > diff -u -w -r1.102.2.19 configure.in > --- configure.in 2000/03/10 19:53:25 1.102.2.19 > +++ configure.in 2000/03/14 07:40:48 > @@ -34,6 +34,7 @@ > > dnl Checks for programs. > AC_PROG_CC > +AC_PROG_CPP > AC_PROG_INSTALL > AC_PROG_AWK > > > -- > Doug Nazar > Dragon Computer Consultants Inc. > Tel: (416) 708-1578 Fax: (416) 708-8081 From tom at ee.ucl.ac.uk Tue Mar 14 17:01:38 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:01 2003 Subject: Still have logon problems Message-ID: <200003141701.RAA18445@picard.ee.ucl.ac.uk> Hello Jamie, I do have a domain group map which maps our support group onto domain admins: support="EE\Domain Admins" staff="EE\Domain Users" We found we needed the EE\ to make it work before. I am in the support group and we had all of this working 1 week ago. I don't have a domain users map, but I didn't need that last week... In any case, if I add the workstation using rpcclient, I shouldn't have to worry about creating the workstation account from the client workstation. The real problem is that on workstations added to the domain since last Tuesday 7th March, I cannot log in to domain accounts. The Win 2000 box I had joined to the domain last Monday still allows domain log ins. I cannot understand why workstations that appear to join the domain successfully (no matter which method is used) won't allow log ins. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From Elrond at Wunder-Nett.org Tue Mar 14 17:11:01 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:29:01 2003 Subject: patch (fwd) In-Reply-To: ; from Luke Kenneth Casson Leighton on Tue, Mar 14, 2000 at 06:02:24AM +1100 References: Message-ID: <20000314181101.A13586@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Mar 14, 2000 at 06:02:24AM +1100, Luke Kenneth Casson Leighton wrote: > hi, pleases could people review and try out this patch and let me know if > it breaks your system or not. the last patch of this type (for irix) i > applied it broke aix, redhat linux and a few others. > > thank you, and thanks to michael breuer for the patch. I haven't tested them, but some comments: > diff -c -r samba-tng-alpha.0.14/source/Makefile.in samba-tng-alpha.0.14.IRIX.PATCH/source/Makefile.in > *** samba-tng-alpha.0.14/source/Makefile.in Fri Mar 10 15:02:00 2000 > --- samba-tng-alpha.0.14.IRIX.PATCH/source/Makefile.in Mon Mar 13 09:07:24 2000 > *************** > *** 441,447 **** > nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o > > NMBD_OBJ = $(NMBD_OBJ1) > ! NMBD_LIBS = $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(UBIQXLIB) $(RPC_PARSE_OBJ2) > > SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ > web/swat.o libsmb/passchange.o $(LOCKING_OBJ) \ > --- 441,447 ---- > nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o > > NMBD_OBJ = $(NMBD_OBJ1) > ! NMBD_LIBS = $(RPC_PARSE_OBJ2) $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(UBIQXLIB) > > SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ > web/swat.o libsmb/passchange.o $(LOCKING_OBJ) \ That should be okay, but from a clean point, $(RPC_PARSE_OBJ2) should realy be in NMBD_OBJ. > *************** > *** 605,611 **** > smbwrapper/realcalls.o smbwrapper/shared.o > > CLIENT_OBJ = client/client.o client/clitar.o > ! CLIENT_LIBS = $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(RPC_PARSE_OBJ2) > > MOUNT_OBJ = client/smbmount.o client/clientutil.o \ > $(RPC_PARSE_OBJ2) > --- 605,611 ---- > smbwrapper/realcalls.o smbwrapper/shared.o This part is broken, patch wont accept it, but it looks similiar. And the right action is also the same: move $(RPC_PARSE_OBJ2) to CLIENT_OBJ. > diff -c -r samba-tng-alpha.0.14/source/configure.in samba-tng-alpha.0.14.IRIX.PATCH/source/configure.in > *** samba-tng-alpha.0.14/source/configure.in Fri Mar 10 15:02:14 2000 > --- samba-tng-alpha.0.14.IRIX.PATCH/source/configure.in Mon Mar 13 09:05:51 2000 > *************** > *** 79,84 **** > --- 79,94 ---- > *aix4*) > CPPFLAGS="$CPPFLAGS -D_LARGE_FILES" > ;; > + # > + # Irix needs standards.h to detect netinet > + # > + *irix*) > + AC_CHECK_HEADERS(standards.h, > + cat >> confdefs.h < + #include > + EOF > + ) > + ;; > esac > > AC_INLINE This shouldn't hurt for anyone except IRIX, so maybe Greg can say something about it. And I have to say, I haven't seen anything about that in configure.in in HEAD (and I merged some parts from HEAD...) But as someone suggested on samba-ntdom, you should add the AC_PROG_CPP after AC_PROG_CC in configure.in Elrond From greg at discreet.com Tue Mar 14 17:33:50 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:01 2003 Subject: patch (fwd) In-Reply-To: <20000314181101.A13586@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: OK fine so I was trying to stay low profile. I try to apply the patch and let you know if it works, it "looks" pretty benign. Greg On 14-Mar-00 Elrond wrote: > On Tue, Mar 14, 2000 at 06:02:24AM +1100, Luke Kenneth Casson Leighton wrote: >> hi, pleases could people review and try out this patch and let me know if >> it breaks your system or not. the last patch of this type (for irix) i >> applied it broke aix, redhat linux and a few others. >> >> thank you, and thanks to michael breuer for the patch. > > > I haven't tested them, but some comments: > > >> diff -c -r samba-tng-alpha.0.14/source/Makefile.in >> samba-tng-alpha.0.14.IRIX.PATCH/source/Makefile.in >> *** samba-tng-alpha.0.14/source/Makefile.in Fri Mar 10 15:02:00 2000 >> --- samba-tng-alpha.0.14.IRIX.PATCH/source/Makefile.in Mon Mar 13 09:07:24 >> 2000 >> *************** >> *** 441,447 **** >> nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o >> >> NMBD_OBJ = $(NMBD_OBJ1) >> ! NMBD_LIBS = $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(UBIQXLIB) $(RPC_PARSE_OBJ2) >> >> SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ >> web/swat.o libsmb/passchange.o $(LOCKING_OBJ) \ >> --- 441,447 ---- >> nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o >> >> NMBD_OBJ = $(NMBD_OBJ1) >> ! NMBD_LIBS = $(RPC_PARSE_OBJ2) $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(UBIQXLIB) >> >> SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ >> web/swat.o libsmb/passchange.o $(LOCKING_OBJ) \ > > That should be okay, but from a clean point, > $(RPC_PARSE_OBJ2) should realy be in NMBD_OBJ. > > >> *************** >> *** 605,611 **** >> smbwrapper/realcalls.o smbwrapper/shared.o >> >> CLIENT_OBJ = client/client.o client/clitar.o >> ! CLIENT_LIBS = $(SMBLIB) $(NMBLIB) $(SAMBALIB) $(RPC_PARSE_OBJ2) >> >> MOUNT_OBJ = client/smbmount.o client/clientutil.o \ >> $(RPC_PARSE_OBJ2) >> --- 605,611 ---- >> smbwrapper/realcalls.o smbwrapper/shared.o > > This part is broken, patch wont accept it, but it looks > similiar. And the right action is also the same: move > $(RPC_PARSE_OBJ2) to CLIENT_OBJ. > >> diff -c -r samba-tng-alpha.0.14/source/configure.in >> samba-tng-alpha.0.14.IRIX.PATCH/source/configure.in >> *** samba-tng-alpha.0.14/source/configure.in Fri Mar 10 15:02:14 2000 >> --- samba-tng-alpha.0.14.IRIX.PATCH/source/configure.in Mon Mar 13 09:05:51 >> 2000 >> *************** >> *** 79,84 **** >> --- 79,94 ---- >> *aix4*) >> CPPFLAGS="$CPPFLAGS -D_LARGE_FILES" >> ;; >> + # >> + # Irix needs standards.h to detect netinet >> + # >> + *irix*) >> + AC_CHECK_HEADERS(standards.h, >> + cat >> confdefs.h <> + #include >> + EOF >> + ) >> + ;; >> esac >> >> AC_INLINE > > This shouldn't hurt for anyone except IRIX, so maybe Greg > can say something about it. And I have to say, I haven't > seen anything about that in configure.in in HEAD (and I > merged some parts from HEAD...) > > But as someone suggested on samba-ntdom, you should add the > AC_PROG_CPP after AC_PROG_CC in configure.in > > > Elrond --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From jweber at math.cudenver.edu Tue Mar 14 17:40:12 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:29:01 2003 Subject: Still have logon problems In-Reply-To: <200003141701.RAA18445@picard.ee.ucl.ac.uk> Message-ID: I'm new to TNG, I'm also having this same problem. I've not used earlier versions, but with 0.15 I can get NT boxes (of SP3,4,5,6) to join the domain, but domain logons don't work. I followed the instructions (several times on several machines, all linux RH6.1) given in http://www.kneschke.de/projekte/samba_tng/faq with the same results every time. I set up domaingroup.map as http://www.kneschke.de/projekte/samba_tng/faq/administrator.php3 and added jweber and root to the group "domainadmin" in /etc/group. but it still won't work. I've also tried giving jweber a password with smbpasswd, but that doesn't help either. my smbpasswd... --------------------------------------------------------------- [root@sleepy private]# cat smbpasswd root:0:36E269DC8A08A48DAAD3B435B51404EE:F61E0C8C67879BC505633E1CB5A77D27:[ ]:LCT-38CE6512: jweber:500:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NDU ]:LCT-38CE6546: vicant$:501:CA074A664592D373B56F4D2C40C47721:9D2496531BA7EC6D7F11A3134AC22B96:[W ]:LCT-38CE6558: --------------------------------------------------------------------- my smb.conf ------------------------------------------------------------------ [global] #NetBIOS name isn't needed if it's the same as the hostname #netbios name = MYSAMBAPDC workgroup = MATHDOM #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /opt/samba-tng/private/domaingroup.map domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\sleepy\%U logon path = \\sleepy\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba-tng/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /opt/samba-tng/profile writeable = yes #a public share [public] path = /opt/samba-tng/public browseable = yes public = yes comment = Public share -------------------------------------------------------------------------- John S. Weber System Administrator Center for Computational Mathematics University of Colorado at Denver Phone: (303)556-5394 Fax: (303)556-8550 jweber@math.cudenver.edu http://www-math.cudenver.edu/~jweber On Wed, 15 Mar 2000, Tom Crummey wrote: > Hello Jamie, > > I do have a domain group map which maps our support group onto > domain admins: > > support="EE\Domain Admins" > staff="EE\Domain Users" > > We found we needed the EE\ to make it work before. > I am in the support group and we had all of this working 1 week ago. > > I don't have a domain users map, but I didn't need that last week... > > In any case, if I add the workstation using rpcclient, I shouldn't have > to worry about creating the workstation account from the client workstation. > > The real problem is that on workstations added to the domain since last > Tuesday 7th March, I cannot log in to domain accounts. The Win 2000 box > I had joined to the domain last Monday still allows domain log ins. I > cannot understand why workstations that appear to join the domain > successfully (no matter which method is used) won't allow log ins. > > Tom. > > ---------------------------------------------------------------------------- > Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk > Department of Electronic and Electrical Engineering, > University College London, TEL: +44 (0)20 7679 3898 > Torrington Place, FAX: +44 (0)20 7388 9307 > London, UK, WC1E 7JE. > ---------------------------------------------------------------------------- > From Elrond at Wunder-Nett.org Tue Mar 14 17:46:34 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:29:01 2003 Subject: patch (fwd) In-Reply-To: ; from Greg Dickie on Tue, Mar 14, 2000 at 12:33:50PM -0500 References: <20000314181101.A13586@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000314184634.A11352@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Mar 14, 2000 at 12:33:50PM -0500, Greg Dickie wrote: > > OK fine so I was trying to stay low profile. I try to apply the patch and let > you know if it works, it "looks" pretty benign. Hey. :) I didn't want you to waste your time or such, I just remembered, that you were using IRIX quite heavily and thought, you _maybe_ _might_ have some time. :) So don't get into hurry or such. :) Elrond [...] From mbreuer at siac.com Tue Mar 14 18:10:06 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:01 2003 Subject: TNG 0.15 - Domain admin... etc., not working for me. Message-ID: <38CE807E.73568FAA@siac.com> Using TNG 0.15, I not only don't have domain administrative access from W2K (checked and rechecked group & map assignments), but I can't login as administrator or root. In TNG 0.14, I could log in as root (but not administrator). If someone has this working, could they please post their config? From ctooley at joslyn.org Tue Mar 14 18:21:33 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:29:01 2003 Subject: Issues with Samba 2.0.6 and Running a second smbd/nmbd setup In-Reply-To: <20000314184634.A11352@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <000301bf8de2$32827900$1900a8c0@joslyn.org> Could someone please walk me through what it takes to set up a second Samba server configuration. The original configuration is having a few issues but for the most part is working for logins and file serving (a small win 2000 machine, if there is such a thing, has taken over the print serving due to issues) however I'd like to split off a seperate subnet for some people and would like them to have a seperate connection. I think I'm going to need VERY specific instructions, including instructions on how to build an init.d startup script so that I can control starting and stopping the service. I realize that doing a killall and just running the processes can do the job, but scripts are so much cleaner and with the concept of running a second "server" it will make it easier to control which processes are stopped and which aren't. I have Samba installed from the RedHat RPM and have the source code downloaded to compile so whichever way is easier, please let me know. Thanks in advance for the help. Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax From nazard at dragoninc.on.ca Tue Mar 14 18:29:53 2000 From: nazard at dragoninc.on.ca (nazard@dragoninc.on.ca) Date: Tue Dec 2 02:29:01 2003 Subject: patch (fwd) In-Reply-To: <38CE6E7F.5E878DC8@siac.com> Message-ID: <20000314183017Z12670502-23442+66786@samba.anu.edu.au> On 15 Mar, Michael Breuer wrote: > Ok... consider me an autoconf newbie. In this particular case, IRIX requires that be included before . > The "patch" I created seemed reasonable to me... if configure is running on IRIX and standards.h exists then source it in. I'm not > sure how creating a new macro is warranted here, and this patch should only be invoked on IRIX. > > That said, could you suggest an alternative which would not break other implementations? If you follow the code for AC_CHECK_HEADERS thru you end up with this call chain AC_CHECK_HEADERS -> AC_CHECK_HEADER -> AC_TRY_CPP -> AC_REQUIRE_CPP -> AC_REQUIRE([AC_PROG_CPP]) What this boils down to is that whenever the macro is processed by m4 (autoconf) if AC_PROG_CPP has not been outputed, it will output it. So what happens is the configure script ends up with a section like this: *irix*) echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 echo "configure:1282: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 and so on. This means that for everyone not irix, the configure script has no idea how to run the pre-processor, and all the further calls to AC_CHECK_HEADERS fail. If you explicitly add a call to AC_PROG_CPP at the top (with the other checks) then this issue does not happen. BTW: You can call AC_CHECK_HEADER if you are only interested in one header. >> Index: configure.in >> =================================================================== >> RCS file: /cvsroot/samba/source/configure.in,v >> retrieving revision 1.102.2.19 >> diff -u -w -r1.102.2.19 configure.in >> --- configure.in 2000/03/10 19:53:25 1.102.2.19 >> +++ configure.in 2000/03/14 07:40:48 >> @@ -34,6 +34,7 @@ >> >> dnl Checks for programs. >> AC_PROG_CC >> +AC_PROG_CPP >> AC_PROG_INSTALL >> AC_PROG_AWK >> >> -- Doug Nazar Dragon Computer Consultants Inc. Tel: (416) 708-1578 Fax: (416) 708-8081 From greg at discreet.com Tue Mar 14 18:34:04 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:01 2003 Subject: patch (fwd) In-Reply-To: <20000314184634.A11352@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: Always glad to help if I can. There's just too little time these days ;-) Greg On 14-Mar-00 Elrond wrote: > On Tue, Mar 14, 2000 at 12:33:50PM -0500, Greg Dickie wrote: >> >> OK fine so I was trying to stay low profile. I try to apply the patch and >> let >> you know if it works, it "looks" pretty benign. > > Hey. :) I didn't want you to waste your time or such, I > just remembered, that you were using IRIX quite heavily and > thought, you _maybe_ _might_ have some time. :) So don't > get into hurry or such. :) > > > Elrond > > > [...] --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From vurosevic at webplan.net Tue Mar 14 18:49:57 2000 From: vurosevic at webplan.net (Vojin Urosevic) Date: Tue Dec 2 02:29:01 2003 Subject: Business Works In-Reply-To: Message-ID: <000101bf8de6$187e2d20$7a23efcf@webplan.net> Hello, Does anybody run an accounting program of a Samba box? We use Business Works here and I am having a hard time getting it to run properly. I have not yet fully tried to debug where the problem is but I have heard of people having problems with Microsoft Access and other similar products. Any ideas would be greatly appreciated. vojin From jweber at math.cudenver.edu Tue Mar 14 18:47:54 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:29:01 2003 Subject: Still have logon problems In-Reply-To: <200003141802.SAA20846@picard.ee.ucl.ac.uk> Message-ID: Hi, Actually, I can't even get to the workgroup shares if I use rpcclient to add the user and then smbpasswd to create a password. If I delete the line for the user "jweber" from smbpasswd and then run "smbpasswd -a jweber", I can then get to the shares. If I try this to add a machine "./smbpasswd -m -a vicant$" I get "The -m option is disabled. Please use samedit's createuser account$ command." John S. Weber System Administrator Center for Computational Mathematics University of Colorado at Denver Phone: (303)556-5394 Fax: (303)556-8550 jweber@math.cudenver.edu http://www-math.cudenver.edu/~jweber On Tue, 14 Mar 2000, Tom Crummey wrote: > Hello, > > You do need to give jweber a password if he is to log on at all. > Are you getting the error > > The system cannot log you onto this domain because the system's > computer account in its primary domain is missing or the password > on that account is incorrect. > > > > Tom. > > ---------------------------------------------------------------------------- > Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk > Department of Electronic and Electrical Engineering, > University College London, TEL: +44 (0)20 7679 3898 > Torrington Place, FAX: +44 (0)20 7388 9307 > London, UK, WC1E 7JE. > ---------------------------------------------------------------------------- > From lkcl at samba.org Tue Mar 14 18:48:12 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:01 2003 Subject: NT 4 login problems In-Reply-To: <38CE303D.A5DD6F@kneschke.de> Message-ID: lars, do you have ntsrv stdaln at home and it dowsn't work, whereas you have ntwksta at work and it does? On Tue, 14 Mar 2000, Lars Kneschke wrote: > Luke Kenneth Casson Leighton wrote: > > maybe it's because you use nt-srv standalone (as an nt wksta). > Could this be a potential problem? I have installed nt server standalone > at home. > > Cu > -- > Watch our projects at http://www.kneschke.de/projekte! > GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From gosha at arvid.ee Tue Mar 14 18:54:40 2000 From: gosha at arvid.ee (Dmitri B.Gofmekler) Date: Tue Dec 2 02:29:01 2003 Subject: TNG 0.15 Configuration. Message-ID: <4.3.0.20000314204726.00b229f0@mail> Hi, Compiled and installed samba-tng-alpha-0.15. The following trouble: Can not create the computer account. In samba 2.x it could be done by 'smbpasswd -a -m machine", but in this version smbpasswd advised to use samedit's createuser. Here is a script of samedit session: [root@inet bin]# ./samedit -S . -U root Added interface ip=212.49.3.163 bcast=212.49.3.191 nmask=255.255.255.224 Enter Password: [root@.]$ createuser finn$ createuser finn$ socket connect to /tmp/.msrpc/.samr/agent failed: Connection refused socket connect to /usr/local/saba-tng/var/locks/.msrpc/samr failed: Connection refused ncalrpc_l_establish_connection: failed samr) ncalrpc_l_use_add: connection failed please use 'lsaquery' first, to ascertain the SID [root@.]$ What I did wrong? (I've tried to add 'root' user to smbpasswd befode running samedit using smbpasswd -a root, but with the sae result). Help me please. Thx in advance, ---- Dmitri B. Gofmekler , ICQ: 8168758 ---- "http://www.sill.ee/~gosha/gosha.asc" - for PGP Encrypted messages. ===================================== Phone: (+372) 6 563981 Fax: (+372) 6 563000 A-Arvid Computers Ltd. < http://www.arvid.ee > From gosha at arvid.ee Tue Mar 14 18:59:54 2000 From: gosha at arvid.ee (Dmitri B.Gofmekler) Date: Tue Dec 2 02:29:01 2003 Subject: IGNORE: TNG 0.15 Configuration. Message-ID: <4.3.0.20000314205837.00adfa00@mail> Hi, I'm sorry for my previous message. Please ignore it. I found that I use old samba start script and it does not starts all necessary demons. Sorry again. Best. ---- Dmitri B. Gofmekler , ICQ: 8168758 ---- "http://www.sill.ee/~gosha/gosha.asc" - for PGP Encrypted messages. ===================================== Phone: (+372) 6 563981 Fax: (+372) 6 563000 A-Arvid Computers Ltd. < http://www.arvid.ee > From gosha at arvid.ee Tue Mar 14 20:19:37 2000 From: gosha at arvid.ee (Dmitri B.Gofmekler) Date: Tue Dec 2 02:29:01 2003 Subject: TNG 0.15 & NT 4.0 SP 5. Login problem. Message-ID: <4.3.0.20000314221454.00b1fba0@mail> Hi, Installed SAMBA-TNG 0.15 on Redhat Linux 6.1. NT 4.0 Client successfully joined to domain but after restart failed to login with the message "Computers's system account is not present or it's password is incorrect" or something like this. What could be wrong? Username exists and password is set. User "machine$" in system passwd exists with the password "machine", after it same user exist in sbpasswd using samedit's createuser. After it machine joined to domain (I saw the message "Welcome to DOM domain"). But after restart I can not login into domain... What I did wrong & how to fix it? Thx, ---- Dmitri B. Gofmekler , ICQ: 8168758 ---- "http://www.sill.ee/~gosha/gosha.asc" - for PGP Encrypted messages. ===================================== Phone: (+372) 6 563981 Fax: (+372) 6 563000 A-Arvid Computers Ltd. < http://www.arvid.ee > From lkcl at samba.org Tue Mar 14 20:46:19 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:01 2003 Subject: TNG 0.15 & NT4.0 SP 5. Login Problem. Message-ID: dmitri, i have some suspicions but i cannot confirm them, i do not have access to anything but my own linux box, right now, which is REALLY irritating. *sigh*. ok, i _suspect_ that the net_srv_pwset() function may be failing in some way, and i would appreciate it if you could verify this by recompiling with ./configure.develerop, then setting log levels to 100, then examining log.netlogon for clues around the net_srv_pwset function. look for "Server Password Set Wksta:". i will be doing the best i can using rpcclient to tng itself to verify things, however i will need all the assistance i can get in actually confirming, samba-to-nt, that it works. thx, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From fridacw at auburn.edu Tue Mar 14 21:15:49 2000 From: fridacw at auburn.edu (Christopher Friday) Date: Tue Dec 2 02:29:01 2003 Subject: Samba-Server as a domain-member In-Reply-To: References: Message-ID: <20000314.21154900@linus.che.auburn.edu> If you add the Samba machine to the NT domain as a BDC and domain logons=yes in the smb.conf, then it will show up as a BDC in server manager. However, it will not perform the functions of the BDC. I ran into the same thing. In fact, if you add it as a "Windows NT Workstation or Server" and have domain logons enabled, it will show up as a PDC. However, this can cause problems if the true PDC is restarted; the Samba server, of course, is promoted to primary server, and it just generally gets annoying when you have to add all your workstations to the Domain again because their machine passwords are no longer correct. Chris F. >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 3/13/00, 8:23:56 AM, "Gerhard Schaller" wrote regarding Samba-Server as a domain-member: > I read several times on the Samba-webpages, that Samba does not act as a BDC. > Strange to say my Samba server is displayed as BDC in the server manager of the > PDC. > I cannot explain this myself. Is there anybody, who has a tip for me? > Thanks, > G. Schaller From mussulma at uiuc.edu Tue Mar 14 21:47:10 2000 From: mussulma at uiuc.edu (Dave Mussulman) Date: Tue Dec 2 02:29:01 2003 Subject: win2k with 2.0.6 In-Reply-To: <20000314082700.A83341@Denninger.Net> References: <20000314082700.A83341@Denninger.Net> Message-ID: <20000314154710.D16731@uiuc.edu> Is there a list somewhere of the differences in functionality between the 2.0.6 released code and the current alphas? As a rookie to Samba's domain functionality who wants to eventually deploy in a production environment, I'm experimenting with 2.0.6 -- but exactly what features are the release version missing that the alpha is testing? Dave On Wed, Mar 15, 2000 at 01:29:14AM +1100, Karl Denninger wrote: > It will not work with 2.0.x. > > It *does* work with TNG, but TNG is Alpha code. > > On Wed, Mar 15, 2000 at 01:20:23AM +1100, Brian Wilson wrote: > > > > What do I have to do in order to get a win2k box to become a member of a > > domain? All of my NT4 clients have successfully joined the domain, yet > > win2k machines continue to fail. The error messages are as follows: From mgeddes at xavier.sa.edu.au Tue Mar 14 22:07:55 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:01 2003 Subject: Business Works References: <000101bf8de6$187e2d20$7a23efcf@webplan.net> Message-ID: <38CEB83B.A0598747@xavier.sa.edu.au> Vojin Urosevic wrote: > > Hello, > > Does anybody run an accounting program of a Samba box? > We use Business Works here and I am having a hard time getting it to run > properly. > I have not yet fully tried to debug where the problem is but I have heard > of people having problems with Microsoft Access and other similar products. > > Any ideas would be greatly appreciated. > > vojin If you are running an application that requires just a file server (no database engines or the like), my experience is that you won't have too many problems (in fact we've had less problem with multiple users accessing files since we migrated one server). If there are drivers installed or processes running for the application on the server, you will probably have trouble. Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Tue Mar 14 22:36:21 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:01 2003 Subject: TNG 0.15 & NT4.0 SP 5. Login Problem. References: Message-ID: <38CEBEE5.E8ECE70E@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > > dmitri, > > i have some suspicions but i cannot confirm them, i do not have access to > anything but my own linux box, right now, which is REALLY irritating. > *sigh*. Would a shell account on a remote Linux machine help out? If you don't mind doing things remotely, let me know and I will see what I can do. > ok, i _suspect_ that the net_srv_pwset() function may be failing in some > way, and i would appreciate it if you could verify this by recompiling > with ./configure.develerop, then setting log levels to 100, then examining > log.netlogon for clues around the net_srv_pwset function. look for "Server > Password Set Wksta:". I will try this on a RedHat 6.0 box now. > > i will be doing the best i can using rpcclient to tng itself to verify > things, however i will need all the assistance i can get in actually > confirming, samba-to-nt, that it works. > -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From sean at compu-aid.com Tue Mar 14 23:19:41 2000 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:29:01 2003 Subject: Business Works In-Reply-To: <000101bf8de6$187e2d20$7a23efcf@webplan.net> Message-ID: On Wed, 15 Mar 2000, Vojin Urosevic wrote: > Hello, > > Does anybody run an accounting program of a Samba box? > We use Business Works here and I am having a hard time getting it to run > properly. > I have not yet fully tried to debug where the problem is but I have heard > of people having problems with Microsoft Access and other similar products. > > Any ideas would be greatly appreciated. > > vojin If this is Sage's Business Works then we operate the same package at two clients that run Samba 2.0.latest as the file server. It works fine and has for 3-4 years :) If you need specifics feel free to contact me. Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From Patrick.Li at telus.com Tue Mar 14 23:48:22 2000 From: Patrick.Li at telus.com (Patrick Li) Date: Tue Dec 2 02:29:01 2003 Subject: Printing from w2k on tng Message-ID: Hello guys, I have a little problem with the samba-tng, I got all my w2k and win98 to join my domain successfully. Both can use their own profile and such. The only problem I'm having is printing. Actually mapping a printer on win98 is fine, I got no problem with that, but I just cannot map or connect to the linux printer on my w2k. Any thought on that? Thanx Regards, Patrick Li From basfer at newmail.ru Wed Mar 15 04:13:28 2000 From: basfer at newmail.ru (basf) Date: Tue Dec 2 02:29:01 2003 Subject: subscribe Message-ID: <5467.000315@newmail.ru> I want to subscribe to the mailing list samba-ntdom@samba.org From mgeddes at xavier.sa.edu.au Wed Mar 15 04:32:03 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:01 2003 Subject: TNG 0.15 &.... + rpcclient References: <38CEBEE5.E8ECE70E@xavier.sa.edu.au> Message-ID: <38CF1243.9A8C29CE@xavier.sa.edu.au> > > > > i will be doing the best i can using rpcclient to tng itself to verify > > things, however i will need all the assistance i can get in actually > > confirming, samba-to-nt, that it works. Tried connecting from a Samba TNG 0.15 box (RedHat 5.2) to an NT server (SP3). Connection works (rpcclient), but can't createuser. TNG -> TNG (both 0.15) wouldn't connect using rpcclient at all. This must be my fault, so I'll look into my configuration. If you want to be specific about the assistance you mentioned above, I will gladly help. Thanks heaps, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From basfer at newmail.ru Wed Mar 15 04:58:58 2000 From: basfer at newmail.ru (basf) Date: Tue Dec 2 02:29:01 2003 Subject: TNG 0.15: can't see from Win98 files with intern. names on Linux Message-ID: <17499.000315@newmail.ru> I've used samba-2.0.6 before, but needed accounts browsing, so migrated to TNG-0.15. There were many files with russian names, & I could see them well from Win98 client when using samba 2.0.6. I used charset=KOI8-R, client codepage=866. But now with the same options TNG doesn't show theese files at all. Comparing the two logs with high debug level from samba 2.0.6 and TNG 0.15, I noticed that they're encoding those filenames in different ways. So, where is the problem? May be I should change charsets somehow or smth else? Please, help. Best regards, basf mailto:basfer@newmail.ru From lars at kneschke.de Wed Mar 15 06:26:08 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:29:01 2003 Subject: NT 4 login problems References: Message-ID: <38CF2D00.34B7CC19@kneschke.de> Luke Kenneth Casson Leighton wrote: > > lars, do you have ntsrv stdaln at home and it dowsn't work, whereas you > have ntwksta at work and it does? I have a new employer. So i don't have my windows nt workstation anmyore. But i have now a Pentium133 at home which have windows nt server installed. But because i have now also a nice new laptop(PIII/500 from Dell), with windows nt workstatioon installed i'm able to test both, i only need a pcmcia-nic wich works fine under linux too. Them i'm able to test it. Currently it works, but not perfect. I just wanted to know, if you're aware of any problems. I think i can test it tomorrow. Cu > > Luke Kenneth Casson Leighton wrote: > > > maybe it's because you use nt-srv standalone (as an nt wksta). > > Could this be a potential problem? I have installed nt server standalone > > at home. -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From lars at kneschke.de Wed Mar 15 06:11:17 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:29:01 2003 Subject: IGNORE: TNG 0.15 Configuration. References: <4.3.0.20000314205837.00adfa00@mail> Message-ID: <38CF2985.A97EE5C4@kneschke.de> "Dmitri B.Gofmekler" wrote: > > Hi, > I'm sorry for my previous message. Please ignore it. I found that I use old > samba start script and it does not starts all necessary demons. Sorry again. Ah! :-) Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From lars at kneschke.de Wed Mar 15 05:58:31 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:29:02 2003 Subject: Need help/advice configuring Samba for ClearCase and multiple network interfaces References: <20000314082937.C2501@brtpsfac.nortelnetworks.com> Message-ID: <38CF2687.153CB9FE@kneschke.de> Eric Boehm wrote: > > I'm looking for suggestions in configuring Samba for use with ClearCase and > multiple network interfaces. > > My "wish" is to be able to use a single UNC name for the Samba/ClearCase host > and have a particular NT client use the "right" interface for their subnet. > > I have interfaces on > > 47.111.64.0/20 > 47.140.0.0/20 > 47.202.32.0/20 > > I have the interfaces listed in the "interfaces =" entry in smb.conf > > However, there is a different hostname associated with each interface. NT > clients on the different subnets would use a different hostname in their UNC > name for my share, e.g., > > \\host1\vobstore for client 47.111.65.76 > \\host2\vobstore for client 47.140.7.148 > \\host3\vobstore for client 47.202.34.73 > > I would like some way for the UNC path to be > > \\Some Name\vobstore > > but have the client go through the interface appropriate for their subnet. > > I can get a similar result with the automounter under UNIX if I have multiple > IP addresses associated with a hostname in DNS. The automounter will select > the right interface for the subnet. > > Is this even possible? Do I need to use NetBIOS aliases? Do I need to have > multiple IP addresses associated with "Some Name" and WINS/DNS will do the > right thing? You need to use 3 different smb.conf files. The important parameters are: interfaces = ip.ip.ip.ip (samba will at least use this interfaces, in one smb.conf you need also to bind to 127.0.0.1) bind interfaces only=yes (force samba to bind only the interfaces from above) netbios name=netbios name (use this netbios name) then you can start smbd, nmbd, ... with the -s option, to use different configfiles. This should help you a little bit. Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From lars at kneschke.de Wed Mar 15 06:10:21 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:29:02 2003 Subject: TNG 0.15 Configuration. References: <4.3.0.20000314204726.00b229f0@mail> Message-ID: <38CF294D.F1B7DB10@kneschke.de> "Dmitri B.Gofmekler" wrote: > > Hi, > > Compiled and installed samba-tng-alpha-0.15. > The following trouble: > Can not create the computer account. In samba 2.x it could be done by > 'smbpasswd -a -m machine", but in this version smbpasswd advised to use > samedit's createuser. > Here is a script of samedit session: > > [root@inet bin]# ./samedit -S . -U root > Added interface ip=212.49.3.163 bcast=212.49.3.191 nmask=255.255.255.224 > Enter Password: > [root@.]$ createuser finn$ > createuser finn$ > socket connect to /tmp/.msrpc/.samr/agent failed: Connection refused that's ok. > socket connect to /usr/local/saba-tng/var/locks/.msrpc/samr failed: Have you started samrd? If you have all necessary daemons running, "lsaquery" should output a line like this: [root@.]$ lsaquery lsaquery LSA Query Info Policy LSA Query Info Policy Domain Member - Domain: LARS SID: S-1-5-21-2503997365-937155368-2822197052 Domain Controller - Domain: LARS SID: S-1-5-21-2503997365-937155368-2822197052 Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From ako at easygroup.com Wed Mar 15 09:20:37 2000 From: ako at easygroup.com (Alexander Ko) Date: Tue Dec 2 02:29:02 2003 Subject: Local Profile Message-ID: <38CF55E5.7F8D5464@easygroup.com> Could Samba-TNG pre-version 3.0 PDC force winnt to use local profile but not use roaming profile? if yes, then how to do that? thanks a lots. Alex From Christian.Duclou at eeigm.inpl-nancy.fr Wed Mar 15 09:20:22 2000 From: Christian.Duclou at eeigm.inpl-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:29:02 2003 Subject: Passwords Message-ID: <38CF55D6.C853E7D1@eeigm.inpl-nancy.fr> Hi, 1) I want to initiate an PDC Samba version 2.0.6 (main branch) The Users have : - an account on an NT Server PDC: - an account on a Linux Box: Is there anyway to create unix and samba accounts with the same passwd EXOR ? 2) Where is "pwdump" ? Thanks -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: (33) 383.36.83.27 - Fax: (33) 383.36.83.36 _______________ http://eeigm.inpl-nancy.fr _____________ From hanak at IRIS.osu.cz Wed Mar 15 09:29:54 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:29:02 2003 Subject: Slow connection Message-ID: We use samba-2.1 from 99/04/12 as PDC (PIII 450Mhz 128MB RAM on 10BASE-T). And it has all features we need. We have cca 400 users. For new users this message appeared: "Slow network connection, bla bla..., Download profiles or use local". I red something about this problem in archive of NTDOM. And that exists cause n-squared algorithm in authentication or something like that. So on NT workstation side TIMEOUT exceeds and NT thinks about slow connection. Someone advised : REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SlowLinkDetectEnabled"=dword:00000000 Is this solved in new TNG code? Can somebody explain this one more time, please? What can i do with this? O.H. From hanak at IRIS.osu.cz Wed Mar 15 09:44:31 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:29:02 2003 Subject: Passwords In-Reply-To: <38CF55D6.C853E7D1@eeigm.inpl-nancy.fr> Message-ID: On Wed, 15 Mar 2000, Christian Duclou wrote: > Hi, > > 1) I want to initiate an PDC Samba version 2.0.6 (main branch) > > The Users have : > - an account on an NT Server PDC: > - an account on a Linux Box: > Is there anyway to create unix and samba accounts with the same > passwd EXOR ? Turn on unix passwd sync in smb.conf. For sync samba passwords when you change unix passwords you can use PAM plugin pam_smbpass.so. > > 2) Where is "pwdump" ? > I found this on samba.org via CVS. O.H. From gerhard.schaller at kuester.net Wed Mar 15 10:14:43 2000 From: gerhard.schaller at kuester.net (Gerhard Schaller) Date: Tue Dec 2 02:29:02 2003 Subject: Antwort: Re: Samba-Server as a domain-member Message-ID: Thanks Chris, for the right tip. Gerhard From mike at ed.ac.uk Wed Mar 15 11:49:51 2000 From: mike at ed.ac.uk (Mike.Robinson) Date: Tue Dec 2 02:29:02 2003 Subject: out of printer handles Message-ID: I'm using smbd version 2.1.0-prealpha as an NT domain server and connection sto the printers have started to fail. The PC log files contain: [2000/03/03 17:02:26, 1] rpc_server/srv_spoolss.c:open_printer_hnd(131) ERROR - open_printer_hnd: out of Printers Handles! Can anyone let me know how what causes this and how I get fix it? Best wishes, Mike ................................................................................ Mike Robinson Email: M.Robinson@ed.ac.uk EUCS Tel: 0131 650 5015 The University of Edinburgh Fax: 0131 650 8748 J.C.M.B The Kings Buildings Mayfield Road Edinburgh EH9 3JZ From johanh at fusion.kth.se Wed Mar 15 13:07:59 2000 From: johanh at fusion.kth.se (Johan Hedin) Date: Tue Dec 2 02:29:02 2003 Subject: Need help with become_unix_sec_ctx() setting groups Message-ID: I have tracked down my problem with the AFS patch to setting of groups The new pag (c.f. previous mail "Question about groups") alter two numerical groups. I tried to set the new groups with conn->groups and conn->ngroups, but become_unix_sec_ctx() does still sets the old groups before the k_setpag() call, making the AFS to use the wrong pag. I include the part of the patch dealing with the groups. The patch is to Samba TNG. What am I doing wrong? TIA Johan Hedin --- Cut Here --- Index: smbd/service.c =================================================================== RCS file: /cvsroot/samba/source/smbd/service.c,v retrieving revision 1.13.2.8 diff -u -u -r1.13.2.8 service.c --- service.c 2000/02/17 21:04:04 1.13.2.8 +++ service.c 2000/03/15 13:04:17 @@ -34,6 +34,11 @@ extern pstring sesssetup_user; extern fstring remote_machine; +#ifdef RENEWABLE_AFS_TICKET +extern struct Srvtabinfo srvtabinfo; +/* what user is current? */ +extern struct current_user current_user; +#endif /* RENEWABLE_AFS_TICKET */ /**************************************************************************** load parameters specific to a connection/service @@ -508,6 +513,55 @@ } #endif +#ifdef RENEWABLE_AFS_TICKET + /* This must be done as the user */ + if(!guest){ + gid_t grp = 0; + int i; + char tkfile[sizeof(pstring)] = ""; + pstrcat(tkfile, "/tmp/tkt_samba_"); + pstrcat(tkfile, user); + unbecome_user(); + unlink(tkfile); + become_user(conn, conn->vuid); + krb_set_tkt_string(tkfile); + /* The new pag needs to be initialized before the forking */ + if (k_hasafs()) + k_setpag(); + /* We need to reread the groups + */ + conn->ngroups = sys_getgroups(0,&grp); + if (conn->ngroups <= 0) + { + conn->ngroups = 32; + } + free(conn->groups); + if((conn->groups = (gid_t *)malloc(sizeof(gid_t)*conn->ngroups)) + == NULL) + { + DEBUG(0,("setup_groups malloc fail !\n")); + return NULL; + } + conn->ngroups = sys_getgroups(conn->ngroups, conn->groups); + DEBUG(3, ("%s is in %d groups: ", user, conn->ngroups)); + for (i = 0; i < conn->ngroups; i++) + { + DEBUG(3, ("%s%d", (i ? ", " : ""), (int)conn->groups[i])); + } + DEBUG(3, ("\n")); + current_user.ngroups = conn->ngroups; + current_user.groups = conn->groups; + + /* Add uid and user name to the global AFS srvtab variables + and get an auto renewed AFS ticket */ + srvtabinfo.uid = conn->uid; + strncpy(srvtabinfo.user, user, sizeof(srvtabinfo.user) - 1); + conn->afs_ticket_pid = get_renewed_ticket(); + } else { + conn->afs_ticket_pid = 0; + } +#endif /* RENEWABLE_AFS_TICKET */ + add_session_user(user); /* execute any "preexec = " line */ @@ -652,6 +706,13 @@ smbrun(cmd,NULL,False); } +#ifdef RENEWABLE_AFS_TICKET + if(conn->afs_ticket_pid != 0){ + kill(conn->afs_ticket_pid, SIGKILL); + DEBUG(1,("Killing ticket renewer with pid %d\n", + conn->afs_ticket_pid)); + } +#endif /* RENEWABLE_AFS_TICKET */ conn_free(conn); } From leymarie_gerard at accor-hotels.com Wed Mar 15 13:14:07 2000 From: leymarie_gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:29:02 2003 Subject: Passwords In-Reply-To: Message-ID: <001101bf8e80$5bc4b780$2300c839@accorhotels.com> Where can we find this pam_smbpass.so.? How install it? How use it? Thanks -----Original Message----- From: Ondrej Hanak [mailto:hanak@IRIS.osu.cz] Sent: Wednesday, March 15, 2000 10:42 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Passwords On Wed, 15 Mar 2000, Christian Duclou wrote: > Hi, > > 1) I want to initiate an PDC Samba version 2.0.6 (main branch) > > The Users have : > - an account on an NT Server PDC: > - an account on a Linux Box: > Is there anyway to create unix and samba accounts with the same > passwd EXOR ? Turn on unix passwd sync in smb.conf. For sync samba passwords when you change unix passwords you can use PAM plugin pam_smbpass.so. > > 2) Where is "pwdump" ? > I found this on samba.org via CVS. O.H. From hanak at IRIS.osu.cz Wed Mar 15 13:33:55 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:29:02 2003 Subject: Passwords In-Reply-To: <001101bf8e80$5bc4b780$2300c839@accorhotels.com> Message-ID: :)) I think it's maintained by Stephen Langasek . You can download this from ftp.netexpress.net. Some readme files you will find with this package. Also i recommend you to read something about Linux-PAM... It's enough to add this row to /etc/pam.d/passwd : password required /lib/security/pam_smbpass.so use_first_pass O.H. On Wed, 15 Mar 2000, LEYMARIE Gerard wrote: > Where can we find this pam_smbpass.so.? > How install it? > How use it? > > Thanks > > > -----Original Message----- > From: Ondrej Hanak [mailto:hanak@IRIS.osu.cz] > Sent: Wednesday, March 15, 2000 10:42 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Passwords > > > > > On Wed, 15 Mar 2000, Christian Duclou wrote: > > > Hi, > > > > 1) I want to initiate an PDC Samba version 2.0.6 (main branch) > > > > The Users have : > > - an account on an NT Server PDC: > > - an account on a Linux Box: > > Is there anyway to create unix and samba accounts with the same > > passwd EXOR ? > > Turn on unix passwd sync in smb.conf. > For sync samba passwords when you change unix passwords you can use PAM > plugin pam_smbpass.so. > > > > > 2) Where is "pwdump" ? > > > > I found this on samba.org via CVS. > > O.H. > From doshea at slategroup.com Wed Mar 15 15:31:30 2000 From: doshea at slategroup.com (Dave O'Shea) Date: Tue Dec 2 02:29:02 2003 Subject: Business Works References: <000101bf8de6$187e2d20$7a23efcf@webplan.net> Message-ID: <001901bf8e93$89da1210$0b64a8c0@dimwit> What kinds of problems? I'm running Quickbooks Pro (deluxe?) off a Samba server. Only memorable thing about the installation was that I got a warning that I was installing the data files on a networked drive, and that it would be unavailable if the computer was not connected to the net. I also use Samba as a "storehouse" for all my MS office docs - Powerpoint, Excel, etc.. No problems at all - and even running Win2k as a client, to maximize my opportunity for MS-induced suffering. ----- Original Message ----- From: "Vojin Urosevic" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Tuesday, March 14, 2000 12:50 PM Subject: Business Works > Hello, > > Does anybody run an accounting program of a Samba box? > We use Business Works here and I am having a hard time getting it to run > properly. > I have not yet fully tried to debug where the problem is but I have heard > of people having problems with Microsoft Access and other similar products. > > Any ideas would be greatly appreciated. > > vojin > > > From sean at compu-aid.com Wed Mar 15 15:57:33 2000 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:29:02 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: On Tue, 14 Mar 2000, Luke Kenneth Casson Leighton wrote: > sean, it's not going nevcessarilty to be something you did, however let's > check it out. > > follow standard procedure, see TNG faq debug instructions. > > first thing, send smb.conf. attached. > second thing prepare to recompile with ./configure.developer. > > third thing,, prepare debug logs level 100. I recompiled as of the CVS version at about 8 AM Wednesday, GMT -0500 I will be sending the logs in a private mail to you luke in just a minute. > now, i know you ar running the tng daemons as root, but it doesn't look > that way, the euid=99 means that an incoming connetion is being made as > non-root, which is why the access is failing. only root can read the > seret_db (which contains $MACHINE.ACC trust account secret). > > therefore, access denied (0xc000022). > > > so, why? yah, that's what I was wondering too. I really am running them all as root :) > why you, when i tested this last week, and it worked. why you, when other > people report it's ok? > > maybe there is a previous connection, but that can't be right, beause you > just did a reboot, right? > > maybe it's because you use nt-srv standalone (as an nt wksta). > > create some log files and send them to me, and send the smb.conf to the > list, ok? Other info possibly of interest: It's NT 4 Server with SP3 installed as a standalone. I followed the TNG FAQ exactly and used the sample smb.conf file as a reference. The NT server *says* it joined the domain successfully but when I reboot and try to log in as either a standard user or a user supposedly mapped as a domain administrator I get the "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." This sounds like the same (or very similar) problem that Tom Crummey has and there was another person who emailed me privately and said he had similar experiences. I encouraged him to send in a debug report as well but haven't heard back. Thanks. Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From sean at compu-aid.com Wed Mar 15 16:00:21 2000 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:29:02 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: *sigh*... I didn't attach my smb.conf file, here it is... sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. -------------- next part -------------- [global] debug level = 100 #NetBIOS name isn't needed if it's the same as the hostname netbios name = MYSAMBAPDC workgroup = MYDOM #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /opt/samba-tng/private/domaingroup.map domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\MYSAMBAPDC\%U logon path = \\MYSAMBAPDC\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba-tng/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /opt/samba-tng/profile writeable = yes #a public share [public] path = /opt/samba-tng/public browseable = yes public = yes comment = Public share From p.mayers at ic.ac.uk Wed Mar 15 17:12:11 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:29:02 2003 Subject: win2k with 2.0.6 Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81390@icex1.cc.ic.ac.uk> Um... Almost everything? Basically, 2.0.x PDC code is a *minimal* implementation. It doesn't support (off the top of my head) 1) A lot of RPC calls aren't implemented 2) User & groups lists 3) Getting user info And probably lots of other stuff. Don't even bother with it for PDC and Win2k, it just doesn't work right. It barely works with WinNT. Fileserving is a different matter, and 2.0.7 should be perfectly server-compatible with Win2k - just not as a PDC. Cheers, Phil ===================== The world is divided into two kinds of people, those who divide the world into two kinds of people, and those who don't... -----Original Message----- From: Dave Mussulman [mailto:mussulma@uiuc.edu] Sent: Tuesday, March 14, 2000 9:49 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: win2k with 2.0.6 Is there a list somewhere of the differences in functionality between the 2.0.6 released code and the current alphas? As a rookie to Samba's domain functionality who wants to eventually deploy in a production environment, I'm experimenting with 2.0.6 -- but exactly what features are the release version missing that the alpha is testing? Dave On Wed, Mar 15, 2000 at 01:29:14AM +1100, Karl Denninger wrote: > It will not work with 2.0.x. > > It *does* work with TNG, but TNG is Alpha code. > > On Wed, Mar 15, 2000 at 01:20:23AM +1100, Brian Wilson wrote: > > > > What do I have to do in order to get a win2k box to become a member of a > > domain? All of my NT4 clients have successfully joined the domain, yet > > win2k machines continue to fail. The error messages are as follows: From lkcl at samba.org Wed Mar 15 21:23:46 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:02 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: ok, i _think_ i've got it. two out of two people who have login problems are using "netbios name = somethingotherthanthednsname". try removing "netbios name = " from the smb.conf, and let me know if it works. what happens is htat the netbios name of the server is used to determine if the connection-over-msrpc-loopback should be used or not, *internally* within smbd and the msrpc daemons. TNG may be getting _very_ confused by hte different netbios name, resulting in attempts to connect using SMB over 127.0.0.1 instead of to the domain socket, for MSRPC. this would be bad, and likely to fail. On Wed, 15 Mar 2000, Sean E. Millichamp wrote: > *sigh*... I didn't attach my smb.conf file, here it is... > > sean > > ------------------------------------------ > Sean E. Millichamp, Consultant > Ingematics - A Division of Compu-Aid, Inc. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals -------------- next part -------------- [global] debug level = 100 #NetBIOS name isn't needed if it's the same as the hostname netbios name = MYSAMBAPDC workgroup = MYDOM #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /opt/samba-tng/private/domaingroup.map domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\MYSAMBAPDC\%U logon path = \\MYSAMBAPDC\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba-tng/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /opt/samba-tng/profile writeable = yes #a public share [public] path = /opt/samba-tng/public browseable = yes public = yes comment = Public share From lkcl at samba.org Wed Mar 15 21:58:21 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:02 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: um... sean, the logs show that you are using a user name of "administrator", but your smb.conf file shows that there is no such user "administrator". ... which is probably why you're not able to log in! :) so, you need to either use the username "ntadmin" in the nt logon dialog, which i notice that you have, or "root", or "ntuser" _or_ add a domain user map (you have a domain group map and domain alias map but no user map) and map "administrator" to one of the three users. On Wed, 15 Mar 2000, Sean E. Millichamp wrote: > *sigh*... I didn't attach my smb.conf file, here it is... > > sean > > ------------------------------------------ > Sean E. Millichamp, Consultant > Ingematics - A Division of Compu-Aid, Inc. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals -------------- next part -------------- [global] debug level = 100 #NetBIOS name isn't needed if it's the same as the hostname netbios name = MYSAMBAPDC workgroup = MYDOM #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /opt/samba-tng/private/domaingroup.map domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\MYSAMBAPDC\%U logon path = \\MYSAMBAPDC\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba-tng/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /opt/samba-tng/profile writeable = yes #a public share [public] path = /opt/samba-tng/public browseable = yes public = yes comment = Public share From mgeddes at xavier.sa.edu.au Wed Mar 15 22:33:24 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:02 2003 Subject: NT 4 login problems References: Message-ID: <38D00FB4.ECD755F2@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > > ok, i _think_ i've got it. two out of two people who have login problems > are using "netbios name = somethingotherthanthednsname". It's also the case if netbios name=theDNSnamejustwithoutthedomainbit, because I can now log onto a TNG domain from NT workstation. I still cannot get TNG to join any domain (TNG OR NT). Whatever the problem is (ie, my fault ;-)) it really appears to be on the client side. Can anyone offer any suggestions for a TNG machine that can create an account but not join the domain? I am using the root/Administrator account. Thanks for your help, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Wed Mar 15 23:18:16 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:02 2003 Subject: NT 4 login problems References: <38D00FB4.ECD755F2@xavier.sa.edu.au> Message-ID: <38D01A38.B25FBDB8@xavier.sa.edu.au> Matthew Geddes wrote: > > Luke Kenneth Casson Leighton wrote: > > > > ok, i _think_ i've got it. two out of two people who have login problems > > are using "netbios name = somethingotherthanthednsname". > > It's also the case if netbios name=theDNSnamejustwithoutthedomainbit, > because I can now log onto a TNG domain from NT workstation. I still > cannot get TNG to join any domain (TNG OR NT). Whatever the problem is > (ie, my fault ;-)) it really appears to be on the client side. Can > anyone offer any suggestions for a TNG machine that can create an > account but not join the domain? I am using the root/Administrator > account. Err. Bad. Umm. Workstation appears to be logging onto the domain using it's machine account, which has NO PASSWORD. At least it logs on ;-). Using rpcclient / TNG, the account is created OK, there is a non-blank password, but it won't join. Hmmmm. Any clues? Thanks, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From jweber at math.cudenver.edu Wed Mar 15 23:09:45 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:29:02 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: Hi, I have this problem (and I've posted it recently) and I've always commented out the netbios name line. So 2 out of 3 who have login problems are using "netbios name = somethingotherthanthednsname". My NT machine joins the domain, but domain logins are refused. I can log into the NT machine locally and browse the shares OK from there, so I assume the user and smb password are OK. My smb.conf is at the end of this message. I'd like to help, so let me know what other info you would like to see from me. I've sent some already and I've been trying the various suggestions I've seen on this list. John S. Weber System Administrator Center for Computational Mathematics University of Colorado at Denver Phone: (303)556-5394 Fax: (303)556-8550 jweber@math.cudenver.edu http://www-math.cudenver.edu/~jweber On Thu, 16 Mar 2000, Luke Kenneth Casson Leighton wrote: > ok, i _think_ i've got it. two out of two people who have login problems > are using "netbios name = somethingotherthanthednsname". [global] #NetBIOS name isn't needed if it's the same as the hostname #netbios name = MYSAMBAPDC workgroup = MATHDOM #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' #domain group map = /opt/samba-tng/private/domaingroup.map #domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager #logon script = login.bat #logon drive = U: #logon home = \\sleepy\%U #logon path = \\sleepy\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba-tng/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /opt/samba-tng/profile writeable = yes #a public share [public] path = /opt/samba-tng/public browseable = yes public = yes comment = Public share From lkcl at samba.org Wed Mar 15 23:59:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:02 2003 Subject: samba-tng-alpha-0.16.tar.gz Message-ID: ok, i noticed some word-order issues in join-to-domain for the smbpasswd sam database option (i normally use --with-sam-pwdb=tdb so did not notice this). when you have a workstation join to a tng domain with smbpasswd file as the sam database, it _should_ now set the trust account password correctly, and this will have been noticeably failing before on any non-intel-word-order machines such as sun ultras and dec alphas etc. pleae report to samba-ntdom if it does or does not work for you, thank you. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From norea.nuon at videotron.ca Thu Mar 16 03:50:37 2000 From: norea.nuon at videotron.ca (Norea Nuon) Date: Tue Dec 2 02:29:02 2003 Subject: Cannot map network drive from NT Message-ID: <38D05A0D.DA66E966@videotron.ca> Hi, We have used Samba 2.0.5a on SGI IRIX 6.5.4. It works well from Windows95/98 clients and WinDD 3.51. We just install NT 4.0 workstation (service pack5) and not able to map network drive on IRIX. Error message: account not authorized. I check on the server (/usr/local/samba/var/log.smb), Samba just close the connection and exit, after "Selected protocol NT LM 0.12" ... Can someone enlighten me please ? Do I need another version of Samba to be able to work with NT 4.0 or I did something wrong ? Thanks in advance. Norea Nuon, norea.nuon@videotron.ca From yannick.thoumelin at cnes.fr Thu Mar 16 06:16:24 2000 From: yannick.thoumelin at cnes.fr (Yannick Thoumelin - OSIATIS) Date: Tue Dec 2 02:29:02 2003 Subject: unsubscribe Message-ID: <38D07C38.7C1448BF@cnes.fr> I want to unsubscribe to the mailing list samba-ntdom@samba.org From sean at compu-aid.com Thu Mar 16 06:26:20 2000 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:29:02 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: On Thu, 16 Mar 2000, Luke Kenneth Casson Leighton wrote: > um... sean, the logs show that you are using a user name of > "administrator", but your smb.conf file shows that there is no such user > "administrator". > > ... which is probably why you're not able to log in! > > :) > > so, you need to either use the username "ntadmin" in the nt logon > dialog, which i notice that you have, or "root", or "ntuser" In those logs I tried logging in with the users: ntuser, ntadmin, root, and administrator (for kicks, I didn't expect it to work) in that order. So either NT wasn't passing the first 3 logins to Samba or you didn't look in the right spots in the log :) Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From lkcl at samba.org Thu Mar 16 06:32:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:02 2003 Subject: NT 4 login problems In-Reply-To: Message-ID: On Thu, 16 Mar 2000, Sean E. Millichamp wrote: > On Thu, 16 Mar 2000, Luke Kenneth Casson Leighton wrote: > > > um... sean, the logs show that you are using a user name of > > "administrator", but your smb.conf file shows that there is no such user > > "administrator". > > > > ... which is probably why you're not able to log in! > > > > :) > > > > so, you need to either use the username "ntadmin" in the nt logon > > dialog, which i notice that you have, or "root", or "ntuser" > > In those logs I tried logging in with the users: ntuser, ntadmin, root, > and administrator (for kicks, I didn't expect it to work) in that order. > > So either NT wasn't passing the first 3 logins to Samba or you didn't look > in the right spots in the log :) ok, darn. well, i only got the last one, because it overwrote the login from the other users. also, it doesn't help hthat your root user ntry has no uaccount control bits (it should be marked as [U ] like the others, to indicate that it's a user. i don't know how this occurred. manually edit the smbpasswd file to corret this, ok? also, try restarting the daemons, esp. netlogond, and send me a .tgz archive again, okie, checking first that it has a net_sam_logon in log.netlogon from the actual user that tried to log in, along with a status code failure. thx sean! luke From snail_talk at yahoo.com Thu Mar 16 08:14:28 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:29:02 2003 Subject: unsubscribe In-Reply-To: <38D07C38.7C1448BF@cnes.fr> Message-ID: <000401bf8f1f$a65a7f10$0200000a@workstation1> scheesh ... another one of these people .. i thiought people should know better by now... geoff. > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Yannick Thoumelin - OSIATIS > Sent: Thursday, March 16, 2000 2:20 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: unsubscribe > > > I want to unsubscribe to the mailing list samba-ntdom@samba.org > From mg at plum.de Thu Mar 16 08:21:32 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:02 2003 Subject: Changing password on first login of a user ? Message-ID: <38D0998C.A18398D3@plum.de> Hi, Is it possible, that the user have to change their password the first time they log in via NT4 to samba ? regards, Michael From Ionut.Gumeni at constantza-port.ro Thu Mar 16 08:41:45 2000 From: Ionut.Gumeni at constantza-port.ro (Ionut Gumeni) Date: Tue Dec 2 02:29:02 2003 Subject: NT domain groups Message-ID: <38D09E49.FB8F282@constantza-port.ro> How can I map UNIX groups to SAMBA groups. I am using samba 2.0.5a From Ionut.Gumeni at constantza-port.ro Thu Mar 16 10:15:38 2000 From: Ionut.Gumeni at constantza-port.ro (Ionut Gumeni) Date: Tue Dec 2 02:29:02 2003 Subject: Download latest Message-ID: <38D0B44A.1965430A@constantza-port.ro> >From where can I download the latest samba-tng code? Thank you, Ionut Gumeni From mike at sag.mephi.ru Thu Mar 16 10:29:23 2000 From: mike at sag.mephi.ru (Khlebnikov Michael) Date: Tue Dec 2 02:29:02 2003 Subject: NT users profiles Message-ID: <001401bf8f32$840881b0$6700a8c0@sag2> I succesfully set up Samba like PDC. My NT workstations try to store user profiles on Samba server. Is there a way to force them to use local profiles? From mg at plum.de Thu Mar 16 10:58:14 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:02 2003 Subject: Download latest References: <38D0B44A.1965430A@constantza-port.ro> Message-ID: <38D0BE46.8596DF89@plum.de> Ionut Gumeni wrote: > > >From where can I download the latest samba-tng code? > Thank you, > Ionut Gumeni ftp://samba.org/pub/samba/alpha and mirror sites. regards, Michael From greg at discreet.com Thu Mar 16 12:29:55 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:02 2003 Subject: Cannot map network drive from NT In-Reply-To: <38D05A0D.DA66E966@videotron.ca> Message-ID: Salut, You need to turn off encrypted passwords on NT. There is a .reg file in the distribution for that. Greg On 16-Mar-00 Norea Nuon wrote: > Hi, > > We have used Samba 2.0.5a on SGI IRIX 6.5.4. It works well from > Windows95/98 clients and WinDD 3.51. We just install NT 4.0 workstation > (service pack5) and not able to map network drive on IRIX. Error > message: account not authorized. > > I check on the server (/usr/local/samba/var/log.smb), Samba just close > the connection and exit, after "Selected protocol NT LM 0.12" ... > > Can someone enlighten me please ? Do I need another version of Samba to > be able to work with NT 4.0 or I did something wrong ? > > Thanks in advance. > > Norea Nuon, > norea.nuon@videotron.ca --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From tom at ee.ucl.ac.uk Thu Mar 16 17:36:03 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:02 2003 Subject: samba-tng-alpha-0.16.tar.gz Message-ID: <200003161736.RAA04065@picard.ee.ucl.ac.uk> Hello, I have been using the smbpasswd sam database all along and have do not have a netbios name = line in smb.conf (posted two days ago). I did a cvs update at 3:30pm (GMT) today and rebuilt samba-TNG. I have been having trouble doing domain logons on an NT4 SP4 workstation (and a Win 2000 one as well) since Tuesday 7th March where the logon fails with the message: The system cannot log you into this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I deleted the machine account from smbpasswd and readded it using: rpcclient -S . -U root -l log createuser tompc$ I then went to the workstation and joined it to the domain without using the create account in the domain option of the dialogue box. I got the message Welcome to the EE domain. (this has always been the case). I then reboot the workstation and try a log in. This fails with the message above. The fact that I can continue to log in from another Win 2000 system which joined the domain before Tuesday 7th March with no trouble indicates to me that the workstation account password is being written incorrectly into the smbpasswd file. I was encouraged to see that Luke had found some more word order problems in relation to the smbpasswd file, but unfortunately, there must still be some more. I have debug level 100 outputs. If anyone wants to look at them, please email me. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From ken at hudat.com Thu Mar 16 18:45:29 2000 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:29:02 2003 Subject: Independant Consultant Wanted... (fwd) Message-ID: Thought I'd forward this here... This is South-ish Florida (FT Lauderdale). Note that you should contact Keith P. Levey and NOT me if you're interested. -peace ---------- Forwarded message ---------- Date: Thu, 16 Mar 2000 11:07:06 -0500 From: Keith P. Levey To: flux Subject: Independant Consultant Wanted... Hello Flux, A good friend of mine is looking for a consultant that he can pay by the hour and have them either provide phone support or onsite support when necessary. The business is located near the Galleria in Ft. Lauderdale, and has only 1 Linux server (RH 6.1). Must have complete general knowledge of Linux, and be well versed in Samba, Remote Printers, and Security. Knowledge of Domino a plus but not necessary at all. Here's the best part, NAME YOUR OWN PRICE...But be prepared to back it up with references and a magnificent display of your skills. ;) Please email me directly. Leave me your phone number and a good time to reach you and I will call you. Best regards, Keith Levey mailto:onthego@mediaone.net PS: GOOD PEOPLE SKILLS IS A MUST! Technical proficiency without the ability to act like a civilized human being is a waste... --------------------------------------------------------------------------- Brought to you by the Florida Linux User Xchange, FLUX. Visit our webpage at: http://www.flux.org Mailing list subscription issues: http://www.flux.org/members/list.html From hulet at ittc.ukans.edu Thu Mar 16 20:05:34 2000 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:29:02 2003 Subject: samba-tng-alpha-0.16.tar.gz In-Reply-To: Message-ID: > correctly, and this will have been noticeably failing before on any > non-intel-word-order machines such as sun ultras and dec alphas etc. Alright I bit on the dec alpha. I cvs'd the latest TNG code 4 hours ago. Compiled and installed on a DEC Alpha 4.0D with no problems except install-sh was set mode 644 and wouldn't execute. I joined the new domain with no problems. I received the "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect" I had a netbios name = in my smb.conf but removed it and still the same problem. I can log into my machine locally and browse the new domain shares with no problems (my local account and domain account are the same). The only thing I've been able to see in the logs was from log.netlogon: cred_create sess_key : D3DAD6EECE6F6156 stor_cred: 5D907507B0249A2A timestamp: 0 timecred : 5D907507B0249A2A calc_cred: A3A863CA57260A14 cred_assert challenge : 79D0A28DC945CEF6 calculated: A3A863CA57260A14 credentials check wrong There is no sign of my user_name trying to log in. Let me know if there is something specific you want me to try otherwise I'll play around with my smb.conf for awhile. Michael Hulet Network System Administrator ITTC, University of Kansas From joannesmith at hotmail.com Thu Mar 16 20:07:58 2000 From: joannesmith at hotmail.com (Joanne Smith) Date: Tue Dec 2 02:29:02 2003 Subject: An ICQ Greeting from Joanne Smith Message-ID: <200003162007.PAA17787@icq-s11.websys.aol.com> A non-text attachment was scrubbed... Name: not available Type: text Size: 379 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000316/fac4adce/attachment.bat From hulet at ittc.ukans.edu Thu Mar 16 20:19:32 2000 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:29:02 2003 Subject: An ICQ Greeting from Joanne Smith In-Reply-To: <200003162007.PAA17787@icq-s11.websys.aol.com> Message-ID: Thanks but my wife isn't going to be happy. Michael Hulet On Fri, 17 Mar 2000, Joanne Smith wrote: > You have a greeting from Joanne Smith waiting for you at: > > http://icq.americangreetings.com/cgi-bin/greetings/read.pl5?msg=424706&id=1007 > > Be creative! > Create your own ICQ Greetings at http://www.icq.com/greetings/ > If you don't have ICQ you can download it at http://www.icq.com > For more greetings visit here: http://www.icq.com/redirect/partner/ag/gallery/email.html > From larry at ptcoupling.com Thu Mar 16 20:22:16 2000 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:29:02 2003 Subject: An ICQ Greeting from Joanne Smith In-Reply-To: <200003162007.PAA17787@icq-s11.websys.aol.com> Message-ID: <005b01bf8f85$522d5c30$01f4dd80@larry.cmt> Hmmm, well, things were getting a little hot and heavy on this list.... >-----Original Message----- >From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of >Joanne Smith >Sent: Thursday, March 16, 2000 2:10 PM >To: Multiple recipients of list SAMBA-NTDOM >Subject: An ICQ Greeting from Joanne Smith > > >You have a greeting from Joanne Smith waiting for you at: > > >http://icq.americangreetings.com/cgi-bin/greetings/read.pl5?msg=424 >706&id=1007 > > Be creative! > Create your own ICQ Greetings at http://www.icq.com/greetings/ > If you don't have ICQ you can download it at http://www.icq.com > For more greetings visit here: >http://www.icq.com/redirect/partner/ag/gallery/email.html > From mgeddes at xavier.sa.edu.au Thu Mar 16 22:03:43 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:02 2003 Subject: An ICQ Greeting from Joanne Smith References: <005b01bf8f85$522d5c30$01f4dd80@larry.cmt> Message-ID: <38D15A3F.2781CA2@xavier.sa.edu.au> Larry McElderry wrote: > > Hmmm, well, things were getting a little hot and heavy on this list.... > I could have *sworn* that this was a Samba list..... Still who am I to complain ...... ;-). I wonder if there's anything involving penguins. Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From lkcl at samba.org Thu Mar 16 21:55:38 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:02 2003 Subject: samba-tng-alpha-0.16.tar.gz In-Reply-To: Message-ID: > problems (my local account and domain account are the same). The only > thing I've been able to see in the logs was from log.netlogon: > > cred_create > sess_key : D3DAD6EECE6F6156 > stor_cred: 5D907507B0249A2A > timestamp: 0 > timecred : 5D907507B0249A2A > calc_cred: A3A863CA57260A14 > cred_assert > challenge : 79D0A28DC945CEF6 > calculated: A3A863CA57260A14 > credentials check wrong nggh! > There is no sign of my user_name trying to log in. Let me know if there no, because that's the stage _after_ this one, if net_auth2 succeeds, which you have shown that it does not. ok. this is bugging me. can you make sure you have compiled with ./configure.developer, put the log level to 100, then restart samrd and then join the workstation to the domain, using the network control panel to type in the root/administrator username/password. examine log.samr for a "samr_set_userinfo2" call that shows the password being set for the workstation trust account, it will be a big chunk (516 bytes of trash) of data, followed by the tash being decoded, and the password should be the-workstation-name-in-lower-case-unicode. DAMMIT i need nt, this is intolerable. From dominik.kubla at uni-mainz.de Thu Mar 16 22:06:46 2000 From: dominik.kubla at uni-mainz.de (Dominik Kubla) Date: Tue Dec 2 02:29:03 2003 Subject: [2.0.5a] Is "public = yes" ignored when using "security = domain" ??? Message-ID: <20000316230646.B781@uni-mainz.de> Dear Gentlefolk, it appears as if the parameter "public = yes" is silently ignored when using "security = domain" in v2.0.6. Tracing the attempt to map the share from outside our domain shows that smb tries to authenticate against the domain and rejects the client. If "public" is the i would expect that smbd would just ignore username/password information an let the client succeed... Is this perhaps fixed in 2.0.6? I am reluctant to upgrade this system for no reason because it is mission critical to me and rock solid... Yours, Dominik Kubla -- Networking Group, Hospital of Johannes Gutenberg-University Obere Zahlbacher Stra?e 69, 55101 Mainz, Germany Tel: +49 (0)6131 17-2482 FAX: +49 (0)6131 17-5521 From RYagatich at csn1.com Thu Mar 16 23:16:14 2000 From: RYagatich at csn1.com (Ryan Yagatich) Date: Tue Dec 2 02:29:03 2003 Subject: An ICQ Greeting from Joanne Smith Message-ID: <6F81C626C1AFD311A2420090279D366A01BAD1@csn23.csn1.com> and this has to do with samba how? ryan -----Original Message----- From: Joanne Smith To: Multiple recipients of list SAMBA-NTDOM Sent: 3/16/00 3:10 PM Subject: An ICQ Greeting from Joanne Smith You have a greeting from Joanne Smith waiting for you at: http://icq.americangreetings.com/cgi-bin/greetings/read.pl5?msg=424706&i d=1007 Be creative! Create your own ICQ Greetings at http://www.icq.com/greetings/ If you don't have ICQ you can download it at http://www.icq.com For more greetings visit here: http://www.icq.com/redirect/partner/ag/gallery/email.html From snail_talk at yahoo.com Fri Mar 17 02:13:54 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:29:03 2003 Subject: An ICQ Greeting from Joanne Smith In-Reply-To: <6F81C626C1AFD311A2420090279D366A01BAD1@csn23.csn1.com> Message-ID: <000001bf8fb6$71d668c0$0200000a@workstation1> hi, i don't have a girlfriend, or a wife, but i think i'll pass.. i guess this can be considered as spam ... hm...we hardly ever get spam on the samba-ntdom list though ... > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Ryan Yagatich > Sent: Friday, March 17, 2000 7:24 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: An ICQ Greeting from Joanne Smith > > > > and this has to do with samba how? > > ryan > -----Original Message----- > From: Joanne Smith > To: Multiple recipients of list SAMBA-NTDOM > Sent: 3/16/00 3:10 PM > Subject: An ICQ Greeting from Joanne Smith > > You have a greeting from Joanne Smith waiting for you at: > > http://icq.americangreetings.com/cgi-bin/greetings/read.pl5?msg=424706&i d=1007 Be creative! Create your own ICQ Greetings at http://www.icq.com/greetings/ If you don't have ICQ you can download it at http://www.icq.com For more greetings visit here: http://www.icq.com/redirect/partner/ag/gallery/email.html From shepherd at orgx.co.nz Fri Mar 17 04:01:32 2000 From: shepherd at orgx.co.nz (shepherd@orgx.co.nz) Date: Tue Dec 2 02:29:03 2003 Subject: Password Change from NT client Message-ID: I have samba 2.0.6 installed and network logins are working fine. However the users would like to change their passwords from the NT client by the usual methods. When they try they get something like "the username and/or password is incorrect". Can this be done or does it effectively have to be done administratively via smbpasswd? Cheers, Richard Shepherd Organisation X Auckland, NZ From shepherd at orgx.co.nz Fri Mar 17 04:49:58 2000 From: shepherd at orgx.co.nz (shepherd@orgx.co.nz) Date: Tue Dec 2 02:29:03 2003 Subject: How admin domain user from client? In-Reply-To: <38CE6400.E4D3BE8F@yahoo.com> Message-ID: On Wed, 15 Mar 2000, geoffrey lee wrote: > > I have succesfully install samba 2.0.6 on my Tru64 Alpha system. I try > > to configure samba like PDC (that's OK!) but I cannot admin domain user > > from windows NT client? It's impossible ??? > > i guess this question should get the "FAQ" status... Yes it definitely should be!!! > if you have, ti's a simple matter of adding > > domain admin group = @your_group > > to your smb.conf, and then restart samba. (e.g. su to root, > /etc/rc.d/init.d/samba restart) I've been searching for this for a month or more! Thanks for showing us. All I had wrong was that the "@" was missing. I guess I shouldn't be surprised given the way the @'s are used for group names elsewhere in smb.conf... Cheers, Richard Shepherd Organisation X Auckland, NZ From hanak at IRIS.osu.cz Fri Mar 17 09:07:19 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:29:03 2003 Subject: Password Change from NT client In-Reply-To: Message-ID: On Fri, 17 Mar 2000 shepherd@orgx.co.nz wrote: > I have samba 2.0.6 installed and network logins are working fine. However > the users would like to change their passwords from the NT client by the > usual methods. When they try they get something like "the username and/or > password is incorrect". Can this be done or does it effectively have to > be done administratively via smbpasswd? > Every user can change their password by standard method in NT. Problem may be in unix passwd sync turned on. Caused by cracklib in PAM (control over "right" passwd) or in passwd chat. If you need to sync samba and unix passwords, try turn on debug for passwd chat and look to logs. O.H. From peter at springsoft.com.tw Fri Mar 17 09:10:53 2000 From: peter at springsoft.com.tw (peter) Date: Tue Dec 2 02:29:03 2003 Subject: No subject Message-ID: <001901bf8ff0$b305fba0$9001a8c0@springsoft.com.tw> subscribe samba-ntdom -------------- next part -------------- HTML attachment scrubbed and removed From admin at praesi.hercynia.verb.tu-clausthal.de Fri Mar 17 09:34:09 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (=?X-UNKNOWN?Q?Sascha_L=FCtzel_als_Serveradmin?=) Date: Tue Dec 2 02:29:03 2003 Subject: How to loin Samba Controlled Domain with W2k Message-ID: Hello everyone! Since two days I have runnig W2K on my computer and would like to join my SAMBA (cvs main branch from 17. march). But W2K says that the Domain does not exist, but WinNt 4.0 Sp6 succsessfull joining the Domain. Another problem is the printing. From NT 4 I can sucssesfully print to the printer at the SAMBA server, W2K can not install the printer it can not connect. Sascha Ltuezel From Mark.Loftin at irs.gov Fri Mar 17 11:03:42 2000 From: Mark.Loftin at irs.gov (Loftin Mark S) Date: Tue Dec 2 02:29:03 2003 Subject: Access is denied. Message-ID: <152C3EA3175BD3119FAE0004AC23D7D55634A5@atl0020xf01> I have SAMBA 2.0.5 running on Linux. Under Linux 5.2 it worked fantastically. Wednesday I upgraded to Linux 6.2 and now, from NT workstations, I get "Access is denied" whenever I try to link to a SAMBA share (as defined in the "/etc/smb.conf" file). Whenever I run "testparm" the "smb.conf" file seems to be OK. Any help would be greatly appreciated. Thank you Mark S. Loftin 404-338-7041 mark.loftin@irs.gov -------------- next part -------------- HTML attachment scrubbed and removed From IJamison at iss-dsp.com Fri Mar 17 11:18:11 2000 From: IJamison at iss-dsp.com (Ian Jamison) Date: Tue Dec 2 02:29:03 2003 Subject: Which NTDOM tree to use? Message-ID: <38D21473.EA307B4A@iss-dsp.com> Hi, I'm a little confused by Lars' comments on Samba-HEAD wrt PDC support on his TNG web pages. I thought that prior to TNG all the serious PDC development was going into the HEAD revision, but the pages indicate that HEAD has little or no PDC support. I have an urgent requirement to run M$ Exchange server (unfortunately), and it's complaining about unmapped users to RIDs, against a 2.0.5a server. I'm not sure which tree is best to use as the PDC (TNG or HEAD). Which is most stable at the moment? I need NT/98 logins, NT roaming profiles, and support for user/group lists and of course M$ Exchange. Domain user/groups in ACLs would be nice too - which I think steers me more towards TNG? I can run 2.0.7 (or whatever) on the fileservers. Can someone clear up which tree is the preferred tree? 'Bye, IanJ. ------------------------------------------------------------ Integrated Silicon Systems Ltd. Tel: +44 28 90 50 4000 50 Malone Road Fax: +44 28 90 50 4002 Belfast BT9 5BS Web: www.iss-dsp.com From snail_talk at yahoo.com Fri Mar 17 11:34:31 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:29:03 2003 Subject: How to loin Samba Controlled Domain with W2k In-Reply-To: Message-ID: <000401bf9004$c2f5a290$0200000a@workstation1> hi, > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Sascha L?tzel als Serveradmin > Sent: Friday, March 17, 2000 5:43 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: How to loin Samba Controlled Domain with W2k > > > Hello everyone! > > > Since two days I have runnig W2K on my computer and would like to join my > SAMBA (cvs main branch from 17. march). But W2K says i.e. yiou want the samba main cvs branch to have nt pdc + win2k pdc compat mode pdc support? try samba-tng instead ..... that the Domain does > not exist, but WinNt 4.0 Sp6 succsessfull joining the Domain. > > Another problem is the printing. From NT 4 I can sucssesfully print to the > printer at the SAMBA server, W2K can not install the printer it can not > connect. > > > Sascha Ltuezel > From Alan.Hourihane at pinacl.co.uk Fri Mar 17 12:06:51 2000 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:29:03 2003 Subject: attribute changing utility ? Message-ID: <002001bf9009$47750520$1ad120c1@pinacl.co.uk> Does anyone know of a attribute changing utility for WinNT that works with Samba ? I'm trying to change file creation times and dates... Help ! Alan. -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1504 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000317/385cfdf3/winmail.bin From hanak at IRIS.osu.cz Fri Mar 17 12:28:58 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:29:03 2003 Subject: Access is denied. In-Reply-To: <152C3EA3175BD3119FAE0004AC23D7D55634A5@atl0020xf01> Message-ID: On Fri, 17 Mar 2000, Loftin Mark S wrote: > I have SAMBA 2.0.5 running on Linux. Under Linux 5.2 it worked > fantastically. Wednesday I upgraded to Linux 6.2 and now, from NT > workstations, I get "Access is denied" whenever I try to link to a SAMBA > share (as defined in the "/etc/smb.conf" file). Whenever I run "testparm" > the "smb.conf" file seems to be OK. Any help would be greatly appreciated. > Thank you Try turn on encrypt password (encrypt passwords = Yes in smb.conf). O.H. From sharpe at ns.aus.com Fri Mar 17 09:50:19 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:29:03 2003 Subject: Access is denied. In-Reply-To: References: <152C3EA3175BD3119FAE0004AC23D7D55634A5@atl0020xf01> Message-ID: <3.0.6.32.20000317195019.009413f0@203.16.214.248> At 11:25 PM 3/17/00 +1100, Ondrej Hanak wrote: > > >On Fri, 17 Mar 2000, Loftin Mark S wrote: > >> I have SAMBA 2.0.5 running on Linux. Under Linux 5.2 it worked >> fantastically. Wednesday I upgraded to Linux 6.2 and now, from NT >> workstations, I get "Access is denied" whenever I try to link to a SAMBA >> share (as defined in the "/etc/smb.conf" file). Whenever I run "testparm" >> the "smb.conf" file seems to be OK. Any help would be greatly appreciated. >> Thank you > >Try turn on encrypt password (encrypt passwords = Yes in smb.conf). >O.H. Ummm, NO, THAT IS NOT THE SOLUTION. That only leads to more work for the guy, however, that may hint at the problem. As I understand it, you were using RH Linux 5.2 (there are more versions of Linux out there than just RH :-), which shipped with 1.9.18p10 or something like that. The default security mode was share under 1.9.18p10, while with Samba 2.0.5 it is user. You should: 1, upgrade to Samba 2.0.5a from the RH web site 2, probably add security=share in your smb.conf file which will get you back to your former situation. However, without more info, we are simply guessing. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From david at kalifornia.com Fri Mar 17 12:46:32 2000 From: david at kalifornia.com (David Ford) Date: Tue Dec 2 02:29:03 2003 Subject: Access is denied. References: Message-ID: <38D22927.7E5308B3@kalifornia.com> Ondrej Hanak wrote: > On Fri, 17 Mar 2000, Loftin Mark S wrote: > > > I have SAMBA 2.0.5 running on Linux. Under Linux 5.2 it worked > > fantastically. Wednesday I upgraded to Linux 6.2 and now, from NT > > workstations, I get "Access is denied" whenever I try to link to a SAMBA > > share (as defined in the "/etc/smb.conf" file). Whenever I run "testparm" > > the "smb.conf" file seems to be OK. Any help would be greatly appreciated. > > Thank you > > Try turn on encrypt password (encrypt passwords = Yes in smb.conf). > O.H. [Loftin] btw, that is "Redhat" version 5.2,/6.2 not "Linux" version 5.2/6.2. There is no such thing as Linux 6.2. The highest version is 2.3.99 presently. Linux xxx refers to the version of the kernel. -d From admin at praesi.hercynia.verb.tu-clausthal.de Fri Mar 17 13:04:42 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (=?iso-8859-1?Q?Sascha_L=FCtzel?=) Date: Tue Dec 2 02:29:03 2003 Subject: How to loin Samba Controlled Domain with W2k References: <000401bf9004$c2f5a290$0200000a@workstation1> Message-ID: <000801bf9011$5c661160$aceeae8b@hercynia.verb.tuclausthal.de> Where to get samba tng?????? ----- Original Message ----- From: "geoffrey lee" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Friday, March 17, 2000 12:35 PM Subject: RE: How to loin Samba Controlled Domain with W2k > hi, > > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Sascha L?tzel als Serveradmin > > Sent: Friday, March 17, 2000 5:43 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: How to loin Samba Controlled Domain with W2k > > > > > > Hello everyone! > > > > > > Since two days I have runnig W2K on my computer and would like to join my > > SAMBA (cvs main branch from 17. march). But W2K says > > i.e. yiou want the samba main cvs branch to have nt pdc + win2k pdc compat > mode pdc support? try samba-tng instead ..... > > > that the Domain does > > not exist, but WinNt 4.0 Sp6 succsessfull joining the Domain. > > > > Another problem is the printing. From NT 4 I can sucssesfully print to the > > printer at the SAMBA server, W2K can not install the printer it can not > > connect. > > > > > > Sascha Ltuezel > > > From Mark.Loftin at irs.gov Fri Mar 17 13:27:43 2000 From: Mark.Loftin at irs.gov (Loftin Mark S) Date: Tue Dec 2 02:29:03 2003 Subject: Access is denied. Message-ID: <152C3EA3175BD3119FAE0004AC23D7D55634AB@atl0020xf01> Thanks, but I found out the problem from someone I work with here ... > # Security mode. Most people will want user level security. See > # security_level.txt for details. > ; security = user > # Use password server option only with security = server > ; password server = > > The default in earlier versions of samba was security = share (which > is what you want for the sort of public (guest) accessible only shares > you have below. The default security in samba 2.0 is security = user, > which requires that the userid provided by the connecting workstation > map to a unix account. You'll want to set this to security = share > to enable the old behavior. > > You can also enable security = domain with > password server = NT-pdc1, nt-bdc1, nt-bdc2 to hand-off authentication > to an NT domain controller if you ever wanted something other than > public shares. Even utilities to autosync (and create) local accounts > matching the NT accounts. > > But security = share should get everything working again. > > Scott > -----Original Message----- From: Ondrej Hanak [mailto:hanak@IRIS.osu.cz] Sent: Friday, March 17, 2000 7:29 AM To: Loftin Mark S Cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: Access is denied. On Fri, 17 Mar 2000, Loftin Mark S wrote: > I have SAMBA 2.0.5 running on Linux. Under Linux 5.2 it worked > fantastically. Wednesday I upgraded to Linux 6.2 and now, from NT > workstations, I get "Access is denied" whenever I try to link to a SAMBA > share (as defined in the "/etc/smb.conf" file). Whenever I run "testparm" > the "smb.conf" file seems to be OK. Any help would be greatly appreciated. > Thank you Try turn on encrypt password (encrypt passwords = Yes in smb.conf). O.H. -------------- next part -------------- HTML attachment scrubbed and removed From gstueber at netway.at Fri Mar 17 14:08:01 2000 From: gstueber at netway.at (=?iso-8859-1?Q?=22St=FCber=2C_Gordon=22?=) Date: Tue Dec 2 02:29:03 2003 Subject: Netbios Scope ID Message-ID: Hi guys I would need help in a small problem i have. I am setting up a linux file server (REDHAT 6.1 SAMBA 2.06) in a nt environment, that has a netbios scope id. As far as i know samba is not supporting this feature. So it would be nice if someone could give some help to set this up.... Greetings Gordon Stueber From Todd.Smeed at home.com Fri Mar 17 14:08:40 2000 From: Todd.Smeed at home.com (@Home) Date: Tue Dec 2 02:29:03 2003 Subject: Unknown Parameter Message-ID: I'm new to Linux in general but I have been trying to access a share on my Linux server from my Nt server, I can see it in the browser but when I click on it an error pops up stating 'semaphore expired'. When I do a testparm on the Linux machine it states 'unknown parameter : domain controller', parameter ignored. I have seen messages regarding this same thing in the archives but I have not found any solutions. please tell me that there is a solution to it. I'm running 2.0.3 (I think) Todd W Smeed From IJamison at iss-dsp.com Fri Mar 17 14:46:40 2000 From: IJamison at iss-dsp.com (Ian Jamison) Date: Tue Dec 2 02:29:03 2003 Subject: TNG: Problem with %h macro in .conf files Message-ID: <38D24550.ECD4A1D6@iss-dsp.com> Hi, I've just spent a while tracking down a problem with smbpasswd in TNG (as of this morning). Finally I noticed that my host-specific smb.conf (include /path/smb.conf.%h in the generic smb.conf) wan't being loaded. It seems %h is empty for smbpasswd. So the daemons all fire up happily (since they can see the rest of the .conf), and smbpasswd fails since it can't find the domain user map file, can't map root, can't add root to an empty smbpasswd file, etc, etc. Is %h not supported any more, or is this just a bug? 'Bye, IanJ. ------------------------------------------------------------ Integrated Silicon Systems Ltd. Tel: +44 28 90 50 4000 50 Malone Road Fax: +44 28 90 50 4002 Belfast BT9 5BS Web: www.iss-dsp.com From Elrond at Wunder-Nett.org Fri Mar 17 15:37:29 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:29:03 2003 Subject: samba-tng-alpha-0.16.tar.gz In-Reply-To: <200003161736.RAA04065@picard.ee.ucl.ac.uk>; from Tom Crummey on Fri, Mar 17, 2000 at 04:37:07AM +1100 References: <200003161736.RAA04065@picard.ee.ucl.ac.uk> Message-ID: <20000317163729.A15900@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Mar 17, 2000 at 04:37:07AM +1100, Tom Crummey wrote: > Hello, > > I have been using the smbpasswd sam database all along and have do not > have a netbios name = line in smb.conf (posted two days ago). I did > a cvs update at 3:30pm (GMT) today and rebuilt samba-TNG. I have been > having trouble doing domain logons on an NT4 SP4 workstation (and a Win 2000 > one as well) since Tuesday 7th March where the logon fails with the > message: > > The system cannot log you into this domain because the system's computer > account in its primary domain is missing or the password on that account > is incorrect. > > I deleted the machine account from smbpasswd and readded it using: > > rpcclient -S . -U root -l log > createuser tompc$ Add the following command: samuserset tompc$ -p tompc after the createuser and continue as you already described: > I then went to the workstation and joined it to the domain without using > the create account in the domain option of the dialogue box. I got the > message Welcome to the EE domain. (this has always been the case). > [...] Elrond From IJamison at iss-dsp.com Fri Mar 17 15:38:59 2000 From: IJamison at iss-dsp.com (Ian Jamison) Date: Tue Dec 2 02:29:03 2003 Subject: TNG: Another problem with smbpasswd Message-ID: <38D25193.EDD5CB6D@iss-dsp.com> Hi again, smbpasswd is bombing out with a segfault in map_domain_name_to_sid. It seems that my simple "root=Administrator" domain user map doesn't include a specifically named domain. Map domain name attempts to override this blank name with global_sam_name. This is unitialised. I don't see any of the debug messages for get_sam_domain_name in the output of smbpasswd at high debug level. I guess pwdb_initialise isn't called for smbpasswd. I can't get past the first command in Lars' setting up TNG page. My guess is that I'm doing something different to most other people using TNG. Are you all LDAP'd now? Is noone using smbpasswd files? I'll include the .conf files in case someone can shed some light. This is running on Solaris 2.7 in case that make a difference. I've also include a snippet from samba.smb log file which shows working calls to get_sam_domain_name and SID mapping. Thanks, IanJ. ------------- [smb.conf] -------------------- [global] allow hosts = 127.0.0.1 192.168.100.0/255.255.255.0 except 192.168.100.1 encrypt passwords = yes guest ok = no smb passwd file = /usr/local/samba/private/smbpasswd printing = bsd printcap name = /etc/printcap load printers = no lock directory = /tmp/samba share modes = yes getwd cache = yes socket options = TCP_NODELAY dead time = 5 map archive = no debug level = 20 max log size = 200 log file = /var/log/samba/samba.%m client code page = 850 character set = ISO8859-1 preserve case = yes short preserve case = yes case sensitive = no time server = yes unix realname = yes include = /usr/local/samba/lib/smb.conf.plato ------------- [smb.conf.plato] -------------------- [global] netbios name = SAMBAPDC workgroup = BELFAST server string = ISS Belfast PDC security = user domain logons = yes logon script = %U.bat logon drive = z: logon home = \\%L\profiles logon path = \\%L\profiles\%U\Profile # domain admin group = @ntadmin domain group map = /usr/local/samba/private/domaingroup.map domain alias map = /usr/local/samba/private/domainalias.map domain user map = /usr/local/samba/private/domainuser.map username map = /usr/local/samba/private/user.map os level = 65 preferred master = yes domain master = yes wins support = yes [profiles] comment = User Roaming Profiles path = /export/disk/samba/profiles read only = No create mask = 0700 directory mask = 0700 [netlogon] path = /usr/local/samba/netlogon writable = no comment = PDC Netlogon ------------- [samba.smb] -------------------- get_sam_domain_name: PDC/BDC BELFAST read_sid: Domain: BELFAST sid_to_string returning S-1-5-21-1492692257-2481733280-2952610505 read_sid_from_file /usr/local/samba/private/BELFAST.SID: sid S-1-5-21-1492692257-24817332> get_member_domain_sid: sid_to_string returning S-1-5-21-1492692257-2481733280-2952610505 S-1-5-21-1492692257-2481733280-2952610505 sid_to_string returning S-1-5-32 Map: Domain: BUILTIN SID: S-1-5-32 sid_to_string returning S-1-1 Map: Domain: Global Domain SID: S-1-1 sid_to_string returning S-1-1-0 Map: Domain: Everyone SID: S-1-1-0 sid_to_string returning S-1-3 Map: Domain: Creator Owner SID: S-1-3 sid_to_string returning S-1-5 Map: Domain: NT Authority SID: S-1-5 sid_to_string returning S-1-5-17 Map: Domain: SYSTEM SID: S-1-5-17 sid_to_string returning S-1-5-21-1492692257-2481733280-2952610505 Map: Domain: BELFAST SID: S-1-5-21-1492692257-2481733280-2952610505 sid_to_string returning S-1-5-21-1492692257-2481733280-2952610505 Map: Domain: BELFAST SID: S-1-5-21-1492692257-2481733280-2952610505 loaded services Becoming a daemon. ------------------------------------------------------------ Integrated Silicon Systems Ltd. Tel: +44 28 90 50 4000 50 Malone Road Fax: +44 28 90 50 4002 Belfast BT9 5BS Web: www.iss-dsp.com From Elrond at Wunder-Nett.org Fri Mar 17 15:46:37 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:29:03 2003 Subject: An ICQ Greeting from Joanne Smith In-Reply-To: <000001bf8fb6$71d668c0$0200000a@workstation1>; from geoffrey lee on Fri, Mar 17, 2000 at 01:04:17PM +1100 References: <6F81C626C1AFD311A2420090279D366A01BAD1@csn23.csn1.com> <000001bf8fb6$71d668c0$0200000a@workstation1> Message-ID: <20000317164637.B15900@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Mar 17, 2000 at 01:04:17PM +1100, geoffrey lee wrote: > hi, > > i don't have a girlfriend, or a wife, but i think i'll pass.. > > i guess this can be considered as spam ... > hm...we hardly ever get spam on the samba-ntdom list though ... [...] Yeah... I still wonder why... (Okay, after being more active on samba I now get more personal spam...) Elrond From timothy_d_cole at md.northgrum.com Fri Mar 17 15:51:51 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:29:03 2003 Subject: map to guest = bad user Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB56323C@xcgmd008.md.essd.northgrum.com> Does map to guest = bad user work in "server" security mode? Just playing with it a little, it looks like it might be unable to differentiate between bad users and bad passwords under those circmstances. Is that in fact the case? From tom at ee.ucl.ac.uk Fri Mar 17 15:55:39 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:03 2003 Subject: TNG: Another problem with smbpasswd Message-ID: <200003171555.PAA15977@picard.ee.ucl.ac.uk> Hello, No I'm using TNG with smbpasswd files. I can't get it to work. Something is badly broken in password setting. (see message to Elrond/samba-ntdom) I'm on SUN Ultra Solaris 2.7 gcc 281 64 bit kernel TBG cvs update from 11:00am GMT 17/3/00 Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From tom at ee.ucl.ac.uk Fri Mar 17 15:57:01 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:03 2003 Subject: samba-tng-alpha-0.16.tar.gz Message-ID: <200003171557.PAA16088@picard.ee.ucl.ac.uk> Hello Elrond When I do samuserset tompc$ -p tompc I ge this: [root@.]$ samuserset tompc$ -p tompc samuserset tompc$ -p tompc SAM Set User Info: tompc$ Password: ?????? Set User Info: Failed ? Here is the relevant part of the log.samr file at level 100: unbecome_to_initial_uid now uid=(0,0) gid=(0,0) Setting 0 in 11 groups: 1, 0, 2, 3, 4, 5, 6, 7, 8, 9, 12 become_unix_sec_ctx uid=(0,0) gid=(1,1) vuser=(23049,67) api_pipe_request: validated auth pipe name: samr search name: samr Doing \PIPE\samr api_rpc_command: api_samr_rpc op 0x3a - api_rpc_command: SAMR_SET_USERINFO 000008 samr_io_q_set_userinfo 000008 smb_io_pol_hnd pol 0008 ptr: 00000000 00000c smb_io_rpc_iface uuid 000c time_low: 36137680 0010 time_mid: 9028 0012 time_hiv: 01bf 0014 rem: 0f 5a 00 00 04 00 00 00 001c switch_value: 0018 00001e samr_io_userinfo_ctr ctr 0020 switch_value: 0018 000024 sam_io_user_info24 0024 password: 21 22 84 95 5c 0d 5c 72 8a 06 1f 40 57 6e 92 6d c7 1a 7f a3 f0 cc eb 97 45 2b 4c 32 27 96 5f 9a af 67 ff 7e 6d 9f b9 c1 41 7c 7d 7e 30 fc 22 19 8b 34 98 2d bb 63 9e c0 4b 4f 8b 05 a0 71 08 54 97 73 5c be 4a 48 e4 a3 0a 39 7b 8a cd 1c 00 9e c8 7d 68 11 f2 2c f4 9d 5c d8 4d 54 b8 45 15 35 a2 18 7a 86 bd 56 c7 a9 5e 83 49 6d 00 44 12 67 ed 6d b9 90 9f 94 4d f5 4c 49 04 ee c5 35 ef e1 58 7f 08 db 33 95 5c db cb ad 9b 11 0a 02 0d 35 2c 59 15 64 ae b9 4e 2e 08 4d 0e 3e 03 dc bc c9 25 e1 16 f2 f6 a4 b6 32 19 de ef 85 79 2b ff 42 14 2b d8 fd 5d 78 73 49 95 73 a6 11 80 37 3c 2c 03 b0 6b 40 bf e6 5b d2 c8 5c 46 98 6c 1a ef 34 90 d3 7b 38 da 85 d3 2e 97 39 cb 23 4a 2b e7 41 eb 08 89 36 21 99 af cc 32 83 55 99 0d 4f 89 fb 63 c3 e4 50 74 ac 64 49 4a c8 b6 1d 68 ec 54 b2 3b 3f a8 3e d3 57 e2 46 d8 1a ee ab c4 53 ca 45 d2 a5 33 f3 77 64 fb 45 27 0c f7 8f 21 d2 39 46 61 ee 3a 9e 47 cb d4 30 41 15 cf 5e 9d 9f 55 07 26 26 77 8d bb cf a9 c1 f8 79 d1 75 f8 d8 38 db ed 74 7a f1 67 95 1f c0 93 30 bf 09 +> 90 0b 86 09 a9 14 0e cf 64 fa c7 31 67 b7 fa 9a 6f 4f 22 8e 54 8b 5b e1 fa 2b 21 e3 6d e2 03 1f 70 ca 61 e1 a7 d3 0c 41 d2 a1 56 8e 7d 99 a6 e6 61 46 fa 69 b4 46 f7 75 37 73 07 5b 91 e1 b9 54 74 e9 db c6 74 1d cb 7a f2 11 b2 dd bc fa 1d e6 1c f4 86 7f 56 e7 ea e9 d0 d4 a8 12 fb a9 ee a6 e8 47 3f 01 bc da 71 3c 98 18 ff 88 fd 8a 99 d1 8e 14 15 72 6b 5f 29 f4 4e e7 ed 40 a1 c8 77 e3 6d 7e 98 7c 1e 58 47 ce e0 e7 0a 1d 19 7c 10 4c 55 d0 76 5c ed ed f7 4f 90 ba cb 72 a3 4d e0 ed 74 36 30 ce 1d 8f 44 e7 06 54 e9 47 3c cb 82 c7 d4 d4 c4 be e7 a4 7d 5c 0228 unk_0: 0002 samr_reply_set_userinfo: 2031 Found policy hnd[4] [000] 00 00 00 00 36 13 76 80 90 28 01 BF 0F 5A 00 00 ....6.v. .(...Z.. [010] 04 00 00 00 .... Found policy hnd[4] [000] 00 00 00 00 36 13 76 80 90 28 01 BF 0F 5A 00 00 ....6.v. .(...Z.. [010] 04 00 00 00 .... Getting policy vuser_key pnum=4 pid=23049 vuid=67 and later.... map_unixid: enum entry unix group staff 10 nt Domain Users S-1-5-21-3439208080-2900594044-3298876207-513 pwdb_sam_map_name: found gid 10001 and group rid 0xa02d for unix user tompc$ decode_pw_buffer: incorrect password length (-1517232634). 000000 samr_io_r_set_userinfo 0000 status: c0000022 called api_samr_rpc create_noauth_reply: data_start: 0 data_end: 4 max_tsize: 5680 Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From snail_talk at yahoo.com Fri Mar 17 16:22:01 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:29:03 2003 Subject: Unknown Parameter In-Reply-To: Message-ID: <000401bf902c$ecb292f0$0200000a@workstation1> yo, > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > @Home > Sent: Friday, March 17, 2000 10:17 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Unknown Parameter > > > I'm new to Linux in general but I have been trying to access a share on my > Linux server from my Nt server, I can see it in the browser but > when I click > on it an error pops up stating 'semaphore expired'. > > When I do a testparm on the Linux machine it states 'unknown parameter : > domain controller', parameter ignored. I have seen of course! the parameter is deprecated! messages > regarding this > same thing in the archives but I have not found any solutions. > please tell > me that there is a solution to it. > > I'm running 2.0.3 (I think) > > Todd W Smeed > From Elrond at Wunder-Nett.org Fri Mar 17 16:24:46 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:29:03 2003 Subject: samba-tng-alpha-0.16.tar.gz In-Reply-To: <200003171557.PAA16088@picard.ee.ucl.ac.uk>; from Tom Crummey on Sat, Mar 18, 2000 at 03:07:34AM +1100 References: <200003171557.PAA16088@picard.ee.ucl.ac.uk> Message-ID: <20000317172445.A15278@baerbel.mug.maschinenbau.tu-darmstadt.de> Okay... That looks like more byte-order fun... since I realy don't know much in that area... You have to wait for Luke to look at your log. The other thing, you might want to try: On the commandline as root: # smbpasswd tompc$ when asked for the password, type "tompc" and retype it, when asked to do so. And then try to join the domain as usual. What you also should try: - remove the tompc$-entry from smbpasswd - use the network-control-panels "create machine trust account"-entry and type in "root" and root's smb-password. (I don't have much hope, this will work, cause it does nearly the same as samuserset tompc$ -p tompc, except it uses another password) Elrond On Sat, Mar 18, 2000 at 03:07:34AM +1100, Tom Crummey wrote: > Hello Elrond > > When I do samuserset tompc$ -p tompc I ge this: > > [root@.]$ samuserset tompc$ -p tompc > samuserset tompc$ -p tompc > SAM Set User Info: tompc$ > Password: ?????? > Set User Info: Failed > > > ? > Here is the relevant part of the log.samr file at level 100: > > unbecome_to_initial_uid now uid=(0,0) gid=(0,0) > Setting 0 in 11 groups: 1, 0, 2, 3, 4, 5, 6, 7, 8, 9, 12 > become_unix_sec_ctx uid=(0,0) gid=(1,1) vuser=(23049,67) > api_pipe_request: validated auth > pipe name: samr > search name: samr > Doing \PIPE\samr > api_rpc_command: api_samr_rpc op 0x3a - api_rpc_command: SAMR_SET_USERINFO > 000008 samr_io_q_set_userinfo > 000008 smb_io_pol_hnd pol > 0008 ptr: 00000000 > 00000c smb_io_rpc_iface uuid > 000c time_low: 36137680 > 0010 time_mid: 9028 > 0012 time_hiv: 01bf > 0014 rem: 0f 5a 00 00 04 00 00 00 > 001c switch_value: 0018 > 00001e samr_io_userinfo_ctr ctr > 0020 switch_value: 0018 > 000024 sam_io_user_info24 > 0024 password: 21 22 84 95 5c 0d 5c 72 8a 06 1f 40 57 6e 92 6d c7 1a > 7f a3 f0 cc eb 97 45 2b 4c 32 27 96 5f 9a > af 67 ff 7e 6d 9f b9 c1 41 7c 7d 7e 30 fc 22 19 8b 34 98 2d bb 63 9e c0 4b 4f 8b > 05 a0 71 08 54 97 73 5c be 4a 48 e4 a3 0a > 39 7b 8a cd 1c 00 9e c8 7d 68 11 f2 2c f4 9d 5c d8 4d 54 b8 45 15 35 a2 18 7a 86 > bd 56 c7 a9 5e 83 49 6d 00 44 12 67 ed 6d > b9 90 9f 94 4d f5 4c 49 04 ee c5 35 ef e1 58 7f 08 db 33 95 5c db cb ad 9b 11 0a > 02 0d 35 2c 59 15 64 ae b9 4e 2e 08 4d 0e > 3e 03 dc bc c9 25 e1 16 f2 f6 a4 b6 32 19 de ef 85 79 2b ff 42 14 2b d8 fd 5d 78 > 73 49 95 73 a6 11 80 37 3c 2c 03 b0 6b 40 > bf e6 5b d2 c8 5c 46 98 6c 1a ef 34 90 d3 7b 38 da 85 d3 2e 97 39 cb 23 4a 2b e7 > 41 eb 08 89 36 21 99 af cc 32 83 55 99 0d > 4f 89 fb 63 c3 e4 50 74 ac 64 49 4a c8 b6 1d 68 ec 54 b2 3b 3f a8 3e d3 57 e2 46 > d8 1a ee ab c4 53 ca 45 d2 a5 33 f3 77 64 > fb 45 27 0c f7 8f 21 d2 39 46 61 ee 3a 9e 47 cb d4 30 41 15 cf 5e 9d 9f 55 07 26 > 26 77 8d bb cf a9 c1 f8 79 d1 75 f8 d8 38 > db ed 74 7a f1 67 95 1f c0 93 30 bf 09 +> > 90 0b 86 09 a9 14 0e cf 64 fa c7 31 67 b7 fa 9a 6f 4f 22 8e 54 8b 5b e1 fa 2b 21 > e3 6d e2 03 1f 70 ca 61 e1 a7 d3 0c 41 d2 > a1 56 8e 7d 99 a6 e6 61 46 fa 69 b4 46 f7 75 37 73 07 5b 91 e1 b9 54 74 e9 db c6 > 74 1d cb 7a f2 11 b2 dd bc fa 1d e6 1c f4 > 86 7f 56 e7 ea e9 d0 d4 a8 12 fb a9 ee a6 e8 47 3f 01 bc da 71 3c 98 18 ff 88 fd > 8a 99 d1 8e 14 15 72 6b 5f 29 f4 4e e7 ed > 40 a1 c8 77 e3 6d 7e 98 7c 1e 58 47 ce e0 e7 0a 1d 19 7c 10 4c 55 d0 76 5c ed ed > f7 4f 90 ba cb 72 a3 4d e0 ed 74 36 30 ce > 1d 8f 44 e7 06 54 e9 47 3c cb 82 c7 d4 d4 c4 be e7 a4 7d 5c > 0228 unk_0: 0002 > samr_reply_set_userinfo: 2031 > Found policy hnd[4] [000] 00 00 00 00 36 13 76 80 90 28 01 BF 0F 5A 00 00 > ...6.v. .(...Z.. > [010] 04 00 00 00 .... > Found policy hnd[4] [000] 00 00 00 00 36 13 76 80 90 28 01 BF 0F 5A 00 00 > ...6.v. .(...Z.. > [010] 04 00 00 00 .... > Getting policy vuser_key pnum=4 pid=23049 vuid=67 > > and later.... > > map_unixid: enum entry unix group staff 10 nt Domain Users > S-1-5-21-3439208080-2900594044-3298876207-513 > pwdb_sam_map_name: found gid 10001 and group rid 0xa02d for unix user tompc$ > decode_pw_buffer: incorrect password length (-1517232634). > 000000 samr_io_r_set_userinfo > 0000 status: c0000022 > called api_samr_rpc > create_noauth_reply: data_start: 0 data_end: 4 max_tsize: 5680 > > Tom. > > ---------------------------------------------------------------------------- > Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk > Department of Electronic and Electrical Engineering, > University College London, TEL: +44 (0)20 7679 3898 > Torrington Place, FAX: +44 (0)20 7388 9307 > London, UK, WC1E 7JE. > ---------------------------------------------------------------------------- From lars at kneschke.de Fri Mar 17 16:11:00 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:29:03 2003 Subject: Netbios Scope ID References: Message-ID: <38D25914.DEEDBC0A@kneschke.de> "St?ber, Gordon" wrote: > > Hi guys > > I would need help in a small problem i have. > I am setting up a linux file server (REDHAT 6.1 SAMBA 2.06) in a nt > environment, that has a netbios scope id. > As far as i know samba is not supporting this feature. > So it would be nice if someone could give some help to set this up.... [root@knecke /root]# /opt/samba-tng/bin/smbd -? Usage: /opt/samba-tng/bin/smbd [-D] [-p port] [-d debuglevel] [-l log basename] [-s services file] Version TNG-prealpha -D become a daemon -p port listen on the specified port -d debuglevel set the debuglevel -l log basename. Basename for log/debug files -s services file. Filename of services file -P passive only -a append to log file (default) -o overwrite log file, don't append -i scope NetBIOS scope to use (default none) The -i option is what you need. Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From jweber at math.cudenver.edu Fri Mar 17 17:01:02 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:29:03 2003 Subject: samba-tng-alpha-0.16.tar.gz In-Reply-To: <20000317163729.A15900@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: Hi, The samuserset command fixed my domain logon problem with tng cvs from late wed. and RH linux 6.1 Thanks, John S. Weber System Administrator Center for Computational Mathematics University of Colorado at Denver Phone: (303)556-5394 Fax: (303)556-8550 jweber@math.cudenver.edu http://www-math.cudenver.edu/~jweber On Sat, 18 Mar 2000, Elrond wrote: > On Fri, Mar 17, 2000 at 04:37:07AM +1100, Tom Crummey wrote: > > Hello, > > > > I have been using the smbpasswd sam database all along and have do not > > have a netbios name = line in smb.conf (posted two days ago). I did > > a cvs update at 3:30pm (GMT) today and rebuilt samba-TNG. I have been > > having trouble doing domain logons on an NT4 SP4 workstation (and a Win 2000 > > one as well) since Tuesday 7th March where the logon fails with the > > message: > > > > The system cannot log you into this domain because the system's computer > > account in its primary domain is missing or the password on that account > > is incorrect. > > > > I deleted the machine account from smbpasswd and readded it using: > > > > rpcclient -S . -U root -l log > > createuser tompc$ > > Add the following command: > > samuserset tompc$ -p tompc > > after the createuser > > and continue as you already described: > > > I then went to the workstation and joined it to the domain without using > > the create account in the domain option of the dialogue box. I got the > > message Welcome to the EE domain. (this has always been the case). > > > [...] > > > Elrond > From IJamison at iss-dsp.com Fri Mar 17 17:52:46 2000 From: IJamison at iss-dsp.com (Ian Jamison) Date: Tue Dec 2 02:29:03 2003 Subject: samba-tng-alpha-0.16.tar.gz References: Message-ID: <38D270EE.217AA182@iss-dsp.com> John Weber wrote: > The samuserset command fixed my domain logon problem with tng cvs from > late wed. and RH linux 6.1 Not for me. Now that I've worked around the problems getting the accounts into the smbpasswd file, the NTWks box can join the domain with no problem. Now when I try to login, I get the same error as everyone else (No computer account or duff pwd). FYI - I'm on Solaris(SPARC) here, so it looks like there may still be some endian issues lurking in there. 'Bye, IanJ. ------------------------------------------------------------ Integrated Silicon Systems Ltd. Tel: +44 28 90 50 4000 50 Malone Road Fax: +44 28 90 50 4002 Belfast BT9 5BS Web: www.iss-dsp.com From Hans-Peter.Raschke at gmx.de Fri Mar 17 18:39:33 2000 From: Hans-Peter.Raschke at gmx.de (Hans-Peter Raschke) Date: Tue Dec 2 02:29:03 2003 Subject: Error creating BDC account (TNG) Message-ID: <00031719543500.10451@qmpc2> Hello, I just tried the newest SAMBA-TNG on a Linux machine (SuSE 6.2). Everything compiled fine. After creating a smb.conf like: [global] workgroup = DS server string = BDC Wintermann DatenService Samba-TNG 2.0.5a security = user domain logons = yes domain master = no encrypt passwords = Yes map to guest = Bad User password server = pdc_ds keepalive = 30 character set = ISO8859-1 logon path = \\srv_ds1\%U\profile logon drive = Z: logon home = \\srv_ds1\%U os level = 2 oplocks = No strict locking = Yes I started the daemons. One daemon complained about missing /usr/bin/lpstat. Afterwards I tried to make the Linux machine a BDC in our Domain (DS) controlled by an NT-PDC (Servicepack 4): rpcclient -S PDC_DS -U administrator%password -W DS There I got some errors: Added interface ip=192.168.8.7 bcast=192.168.8.255 nmask=255.255.255.0 socket connect to /tmp/.smb.0/agent failed: connection rejected error connecting to 192.168.8.58:445 (connection rejected) connection failed session setup cli_net_use_add: connection failed Each command (lsaquery, createuser ...) starts with a error message like above. Does anyone have an idea, whats wrong? HP ----------------------------------------------------------- Hans-Peter Raschke E-Mail: Hans-Peter.Raschke@gmx.de Wintermann DatenService Tel.: ++49 441 9304064 Langenweg 16 Fax: ++49 441 9304069 D-26125 Oldenburg From bkeats at spiff.chin.gc.ca Fri Mar 17 18:57:41 2000 From: bkeats at spiff.chin.gc.ca (Brian Keats) Date: Tue Dec 2 02:29:03 2003 Subject: Access is denied. Message-ID: <200003171857.NAA20192@spiff.chin.gc.ca> Does this also mean they would have to re-add the workstations, if samba is acting as a PDC ? Maybe the smbpasswd file got overwritten ? > Originator: samba-ntdom@samba.org > From: Richard Sharpe > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Access is denied. > Mime-Version: 1.0 > X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas > X-URL: http://lists.samba.org/ > X-Comment: Discussion of NT domain controller support in Samba > Date: Fri, 17 Mar 2000 23:47:22 +1100 > > At 11:25 PM 3/17/00 +1100, Ondrej Hanak wrote: > > > > > >On Fri, 17 Mar 2000, Loftin Mark S wrote: > > > >> I have SAMBA 2.0.5 running on Linux. Under Linux 5.2 it worked > >> fantastically. Wednesday I upgraded to Linux 6.2 and now, from NT > >> workstations, I get "Access is denied" whenever I try to link to a SAMBA > >> share (as defined in the "/etc/smb.conf" file). Whenever I run "testparm" > >> the "smb.conf" file seems to be OK. Any help would be greatly appreciated. > >> Thank you > > > >Try turn on encrypt password (encrypt passwords = Yes in smb.conf). > >O.H. > > Ummm, NO, THAT IS NOT THE SOLUTION. That only leads to more work for the > guy, however, that may hint at the problem. > > As I understand it, you were using RH Linux 5.2 (there are more versions of > Linux out there than just RH :-), which shipped with 1.9.18p10 or something > like that. > > The default security mode was share under 1.9.18p10, while with Samba 2.0.5 > it is user. > > You should: > > 1, upgrade to Samba 2.0.5a from the RH web site > 2, probably add security=share in your smb.conf file > > which will get you back to your former situation. > > However, without more info, we are simply guessing. > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Co-author, SAMS Teach Yourself Samba in 24 Hours > Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > Author: First Australian 2-day, intensive, hands-on Samba course > From jweber at math.cudenver.edu Fri Mar 17 18:58:43 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:29:03 2003 Subject: samba-tng-alpha-0.16.tar.gz In-Reply-To: <38D270EE.217AA182@iss-dsp.com> Message-ID: I also had to unjoin and rejoin the domain from the NTwks after setting the machine password. John On Sat, 18 Mar 2000, Ian Jamison wrote: > John Weber wrote: > > > The samuserset command fixed my domain logon problem with tng cvs from > > late wed. and RH linux 6.1 > > Not for me. Now that I've worked around the problems getting the accounts into the > smbpasswd file, the NTWks box can join the domain with no problem. Now when I try to > login, I get the same error as everyone else (No computer account or duff pwd). FYI > - I'm on Solaris(SPARC) here, so it looks like there may still be some endian issues > lurking in there. > > 'Bye, > IanJ. > ------------------------------------------------------------ > Integrated Silicon Systems Ltd. Tel: +44 28 90 50 4000 > 50 Malone Road Fax: +44 28 90 50 4002 > Belfast BT9 5BS Web: www.iss-dsp.com > > From clairroberts at home.com Fri Mar 17 19:19:19 2000 From: clairroberts at home.com (Clair Roberts) Date: Tue Dec 2 02:29:03 2003 Subject: samba-tng-alpha-0.16.tar.gz References: <38D270EE.217AA182@iss-dsp.com> Message-ID: <38D28537.ABBEF66C@home.com> Ian Jamison wrote: > John Weber wrote: > > > The samuserset command fixed my domain logon problem with tng cvs from > > late wed. and RH linux 6.1 > > Not for me. Now that I've worked around the problems getting the accounts into the > smbpasswd file, the NTWks box can join the domain with no problem. Now when I try to > login, I get the same error as everyone else (No computer account or duff pwd). FYI > - I'm on Solaris(SPARC) here, so it looks like there may still be some endian issues > lurking in there. > > 'Bye, > IanJ. > ------------------------------------------------------------ > Integrated Silicon Systems Ltd. Tel: +44 28 90 50 4000 > 50 Malone Road Fax: +44 28 90 50 4002 > Belfast BT9 5BS Web: www.iss-dsp.com I am running Solaris 2.7 on my E250 with Samba TNG checked out yesterday morning PST. I have successfully connected with NT4SP6a and Win98 now. I have been following the list for a few weeks now and had many many failures, but finally yesterday, I had success. Good work to Luke and everybody that has spent so much time and effort on this. Here is the steps I followed. Pretty close to the typescript Luke put up a week ago. smb.conf : security=user domain logons = yes encrypt passwords = yes workgroup = SAMBATNG #netbios name = DON'T USE THIS SETTING!!! # the rest was basic stuff. - made sure all daemons were stopped - wiped out everything in the var dir - wiped out all my private/*.SID files - restarted the daemons - smbpasswd -a root ( then I tweaked the pesky file to add the a U in between the [U ] - rpcclient -S . -U root%test -l log > createuser myuser -p test > createuser mymachineName$ > enumu ( I have no idea purpose this servers but what the heck) > exit - tweak the password file again change the user property bracket for the my new user to [U ] - confirm my workstation account properties has [W ] - noticed myuser has NO PASSWORD set, run the smbpasswd myuser to set the pass - check that the workstation account doesn't have NO PASSWORD if it does then run smbpasswd mymachineName$ and set the password to the machine name without the "$". - rpcclient -S HOSTNAMEHERE -u root%test -l log > ntlogin SAMBATNG\myuser test ntlogin SAMBATNG\myuser cmd_nt_login: login (myuser) test succeeded: Yes - if it says no, you have a problem. Check the smbpasswd file. - switch to NT workstation network/properties, join domain, just typed SAMBATNG and didn't select the check box and enter root info, (it failed when I tried that, this worked last week, but not this time around) - hit ok rebooted and boom it worked, - Note I did get the slow connection warning box come up. Not too sure what that is all about, I did some large file transfers and didn't find it slow. - On the win98 machine it is slower than molasses after the login screen, but it does come up and allows access to the shares just ticky boo. hope this helps, good luck C. From jasonjensen at home.com Fri Mar 17 19:31:34 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:29:03 2003 Subject: Access is denied. References: <152C3EA3175BD3119FAE0004AC23D7D55634AB@atl0020xf01> Message-ID: <001f01bf9047$6787bd10$0201a8c0@jason> RE: Access is denied.I am so glad the IRS knows what they are doing.. heheh ----- Original Message ----- From: Loftin Mark S To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, March 17, 2000 7:32 AM Subject: RE: Access is denied. Thanks, but I found out the problem from someone I work with here ... > # Security mode. Most people will want user level security. See > # security_level.txt for details. > ; security = user > # Use password server option only with security = server > ; password server = > > The default in earlier versions of samba was security = share (which > is what you want for the sort of public (guest) accessible only shares > you have below. The default security in samba 2.0 is security = user, > which requires that the userid provided by the connecting workstation > map to a unix account. You'll want to set this to security = share > to enable the old behavior. > > You can also enable security = domain with > password server = NT-pdc1, nt-bdc1, nt-bdc2 to hand-off authentication > to an NT domain controller if you ever wanted something other than > public shares. Even utilities to autosync (and create) local accounts > matching the NT accounts. > > But security = share should get everything working again. > > Scott > -----Original Message----- From: Ondrej Hanak [mailto:hanak@IRIS.osu.cz] Sent: Friday, March 17, 2000 7:29 AM To: Loftin Mark S Cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: Access is denied. On Fri, 17 Mar 2000, Loftin Mark S wrote: > I have SAMBA 2.0.5 running on Linux. Under Linux 5.2 it worked > fantastically. Wednesday I upgraded to Linux 6.2 and now, from NT > workstations, I get "Access is denied" whenever I try to link to a SAMBA > share (as defined in the "/etc/smb.conf" file). Whenever I run "testparm" > the "smb.conf" file seems to be OK. Any help would be greatly appreciated. > Thank you Try turn on encrypt password (encrypt passwords = Yes in smb.conf). O.H. -------------- next part -------------- HTML attachment scrubbed and removed From ctooley at joslyn.org Fri Mar 17 19:47:59 2000 From: ctooley at joslyn.org (Chris tooley) Date: Tue Dec 2 02:29:03 2003 Subject: Priority Levels References: <152C3EA3175BD3119FAE0004AC23D7D55634AB@atl0020xf01> <001f01bf9047$6787bd10$0201a8c0@jason> Message-ID: <38D28BEF.1E6F1E51@joslyn.org> Is there any way to make the samba processes run at a higher priority than default? From lkcl at samba.org Fri Mar 17 19:55:14 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:03 2003 Subject: samba-tng-alpha-1.0.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha or mirror sites. using nt5 beta1 (desperate measures, i know), i confirmed that there was a problem with joining-to-domain, which _may_ not be a problem with nt4 because nt5beta1 may use different password-set mechanisms from nt4. i still have not been able to confirm that non-intel-byte-order password sets will work, although i _have_ added the code to do this. if anyone is having difficulty with TNG, still, i recommend that you delete the entire var/ directory and if you are using smbpasswd as your SAM back-end, delete the entire private/ directory, recreate var/, var/locks/, private/, do a touch private/smbpasswd and start again. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From timothy_d_cole at md.northgrum.com Fri Mar 17 20:44:37 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:29:03 2003 Subject: Priority Levels Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB56323D@xcgmd008.md.essd.northgrum.com> You could start the daemons with nice(1) in your startup scripts, with a negative nice value. > -----Original Message----- > From: Chris tooley [SMTP:ctooley@joslyn.org] > Sent: Friday, March 17, 2000 14:51 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Priority Levels > > Is there any way to make the samba processes run at a higher priority > than default? From lars at kneschke.de Fri Mar 17 20:47:29 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:29:04 2003 Subject: AW: NT 4 login problems In-Reply-To: Message-ID: Hello Luke! Now i have installed a Windows NT workstation and a Windows NT server(which was installed standal(l?)one), both with SP5. Both computers have the same problems. I was able to join the domain, using the user root and the root-password, using the network setings dialog. It's works like expected. I was also able to login succesfully, after reboot. But, profiles don't work like expected. The profiles gets created, but the subdir for the user get's not created. %U does not work. The profiles gets created in the main profile directory. Not so nice! :-) Domainusermanager shows the samba user, but no groups. If i double click on a user, i become a visit from dr. watson! :-) Just to let you know! Cu PS: MS Outlook is much better the the Netscape Client. It's hard to see! ;-) > -----Ursprungliche Nachricht----- > Von: Luke Leighton [mailto:lkcl@samba.org] > Gesendet: Dienstag, 14. Marz 2000 19:48 > An: Lars Kneschke > Cc: Multiple recipients of list SAMBA-NTDOM > Betreff: Re: NT 4 login problems > > > lars, do you have ntsrv stdaln at home and it dowsn't work, whereas you > have ntwksta at work and it does? > > On Tue, 14 Mar 2000, Lars Kneschke wrote: > > > Luke Kenneth Casson Leighton wrote: > > > maybe it's because you use nt-srv standalone (as an nt wksta). > > Could this be a potential problem? I have installed nt server standalone > > at home. > > > > Cu > > -- > > Watch our projects at http://www.kneschke.de/projekte! > > GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > From lkcl at samba.org Fri Mar 17 21:24:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: AW: NT 4 login problems In-Reply-To: Message-ID: thanks lars, i will be exploring usrmgr next, and maybe profiles, i have nt5 beta1 now on vmware. On Fri, 17 Mar 2000, Lars Kneschke wrote: > Hello Luke! > > Now i have installed a Windows NT workstation and a Windows NT server(which > was installed standal(l?)one), both with SP5. Both computers have the same > problems. > > I was able to join the domain, using the user root and the root-password, > using the network setings dialog. It's works like expected. > > I was also able to login succesfully, after reboot. > > But, profiles don't work like expected. The profiles gets created, but the > subdir for the user get's not created. %U does not work. The profiles gets > created in the main profile directory. Not so nice! :-) > > Domainusermanager shows the samba user, but no groups. If i double click on > a user, i become a visit from dr. watson! :-) > > Just to let you know! > > Cu > > PS: MS Outlook is much better the the Netscape Client. It's hard to see! ;-) > > > -----Ursprungliche Nachricht----- > > Von: Luke Leighton [mailto:lkcl@samba.org] > > Gesendet: Dienstag, 14. Marz 2000 19:48 > > An: Lars Kneschke > > Cc: Multiple recipients of list SAMBA-NTDOM > > Betreff: Re: NT 4 login problems > > > > > > lars, do you have ntsrv stdaln at home and it dowsn't work, whereas you > > have ntwksta at work and it does? > > > > On Tue, 14 Mar 2000, Lars Kneschke wrote: > > > > > Luke Kenneth Casson Leighton wrote: > > > > maybe it's because you use nt-srv standalone (as an nt wksta). > > > Could this be a potential problem? I have installed nt server standalone > > > at home. > > > > > > Cu > > > -- > > > Watch our projects at http://www.kneschke.de/projekte! > > > GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer > > > > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From jweber at math.cudenver.edu Fri Mar 17 21:32:41 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:29:04 2003 Subject: AW: NT 4 login problems In-Reply-To: Message-ID: On Sat, 18 Mar 2000, Luke Kenneth Casson Leighton wrote: I think vmware is very nice. Are there any vmware specific issues with TNG that you know of? John S. Weber System Administrator Center for Computational Mathematics University of Colorado at Denver Phone: (303)556-5394 Fax: (303)556-8550 jweber@math.cudenver.edu http://www-math.cudenver.edu/~jweber > thanks lars, > > i will be exploring usrmgr next, and maybe profiles, i have nt5 beta1 now > on vmware. From mbreuer at siac.com Fri Mar 17 21:41:21 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:04 2003 Subject: TNG Alpha 1.0 - password troubles... Message-ID: <38D2A681.D5AF712F@siac.com> ./bin/smbpasswd -a root causes a core dump. Stack trace (attached) shows that "global_sid_builtin" is null. Platform is SGI O2 Mips R10K Irix 6.5.7f. This was also the case in 0.16 but I hadn't had time to track it down. -------------- next part -------------- sid_equal(sid1 = 0x1001e5f8, sid2 = 0x0) ["util_sid.c":205] make_mydomain_sid(grp = 0x1001e5ec, type = DOM_MAP_USER) ["domain_namemap.c":122] unix_name_to_nt_name_info(map = 0x1001e5ec, type = DOM_MAP_USER) ["domain_namemap.c":254] make_name_entry(new_ep = 0x7fff20c0, nt_domain = 0x7fff1fc0 = "", nt_group = 0x7fff2040 = "MichaelBR", unix_group = 0x7fff1bb8 = "mbreuer", type = DOM_MAP_USER) ["domain_namemap.c":292] load_name_map(type = DOM_MAP_USER) ["domain_namemap.c":431] map_unixid(type = DOM_MAP_USER, unix_id = 9995, grp_info = 0x7fff22c8) ["domain_namemap.c":566] map_username_uid(gid = 9995, grp_info = 0x7fff22c8) ["domain_namemap.c":658] lookupsmbpwuid(uid = 9995, gmep = 0x7fff22c8) ["domain_namemap.c":821] lookupsmbpwnam(unix_usr_name = 0x5fddfd00 = "sgio2$", grp = 0x7fff22c8) ["domain_namemap.c":703] pwdb_smb_map_names(smb = 0x5fddfce0) ["passdb.c":305] getsmbpwent(vp = 0xfb56f90) ["passdb.c":204] iterate_getsmbpwnam(name = 0x7fff3014 = "root") ["passdb.c":143] getsmbpwnam(name = 0x7fff3014 = "root") ["passdb.c":246] local_password_change(user_name = 0x7fff3014 = "root", add_user = 1, acb_info = 0, acb_mask = 0, new_passwd = 0x1001f838 = "sdwfax1", err_str = 0x7fff25f0 = "", err_str_len = 1024, msg_str = 0x7fff29f8 = "", msg_str_len = 1024) ["smbpasschange.c":117] password_change(remote_machine = , user_name = 0x7fff3014 = "root", old_passwd = , new_passwd = 0x1001f838 = "sdwfax1", add_user = 1, acb_info = 0, acb_mask = 0) ["smbpasswd.c":183] process_root(argc = 1, argv = 0x7fff2f2c) ["smbpasswd.c":419] main(argc = 3, argv = 0x7fff2f24) ["smbpasswd.c":594] __start() ["crt1text.s":177] From syndicate at videotron.ca Fri Mar 17 21:59:43 2000 From: syndicate at videotron.ca (Vince Vallee) Date: Tue Dec 2 02:29:04 2003 Subject: Help: 2.0.5 Domain Logons take over 30seconds! Message-ID: <006801bf905c$1a578ec0$6f02580a@vincev> Newbie question here, I am running Samba 2.0.5 on Solaris 2.7/intel. I have 1 public share and 2 shares for users (their ~/ directories). Samba is setup as a local master and domain controller (PDC). I have a 2 user network (so far) with one win95 and one win98 machine. Seems that the domain logon takes very long, is there anything that I could look at to troubleshoot this? The log.smb does not indicate any problems, so I'm a little lost. Since I am a newbie, maybe I have a setting in smb.conf that could be causing this? All help appreciated, here's my .conf [global] workgroup = MINE netbios name = MYSERVER server string = UNIX File Server interfaces = 192.168.0.1/24 127.0.0.1/24 encrypt passwords = Yes name resolve order = wins lmhosts hosts bcast domain logons = Yes os level = 34 preferred master = Yes domain master = Yes wins support = Yes guest account = samba admin users = root lock directory = /usr/local/samba/locks [netlogon] comment = The domain logon service path = /export/home/samba/logon browseable = No writable = yes create mode = 444 guest ok = no volume = "Network" [Public] comment = Public Share path = /usr/share/samba read only = No guest ok = Yes -------------- next part -------------- HTML attachment scrubbed and removed From cartegw at Eng.Auburn.EDU Fri Mar 17 22:15:23 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:29:04 2003 Subject: Help: 2.0.5 Domain Logons take over 30seconds! References: <006801bf905c$1a578ec0$6f02580a@vincev> Message-ID: <38D2AE7B.2489C8B0@eng.auburn.edu> > Vince Vallee wrote: > > Newbie question here, > > I am running Samba 2.0.5 on Solaris 2.7/intel. I have 1 public share > and 2 shares for users (their ~/ directories). Samba is setup as a > local master and domain controller (PDC). I have a 2 user network (so > far) with one win95 and one win98 machine. > > Seems that the domain logon takes very long, is there anything that I > could look at to troubleshoot this? The log.smb does not indicate any > problems, so I'm a little lost. Since I am a newbie, maybe I have a > setting in smb.conf that could be causing this? Probably looking for the config.pol file or something. Check the list archives and MS documentation (KB) for references to the policy editor and config.pol. For future reference, questions related to stable Samba versions and Windows 9x (unless firectly related to SAMBA_TNG code branch) should be directed to the main list. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at samba.org Fri Mar 17 22:21:03 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: AW: NT 4 login problems In-Reply-To: Message-ID: well, i'd be even happier with vmware if i could run it without X. darryl told me that if i run /usr/bin/X11/xinit /usr/bin/vmware -q -X it does pretty much the same job, so that';s what i am doing, now, as an emergency measure. and other than vmware 2.0 you can install samba which of course you would have to disable to run any other version of samba, no there are no issues, there cant be. luke On Fri, 17 Mar 2000, John Weber wrote: > > On Sat, 18 Mar 2000, Luke Kenneth Casson Leighton wrote: > > I think vmware is very nice. Are there any vmware specific issues with TNG > that you know of? > > John S. Weber > > System Administrator > Center for Computational Mathematics > University of Colorado at Denver > Phone: (303)556-5394 Fax: (303)556-8550 > jweber@math.cudenver.edu > http://www-math.cudenver.edu/~jweber > > > thanks lars, > > > > i will be exploring usrmgr next, and maybe profiles, i have nt5 beta1 now > > on vmware. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From hulet at ittc.ukans.edu Sat Mar 18 00:09:59 2000 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.0.tar.gz In-Reply-To: Message-ID: OK Luke, sorry I didn't get back with you in a timely manner. I downloaded samba-tng-alpha-1.0.tar.gz. Compiled with configure.developer no problems. I was able to join my NT Workstation Service Pack 3 to the new domain using the create a Computer Account in the Domain checkbox. The smbpasswd looked correct. Only the root user was able to create a computer account, however. After rebooting, I still received the computer account is invalid. I stripped almost everything out /etc/group and all of a sudden root can log in. I logged in as myself and it took about 12 minutes to log in. I also lost my administrator priviledges. These logs were being written to a lot with these messages: log.smb free_connections: closing all MSRPC connections log.netlogon receive_message_or_msrpc: timeout 10000 fd 7 timeout on loop-back socket I'm off till Monday but I'll try and find out what /etc/group was doing to the login. Our group file is fairly large. If I put the original group file back, I get the "...system cannot log you on ...." message so the behavior is reproducible. Michael Hulet Network System Administrator ITTC, University of Kansas On Sat, 18 Mar 2000, Luke Kenneth Casson Leighton wrote: > ftp://samba.org/pub/samba/alpha or mirror sites. > > using nt5 beta1 (desperate measures, i know), i confirmed that there was a > problem with joining-to-domain, which _may_ not be a problem with nt4 > because nt5beta1 may use different password-set mechanisms from nt4. > > i still have not been able to confirm that non-intel-byte-order password > sets will work, although i _have_ added the code to do this. > > if anyone is having difficulty with TNG, still, i recommend that you > delete the entire var/ directory and if you are using smbpasswd as your > SAM back-end, delete the entire private/ directory, recreate var/, > var/locks/, private/, do a touch private/smbpasswd and start again. > > luke > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > From lkcl at samba.org Sat Mar 18 00:16:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.0.tar.gz In-Reply-To: Message-ID: michael! you are a star. ok, this is a known issue with the domain_namemap.c code. you _cannot_ have the same username as a groupname or vice-versa on the unix side. if you do, the lookups from unix names to nt names will fail, because nt namespace is expected to be unique, therefore login and access _will_ also fail. nt namespace uses unique names amongst users, groups, aliases and domains. a name is resolved to a SID _and_ a type, therefore must be unique in order to do this. check your /etc/group and /etc/passwd: make sure that all non-unique names are mapped to unique nt names, using the domain user/group/alias/builtin map options. On Fri, 17 Mar 2000, Michael S. Hulet wrote: > OK Luke, sorry I didn't get back with you in a timely manner. I > downloaded samba-tng-alpha-1.0.tar.gz. Compiled with configure.developer > no problems. I was able to join my NT Workstation Service Pack 3 to the > new domain using the create a Computer Account in the Domain checkbox. > The smbpasswd looked correct. Only the root user was able to create a > computer account, however. After rebooting, I still received the computer > account is invalid. I stripped almost everything out /etc/group and all > of a sudden root can log in. I logged in as myself and it took about 12 > minutes to log in. I also lost my administrator priviledges. These logs > were being written to a lot with these messages: > > log.smb > free_connections: closing all MSRPC connections > > log.netlogon > receive_message_or_msrpc: timeout 10000 fd 7 > timeout on loop-back socket > > I'm off till Monday but I'll try and find out what /etc/group was doing to > the login. Our group file is fairly large. If I put the original group > file back, I get the "...system cannot log you on ...." message so the > behavior is reproducible. > > Michael Hulet > Network System Administrator > ITTC, University of Kansas > > > On Sat, 18 Mar 2000, Luke Kenneth Casson Leighton wrote: > > > ftp://samba.org/pub/samba/alpha or mirror sites. > > > > using nt5 beta1 (desperate measures, i know), i confirmed that there was a > > problem with joining-to-domain, which _may_ not be a problem with nt4 > > because nt5beta1 may use different password-set mechanisms from nt4. > > > > i still have not been able to confirm that non-intel-byte-order password > > sets will work, although i _have_ added the code to do this. > > > > if anyone is having difficulty with TNG, still, i recommend that you > > delete the entire var/ directory and if you are using smbpasswd as your > > SAM back-end, delete the entire private/ directory, recreate var/, > > var/locks/, private/, do a touch private/smbpasswd and start again. > > > > luke > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Macmillan Technical Publishing > > > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From skvidal at phy.duke.edu Sat Mar 18 00:40:52 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.0.tar.gz In-Reply-To: Message-ID: > michael! you are a star. > > ok, this is a known issue with the domain_namemap.c code. > > you _cannot_ have the same username as a groupname or vice-versa on the > unix side. > > if you do, the lookups from unix names to nt names will fail, because nt > namespace is expected to be unique, therefore login and access _will_ also > fail. > > nt namespace uses unique names amongst users, groups, aliases and domains. > a name is resolved to a SID _and_ a type, therefore must be unique in > order to do this. > > check your /etc/group and /etc/passwd: make sure that all non-unique names > are mapped to unique nt names, using the domain user/group/alias/builtin > map options. > This is going to hit A LOT of people - especially debian and redhat users. Redhat and debian setup usergroups by default (user and group name are the same and is the default group for the user) - this will mean A LOT of munging passwd and group files. is there anyway around this? ugh. -sv From lkcl at samba.org Sat Mar 18 00:57:27 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.0.tar.gz In-Reply-To: Message-ID: yeah, there is. 1) option 1 - use -DSMBPASSFILE abandon the domain_namemap.c code and use the smbpassgroup code i started writing as a replacement option for this. what that does is it *doesn't* use the /etc/group entries *at all*. the expected usage is to have scripts that take /etc/group and create private/smbpassgroup and private/smbpassalias files. _only_ when a user is added to an nt group or an nt alias will the /etc/group file be checked, and names validated to ensure that they are unique. it's a lot of work: about three weeks full-time, at a guess. 2) option 2 - add checking into domain_namemap.c verify that a name that maps to both a unix name _and_ a unix group, the unix name takes precedence. this is nasty as hell, because let's say someone tries to create a file with a unix group root, are you going to reject the file create because there is also a username root???? answer: YES! with a damn big warning in the log files saying hey, stupid, map the unix group "root" to something that doesn't clash with the username "root", because i said so, don't argue, just do it. it increases the complexity of the already-over-complex domain_namemap.c code. how many times have i said i hate domain_namemap.c, alreeady? :) On Fri, 17 Mar 2000, Seth Vidal wrote: > > michael! you are a star. > > > > ok, this is a known issue with the domain_namemap.c code. > > > > you _cannot_ have the same username as a groupname or vice-versa on the > > unix side. > > > > if you do, the lookups from unix names to nt names will fail, because nt > > namespace is expected to be unique, therefore login and access _will_ also > > fail. > > > > nt namespace uses unique names amongst users, groups, aliases and domains. > > a name is resolved to a SID _and_ a type, therefore must be unique in > > order to do this. > > > > check your /etc/group and /etc/passwd: make sure that all non-unique names > > are mapped to unique nt names, using the domain user/group/alias/builtin > > map options. > > > > This is going to hit A LOT of people - especially debian and redhat users. > Redhat and debian setup usergroups by default (user and group name are the > same and is the default group for the user) - this will mean A LOT of > munging passwd and group files. > is there anyway around this? > ugh. > > -sv > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From abrooks at css.tayloru.edu Sat Mar 18 02:18:10 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.0.tar.gz In-Reply-To: Message-ID: On Sat, 18 Mar 2000, Seth Vidal wrote: > > you _cannot_ have the same username as a groupname or vice-versa on the > > unix side. > > > > if you do, the lookups from unix names to nt names will fail, because nt > > namespace is expected to be unique, therefore login and access _will_ also > > fail. > > > > nt namespace uses unique names amongst users, groups, aliases and domains. > > a name is resolved to a SID _and_ a type, therefore must be unique in > > order to do this. > > > > check your /etc/group and /etc/passwd: make sure that all non-unique names > > are mapped to unique nt names, using the domain user/group/alias/builtin > > map options. > > This is going to hit A LOT of people - especially debian and redhat users. > Redhat and debian setup usergroups by default (user and group name are the > same and is the default group for the user) - this will mean A LOT of > munging passwd and group files. > is there anyway around this? > ugh. IEEEE!!!! I hope there is a way around this... I just finished a _very_ involved (and pretty sweet) system of NETBIOS aliased virtual servers that use heavy macro expansion on their name to do stuff like: [public_html] copy = root comment = %L %S directory force user = %L force group = %L path = %H/%S force create mode = 0755 force directory mode = 0755 read list = @users write list = root, @%L-prof, @%L-web valid users = root, @users Actually this is slightly modified... some of the above lines actually appear in the "root" share. (about half of them) but just so you can see what's happening. This allows me to be pretty flexible. All I do to give someone access to a share is add them to a UNIX group. We do a lot of projects where people work both on the UNIX (mostly Linux) and the NT side of things pretty evenly and having one point of maintenance is _really_ important. Please say that this can be worked around, _please_....... (stupid NT monolithic namespace!!!!) -Aaron +-------> Aaron D. Brooks, 765 . 998 . 5168 Computing Systems Resource Manager Taylor University, CSS Department abrooks [SHIFT"2"] css.tayloru.edu From jeremy at valinux.com Sat Mar 18 04:57:42 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:29:04 2003 Subject: Samba 2.0.7pre2 snapshot released. Message-ID: <38D30CC6.A5757E0B@valinux.com> Hi all, I just released Samba 2.0.7pre2, available from : ftp://samba.org/pub/samba/alpha/samba-2.0.7pre2.tar.gz This is the second snapshot of the code that should become the official Samba 2.0.7 and is feature complete (ie. I'm only going to accept bug fixes, not more features). This is *not* production code, but should work well as a file and print server, and contains fixes for all known Windows 2000 bugs. Please download and test this code and report back any problems to samba@samba.org. Your help in this will make the official Samba 2.0.7 release better for everyone. The RPM packaging for this release is not yet complete, so only a source code tarball is being made available. To everyone who contributed patches, many thinks, and please download and test this code to ensure that the functionality you wanted has been correctly implemented in the code. The updated part of the WHATSNEW.txt file follows. Regards, Jeremy Allison, Samba Team. -------------------------------------------------------- WHATS NEW IN Samba 2.0.7-pre2 ============================= This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. TODO Before Official 2.0.7 release ---------------------------------- Update "Using Samba" html to match 2.0.7 code. Update packaging code to include all new files. New Documentation in 2.0.7 -------------------------- O'Reilly and Associates have donated their book "Using Samba" to the Samba community to be updated in a collaberative way along with the Samba software. Starting with this release the html of "Using Samba" will be distributed with the Samba software as the online documentation for Samba. Bug fixes for the book are encouraged as is new material. Please help us make this documentation the best it can be for Samba ! SWAT (Samba Web Administration Tool) has been updated to add a link to the full text of "Using Samba" from the start screen. Note that this does not mean that the other documentation (man pages especially) are being abandoned. The Samba Team is still committed to updating and improving *all* the documentation shipped with Samba. Also, as the source code for the book is moved into a more manageable format (not raw HTML) we are committed to making it available for editing by all interested parties. The current situation of only shipping HTML with the Samba software is a first attempt at getting this documentation integrated with the Samba software and should not be regarded as the only way in which this material will be made available (it was just the quickest way to get the book integrated into 2.0.7 :-). Windows 2000 Issues ------------------- This version of Samba has been tested with Windows 2000 and the four known incompatibilities with Windows 2000 have been fixed. See the "Changes in 2.0.7" list below for details. New/Changed parameters in 2.0.7 ------------------------------- There is a new option to the autoconf "./configure" script. This is the "--with-utmp" (and attendant "--without-utmp") option. Running configure with this option will cause smbd to attempt to use utmp accounting for users who log on and log off to the Samba server. There are 5 new parameters in the smb.conf file. ump utmp dir These two parameters are only available if the "--with-utmp" option was selected at configure time. The yes/no option "utmp" specifies whether utmp records should be recorded on user logon/logoff. It defaults to "no". The "utmp dir" (which also has a synonym of "utmp directory") parameter is a string parameter specifying a pathname to the directory containing the utmp file databases. This defaults to "" (the empty string). See the smb.conf man page for more details. inherit permissions This boolean parameter causes newly created files and directories to inherit their initial permissions from their parent directory. This can be very useful in propagating such things as the set-group bit in directory heirarchies. See the smb.conf man page for more details. write cache size This integer parameter specifies (in bytes) the size of a user level per-file write cache that smbd will create for an oplocked file. This can improve performance significantly for writing files by causing writes to be done in large chunk sizes. If this parameter is set (it defaults to zero which means no write cache) to the stripe size of a raid volume then it will cause writes to be much more efficient. Up to 10 write caches can be active simultaneously per smbd (allocated for the first 10 oplocked file opens). All normal warnings about the dangers of user level caching of data apply. See the smb.conf man page for more details. source environment This pathname parameter causes Samba to read a list of environment variables from a named file on startup. This can be useful in setting up Samba in a clustered environment. See the smb.conf man page for more details. The default setting of the "level2 oplocks" parameter has changed from False to True in this release. Ability to delete users added ----------------------------- SWAT and smbpasswd can now delete users from the Samba smbpasswd file. See the man page for smbpasswd for details. Roving profile behavior finalized --------------------------------- The change in behavior with roving profiles (using the "logon home" parameter instead of the "logon path" parameter) introduced in 2.0.6 has been discovered to be consistant with the way Windows NT behaves, and has been left as the default action. Please see the additional notes in the "logon home" parameter description in the smb.conf man page for more details. Changes in 2.0.7 ----------------- 1). Fix for the semaphore promblems when compiling Samba with gcc on SGI IRIX 6.5.x. 2). Quota support for Veritas filesystem added by David Lee. 3). Incoming RPC code re-written to support multiple PDU input from the client. This should make the RPC subsystem more robust. 4). Fix from Ying Chen @ IBM to inline many frequently called functions. This decreased CPU usage by 10%. 5). Fix from Ying Chen @ IBM to use a hash table to lookup entries in the file cache. This is a significant improvement over the old linked-list lookup code. 6). smbclient issues with native language support fixed. smbclient now uses UNIX filename character sets exclusively when communicating with libsmb library. 7). smbclient fix to not print error messages when "putting" an empty file. 8). smbclient fix to cope with spaces in filenames when recursing. 9). Improved error reporting in smbclient when getting browse lists. 10). NetBIOS "scope" now supported in all Samba code/tools. 11). New mapping from code page 850 to UNIX "roman8" character set. 12). Fix for crash bug if debug file handle couldn't be opened. 13). Fix to allow mkdir to correctly set the high order permissions bits for UNIX's that don't allow this by default. 14). Fix to dynamically allocate group array for setgroups. Don't depend on NGROUPS_MAX being correctly defined in header files. 15). Fix for crash bug in floating point in snprintf. 16). "Safe" version of popen() included to allow use in code such as "source environment" patch. 17). Fix for SWAT for trailing '\n' in asctime(). 18). Wildcard match fix from weidel@multichart.de for NT wildcard processing. 19). unix_mask_match fixes for "veto files" parameter. 20). Fix for system call bug when configuring on Linux kernel 2.0.x with glibc2.1.x. 21). SO_REUSEPORT socket option added for HPUX. 22). All recv() calls changed back to read() to fix Solaris 2.5.x bug. 23). Some UNICODE conversion fixes. Not complete yet. 24). NetShareEnum fix for Windows 2000. Don't ask for 64K as Win2k can't cope with this (returns "Out of memory" error). 25). Fixes for cli_error() crashes. 26). Fix for crash when connecting to password server by DNS name not NetBIOS name. 27). Fix bug in demangling of compacted NetBIOS names. 28). Fixes for slow locking code for VMS. 29). Reply to short NetLogon packet in nmbd with short reply. 30). Correctly allign userdata to prevent crashes in nmbd. 31). Use talloc() in string buffer rotation code to prevent overwrites. 32). Added multi-byte awareness to parameter loading code. 33). Re-wrote password file modification code. We can now delete users atomically. Original patch from Bruce Tenison. 34). Fixed bug in parsing smbpasswd type entries. 35). Fixes from HP to the windows registry RPC emulation. 36). Added ability to return RPC fault PDU to unknown calls. Needed to allow Windows 2000 to return UNIX permissions as NT ACLs. 37). utmp code patch from T.D.Lee@durham.ac.uk. Not available on all platforms - test with ./configure. 38). Inherit permissions fix from David Lee. 39). Added write caching code for oplocked files. 40). Workaround for new bug in Windows 2000 where NT file create using NTtransact call sends UNICODE without bothering to set the UNICODE flag bit. 41). Workaround for new bug in Windows 2000 where it attempts to re-write existing ACLs to make them inherit only. 42). Removed unused mmap code. 43). Added correct implementation of share mode deny table. We now match Windows NT. 44). Fix recursion bug with group enumeration. 45). Fix from Bjart Kvarme to take into account changed machine passwords that haven't yet propagated from PDC to BDC. 46). Correctly skip two byte length field when accepting RPC "start of message" packets in SMBwriteX on pipes. 47). Added auto-detection of Windows 2000 clients. 48). Fix bug with rollback of POSIX locks if a lock in a range fails to apply. 49). Fix bug with registering startup smbd's in flat file. 50). Ensure usernames are converted correctly between DOS codepages and UNIX character sets. 51). Fix for timestamps being set incorrectly on copied files from Paul Eggert. 52). Fix for parsing HP specific printer definitions in make_printerdef. -------------------------------------------------------- -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From ale at iside.polial.polito.it Sat Mar 18 09:33:12 2000 From: ale at iside.polial.polito.it (Alessandro Prete) Date: Tue Dec 2 02:29:04 2003 Subject: subscribe Message-ID: <38D34D58.59B5A4E9@mail.polial.polito.it> subscribe From verzachris at hotmail.com Sat Mar 18 16:32:53 2000 From: verzachris at hotmail.com (verdelli christian) Date: Tue Dec 2 02:29:04 2003 Subject: Ldap problem Message-ID: <20000318163253.36948.qmail@hotmail.com> I have download SAMBA_TNG for my linux REDHAT 5.2 box , but running the configure script with the option --with-ldap it bombs whit : checking configure summary: configure: error: summary failure . Aborting config. I Have netscape directory server 4.xx, and I think it's a library problem. If so what libraries are needed and where I can specify the path ? ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From greg at discreet.com Sat Mar 18 21:02:34 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:04 2003 Subject: SAMBA_TNG latest CVS does not link Message-ID: HI, First try for a long time (sorry ;-) Linking bin/net ld32: WARNING 84 : bin/.libs/libubiqx.so is not used for resolving any symbol. ld32: WARNING 84 : /usr/lib32/libgen.so is not used for resolving any symbol. ld32: ERROR 33 : Unresolved text symbol "display_dfs_enum" -- 1st referenced by rpcclient/cmd_dfs.o. Use linker option -v to see when and which objects, archives and dsos are loaded. ld32: INFO 152: Output file removed because of error. *** Error code 2 (bu21) Looks like display_dfs_enum is defined in rpcclient.... BTW: I have confirmed that at least part of the patch Elrond asked me about is required. I have not figured out the configure bit yet.... Greg From greg at discreet.com Sat Mar 18 21:09:01 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:04 2003 Subject: SAMBA_TNG latest CVS does not link In-Reply-To: Message-ID: Oops got it, apparently rpcclient/display_dfs.o should also be in NETCLIENT_OBJ. On Sun, 19 Mar 2000, Greg Dickie wrote: > Date: Sun, 19 Mar 2000 08:06:16 +1100 > From: Greg Dickie > To: Multiple recipients of list SAMBA-NTDOM > Subject: SAMBA_TNG latest CVS does not link > > > HI, > > First try for a long time (sorry ;-) > > Linking bin/net > ld32: WARNING 84 : bin/.libs/libubiqx.so is not used for resolving any symbol. > ld32: WARNING 84 : /usr/lib32/libgen.so is not used for resolving any symbol. > ld32: ERROR 33 : Unresolved text symbol "display_dfs_enum" -- 1st referenced by rpcclient/cmd_dfs.o. > Use linker option -v to see when and which objects, archives and dsos are loaded. > ld32: INFO 152: Output file removed because of error. > *** Error code 2 (bu21) > > > Looks like display_dfs_enum is defined in rpcclient.... > > BTW: I have confirmed that at least part of the patch Elrond asked me > about is required. I have not figured out the configure bit yet.... > > Greg > --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From neonatus at gimp.thz.net Sat Mar 18 23:06:35 2000 From: neonatus at gimp.thz.net (Bostjan Muller) Date: Tue Dec 2 02:29:04 2003 Subject: How to connect NT 4.0 wks to samba pre 3.0.0 Domain? Message-ID: <20000319000635.A1073@gimp.thz.net> Hi! I am trying to connect a NT workstation 4.0 sp5 to a logon server (samba pre 3.0.0). I am trying for NT Workstation to logon to a domain (to execute some login scripts). Is this allready possible - I have built samba from the latest CVS and havent found any info on it anywhere in the docs.. can anyone enlighten me with the current status? THX in advance! Bo?tjan -- Bo?tjan M?ller [NEONATUS], NEONATUS@bigfoot.com, http://surf.to/NEONATUS RSA id: 0x90178DBD, ICQ #:7506644, PGP key: finger neonatus@gimp.thz.net GEEK CODE = PGP key Registered Linux User #87774, Powered by SuSE Linux 6.2 Your fault: core dumped From mmbrich at ductamerica.com Sun Mar 19 05:12:18 2000 From: mmbrich at ductamerica.com (Matthew Brichacek) Date: Tue Dec 2 02:29:04 2003 Subject: Samba-tng-1.0 Crazy error logs Message-ID: <00031823130804.17089@comp03.binary.net> Got everything running, but still have alot of problems with the logs filling with erorrs. Now granted by saying that i got everything working means that i am able to set users for my LAN in "user" privleges in win98, whether or not the other things are working i dunno, and i dunno what other things that would be, some enlightenment on that would be nice:-) Anyhow, it's a Linux Mandrake 6.1 system with the tng-1.0 running that i got from the tarball in the ftp area. Here are a few of the error logs and the entries in them, thanks. matthew (log.smb) authorise_login: TODO. split function, it's 6 levels! authorise_login: TODO. split function, it's 6 levels! socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused authorise_login: TODO. split function, it's 6 levels! mmbrich logged in as admin user (root privileges) matt (216.229.12.162) connect to service matt as user mmbrich (uid=502, gid=0) (pid 13219) setgroups call failed! setgroups call failed! (log.nmb) Packet send failed to 198.172.10.255(138) ERRNO=Invalid argument process_logon_packet: Unique-packet Logon from 216.229.12.162: code = 7 process_logon_packet: Unique-packet Logon from 216.229.12.162: code = 7 process_logon_packet: Group-packet Logon from 216.229.12.162: code = 7 process_logon_packet: Unique-packet Logon from 216.229.12.162: code = 7 process_logon_packet: Group-packet Logon from 216.229.12.162: code = 7 Packet send failed to 216.229.12.164(138) ERRNO=Invalid argument Packet send failed to 198.172.10.255(138) ERRNO=Invalid argument (log.lsarpcd) create_pipe_socket: /usr/local/samba/var/.msrpc perms=448 /usr/local/samba/var/.msrpc/lsarpc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** socket connect to /tmp/.msrpc/.samr/agent failed: Connection refused ERROR: setgroups call failed! socket connect to /tmp/.msrpc/.samr/agent failed: Connection refused ERROR: setgroups call failed! (log.netlogon) create_pipe_socket: /usr/local/samba/var/.msrpc perms=448 /usr/local/samba/var/.msrpc/netlogon perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused startfileent: unable to open file /usr/local/samba/private/smbpasswd unable to open sam password database. socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused startfileent: unable to open file /usr/local/samba/private/smbpasswd unable to open sam password database. socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused startfileent: unable to open file /usr/local/samba/private/smbpasswd unable to open sam password database. socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused startfileent: unable to open file /usr/local/samba/private/smbpasswd unable to open sam password database. socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused TODO: verify that the rid exists error connecting to 216.229.12.163:445 (Connection refused) socket connect to /tmp/.smb.0/agent failed: Connection refuse (log.samedit) [2000/03/18 21:35:28, 0] lib/charset.c:load_client_codepage(215) load_client_codepage: filename /usr/local/samba/lib/codepages/codepage.000 does not exist. So does this look familiar to anyone? Let me know if you want to see more or the logs or anything out of the daemon logs, Thanks From lkcl at samba.org Sun Mar 19 09:21:14 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha and mirror sites 1) i fixed a problem with nmbd's GETDC response, it is responding better but still not perfectly (and 2.0.x and cvs main need to be fixed, as well) as there exists no explanation for the correct response to locate a Domain Controller using GETDC. the upshot of fixing this is that joining an nt workstation to a TNG domain is now _extremely_ fast: a couple of seconds, if that, and USRMGR.EXE comes up very rapidly, too. 2) i concluded that there is a lot of confusion being caused by using smbpasswd to add users to a domain. the default behaviour on creating a user is to create the user with no password and account "disabled", followed by changing the password. this results in, with smbpasswd, the account being created with the correct password, but the account disabled. please use samedit. samedit's "createuser username -p userpassword" command goes through a series of instructions that include creating the account (which is automatically disabled when created), followed by setting the password, followed by enabling the account. i have already disabled smbpasswd -m and -j options: i am considering just disabling smbpasswd altogether, however i know that people are _not_ going to like that, so really should implement smbpasswd in terms of samedit commands. time, time... 3) elrond continues to send in daily patches that ultimately will help merge TNG with cvs main, by getting TNG more cvs-main-like. if anyone else wishes to assist with this, please notify everyone of your interest by responding to samba-technical@samba.org, and we can take it from there. 4) various others, such as greg dickie, michael breuer, continue to send in mini-updates which help to compile and run TNG, please keep 'em coming! 5) profiles are still not operating correctly, i do not know why, it is beginning to irritate me enough that i am probably going to do something about it. i now have, from various sources, legitimate versions of NT 5 and NT 4 installed in vmware 2.0 sessions. i am not entirely happy with this: i can only run one vmware session (i am using just xinit not X, i don't like graphical OSes) at a time. my thanks to darryl for his assistance, suggestions, and for providing the entire samba team with vmware licenses: i would be unable to do any work, right now, without vmware, as i only have the one computer. [btw does anyone, other than me, want to run vmware without having to run X-windows, for example, running linux in console-mode and switching between multiple vmware sessions on alt-f1 to alt-f12?] 6) password changing. oops! i made a mistake in the Great Convert in january, resulting in passing the wrong parameters over in the samr user password change. as i modified smbd to call the samr user password change functions instead of accessing smbpasswd directly, this will have affected *all* user-initiated password changes including win95, dos and wfwg _and_ nt password changes. so, if you have win95, please try changing a user password and report to the list if it works or not. i also fixed samedit's "ntpass" command to operate correctly at the same time, because it too was minorly broken. 7) the use of "netbios name" was a red herring and a false alarm. it's perfectly ok to use different netbios names for your server, although not generally considered to be good "network policy", although it does actually work. 8) elrond spotted that some of the user profile information was not correctly aligned. please report any operational issues and domain user logon problems, as usual, to samba-ntdom@samba.org, with a full report. all reports should contain full information, including: - your OS type - your last cvs update date *and* time, or tng alpha version number - your smb.conf file - an explicit list of steps carried out to get you into the current state for example, if you are using smbpasswd not samedit, please say so. please consider including a typescript of the operations used. please try and avoid reports just saying "it doesn't work": please send reports saying "i carried out the following series of steps, it failed here, the log files show error code xyz at this point, here's all the info about my setup and OS config: here, you go deal with it, i'm bored with all this not working, i give up". it's starting to get there. we're back at some of the key points that are generally taken for granted, such as user logons and password changes. printing and user profiles are the ones that really need to be dealt with, now. keep going, keep going, keep going, keep going :) best regards, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Mar 19 09:25:28 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-1.0 Crazy error logs Message-ID: matthew, check the "interfaces" which may either not be set up correctly or may have configure-auto-detected incorreclly. i noticed the other dayt that ./configure.developer picked up eth0, lo _and_ vmnet1! using loop-back as one of the interfaces in nmbd generally caused some stressful problems and caused it to fail. in other words, send your smb.conf file to the list. thx, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mg at plum.de Sun Mar 19 11:46:44 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz References: Message-ID: <38D4BE24.9CBA785A@plum.de> Luke Kenneth Casson Leighton wrote: > > all reports should contain full information, including: > > - your OS type > > - your last cvs update date *and* time, or tng alpha version number > > - your smb.conf file > > - an explicit list of steps carried out to get you into the current state Ok .. perhaps ist a stupid FAQ error, but I don't get it: (tng 1.1 from today, fresh install) ./samedit -S . -U root Added interface ip=0.0.0.0 bcast=0.255.255.255 nmask=255.0.0.0 Enter Password: [root@.]$ createuser pranghlocal$ socket connect to /tmp/.msrpc/.samr/agent failed: Verbindungsaufbau abgelehnt SAM Create Domain User Domain: TESTWG Name: pranghlocal$ ACB: [W ] socket connect to /tmp/.msrpc/.samr/agent failed: Verbindungsaufbau abgelehnt Create Domain User: FAILED [root@.]$ there is NO /tmp/.msrpc .. its in /usr/local/samba/var/.msrpc, and there is NO .samr directory in that one. (there is a "samr" socket in there although) Daemons running: 19029 ? S 0:00 ./smbd 19031 ? S 0:00 ./nmbd 19032 ? S 0:00 ./nmbd 19034 ? S 0:00 ./browserd 19036 ? S 0:00 ./lsarpcd 19038 ? S 0:00 ./netlogond 19040 ? S 0:00 ./samrd 19043 ? S 0:00 ./spoolssd 19045 ? S 0:00 ./srvsvcd 19048 ? S 0:00 ./svcctld 19050 ? S 0:00 ./winregd 19052 ? S 0:00 ./wkssvcd [global] workgroup = TESTWG oplocks=true hosts allow = 10.1.1. 127. printcap name = /etc/printcap load printers = yes printing = bsd log file = /var/log/samba/log.%m security = user encrypt passwords = yes null passwords=yes interfaces = eth0 eth1 lo local master = yes domain master = yes preferred master = yes domain logons = yes wins support = yes TIA, Michael From p.mayers at ic.ac.uk Sun Mar 19 16:45:49 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz References: <38D4BE24.9CBA785A@plum.de> Message-ID: <38D5043D.63304B86@ic.ac.uk> Well, you *completely* ignore the instructions to include the OS type, didn't you? I have had this problem on Linux machines - try adding an "interfaces" line with the network interfaces to your smb.conf. You'll see the: > Added interface ip=0.0.0.0 bcast=0.255.255.255 nmask=255.0.0.0 line? Doesn't that indicate the interface detection is failing? Therefore, you will have to manually specify them. Give it a try: interfaces = 192.168.1.0/24 Or whatever. Cheers, Phil Michael Glauche wrote: > > Luke Kenneth Casson Leighton wrote: > > > > all reports should contain full information, including: > > > > - your OS type > > > > - your last cvs update date *and* time, or tng alpha version number > > > > - your smb.conf file > > > > - an explicit list of steps carried out to get you into the current state > > Ok .. perhaps ist a stupid FAQ error, but I don't get it: > (tng 1.1 from today, fresh install) > /samedit -S . -U root > Added interface ip=0.0.0.0 bcast=0.255.255.255 nmask=255.0.0.0 > Enter Password: > [root@.]$ createuser pranghlocal$ > socket connect to /tmp/.msrpc/.samr/agent failed: Verbindungsaufbau > abgelehnt > SAM Create Domain User > Domain: TESTWG Name: pranghlocal$ ACB: [W ] > socket connect to /tmp/.msrpc/.samr/agent failed: Verbindungsaufbau > abgelehnt > Create Domain User: FAILED > [root@.]$ > > there is NO /tmp/.msrpc .. its in /usr/local/samba/var/.msrpc, and there > is NO .samr > directory in that one. (there is a "samr" socket in there although) > > Daemons running: > 19029 ? S 0:00 ./smbd > 19031 ? S 0:00 ./nmbd > 19032 ? S 0:00 ./nmbd > 19034 ? S 0:00 ./browserd > 19036 ? S 0:00 ./lsarpcd > 19038 ? S 0:00 ./netlogond > 19040 ? S 0:00 ./samrd > 19043 ? S 0:00 ./spoolssd > 19045 ? S 0:00 ./srvsvcd > 19048 ? S 0:00 ./svcctld > 19050 ? S 0:00 ./winregd > 19052 ? S 0:00 ./wkssvcd > > [global] > workgroup = TESTWG > oplocks=true > hosts allow = 10.1.1. 127. > printcap name = /etc/printcap > load printers = yes > printing = bsd > log file = /var/log/samba/log.%m > security = user > encrypt passwords = yes > null passwords=yes > interfaces = eth0 eth1 lo > local master = yes > domain master = yes > preferred master = yes > domain logons = yes > wins support = yes > > TIA, > Michael From mg at plum.de Sun Mar 19 16:59:21 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz References: <38D4BE24.9CBA785A@plum.de> <38D5043D.63304B86@ic.ac.uk> Message-ID: <38D50769.6FF937DE@plum.de> Phil Mayers wrote: > > Well, you *completely* ignore the instructions to include the OS type, > didn't you? > :) linux glibc2.1, 2.2.14 kernel > I have had this problem on Linux machines - try adding an "interfaces" > line with the network interfaces to your smb.conf. > > You'll see the: > > > Added interface ip=0.0.0.0 bcast=0.255.255.255 nmask=255.0.0.0 > > line? Doesn't that indicate the interface detection is failing? > Therefore, you will have to manually specify them. Give it a try: > > interfaces = 192.168.1.0/24 > yes .. was one error, but that does not explain the socket errors, just trying something, more info later. regards, Michael From mg at plum.de Sun Mar 19 17:04:35 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz References: Message-ID: <38D508A3.60AFD2B0@plum.de> Luke Kenneth Casson Leighton wrote: > Luke, this looks quite suspicios to me: static int get_agent_sock(char *pipe_name) { fstring path; fstring dir; slprintf(dir, sizeof(dir)-1, "/tmp/.msrpc/.%s", pipe_name); slprintf(path, sizeof(path)-1, "%s/agent", dir); return create_pipe_socket(dir, S_IRUSR|S_IWUSR|S_IXUSR, path, 0); } so .. the get_agent_sock is hardcoded, but the single daemons create their socket acording $PREFIX ? Esp. when you look in msrpc-client.c line 157: slprintf(path, sizeof(path) - 1, "%s/.msrpc/%s", LOCKDIR, pname); then again at line 263: slprintf(path, sizeof(path) - 1, "/tmp/.msrpc/.%s/agent", pipe_name); is that correct ??? regards, Michael From GLeblanc at cu-portland.edu Sun Mar 19 16:59:27 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz Message-ID: > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Sunday, March 19, 2000 1:26 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: samba-tng-alpha-1.1.tar.gz > > > ftp://samba.org/pub/samba/alpha and mirror sites > [snip] > i have already disabled smbpasswd -m and -j options: i am > considering just > disabling smbpasswd altogether, however i know that people > are _not_ going > to like that, so really should implement smbpasswd in terms of samedit > commands. > > time, time... Sounds like a nice shell script hack to me... :) Dunno if I've got time to work on that, I have a presentation to give in 2 weeks, but I'll take a look at the man pages. [snip] > > i now have, from various sources, legitimate versions of NT 5 and NT 4 > installed in vmware 2.0 sessions. i am not entirely happy > with this: i > can only run one vmware session (i am using just xinit not X, > i don't like > graphical OSes) at a time. my thanks to darryl for his assistance, > suggestions, and for providing the entire samba team with > vmware licenses: > i would be unable to do any work, right now, without vmware, as i only > have the one computer. Why can you only run 1 at a time? I've got Win98 and WinNT4 running on this box right now, and while it's pretty darn slow, they do run. Disclaimer, I've got 256MB of ram, and a k6-2 300. If you've got more than that in both departments, you're ok. I run both VMware machines with 64MB of ram, and processor is a huge bottleneck, mostly because of the poor design of Win98. If you're running 2 NT machines processor shouldn't be so bad. Oh, one other thing, having FAST FAST FAST disks is imperative. If you can get dual U2W 10K RPM SCSI disks and run them on software RAID0, that should take disk out as a limiting factor... > > [btw does anyone, other than me, want to run vmware without > having to run > X-windows, for example, running linux in console-mode and switching > between multiple vmware sessions on alt-f1 to alt-f12?] Methinks you should swap to probably the 10th virtual console. That should be a full-screen Windows session, then you can work on 2/3/4 for your "real" work, leaving X running from the first console. It'd be nice to have VMware running without the X server completely, but I'll take what I can get, for now. If only they'd fixed all the bugs I reported before shipping 2.0... [snip] Thanks Luke, every project should have such a clearly defined set of instructions for reporting "bugs". Greg From greg at discreet.com Sun Mar 19 18:08:28 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: <38D508A3.60AFD2B0@plum.de> Message-ID: I believe I am having a problem related to this right now. Still trying to track it down but it looks like this... Greg On Mon, 20 Mar 2000, Michael Glauche wrote: > Date: Mon, 20 Mar 2000 04:00:49 +1100 > From: Michael Glauche > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: samba-tng-alpha-1.1.tar.gz > > Luke Kenneth Casson Leighton wrote: > > > > Luke, this looks quite suspicios to me: > static int get_agent_sock(char *pipe_name) > { > fstring path; > fstring dir; > > slprintf(dir, sizeof(dir)-1, "/tmp/.msrpc/.%s", pipe_name); > slprintf(path, sizeof(path)-1, "%s/agent", dir); > > return create_pipe_socket(dir, S_IRUSR|S_IWUSR|S_IXUSR, path, > 0); > } > > > so .. the get_agent_sock is hardcoded, but the single daemons create > their socket > acording $PREFIX ? > > Esp. when you look in msrpc-client.c line 157: > slprintf(path, sizeof(path) - 1, "%s/.msrpc/%s", LOCKDIR, pname); > then again at line 263: > slprintf(path, sizeof(path) - 1, "/tmp/.msrpc/.%s/agent", pipe_name); > > is that correct ??? > > regards, > Michael > --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From jweber at math.cudenver.edu Sun Mar 19 18:42:17 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:29:04 2003 Subject: How to connect NT 4.0 wks to samba pre 3.0.0 Domain? In-Reply-To: <20000319184526.A350@gimp.thz.net> Message-ID: Hi, Look at the entries in your smbpasswd, make sure the 5th field (the one with the [] ) only has a U for users and a W for machines. I was getting a D in this field with the other letter. This means account disabled. make sure all the daemons are running like http://www.kneschke.de/projekte/samba_tng/faq/configuration.php3 describes. The talk on the list seems to be that smbpasswd is being phased out. The preferred way seems to be "rpcclient". Not documented that I could find was to use the "samuserset" command from within rpcclient to change passwords. There looks like some online help built into rpcclient in the style of ftp, just type a "?" to get a list of commands an "? command" to get more help. (see same URL as above) There's?also a man page with rpcclient. Use samuserset machine$ -p machine from rpcclient to properly set the machine password. There was no attachment of your smb.conf John On Sun, 19 Mar 2000, Bostjan Muller wrote: > * On 19-03-00 at 09:00 John Weber (jweber@math.cudenver.edu) wrote: > +----Here quoted text begins----+ > [...] > > Look at http://www.kneschke.de/projekte/samba_tng/index.php3. It seems > > that there's a new branch called TNG (The Next Generation). There's > > instruction how to get the CVS for this. I've been able to get domain > > logons and profiles to work. It's alpha. I'm trying for printers now. Even > > these docs are lacking. > [...] > +----and here the quote ends----+ > Hi! > > Went there and compiled and installed the code - than I added users via > smbpasswd command, checked in the smbpasswd file and the users were there, so > were the encrypted passes, but any kind of login that included password failed > (and yes I do have the users set up in the passwd file). Even trying to mount a > smb share on a win98 machine fails if passwords are necesary to mount a share, > it works ok without a password though - same goes for the samba machine > (everyone can login ok if passwords are disabled - no password option). > > I also cannto login into a domain - on a NT wks 4.0 sp5. I get a no controller > error. > > Here is what my smb.conf looks like (as an attachment). > > Could you please advise me what to do - in your own experience and knowledge - > you seem to have it working... > > THX in advance! > > Bo?tjan > > > > > -- > Bo?tjan M?ller [NEONATUS], NEONATUS@bigfoot.com, http://surf.to/NEONATUS > RSA id: 0x90178DBD, ICQ #:7506644, PGP key: finger neonatus@gimp.thz.net > GEEK CODE = PGP key Registered Linux User #87774, Powered by SuSE Linux 6.2 > "Virtual" means never knowing where your next byte is coming from. > From lkcl at samba.org Sun Mar 19 19:01:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: <38D4BE24.9CBA785A@plum.de> Message-ID: On Sun, 19 Mar 2000, Michael Glauche wrote: > Luke Kenneth Casson Leighton wrote: > > > > all reports should contain full information, including: > > > > - your OS type > > > > - your last cvs update date *and* time, or tng alpha version number > > > > - your smb.conf file > > > > - an explicit list of steps carried out to get you into the current state > > Ok .. perhaps ist a stupid FAQ error, but I don't get it: > (tng 1.1 from today, fresh install) > ./samedit -S . -U root > Added interface ip=0.0.0.0 bcast=0.255.255.255 nmask=255.0.0.0 > Enter Password: > [root@.]$ createuser pranghlocal$ > socket connect to /tmp/.msrpc/.samr/agent failed: Verbindungsaufbau > abgelehnt > SAM Create Domain User > Domain: TESTWG Name: pranghlocal$ ACB: [W ] > socket connect to /tmp/.msrpc/.samr/agent failed: Verbindungsaufbau > abgelehnt > Create Domain User: FAILED > [root@.]$ ok, ignore the agent redirect errors, they are not important. however, the "Create Domain User: FAILED" is. this will occur if you do not have a workstation pranghlocal$ in /etc/passwd, _or_ if you have an OS that cannot deal with unix usernames greater than 8 chars in length. try a workstation name of 8 chars: "pranghl$" > Daemons running: > 19029 ? S 0:00 ./smbd > 19031 ? S 0:00 ./nmbd > 19032 ? S 0:00 ./nmbd > 19034 ? S 0:00 ./browserd > 19036 ? S 0:00 ./lsarpcd > 19038 ? S 0:00 ./netlogond > 19040 ? S 0:00 ./samrd > 19043 ? S 0:00 ./spoolssd > 19045 ? S 0:00 ./srvsvcd > 19048 ? S 0:00 ./svcctld > 19050 ? S 0:00 ./winregd > 19052 ? S 0:00 ./wkssvcd > > [global] > workgroup = TESTWG > oplocks=true > hosts allow = 10.1.1. 127. > printcap name = /etc/printcap > load printers = yes > printing = bsd > log file = /var/log/samba/log.%m > security = user > encrypt passwords = yes > null passwords=yes > interfaces = eth0 eth1 lo > local master = yes > domain master = yes > preferred master = yes > domain logons = yes > wins support = yes ok, looks fine. thanks michael. try a shorter wksta name. From lkcl at samba.org Sun Mar 19 19:11:14 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: <38D508A3.60AFD2B0@plum.de> Message-ID: hi michael, the "agent" code is a redirector which i haven't written for the dce/rpc pipes, yet. i _have_ written them for nmb UDP 137 traffic (not 138) and smb TCP 139/445 traffic. so, for now, please ignore "agent connect" errors. thx, luke On Sun, 19 Mar 2000, Michael Glauche wrote: > Luke Kenneth Casson Leighton wrote: > > > > Luke, this looks quite suspicios to me: > static int get_agent_sock(char *pipe_name) > { > fstring path; > fstring dir; > > slprintf(dir, sizeof(dir)-1, "/tmp/.msrpc/.%s", pipe_name); > slprintf(path, sizeof(path)-1, "%s/agent", dir); > > return create_pipe_socket(dir, S_IRUSR|S_IWUSR|S_IXUSR, path, > 0); > } > > > so .. the get_agent_sock is hardcoded, but the single daemons create > their socket > acording $PREFIX ? > > Esp. when you look in msrpc-client.c line 157: > slprintf(path, sizeof(path) - 1, "%s/.msrpc/%s", LOCKDIR, pname); > then again at line 263: > slprintf(path, sizeof(path) - 1, "/tmp/.msrpc/.%s/agent", pipe_name); > > is that correct ??? > > regards, > Michael > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mg at plum.de Sun Mar 19 19:24:44 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz References: Message-ID: <38D5297C.202A5368@plum.de> Luke Kenneth Casson Leighton wrote: > > > ok, ignore the agent redirect errors, they are not important. > > however, the "Create Domain User: FAILED" is. > > this will occur if you do not have a workstation pranghlocal$ in > /etc/passwd, _or_ if you have an OS that cannot deal with unix usernames > greater than 8 chars in length. > > try a workstation name of 8 chars: "pranghl$" > mea culpa. unix user did not exist ... :) I only did worry about the agent errors. (as log as the user is there, I'm fine) > > Daemons running: > > 19029 ? S 0:00 ./smbd > > 19031 ? S 0:00 ./nmbd > > 19032 ? S 0:00 ./nmbd > > 19034 ? S 0:00 ./browserd > > 19036 ? S 0:00 ./lsarpcd > > 19038 ? S 0:00 ./netlogond > > 19040 ? S 0:00 ./samrd > > 19043 ? S 0:00 ./spoolssd > > 19045 ? S 0:00 ./srvsvcd > > 19048 ? S 0:00 ./svcctld > > 19050 ? S 0:00 ./winregd > > 19052 ? S 0:00 ./wkssvcd > > > > [global] > > workgroup = TESTWG > > oplocks=true > > hosts allow = 10.1.1. 127. > > printcap name = /etc/printcap > > load printers = yes > > printing = bsd > > log file = /var/log/samba/log.%m > > security = user > > encrypt passwords = yes > > null passwords=yes > > interfaces = eth0 eth1 lo > > local master = yes > > domain master = yes > > preferred master = yes > > domain logons = yes > > wins support = yes > > ok, looks fine. thanks michael. try a shorter wksta name. Have some troubles connecting to shares (did not test domain logons yet) from nt5. lsarpcd tells me about missing sockets (that in the other post). If you want some level 100 logfile, tell me, its huge. :) what means this in log.lsarpc: socket open succeeded. file name: /tmp/.msrpc/.samr/agent socket connect to /tmp/.msrpc/.samr/agent failed: Verbindungsaufbau abgelehnt redirect failed, attempt direct connection socket open succeeded. file name: /opt/samba-tng//var/.msrpc/samr however accessing the server with smbclient works fine :) (Btw .. have no problems with 2.0.6a and nt5 ... :) regards, Michael From mg at plum.de Sun Mar 19 19:37:27 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz References: <38D5297C.202A5368@plum.de> Message-ID: <38D52C77.A3D12D61@plum.de> Michael Glauche wrote: > > Have some troubles connecting to shares (did not test domain logons yet) > from nt5. lsarpcd tells me about missing sockets (that in the other > post). ahh .. had some trouble reconnecting drives, when using a fresh logon to alpha1.1 it works, but when nt5 has mapped a share, then you can't switch from 2.0.6 to TNG ... *grin* regards, Michael From lkcl at samba.org Sun Mar 19 19:31:26 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: <38D520D5.30FBFD12@hvcc.edu> Message-ID: On Sun, 19 Mar 2000, William Jojo wrote: > > Luke, > > Why would you disable the -m option of smbpasswd? We use Ghost to re-image a PC > here and we need to reset the machine account after a rebuild so it will > gracefully join the domain without having to jump through hoops. because 1) having a default well-known workstation trust account password is a security risk: the trust account is used to encrypt user passwords. because 2) if you _must_ do this, you can use samedit's "createuser wkstaname$ -p wkstaname" to explicitly set the trust account password to the [very insecure] initial value. oh, and it gets even better if you add a backup domain controller with the trust account password [as the bdc name]: then you run the risk of losing your entire SAM database to an attacker, as they pretend to be the BDC, using the default password and suck all user profile (plus passwords) group, alias and domain information off your PDC -- after all, that's what SAM synchronisation is supposed to do!!! > A little history - we build a master image and then ditribute that to 600 PCs on > our campus. By resetting the machine account through smbpasswd, we can simply > rename the machine (since every machine now has the same name from the master > image) and after a reboot, it's happy. > > If you would recommend a different method, I'm all ears, but I think disabling > smbpasswd -m would be a grave mistake. you can use samedit's createuser with -j to totally randomise the local workstation trust account password _and_ this totally random value will be stored in the PDC's SAM database, too, so the workstation is synchronised with the PDC. this can be done just as well in an NT-only environment as it can in a mixed samba-NT environment. you should be able to do this as a one-step-in-a-script on a secure local network: samedit -S thepdc -U admin%pdcpwd -W pdcdomname -l log [$ ] use \\wkstaname -U localadmin%localpwd -W wkstaname connect blah blah: OK [$ ] use -u connect to PDC connect to wksta [$ ] createuser wkstaname$ -j PDCDOMNAME creating trust account: OK [this is done to PDC using pdc admin pwd] setting $MACHINE.ACC: OK [this is done to wksta using wksta locadm pwd] now -- at this point, you should be able to go to the wksta and the pdc, and change the name, and voila. however, if you ask nicely, i might investigate how to change the local workstation name, by adding new commands: [$ ] srvinfoset -n newworkstationname [$ ] samuserset wkstaname$ -n newworkstationname$ then you can do this, afterwards: regedit -S wkstaname -U localadmin%localpwd -W wkstaname [$ ] shutdown --reboot --force-close (or -r -f). luke From lkcl at samba.org Sun Mar 19 19:33:03 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: <38D5297C.202A5368@plum.de> Message-ID: ok, then do a samedit -S . -U root% -l log, then do this: [$ ] dispinfo and send the results to the list, okie? From mg at plum.de Sun Mar 19 19:56:33 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:04 2003 Subject: samba-tng-alpha-1.1.tar.gz References: Message-ID: <38D530F1.C45825B5@plum.de> Luke Kenneth Casson Leighton wrote: > > ok, then do a samedit -S . -U root% -l log, then do this: > [$ ] dispinfo > > and send the results to the list, okie? SAM Display Info for Domain TESTWG Sam Level 1: Index: 1 RID: 0xbb8 ACB: [U ] Account Name: mg Full Name: User Description: Sam Level 1: Index: 2 RID: 0x1f4 ACB: [U ] Account Name: administrator Full Name: User Description: log is attached. regards, Michael p.s.: printing from nt5 to tng1.1 works fine :) -------------- next part -------------- A non-text attachment was scrubbed... Name: log.client.gz Type: application/x-gzip Size: 3566 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000319/a936bc4d/log.client.bin From mg at plum.de Sun Mar 19 20:40:48 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz References: <38D5297C.202A5368@plum.de> <38D52C77.A3D12D61@plum.de> Message-ID: <38D53B50.49FFDED@plum.de> Michael Glauche wrote: > > Michael Glauche wrote: > > > > Have some troubles connecting to shares (did not test domain logons yet) > > from nt5. lsarpcd tells me about missing sockets (that in the other > > post). > > ahh .. had some trouble reconnecting drives, when using a fresh logon > to alpha1.1 it works, but when nt5 has mapped a share, then you can't > switch from 2.0.6 to TNG ... *grin* oops .. wait .. that was another thing ... 2.0.6 was running when it worked. Now .. some more information : nt5 connect to share as "mg" : works nt5 connect to share as "adminstrator" : fails smbclient //server/share -U administrator : works I have a line domain user map = /opt/samba-tng/private/domainuser.map with root=Administrator in it, so it should work. (according to smbclient it does !?) in the logfile I got: load_name_map: Scanning name map /opt/samba-tng/private/domainuser.map make_name_entry:,administrator,root unix_name_to_nt_name_info: unix_name:root unix_name_to_nt_name_info: unix gid:0 unixname = root, ntname = TESTWG\administrator type = 1 but later I got: domain_client_validate: check lockout / pwd expired! No such user administrator - using guest account TIA, Michael From lkcl at samba.org Sun Mar 19 20:49:56 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: <38D53B50.49FFDED@plum.de> Message-ID: ok, firstly, make sure that there is read-permission to everyone all the way up to domainuser.map. secondly, try just "root" username, removing the domainuser.map. i just tried smbclient myself, and it worked fine, with _and_ without the domainuser.map, by the way. sooo.... how about this: try: samedit -S . -U root% -l lo [$] samuserset mg -p test then examine the mg line in smbpasswd, it should be like this: mg:0:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U ]:LCT-38D2E810: check that the password is correct, ok? also, try this: samedit -S . -U root% -l log [$ ] ntlogin DOMAINNAME\username password this should respond yes or no. try a correct password as well as an incorrect one. try an incorrect usename, too. On Sun, 19 Mar 2000, Michael Glauche wrote: > Michael Glauche wrote: > > > > Michael Glauche wrote: > > > > > > Have some troubles connecting to shares (did not test domain logons yet) > > > from nt5. lsarpcd tells me about missing sockets (that in the other > > > post). > > > > ahh .. had some trouble reconnecting drives, when using a fresh logon > > to alpha1.1 it works, but when nt5 has mapped a share, then you can't > > switch from 2.0.6 to TNG ... *grin* > > oops .. wait .. that was another thing ... 2.0.6 was running when it > worked. > > Now .. some more information : > > nt5 connect to share as "mg" : works > nt5 connect to share as "adminstrator" : fails > smbclient //server/share -U administrator : works > > I have a line > domain user map = /opt/samba-tng/private/domainuser.map > with > root=Administrator > > in it, so it should work. (according to smbclient it does !?) > > in the logfile I got: > load_name_map: Scanning name map /opt/samba-tng/private/domainuser.map > make_name_entry:,administrator,root > unix_name_to_nt_name_info: unix_name:root > unix_name_to_nt_name_info: unix gid:0 > unixname = root, ntname = TESTWG\administrator type = 1 > > but later I got: > domain_client_validate: check lockout / pwd expired! > No such user administrator - using guest account > > TIA, > Michael > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mg at plum.de Sun Mar 19 21:07:54 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz References: Message-ID: <38D541AA.489D5363@plum.de> Luke Kenneth Casson Leighton wrote: > > ok, firstly, make sure that there is read-permission to everyone all the > way up to domainuser.map. > > secondly, try just "root" username, removing the domainuser.map. I am logged in to local computer as admin, then connect to samba share. > > i just tried smbclient myself, and it worked fine, with _and_ without the > domainuser.map, by the way. Here, same ... > try: > > samedit -S . -U root% -l lo > [$] samuserset mg -p test > > then examine the mg line in smbpasswd, it should be like this: > mg:0:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U > ]:LCT-38D2E810: mg:500:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U ]:LCT-38D54BBD: > > check that the password is correct, ok? seems ok. > > also, try this: > > samedit -S . -U root% -l log > [$ ] ntlogin DOMAINNAME\username password > > this should respond yes or no. > > try a correct password as well as an incorrect one. > > try an incorrect usename, too. Ok .. this works with TESTWG\{mg|root|administrator} [root@.]$ ntlogin TESTWG\administrator ntlogin TESTWG\administrator cmd_nt_login: login (administrator) test succeeded: Yes it also fails correctly when using wrong password. Just when I am logged in to local computer and access to samba tng share, then it fails ... (but only as administrator, rest works ok) TIA, Michael From neonatus at gimp.thz.net Sun Mar 19 22:33:40 2000 From: neonatus at gimp.thz.net (Bostjan Muller) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: ; from lkcl@samba.org on Mon, Mar 20, 2000 at 07:51:27AM +1100 References: <38D53B50.49FFDED@plum.de> Message-ID: <20000319233340.A562@gimp.thz.net> I also have a problem with this. I did what this mail says, but I can only login with a user neonatus, users root and Administrator cannot login to NEONATUS.NET domain ... I tried changing the password the way it is described in this mail, but I had no luck ... Anything else to try? * On 19-03-00 at 23:16 Luke Kenneth Casson Leighton (lkcl@samba.org) wrote: +----Here quoted text begins----+ > ok, firstly, make sure that there is read-permission to everyone all the > way up to domainuser.map. > > secondly, try just "root" username, removing the domainuser.map. > > i just tried smbclient myself, and it worked fine, with _and_ without the > domainuser.map, by the way. > > sooo.... how about this: > > try: > > samedit -S . -U root% -l lo > [$] samuserset mg -p test > > then examine the mg line in smbpasswd, it should be like this: > mg:0:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U > ]:LCT-38D2E810: > > check that the password is correct, ok? > > also, try this: > > samedit -S . -U root% -l log > [$ ] ntlogin DOMAINNAME\username password > > this should respond yes or no. > > try a correct password as well as an incorrect one. > > try an incorrect usename, too. > > On Sun, 19 Mar 2000, Michael Glauche wrote: > > > Michael Glauche wrote: > > > > > > Michael Glauche wrote: > > > > > > > > Have some troubles connecting to shares (did not test domain logons yet) > > > > from nt5. lsarpcd tells me about missing sockets (that in the other > > > > post). > > > > > > ahh .. had some trouble reconnecting drives, when using a fresh logon > > > to alpha1.1 it works, but when nt5 has mapped a share, then you can't > > > switch from 2.0.6 to TNG ... *grin* > > > > oops .. wait .. that was another thing ... 2.0.6 was running when it > > worked. > > > > Now .. some more information : > > > > nt5 connect to share as "mg" : works > > nt5 connect to share as "adminstrator" : fails > > smbclient //server/share -U administrator : works > > > > I have a line > > domain user map = /opt/samba-tng/private/domainuser.map > > with > > root=Administrator > > > > in it, so it should work. (according to smbclient it does !?) > > > > in the logfile I got: > > load_name_map: Scanning name map /opt/samba-tng/private/domainuser.map > > make_name_entry:,administrator,root > > unix_name_to_nt_name_info: unix_name:root > > unix_name_to_nt_name_info: unix gid:0 > > unixname = root, ntname = TESTWG\administrator type = 1 > > > > but later I got: > > domain_client_validate: check lockout / pwd expired! > > No such user administrator - using guest account > > > > TIA, > > Michael > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals +----and here the quote ends----+ -- Bo?tjan M?ller [NEONATUS], NEONATUS@bigfoot.com, http://surf.to/NEONATUS RSA id: 0x90178DBD, ICQ #:7506644, PGP key: finger neonatus@gimp.thz.net GEEK CODE = PGP key Registered Linux User #87774, Powered by SuSE Linux 6.2 "Virtual" means never knowing where your next byte is coming from. From mgeddes at xavier.sa.edu.au Mon Mar 20 00:31:16 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:05 2003 Subject: tng 1.1 configure script Message-ID: <38D57154.7E2BAB6B@xavier.sa.edu.au> Hi, Got tng-1.1. Configure works on RH Linux 6.1, but not on RH Linux 6.0. It's the old "You don't have locking support so go away" message. Any clues? I don't know much about configure *at all*. Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From schapiro at clerk.pi.huji.ac.il Mon Mar 20 06:53:45 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:29:05 2003 Subject: NT WS replication (Re: samba-tng-alpha-1.1.tar.gz) In-Reply-To: Message-ID: Hi, here is what we are doing: before replicating the image, I join the master to the domain (it changes the password to something else). Then I replicate the computers and copy the password in the smbpasswd to the replicated computers. Like this nobody knows the WS passwords and the WS change them again after some time. S. Schapiro On Mon, 20 Mar 2000, Luke Kenneth Casson Leighton wrote: > On Sun, 19 Mar 2000, William Jojo wrote: > > > > > Luke, > > > > Why would you disable the -m option of smbpasswd? We use Ghost to re-image a PC > > here and we need to reset the machine account after a rebuild so it will > > gracefully join the domain without having to jump through hoops. > > because 1) having a default well-known workstation trust account password > is a security risk: the trust account is used to encrypt user passwords. > > because 2) if you _must_ do this, you can use samedit's "createuser > wkstaname$ -p wkstaname" to explicitly set the trust account password to > the [very insecure] initial value. > > oh, and it gets even better if you add a backup domain controller with the > trust account password [as the bdc name]: then you run the risk oflosing > your entire SAM database to an attacker, as they pretend to be the BDC, > using the default password and suck all user profile (plus passwords) > group, alias and domain information off your PDC -- after all, that's what > SAM synchronisation is supposed to do!!! > > > > A little history - we build a master image and then ditribute that to 600 PCs on > > our campus. By resetting the machine account through smbpasswd, we can simply > > rename the machine (since every machine now has the same name from the master > > image) and after a reboot, it's happy. > > > > If you would recommend a different method, I'm all ears, but I think disabling > > smbpasswd -m would be a grave mistake. > > you can use samedit's createuser with -j to totally randomise the local > workstation trust account password _and_ this totally random value will be > stored in the PDC's SAM database, too, so the workstation is synchronised > with the PDC. > > this can be done just as well in an NT-only environment as it can in a > mixed samba-NT environment. > > you should be able to do this as a one-step-in-a-script on a secure local > network: > > samedit -S thepdc -U admin%pdcpwd -W pdcdomname -l log > [$ ] use \\wkstaname -U localadmin%localpwd -W wkstaname > connect blah blah: OK > > [$ ] use -u > connect to PDC > connect to wksta > > [$ ] createuser wkstaname$ -j PDCDOMNAME > creating trust account: OK [this is done to PDC using pdc admin pwd] > setting $MACHINE.ACC: OK [this is done to wksta using wksta locadm pwd] > > now -- at this point, you should be able to go to the wksta and the pdc, > and change the name, and voila. > > however, if you ask nicely, i might investigate how to change the local > workstation name, by adding new commands: > > [$ ] srvinfoset -n newworkstationname > > [$ ] samuserset wkstaname$ -n newworkstationname$ > > then you can do this, afterwards: > > regedit -S wkstaname -U localadmin%localpwd -W wkstaname > [$ ] shutdown --reboot --force-close (or -r -f). > > luke > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 email: schapiro@clerk.pi.huji.ac.il From mmbrich at ductamerica.com Mon Mar 20 09:29:24 2000 From: mmbrich at ductamerica.com (Matthew Brichacek) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.0 Crazy error logs Message-ID: <00032003511300.00851@comp03.binary.net> Luke, [global] wins proxy = Yes bind interfaces only = Yes domain master = Yes interfaces = 198.172.10.113/255.255.255.0 216.229.12.163/255.255.255.248 preserve case = yes dos filetimes = Yes dos filetime resolution = Yes domain logons = yes encrypt passwords = yes follow symlinks = No printing = bsd server string = Linux Domain Controller lm announce = True smb passwd file = /usr/local/samba/private/smbpasswd workgroup = DUCTAMERICA update encrypted = Yes comment = Linux logon script = %U.bat unix password sync = Yes netbios name = COMP03 socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 60 case sensitive = no security = user short preserve case = yes os level = 200 name resolve order = lmhosts, host, wins, bcast, lock directory = /usr/local/samba/locks wins support = true username map = /dsk/user.map [homes] writable = yes comment = This is your personal home directory browseable = no [public] comment = Schedule Information path = /home/shared read only = no [FTPpub] comment = FTP Server Map path = /home/ftp/pub read only = no [Deskjet] comment = Hewlet Packard 610 CL path = /var/spool/lpd/lp writeable = no printable = yes [Netlogon] comment = Samba Network Logon Services path = /home/netlogon browseable = yes locking = No case sensitive = no guest ok = yes read only = no create mode = 0755 ok i installed tng-1.1 and followed your instructions in the posts before, during these commands for the root password things worked fine but the entry never showed up in smbpasswd and it never let me login to the network with root username, when i did this with a different user it would fail during the samuseredit user -ppasswd here are the entries from the logs (log.samedit) Added interface ip=216.229.12.163 bcast=216.229.12.167 nmask=255.255.255.248 socket connect to /tmp/.smb.0/agent failed: Connection refused error connecting to 216.229.12.163:445 (Connection refused) failed session setup cli_net_use_add: connection failed socket connect to /tmp/.smb.0/agent failed: Connection refused error connecting to 216.229.12.163:445 (Connection refused) socket connect to /tmp/.smb.0/agent failed: Connection refused error connecting to 216.229.12.163:445 (Connection refused) socket connect to /tmp/.smb.0/agent failed: Connection refused error connecting to 216.229.12.163:445 (Connection refused) LSA_OPENSECRET: (log.smb) file_init: Information only: requested 10000 open files, 1014 are available. No DFS map, Samba is running in NON DFS mode socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused socket connect to /tmp/.msrpc/.NETLOGON/agent failed: Connection refused authorise_login: TODO. split function, it's 6 levels! (log.nmb) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup DUCTAMERICA on subnet 216.229.12.163 become_domain_master_browser_bcast: querying subnet 216.229.12.163 for domain master browser on workgroup DUCTAMERICA become_logon_server_success: Samba is now a logon server for workgroup DUCTAMERICA on subnet 216.229.12.163 ***** Samba server COMP03 is now a domain master browser for workgroup DUCTAMERICA on subnet 216.229.12.163 ***** ***** Samba name server COMP03 is now a local master browser for workgroup DUCTAMERICA on subnet 216.229.12.163 ***** process_logon_packet: Group-packet Logon from 216.229.12.162: code = 12 process_logon_packet: Group-packet Logon from 198.172.10.111: code = 12 process_logon_packet: Group-packet Logon from 198.172.10.111: code = 0 process_logon_packet: Group-packet Logon from 216.229.12.162: code = 0 process_logon_packet: Unique-packet Logon from 216.229.12.162: code = 7 (log.lsarpcd) ERROR: setgroups call failed! socket connect to /tmp/.msrpc/.samr/agent failed: Connection refused ERROR: setgroups call failed! (log.netlogon) create_pipe_socket: /usr/local/samba/var/.msrpc perms=448 /usr/local/samba/var/.msrpc/netlogon perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/.msrpc/netlogon failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused (log.samr) remove on /usr/local/samba/var/.msrpc/samr failed ERROR: setgroups call failed! ERROR: setgroups call failed! I am on a RH 6.1 machine. About you needing systems to run vmware, I have a AMD K-7 550 198 mb RAM that you can telnet to and run a few vmwares, since i belive we are in opposite time zones and this is a dual boot machine i would be happy to fire up Linux on it at night, it runs 7.0, the true server is a 6.1 with a PII 450 and 198 mb RAM that you could also use, if not, i may be able to run a couple of consoles for you here at different times, but the dual boot machine has to be a windows machine during buisiness hours. However at the very least I always have a 3 client 10 user LAN and WAN with pretty decent traffic on samba since we use it for our main fileserver, local clients are 2 win 98 machines and a win 95, one might be W2k soon. and the WAN clients range from laptops to mainly win 98 machines.. Matthew From mmbrich at ductamerica.com Mon Mar 20 09:52:49 2000 From: mmbrich at ductamerica.com (Matthew Brichacek) Date: Tue Dec 2 02:29:05 2003 Subject: Samba-tng-alpha-1.0 Crazy error logs Message-ID: <00032003534101.00851@comp03.binary.net> PS. printers not working right now either, " network connection is no longer available" -- win 98 client From mmbrich at binary.net Mon Mar 20 10:19:00 2000 From: mmbrich at binary.net (Matthew Brichacek) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz Message-ID: <000501bf9255$c28d9f80$6f0aacc6@binary.net> I tried the password change from the win 95 and win 98 machines and it failed on both with the message "cannot change password because cannot locate the domain server " The log files all looked the same after i tried this o i didn't know what else to send Mathew -------------- next part -------------- HTML attachment scrubbed and removed From IJamison at iss-dsp.com Mon Mar 20 11:41:27 2000 From: IJamison at iss-dsp.com (Ian Jamison) Date: Tue Dec 2 02:29:05 2003 Subject: TNG: Missing ) from Makefile.in Message-ID: <38D60E67.587E3135@iss-dsp.com> Hi, The line with patsubst (for installscripts) has a missing ) at the end. BTW, I guess remote CVS doesn't allow commit changes to the repository. 'Bye, IanJ. ------------------------------------------------------------ Integrated Silicon Systems Ltd. Tel: +44 28 90 50 4000 50 Malone Road Fax: +44 28 90 50 4002 Belfast BT9 5BS Web: www.iss-dsp.com From tom at ee.ucl.ac.uk Mon Mar 20 12:09:26 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:05 2003 Subject: Problems logging onto domain Message-ID: <200003201209.MAA25600@picard.ee.ucl.ac.uk> Hello, Samba System: SUN Ultra E450, 64bit kernel Solaris 2.7. Client: IBM PC 315 NT 4 SP 4 Samba version: TNG cvs Mon Mar 20 10:54:50 GMT 2000. Configure: ./configure --prefix=/opt/samba-TNG I performed a make clean then a configure then a make and make install. There are a number of warnings about discarding consts and initialisations from incompatible pointer types. If any wants these, let me know. removed /opt/samba-TNG/var. Remembered that in Solaris there is a group root as well as the user root, so I changed the group to roots. [ASIDE: I think that samba should just ignore groups that have the same names as users. If Windows clients never get to see that group name, how can they ask for it in file creation etc?] Started samba-TNG. The smb.conf file is attached. I didn't destroy the smbpasswd file. I don't see the point of doing that. I removed the line for the test workstation tompc$. I then used ./rpcclient -S . -U root -l log2 createuser tompc$ At this point I checked smbpasswd. It had a line for tompc$ with a password. What was used to set this password? Last week, Elrond advised me to use samuserset to set the password. This did not and still doesn't work. I posted the log fragments last week. I went to the workstation and joined the domain without using the create account in the domain option. I got the Welcome to the EE domain message. Rebooted the workstation and attempted to log in with my own username and password: I got the message that the workstation account in the primary domain was missing or the password for that account is incorrect. I then went to an installation of samba-HEAD and typed: smbpasswd -a -m tompc$ I took the generated password line from the smbpasswd file on HEAD and put it into TNG. I could then log in on the workstation to the domain. I used createuser 4 times and produced the following: This one had samuserset tompc4 -p tompc run on it: tompc$:10001:3CEB72EFC7BA260DD3B579EBF037195B:3CEB72EFC7BA260DD3B579EBF037195B:[ W ]:LCT-38D60325: This is just createuser tompc$ as are the other two. tompc$:10001:B5E9AE956655F2C14EE017ACD5323C00:389A51F846E3CAB78088EBC4C1521AA5:[ W ]:LCT-38D60CC8: tompc$:10001:129ABF57F88D8049DD8164B911805A48:F3E9D54BE12A0FD4446B5713CE578FCD:[ W ]:LCT-38D60D04: tompc$:10001:3278B848D9E06877B3E2B226F8B6E60F:644FD1B0D244918A7ECB28FA01470CAE:[ W ]:LCT-38D60D49: The working one doesn't look anything like these. For obvious reasons I'd prefer only to post the working password to someone who wants to fix the code. Log files at level 100 are available on the web. If you email me I'll tell you where. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 1965 bytes Desc: smb.conf Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000320/86994c36/smb.obj From IJamison at iss-dsp.com Mon Mar 20 12:45:50 2000 From: IJamison at iss-dsp.com (Ian Jamison) Date: Tue Dec 2 02:29:05 2003 Subject: TNG: Progress Message-ID: <38D61D7E.D361590A@iss-dsp.com> Hi, Thanks for the good work over the weekend guys. I've now got the MS NT4 Server machine (Sp4, standalone) into the domain, and can log on as BELFAST/Administrator. Roaming profile storage seems to be working also, for Administrator and myself. Usermgr for domains seems to be complaining that "the parameter is incorrect" whenever I try to change anything, but Exchange Server is installing OK now. Haven't yet tried things like changing passwords from the NT box, to see if there are still problems there. Gotta figure out how to set up Exchange Server now (ho hum). 'Bye, IanJ. ------------------------------------------------------------ Integrated Silicon Systems Ltd. Tel: +44 28 90 50 4000 50 Malone Road Fax: +44 28 90 50 4002 Belfast BT9 5BS Web: www.iss-dsp.com From vs at lasp.npi.msu.su Mon Mar 20 13:42:27 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:29:05 2003 Subject: tng-1.1 new features Message-ID: The same as tng-1.0: 1) While logon nt say: "Slow network connection..." I don't like to set registry value to rid off this. 2) Change password don't work neither from nt nor with smbpasswd (password sync is enabled). From s.striker at striker.nl Mon Mar 20 14:44:40 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: <000501bf9255$c28d9f80$6f0aacc6@binary.net> Message-ID: Try again in plaintext. From mbreuer at siac.com Mon Mar 20 14:50:08 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.0.tar.gz References: Message-ID: <38D63AA0.74172573@siac.com> Irix needs some non-unique entries... how about a short-term fix... allow specification of a non-default /etc/passwd & /etc/group (kinda like public ftp)? Luke Kenneth Casson Leighton wrote: [snip] > 2) option 2 - add checking into domain_namemap.c > > verify that a name that maps to both a unix name _and_ a unix group, the > unix name takes precedence. > > this is nasty as hell, because let's say someone tries to create a file > with a unix group root, are you going to reject the file create because > there is also a username root???? > > answer: YES! with a damn big warning in the log files saying hey, stupid, > map the unix group "root" to something that doesn't clash with the > username "root", because i said so, don't argue, just do it. From greg at discreet.com Mon Mar 20 14:53:21 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:05 2003 Subject: TNG:join domain but cannot login Message-ID: TNG from yesterday: With NT40 I can join the domain but cannot subsequently logon to it because it complains that the computer trust account does not exist or has the wrong password. Never seen that before, any ideas? Greg --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From mbreuer at siac.com Mon Mar 20 14:58:09 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.0.tar.gz References: <38D63AA0.74172573@siac.com> Message-ID: <38D63C80.D9401292@siac.com> I spoke too soon... there doesn't seem to be a nice way to use an alternate passwd file. However... how about a simpler hack... add "_G" (or something) to all unix groups. Then create group map entries where appropriate. Michael Breuer wrote: > Irix needs some non-unique entries... how about a short-term fix... allow specification of a non-default /etc/passwd & /etc/group > (kinda like public ftp)? > > Luke Kenneth Casson Leighton wrote: > [snip] > > > 2) option 2 - add checking into domain_namemap.c > > > > verify that a name that maps to both a unix name _and_ a unix group, the > > unix name takes precedence. > > > > this is nasty as hell, because let's say someone tries to create a file > > with a unix group root, are you going to reject the file create because > > there is also a username root???? > > > > answer: YES! with a damn big warning in the log files saying hey, stupid, > > map the unix group "root" to something that doesn't clash with the > > username "root", because i said so, don't argue, just do it. From duehr at id-pro.net Mon Mar 20 15:23:55 2000 From: duehr at id-pro.net (Stephan Duehr) Date: Tue Dec 2 02:29:05 2003 Subject: out of policy handles Message-ID: <20000320162355.H15881@id-pro.net> When trying to log on to the domain from a NT Server, which already worked some time ago, I always see [2000/03/20 16:16:36, 0] rpc_server/srv_lsa_hnd.c:open_lsa_policy_hnd(107) ERROR: out of Policy Handles! [2000/03/20 16:16:36, 0] rpc_server/srv_lsa_hnd.c:open_lsa_policy_hnd(107) ERROR: out of Policy Handles! [2000/03/20 16:16:36, 0] rpc_server/srv_lsa_hnd.c:open_lsa_policy_hnd(107) ERROR: out of Policy Handles! I use the cvs snapshot of 1999-10-15. What does that error mean and what can I do about it? I don't use policies, and there are no policy files in the netlogin path. -- Stephan D?hr (Support) * ID-PRO Deutschland GmbH * Am Hofgarten 20 * D-53113 Bonn * Tel +49 228 4 21 54 0 * Fax +49 228 4 21 54 59 * http://open-for-the-better.com/ From ely at txc.com Mon Mar 20 16:17:36 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:29:05 2003 Subject: Usermanager doesn't work Message-ID: <38D64F20.962E473A@txc.com> I installed samba-tng-alpha-1.0, create user and root accounts using samedit createuser. I successfully joined NTWS to domain using NT Create Computer Account in the Domain with root account and password. I successfully login to the domain with administrative rights. But when I try to use User Manager for Domain I got the message: The remote procedure call failed. The roaming profile also doesn't work. From tom at ee.ucl.ac.uk Mon Mar 20 16:19:20 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:05 2003 Subject: Problems logging onto domain Message-ID: <200003201619.QAA11812@picard.ee.ucl.ac.uk> Hello, I'm having all sorts of strange problems with TNG. The platform and build details are as in my previous email with the same subject. (Do I need to post these every time?) 1) Logging into the domain is not reliable. So far it looks like after a period of some hours, the workstation account becomes invalid. However, if I rejoin the domain from the workstation, logins start to work again. 2) A slow network connection is always detected. I'm hoping this is because the level 100 debugging causes the server to look very slow. 3) Win 2000 hosts cannot join the domain, even if the workstation account is set up beforehand. (i.e. the smbpasswd file entry is made on a HEAD system). The error is that the domain is invalid or cannot be contacted. There is evidence in the logs that the domain has been contacted. As other people are able to join the domain on 32bit Solaris machines, I suspect that 64bit Solaris has something to do with the problem. I do find it extremely difficult to follow a thread through the 10 or so log files and can never seem to pin point where the logon processes are going wrong. If there is anything I can do to help someone debug this, let me know. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From mbreuer at siac.com Mon Mar 20 16:53:50 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz References: Message-ID: <38D6579E.EC48AE5C@siac.com> Luke, I removed all the duplicate user<->group entries. Root works properly now, crashes have stopped. But... I can't join w2k workstations to the domain and I can't run usrmgr. The error in both cases is that the W2K box could not "find the domain controller." [Verbage differs slightly, but meaning is the same.] TNG 1.1; IRIX 6.5.7f. If you want the smb.conf, I'll send it privately. Luke Kenneth Casson Leighton wrote: [snip] > > the upshot of fixing this is that joining an nt workstation to a TNG > domain is now _extremely_ fast: a couple of seconds, if that, and > USRMGR.EXE comes up very rapidly, too. > From tom at ee.ucl.ac.uk Mon Mar 20 17:04:17 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:05 2003 Subject: Problems logging onto domain Message-ID: <200003201704.RAA15066@picard.ee.ucl.ac.uk> Hello Elrond Thanks for the email. OK Well it makes more sense when you know that createuser sets a random password. How is the client supposed to know what the password is or how do they synchronise? I can't get the create account dialogue to work. It says that the account doesn't have sufficient priviledges to create the account. I've used root, Administrator and my account as I am a member of the Domain Administrators group. My domaingroup.map file is: support="EE\Domain Admins" staff="EE\Domain Users" My account is in support. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From mbreuer at siac.com Mon Mar 20 17:11:15 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:05 2003 Subject: TNG 1.1 - passwords... Message-ID: <38D65BB3.53353964@siac.com> When actually entering an incorrect password when logging onto W2K WS, the error message is "bad stub," not incorrect password. From mbreuer at siac.com Mon Mar 20 17:25:36 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz References: <38D6579E.EC48AE5C@siac.com> Message-ID: <38D65F0F.EA61C51E@siac.com> Additional info... tried this with log level 100 & configure.developer. The only messages in ANY log as a result of attempting to join the domain are nmbd log messages with "Unique-packed logon from : code = [7|12]." There are about the same number of 7s as 12s. However... I can browse the domain and logon to the domain from workstations which are already connected. Michael Breuer wrote: > Luke, > > I removed all the duplicate user<->group entries. Root works properly now, crashes have stopped. But... I can't join w2k > workstations to the domain and I can't run usrmgr. The error in both cases is that the W2K box could not "find the domain > controller." [Verbage differs slightly, but meaning is the same.] > > TNG 1.1; IRIX 6.5.7f. If you want the smb.conf, I'll send it privately. > > Luke Kenneth Casson Leighton wrote: > [snip] > > > > > the upshot of fixing this is that joining an nt workstation to a TNG > > domain is now _extremely_ fast: a couple of seconds, if that, and > > USRMGR.EXE comes up very rapidly, too. > > From gosha at arvid.ee Mon Mar 20 18:10:52 2000 From: gosha at arvid.ee (Dmitri B.Gofmekler) Date: Tue Dec 2 02:29:05 2003 Subject: Multiple NALs & TNG 1.1 (and previous). Message-ID: <4.3.1.0.20000320200144.00b3a5e0@mail> Hello, Caught the following problem: Linux 6.1 running SAMBA-TNG-ALPHA-1.1 (Also it acts as a masqarading router, so it has a two NICs) External name: ns.foo.com (regular address a.b.c.d) Internal name: master.lan.int (no route address 192.168.0.1) The problem is that I can not login into the domain from Windows NT 4.0 (SP 5) Workstation. Error message is about unpresent system's computer account on it's promary pdc or incorrect password. (samedits test 'ntlogon' reports 'Yes' without the error messages. coputer$ user exist in /etc/passwd and smbpasswd too with a type W). NetBIOS name of PDC is not written in smb.conf, but it is NS, because ns.foo.com is a default hostname. Any advices? (I already know, that the better way will to setup other PC for a samba server, but I can't, also I can not change default hostname/external name/internal name, because some other services depends on it). Thanks in advance, ---- Dmitri B. Gofmekler , ICQ: 8168758 ---- "http://www.sill.ee/~gosha/gosha.asc" - for PGP Encrypted messages. ===================================== Phone: (+372) 6 563981 Fax: (+372) 6 563000 A-Arvid Computers Ltd. < http://www.arvid.ee > From lkcl at samba.org Mon Mar 20 19:07:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: <38D6579E.EC48AE5C@siac.com> Message-ID: ok, there are some issues with using GETDC (domain controller locater) requests that i am trying to resolve. looks like you _another_ case that i need to analyse. please can you either run netmon on your nt wksta and capture the UDP 138 traffic going between the nt wksta and the samba tng server, while trying to run usrmgr, or use log level 100 and send me log.nmb. hmm, netmon capture would be better, it's decoded properly. try doing this: usrmgr \\sambatngservername. you will get a prompt saying server is a member of domain, focus will be set to domain. On Mon, 20 Mar 2000, Michael Breuer wrote: > Luke, > > I removed all the duplicate user<->group entries. Root works properly now, crashes have stopped. But... I can't join w2k > workstations to the domain and I can't run usrmgr. The error in both cases is that the W2K box could not "find the domain > controller." [Verbage differs slightly, but meaning is the same.] > > TNG 1.1; IRIX 6.5.7f. If you want the smb.conf, I'll send it privately. > > Luke Kenneth Casson Leighton wrote: > [snip] > > > > > the upshot of fixing this is that joining an nt workstation to a TNG > > domain is now _extremely_ fast: a couple of seconds, if that, and > > USRMGR.EXE comes up very rapidly, too. > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Mar 20 19:08:49 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: <38D65F0F.EA61C51E@siac.com> Message-ID: On Mon, 20 Mar 2000, Michael Breuer wrote: > Additional info... tried this with log level 100 & > configure.developer. The only messages in ANY log as a result of > attempting to join the domain are nmbd log messages with > "Unique-packed logon from : code = [7|12]." There are about the > same number of 7s as 12s. However... I can browse the domain and > logon to the domain from workstations which are already connected. yes, those are the ones: i need to see those process_logon_packet requests, preferably a netmon trace. there are so many different cases i don't know where to begin. it's just not very obvious: all the packets look the same, yet are decoded differently! From lkcl at samba.org Mon Mar 20 19:20:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.0.tar.gz In-Reply-To: <38D63AA0.74172573@siac.com> Message-ID: uh uh, no can do, sorry. each uid and gid *must* map one-to-one with a SID of the appropriate type. if this is not the case, then you run into serious problems as to how to resolve a uid to which SID was it that this uid represented again? i have sooo many to choose from... so, no, we can't do that. On Mon, 20 Mar 2000, Michael Breuer wrote: > Irix needs some non-unique entries... how about a short-term fix... allow specification of a non-default /etc/passwd & /etc/group > (kinda like public ftp)? > > Luke Kenneth Casson Leighton wrote: > [snip] > > > 2) option 2 - add checking into domain_namemap.c > > > > verify that a name that maps to both a unix name _and_ a unix group, the > > unix name takes precedence. > > > > this is nasty as hell, because let's say someone tries to create a file > > with a unix group root, are you going to reject the file create because > > there is also a username root???? > > > > answer: YES! with a damn big warning in the log files saying hey, stupid, > > map the unix group "root" to something that doesn't clash with the > > username "root", because i said so, don't argue, just do it. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Mar 20 19:21:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.0.tar.gz In-Reply-To: <38D63C80.D9401292@siac.com> Message-ID: i did that with the entire set of entries in /etc/group. this could be done with a script. i am considering adding a syntax "*=*_G" to the domainnamenap code. On Mon, 20 Mar 2000, Michael Breuer wrote: > I spoke too soon... there doesn't seem to be a nice way to use an alternate passwd file. However... how about a simpler hack... add > "_G" (or something) to all unix groups. Then create group map entries where appropriate. > > Michael Breuer wrote: > > > Irix needs some non-unique entries... how about a short-term fix... allow specification of a non-default /etc/passwd & /etc/group > > (kinda like public ftp)? > > > > Luke Kenneth Casson Leighton wrote: > > [snip] > > > > > 2) option 2 - add checking into domain_namemap.c > > > > > > verify that a name that maps to both a unix name _and_ a unix group, the > > > unix name takes precedence. > > > > > > this is nasty as hell, because let's say someone tries to create a file > > > with a unix group root, are you going to reject the file create because > > > there is also a username root???? > > > > > > answer: YES! with a damn big warning in the log files saying hey, stupid, > > > map the unix group "root" to something that doesn't clash with the > > > username "root", because i said so, don't argue, just do it. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From shepherd at orgx.co.nz Mon Mar 20 21:08:36 2000 From: shepherd at orgx.co.nz (shepherd@orgx.co.nz) Date: Tue Dec 2 02:29:05 2003 Subject: Password Change from NT client In-Reply-To: Message-ID: On Fri, 17 Mar 2000, Ondrej Hanak wrote: > Every user can change their password by standard method in NT. Problem may > be in unix passwd sync turned on. Caused by cracklib in PAM (control over > "right" passwd) or in passwd chat. OK, after sorting out the passwd chat the password changing seems to work fine - Thanks heaps! *BUT* it only works if the new password is 5 or more characters - if the user attempts to set it to 4 or less chars they get the same message as if they're not allowed to change it... Since I have password sync turned on I checked to see whether it was /usr/bin/passwd or smbd insisting on the min 5 chars - and it is smbd (found by running smbpasswd, not as root). So I trawled through the man pages on smbd and smb.conf and found no mention of the minimal password strength, or how it might be configured. Is it documented anywhere? Cheers, Richard Shepherd Organisation X Auckland, NZ From jffolliott at home.com Mon Mar 20 22:30:42 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:05 2003 Subject: cli_login compile fails on rh6.1 Message-ID: Using Samba TNG from CVS 2000/03/20, 5:15pm EST (also applies to tng-alpha.1.1) O/S is Redhat 6.1, kernel 2.2.12 I modified a few default paths in Makefile.in to be consistent with RH locations. Ran configure.developer --prefix=/usr --sysconfdir=/etc --with-quotas This is an error which recently cropped up right after 'make all': Using FLAGS = -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE="/var/log/samba" -DSMBLOGFILE="/var/log/samba/log.smb" -DNMBLOGFILE="/var/log/samba/log.nmb" -DCONFIGFILE="/etc/smb.conf" -DLMHOSTSFILE="/etc/lmhosts" -DSWATDIR="/usr/share/swat" -DSBINDIR="/usr/bin" -DLOCKDIR="/var/lock/samba " -DSMBRUN="/usr/bin/smbrun" -DCODEPAGEDIR="/etc/codepages" -DDRIVERFILE="/etc/printers.def" -DBINDIR="/usr/bin" -DFORMSFILE="/etc/ntforms.def" -DNTDRIVERSDIR="/etc" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/bin/smbpasswd" -DSMB_PASSWD_FILE="/etc/smbpasswd" -DSAM_DIR="/etc/sam" -DSMB_PASSGRP_FILE="/etc/smbpassgrp" -DSMB_GROUP_FILE="/etc/smbgroup" -DSMB_ALIAS_FILE="/etc/smbalias" Using LIBS = -lreadline -ldl -lcrypt -lpam Compiling rpc_client/cli_login.c with libtool gcc: cannot specify -o with -c or -S and multiple compilations make: *** [rpc_client/cli_login.lo] Error 1 From jffolliott at home.com Mon Mar 20 23:37:32 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:05 2003 Subject: cli_login compile fails on rh6.1 In-Reply-To: Message-ID: Sorry, my mistake, I sent this message a bit too quick. My makefile patch had something wrong with it. Jamie On Mon, 20 Mar 2000, Jamie ffolliott wrote: > Using Samba TNG from CVS 2000/03/20, 5:15pm EST > (also applies to tng-alpha.1.1) > > O/S is Redhat 6.1, kernel 2.2.12 > I modified a few default paths in Makefile.in to be consistent with RH > locations. Ran configure.developer --prefix=/usr --sysconfdir=/etc > --with-quotas > > This is an error which recently cropped up right after 'make all': > > Using FLAGS = -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith > -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -Iinclude -I./include -I./ubiqx > -I./smbwrapper -DLOGFILEBASE="/var/log/samba" > -DSMBLOGFILE="/var/log/samba/log.smb" > -DNMBLOGFILE="/var/log/samba/log.nmb" -DCONFIGFILE="/etc/smb.conf" > -DLMHOSTSFILE="/etc/lmhosts" -DSWATDIR="/usr/share/swat" > -DSBINDIR="/usr/bin" -DLOCKDIR="/var/lock/samba " > -DSMBRUN="/usr/bin/smbrun" -DCODEPAGEDIR="/etc/codepages" > -DDRIVERFILE="/etc/printers.def" -DBINDIR="/usr/bin" > -DFORMSFILE="/etc/ntforms.def" -DNTDRIVERSDIR="/etc" -DHAVE_INCLUDES_H > -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/bin/smbpasswd" > -DSMB_PASSWD_FILE="/etc/smbpasswd" -DSAM_DIR="/etc/sam" > -DSMB_PASSGRP_FILE="/etc/smbpassgrp" -DSMB_GROUP_FILE="/etc/smbgroup" > -DSMB_ALIAS_FILE="/etc/smbalias" > Using LIBS = -lreadline -ldl -lcrypt -lpam > Compiling rpc_client/cli_login.c with libtool > gcc: cannot specify -o with -c or -S and multiple compilations > make: *** [rpc_client/cli_login.lo] Error 1 > > > From mmbrich at ductamerica.com Tue Mar 21 01:48:20 2000 From: mmbrich at ductamerica.com (Matthew Brichacek) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-1.0 Crazy error logs Message-ID: <00032020024903.00851@comp03.binary.net> Ok, downloaded the 1.1 version and am able to fully execute samedit -S . -Uroot% -l lo [$] samuserset da -p passwd da -is a group on the network it works ok with the da group, i tried mg, don't laugh cuz i don't know if i was supposed to use that as a "my group" acronym or what, but it failed as mg, it did work ok as da. I didn't notice any change in the logs so i am not going to attach any. In either case it never made any password or group changes in the smbpasswd file, is it supposed to? My smb.conf is as follows: [global] wins proxy = Yes bind interfaces only = Yes domain master = Yes interfaces = eth0, eth0:1, lo preserve case = yes dos filetimes = Yes dos filetime resolution = Yes domain logons = yes encrypt passwords = yes follow symlinks = No printing = bsd server string = Linux DA Server lm announce = True smb passwd file = /usr/local/samba/private/smbpasswd workgroup = DUCTAMERICA update encrypted = Yes comment = Linux logon script = %U.bat unix password sync = Yes netbios name = COMP03 socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 60 case sensitive = no security = user short preserve case = yes os level = 200 admin users = matthew, mmbrich, matt name resolve order = lmhosts, host, wins, bcast, lock directory = /usr/local/samba/locks wins support = true username map = /dsk/user.map [homes] writable = yes comment = This is your personal home directory browseable = no [public] comment = Schedule Information path = /home/shared read only = no [FTPpub] comment = FTP Server Map path = /home/ftp/pub read only = no [Deskjet] comment = Hewlet Packard 610 CL path = /var/spool/lpd/lp writeable = no printable = yes [Netlogon] comment = Samba Network Logon Services path = /home/netlogon browseable = yes locking = No case sensitive = no guest ok = yes read only = no create mode = 0755 ok i can also successfully execute: samedit -S . -U root% -l lo [$]ntlogin domain\user pass it says it tested ok I have a Linux RH 6.1 PII 198 MB RAM DSL that I can run a few vmware machines for you on, i have never used it as console however and the machine would have to be able to serve functionally as a fileserver during business hours but otherwise, i think we are in opposite timezones too so if you can vmware on telnet that might be an option too, also have a dual boot mandrake 7.0 and win98 (soon w2k) machine that i could boot linux after biz hours if that helps, but i guess only if you can vmware on telnet. also is printers working in tng 1.1? i am unable to get my printer to work, and how do i login to the domain on the internet, my WAN clients have a lmhosts entry, wins resolution pointed to samba and dns pointed their also, they can still browse shares and other things but no domain controller can be found to login to. Thanks Mattthew From mgeddes at xavier.sa.edu.au Tue Mar 21 02:08:47 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:05 2003 Subject: TNG-1.1 stuff Message-ID: <38D6D9AF.DAE61EFC@xavier.sa.edu.au> Hi, I have configured Samba TNG 1.1 to run as a PDC on a SuSE 6.2 box. I have also got a RH 6.1 box with the same TNG version configured as BDC. The only problem I have, is when rpcclient tries to change passwords. If I user 'samuserset root' instead of '-p password', are there going to be any [known] problems? The reason I ask, is because my passwords tend to have spaces and other strange characters that are usually filtered out on command lines ;-). When I use rpcclient and 'createuser root' I get an account created. To fix this, I use 'smbpasswd -e root' (sorry luke!) and I can 'ntlogin'. If I use samuserset, I can't 'ntlogin' (even if I manually enable the root account in smbpasswd). Is this likely to be a problem with samuserset or with the actual password change over rpc? Because I have "successfully" (no evidence yet) joined a TNG domain from TNG, but I am not sure if the actual trust password has been correctly changed. Also (while you're here), is it necessary to have the 'domain alias map', 'local group map' and 'domain group map' on each domain member (PDC, BDC and WKS/MEM)? Thanks heaps to everyone in the Samba team (esp. Luke). I know it must piss you off sometimes having people e-mail you to tell you that your stuff is broke, even though it's OK for you. We do *really* appreciate the good work you have all done and hope you continue. Thanks, Matt -- "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From lkcl at samba.org Tue Mar 21 03:10:59 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:05 2003 Subject: Problems logging onto domain Message-ID: tom, you should be using a root account for the domain in the network control panel, not smbpasswd -a -m tompc$ or createuser tompc$. only use createuser tompc$ with the -j DOMAINNAME option, and only _after_ you have actually joined tompc$ to the domain, and _only_ as a security measure due to microsoft using an insecure trust account password. lars, please could you update the FAQ to reflect this. thx for the detailed report, tom, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Tue Mar 21 03:17:52 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.0 Crazy error logs Message-ID: matthew! urgent! you have made [netlogon] writeable! that means that anyone can, inclduing using guest access, create a logon script that will be executed by anyone. please, please set read only = yes and guest access = no on [netlogon]. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Tue Mar 21 04:03:25 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.1.tar.gz Message-ID: micahel, i re-enabled map_nt-and_unix_username, so acess to \\samba-tng\administrator which is actually the root user will now work. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Tue Mar 21 04:25:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:05 2003 Subject: samba-tng-alpha-1.2.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha and mirror sites. when using domain user map, when logging in and then accessing the samba server, i re-enabled map_nt_and_unix_username() to allow the nt username to be remapped to the unix username / share. i think i also now have the GETDC request with enough correct rules in it to allow all the various spurious combinations to be supported. NT 5 wks now can be joined to domain; Nso can NT4 wksta; USRMGR findd the DC; even dial-up access correctly finds the domain! i am not sure about win9x, though. there have been a couple of reports of user password changes failing. one report of profiles working correctly, i still can't get it, though, which is still bugging me. printing still out, except for that report of making a direct connection, successfully. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From jffolliott at home.com Tue Mar 21 04:55:47 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:05 2003 Subject: tng-alpha.0.11 Message-ID: Logins and logouts are terribly slow. Logins generally get the "slow connection detected" error message, and you notice a long delay leading up to that message. Logout's take about a minute where most of the time seems like idle waiting. Roaming profiles seem to be working, but the 'netlogon' and 'profiles' shares are always left open after the client logs out. Is there a reason why? I have a hunch this leads to broken profiles on multi-workstation networks with roaming users (a single workstation in the domain works just fine). Eg. Samba handles a login from a different user coming from the same client but can't open shares that are still open on the last users's credentials). The user ends up with a new profile being created named winnt\profiles\username.001 and the old one is lost when that user logs out and writes back the new profile to the server. This was a problem with the prealpha HEAD branch series, although I can't test this again from home. I may have access to test this soon with more workstations, but does this sound like a plausible explanation? O/S: RH 6.1 Linux, kernel 2.2.12 Samba-tng-alpha 1.1 Debug level 100 logs are available at ftp://queensu.dhs.org/pub/samba/tng-alpha.1.1-login.tar.gz ftp://queensu.dhs.org/pub/samba/tng-alpha.1.1-logout.tar.gz Linux is running TNG as a PDC, named FIREWALL, on the domain HOUSE. Client is NTWS 4.0 SP5, named DAGOBAH. smb.conf [global] netbios name = FIREWALL workgroup = HOUSE server string = House Server and Firewall hosts allow = 127.0.0.1 192.168.69. printcap name = /etc/printcap load printers = yes print command = lpr -P%p %s; rm %s guest account = nobody log file = /var/log/samba/log.%m max log size = 500 security = user password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* domain group map = /etc/smbdomaingroup.map local group map = /etc/smblocalgroup.map domain user map = /etc/smbdomainuser.map socket options = TCP_NODELAY getwd cache = yes read prediction = True wide links = True interfaces = 192.168.69.1/24 bind interfaces only = False local master = yes os level = 63 domain master = yes preferred master = yes domain logons = yes logon script = logon.bat logon drive = u: logon path = \\%L\profiles\%U logon home = \\%L\home\%U wins support = yes dns proxy = no lock directory = /var/lock/samba locking = yes strict locking = yes time server = True debug level = 100 timestamp logs = no [home] comment = Home Directories path = /home browseable = yes writeable = yes preserve case = yes short preserve case = yes create mode = 0755 hide dot files = yes public = no [netlogon] comment = Network Logon Service path = /home/netlogon public = no locking = no writeable = yes write list = root, jmeff, @jamie share modes = no [profiles] path = /home/profiles browseable = yes guest ok = yes writeable = yes comment = Roaming Profiles directory mask = 0700 create mode = 0700 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writeable = no printable = yes [tmp] comment = Temporary file space path = /tmp read only = no public = yes From jffolliott at home.com Tue Mar 21 04:59:11 2000 From: jffolliott at home.com (Jamie ffolliott) Date: Tue Dec 2 02:29:05 2003 Subject: arg.. should be tng-alpha 1.1 Message-ID: Sorry, the last message was tng-alpha 1.1. Damn fingers ;) From cathryn at junglevision.com Tue Mar 21 11:22:40 2000 From: cathryn at junglevision.com (Cathryn Mataga) Date: Tue Dec 2 02:29:05 2003 Subject: smbd-TNG doesn't start(Probably clueless user.) Message-ID: <000101bf9327$c518aec0$360b15cf@cathryn.junglevision.com> Hi guys. Uh, I can't seem to get smbd to start. Here's a url to my config file. I built smba_tng from the source files which I cvs-ized last night. 3/21 morning. I have a little experience getting 2.0x Sambas up and running, but I'm new to TNG. The source code compiled and installed without any errors or anything. I did 'touch' the smbpasswd file and I added a few users. I can set passwords. ftp://chile.junglevision.com/pub/smb.conf And to the log.smb file after I type 'bin/smbd' ftp://chile.junglevision.com/pub/log.smb Thanks. From ph at uni-wh.de Tue Mar 21 12:22:32 2000 From: ph at uni-wh.de (Peter Huber) Date: Tue Dec 2 02:29:05 2003 Subject: Samba 2.04b / 2.06 Message-ID: <412568A9.0043FB9C.00@bartledan.uni-wh.de> Hello, I have a problem migrating from samba 2.04b to 2.06. In our network the samba server is a domain controller as far as possible. Everything is working fine with 2.04 version. A few days ago, I compiled the 2.06 and installed it on our fileserver (Intel, RedHat 6.1, shadow pw not md5). First it seems to work fine, but then I had problem in syncing the smbpassword with the unix password. With the old version there was no problem, but now it seems impossible to sync the passwords. I have changed nothing on the smb.conf. I compiled the 2.06 with the pam option and without it. No change. Has anyone an idea? I attached my smb.conf. Thanx Peter Huber (See attached file: smb.conf) -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 17589 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000321/527cb98e/smb.obj From tschweikle at FIDUCIA.de Tue Mar 21 12:57:10 2000 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:29:06 2003 Subject: Cannot map network drive from NT Message-ID: <0057540004298176000002L462*@MHS> greg@discreet.com: > You need to turn off encrypted passwords on NT. There is a .reg > file in the distribution for that. Damn bogus tips! Turn on encripted passwords in smb.conf instead. The other way you'll break security in your own network! Have a look at the SMB-HOWTO how to do this (ist's written for Linux, but it is the same with IRIX). > On 16-Mar-00 Norea Nuon wrote: >> Hi, >> >> We have used Samba 2.0.5a on SGI IRIX 6.5.4. It works well from >> Windows95/98 clients and WinDD 3.51. We just install NT 4.0 workstation >> (service pack5) and not able to map network drive on IRIX. Error >> message: account not authorized. >> >> I check on the server (/usr/local/samba/var/log.smb), Samba just close >> the connection and exit, after "Selected protocol NT LM 0.12" ... >> >> Can someone enlighten me please ? Do I need another version of Samba to >> be able to work with NT 4.0 or I did something wrong ? >> >> Thanks in advance. >> >> Norea Nuon, >> norea.nuon@videotron.ca -- ThomasFrom tschweikle@FIDUCIA.de Tue Mar 21 13:02:10 2000 Received: from snoopy.nic.fiducia.de ([195.200.32.17]:4295 "EHLO convert rfc822-to-8bit/ snoopy.nic.fiducia.de") by samba.org with ESMTP id ; Wed, 22 Mar 2000 00:02:01 +1100 Received: from FIDUCIA.DE ([10.253.218.1]) by snoopy.nic.fiducia.de (Netscape Messaging Server 3.5) with SMTP id 309 for ; Tue, 21 Mar 2000 14:04:41 +0100 Received: by FIDUCIA.DE (Soft-Switch LMS 3.2) with snapi via NOTES id 0057540004298220; Tue, 21 Mar 2000 14:00:01 +0100 From: tschweikle@FIDUCIA.de To: " - *Samba-Ntdom@Samba.Org" Subject: Re: Password Change from NT client Message-ID: <0057540004298220000002L402*@MHS> Date: Tue, 21 Mar 2000 14:00:01 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT Content-Disposition: inline Return-Path: X-Orcpt: rfc822;Samba-Ntdom@Samba.Org hanak@IRIS.osu.cz: > On Fri, 17 Mar 2000 shepherd@orgx.co.nz wrote: > >> I have samba 2.0.6 installed and network logins are working fine. However >> the users would like to change their passwords from the NT client by the >> usual methods. When they try they get something like "the username and/or >> password is incorrect". Can this be done or does it effectively have to >> be done administratively via smbpasswd? > > Every user can change their password by standard method in NT. Problem may > be in unix passwd sync turned on. Caused by cracklib in PAM (control over > "right" passwd) or in passwd chat. > > If you need to sync samba and unix passwords, try turn on debug for > passwd chat and look to logs. Or, as a merely good solution use pam_smb to authenticate your unix users. -- ThomasFrom tom@ee.ucl.ac.uk Tue Mar 21 14:42:48 2000 Received: from picard.ee.ucl.ac.uk ([128.40.42.82]:48261 "EHLO convert rfc822-to-8bittti picard.ee.ucl.ac.uk") by samba.org with ESMTP id ; Wed, 22 Mar 2000 01:42:41 +1100 Received: by picard.ee.ucl.ac.uk (8.9.1/8.9.1) id OAA04923 for samba-ntdom@samba.org; Tue, 21 Mar 2000 14:42:33 GMT Date: Tue, 21 Mar 2000 14:42:33 GMT From: Tom Crummey Message-Id: <200003211442.OAA04923@picard.ee.ucl.ac.uk> To: samba-ntdom@samba.org Subject: Is the mailing list server working? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8BIT Content-MD5: qO2DdklXS3jrCFUu08Nl+g== Return-Path: X-Orcpt: rfc822;samba-ntdom@samba.org Hello, Just to check if the mailing list server is working. I've not had any email from samba-ntdom for about 24 hours. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From lkcl at samba.org Tue Mar 21 22:30:52 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:06 2003 Subject: profiles Message-ID: well *duur*, i just want you all to know that it REALLY helps to have write access to [homes] in order to get profiles to work. *muur*. profiles confirmed as working fine. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mgweber at home.com Wed Mar 22 01:21:22 2000 From: mgweber at home.com (Mark Weber) Date: Tue Dec 2 02:29:06 2003 Subject: cli_net_auth2: ERROR Message-ID: <001e01bf939c$ef3d0c80$0a00a8c0@mdsn1.wi.home.com> #smbpasswd -j hades -r bob cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify trust password:unable to setup PDC credentials to machine BOB. error was...Acc.denied failed changing passwor for domain hades (cuz yer a loozer blah blah blah) Unable to join domain HADES I am attempting to join a samba box that is a dual homed host. one connection --> LAN one to -->Internet. I have an NT 4.0 server, one win98 box, and the Linux box is running RH6.1. I just set up almost the exact same situation at work with no problems walking right through the HOWTO. The only difference here at home is the dual homed action on the linux box. I have tried several different things with smb.conf and regardless it still gives me the same error? Any Ideas? I do have 'encrypt passwords = yes', interfaces = x.x.x.x/x x.x.x.x/x (tried it both ways on/off) etc. and all the other settings set just as specified in the HOWTO and smb.conf guidlines. although one interesting thing is if I specify password server = * it does tell me that it unable to resolve * which I found to be a pretty profound statement. given that * might represent infinity and ... anyway back to the point. (it said i could try that if I wanted samba to try to find the NT box...?) I was wondering if anyone else has experienced something similar? -------------- next part -------------- HTML attachment scrubbed and removed From mgweber at home.com Wed Mar 22 02:10:16 2000 From: mgweber at home.com (Mark Weber) Date: Tue Dec 2 02:29:06 2003 Subject: cli_net_auth2: ERROR Message-ID: <002d01bf93a3$c434a500$0a00a8c0@mdsn1.wi.home.com> Nevermind. Needed WINS Support everything is cool. ----- Original Message ----- From: Mark Weber To: samba-ntdom@samba.org Sent: Tuesday, March 21, 2000 7:21 PM Subject: cli_net_auth2: ERROR #smbpasswd -j hades -r bob cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify trust password:unable to setup PDC credentials to machine BOB. error was...Acc.denied failed changing passwor for domain hades (cuz yer a loozer blah blah blah) Unable to join domain HADES I am attempting to join a samba box that is a dual homed host. one connection --> LAN one to -->Internet. I have an NT 4.0 server, one win98 box, and the Linux box is running RH6.1. I just set up almost the exact same situation at work with no problems walking right through the HOWTO. The only difference here at home is the dual homed action on the linux box. I have tried several different things with smb.conf and regardless it still gives me the same error? Any Ideas? I do have 'encrypt passwords = yes', interfaces = x.x.x.x/x x.x.x.x/x (tried it both ways on/off) etc. and all the other settings set just as specified in the HOWTO and smb.conf guidlines. although one interesting thing is if I specify password server = * it does tell me that it unable to resolve * which I found to be a pretty profound statement. given that * might represent infinity and ... anyway back to the point. (it said i could try that if I wanted samba to try to find the NT box...?) I was wondering if anyone else has experienced something similar? -------------- next part -------------- HTML attachment scrubbed and removed From lkcl at samba.org Wed Mar 22 10:18:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:06 2003 Subject: Problems logging onto domain Message-ID: matthew, thanks for your encouragement. createuser accountname, by default, creates a disabled account with no password. otherwise, this would be a security risk. samuserset accountname -p password does not re-enable a disabled account, it just sets the password samuserset2 accountname -c 0x5 is what you are looking for (i believe). this will clear "no password required" and "account disabled". do a samuser accountname -u and the Account Control Bits should show up as: [U ]. _prior_ to the samuserset2 -c 0x5, it will look like this: [UXD ] - usr account, no password, acount disabled. luke p.s i _will_ get round to writing a better syntax for samuserset2, unless someone beats me to it. p.p.s you can alwawys hand-edit smbpasswd :) Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From Ionut.Gumeni at constantza-port.ro Wed Mar 22 11:25:08 2000 From: Ionut.Gumeni at constantza-port.ro (Ionut Gumeni) Date: Tue Dec 2 02:29:06 2003 Subject: Adding user Message-ID: <38D8AD93.7725E700@constantza-port.ro> Hi, How can I add users in Samba Domain from "User manager for Domains"? Thank you, Ionut Gumeni From greg at discreet.com Wed Mar 22 12:38:31 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:06 2003 Subject: Cannot map network drive from NT In-Reply-To: <0057540004298176000002L462*@MHS> Message-ID: I explained that in a separate (private) email so calm down. As far as "breaking security" lets count how many common protocols send cleartext passwords. Here's a clue - lots. Greg On 22-Mar-00 tschweikle@FIDUCIA.de wrote: > > greg@discreet.com: > >> You need to turn off encrypted passwords on NT. There is a .reg >> file in the distribution for that. > > Damn bogus tips! Turn on encripted passwords in smb.conf instead. > The other way you'll break security in your own network! > > Have a look at the SMB-HOWTO how to do this (ist's written for > Linux, but it is the same with IRIX). > > >> On 16-Mar-00 Norea Nuon wrote: >>> Hi, >>> >>> We have used Samba 2.0.5a on SGI IRIX 6.5.4. It works well from >>> Windows95/98 clients and WinDD 3.51. We just install NT 4.0 workstation >>> (service pack5) and not able to map network drive on IRIX. Error >>> message: account not authorized. >>> >>> I check on the server (/usr/local/samba/var/log.smb), Samba just close >>> the connection and exit, after "Selected protocol NT LM 0.12" ... >>> >>> Can someone enlighten me please ? Do I need another version of Samba to >>> be able to work with NT 4.0 or I did something wrong ? >>> >>> Thanks in advance. >>> >>> Norea Nuon, >>> norea.nuon@videotron.ca > > -- > ThomasFrom tschweikle@FIDUCIA.de Tue Mar 21 13:02:10 2000 > Received: from snoopy.nic.fiducia.de ([195.200.32.17]:4295 "EHLO convert > rfc822-to-8bit/ > snoopy.nic.fiducia.de") by samba.org with ESMTP > id ; Wed, 22 Mar 2000 00:02:01 +1100 > Received: from FIDUCIA.DE ([10.253.218.1]) by snoopy.nic.fiducia.de > (Netscape Messaging Server 3.5) with SMTP id 309 > for ; Tue, 21 Mar 2000 14:04:41 +0100 > Received: by FIDUCIA.DE (Soft-Switch LMS 3.2) with snapi via NOTES > id 0057540004298220; Tue, 21 Mar 2000 14:00:01 +0100 > From: tschweikle@FIDUCIA.de > To: > " - *Samba-Ntdom@Samba.Org" > Subject: Re: Password Change from NT client > Message-ID: <0057540004298220000002L402*@MHS> > Date: Tue, 21 Mar 2000 14:00:01 +0100 > MIME-Version: 1.0 > Content-Type: text/plain; charset=iso-8859-1 > Content-Transfer-Encoding: 8BIT > Content-Disposition: inline > Return-Path: > X-Orcpt: rfc822;Samba-Ntdom@Samba.Org > > > hanak@IRIS.osu.cz: > >> On Fri, 17 Mar 2000 shepherd@orgx.co.nz wrote: >> >>> I have samba 2.0.6 installed and network logins are working fine. > However >>> the users would like to change their passwords from the NT client by > the >>> usual methods. When they try they get something like "the username > and/or >>> password is incorrect". Can this be done or does it effectively have > to >>> be done administratively via smbpasswd? >> >> Every user can change their password by standard method in NT. Problem > may >> be in unix passwd sync turned on. Caused by cracklib in PAM (control > over >> "right" passwd) or in passwd chat. >> >> If you need to sync samba and unix passwords, try turn on debug for >> passwd chat and look to logs. > > Or, as a merely good solution use pam_smb to authenticate your unix users. > > -- > ThomasFrom tom@ee.ucl.ac.uk Tue Mar 21 14:42:48 2000 > Received: from picard.ee.ucl.ac.uk ([128.40.42.82]:48261 "EHLO convert > rfc822-to-8bittti > picard.ee.ucl.ac.uk") by samba.org with ESMTP id ; > Wed, 22 Mar 2000 01:42:41 +1100 > Received: by picard.ee.ucl.ac.uk (8.9.1/8.9.1) id OAA04923 > for samba-ntdom@samba.org; Tue, 21 Mar 2000 14:42:33 GMT > Date: Tue, 21 Mar 2000 14:42:33 GMT > From: Tom Crummey > Message-Id: <200003211442.OAA04923@picard.ee.ucl.ac.uk> > To: samba-ntdom@samba.org > Subject: Is the mailing list server working? > Mime-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 8BIT > Content-MD5: qO2DdklXS3jrCFUu08Nl+g== > Return-Path: > X-Orcpt: rfc822;samba-ntdom@samba.org > > Hello, > > Just to check if the mailing list server is working. I've not had any email > from samba-ntdom for about 24 hours. > > Tom. > > ---------------------------------------------------------------------------- > Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk > Department of Electronic and Electrical Engineering, > University College London, TEL: +44 (0)20 7679 3898 > Torrington Place, FAX: +44 (0)20 7388 9307 > London, UK, WC1E 7JE. > ---------------------------------------------------------------------------- --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From tom at ee.ucl.ac.uk Wed Mar 22 12:43:00 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:06 2003 Subject: Problems logging onto domain Message-ID: <200003221243.MAA26239@picard.ee.ucl.ac.uk> Hello Luke, >tom, > >you should be using a root account for the domain in the network control >panel, not smbpasswd -a -m tompc$ or createuser tompc$. > > >only use createuser tompc$ with the -j DOMAINNAME option, and only _after_ >you have actually joined tompc$ to the domain, and _only_ as a security >measure due to microsoft using an insecure trust account password. > >lars, please could you update the FAQ to reflect this. > >thx for the detailed report, tom, > >luke For whatever reason, using the dialog box to create the account from the client returned the error that the account had insufficient priviledges to create the account. This was despite using the root username and password. I posted my domaingroup.map file, but no-one has said that there is anything wrong with it... However... This was fixed in the cvs update for 22/3/00 at 11:00am GMT. Also fixed is domain logins from NT SP4. Brilliant!!! Well done Luke. Win 2000 still doesn't find the domain and cannot join it. I have packet dumps taken on Solaris, but they're probably no much use as they're decoded as SUN RPC packets.... Is netmon in the NT resource pack? Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From holm at informatik.umu.se Wed Mar 22 12:45:51 2000 From: holm at informatik.umu.se (=?ISO-8859-1?Q?=C5ke?= Holmlund) Date: Tue Dec 2 02:29:06 2003 Subject: TNG: What is root? Message-ID: <200003221245.NAA29785@jupiter.informatik.umu.se> Hi everyone! I have a (maybe stupid) question. In an environment where TNG is running with LDAP as passwd and group repository, what exactly is the criteria for the root-user (the one used for joining a wks to a domain etc)? Is it the name root? Is it the uid 0? Is it just a user with administrative priviliges in LDAP? Has the Samba (LDAP) root something to do with the root-user on the system were Samba is running? If so, why? Is it something else? Thank You, ----------------------------------------------------------------------------- ?ke Holmlund Tel: +46 - 90 786 57 16 Ume? University Fax: +46 - 90 786 65 50 Dept of informatics Email: holm@informatik.umu.se SE-901 87 Ume? Sweden From Frank.Wiegerinck at cs.utwente.nl Wed Mar 22 13:07:48 2000 From: Frank.Wiegerinck at cs.utwente.nl (Frank Wiegerinck (Faculteit)) Date: Tue Dec 2 02:29:06 2003 Subject: Is it possible to sync. smb usernames to unix username ? Message-ID: <000e01bf93ff$9ef45720$2001a8c0@student.utwente.nl> Is it possible to sync. smb usernames to unix usernames. I have to implement a Samba-server into network where users already have an unix username. There are already 2000 users and adding these usernames manual isn't possible because it will take to much time. Each year 400-600 users have to be deleted and the same count of users have to be added to the unix-environment and samba-environment. A option or programma which will sync. the userdatabases will be nice. Thanks in advance, Frank Wiegerinck From pdw at ferret.lmh.ox.ac.uk Wed Mar 22 14:15:24 2000 From: pdw at ferret.lmh.ox.ac.uk (Paul Warren) Date: Tue Dec 2 02:29:06 2003 Subject: Is it possible to sync. smb usernames to unix username ? In-Reply-To: <000e01bf93ff$9ef45720$2001a8c0@student.utwente.nl> Message-ID: On Thu, 23 Mar 2000, Frank Wiegerinck (Faculteit) wrote: > Is it possible to sync. smb usernames to unix usernames. > I have to implement a Samba-server into network where > users already have an unix username. There are already > 2000 users and adding these usernames manual isn't > possible because it will take to much time. Each year > 400-600 users have to be deleted and the same count of > users have to be added to the unix-environment and > samba-environment. A option or programma which will > sync. the userdatabases will be nice. The usernames isn't really the problem - Samba will use Unix usernames by default. The difficulty is when you need/want to use encrypted passwords with Samba. In order to use SMB encrypted passwords you need to obtain an encrypted copy of the user's password. This cannot be extracted from the password hash in /etc/passwd or /etc/shadow, it needs to be derived from a plain text copy of the users' passwords. We have just had to implement encrypted samba passwords on our system - not quite as many users as you, but too many to do by hand. My solution was: A home made PAM module pam_smb_auth_sync.so. This is added to the login PAM files so that everytime a user logs in via telnet or ssh, it takes a copy of the users password and encrypts it, and sets it in /etc/smbpasswd. This much is good for initialising /etc/smbpasswd if all of your users log in regularly. You will need to add the users to the /etc/smbpasswd file first, but this can be done easily with a shell script and smbpasswd -a. The module pam_smbpass.so to keep passwords synced - add this to /etc/pam.d/passwd and whenever a user changes their Unix password, their SMB password will be updated at the same time. Let me know if you want full details, or the source for pam_smb_auth_sync. yours, Paul From mg at plum.de Wed Mar 22 13:06:03 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:06 2003 Subject: samba-tng-alpha-1.2.tar.gz References: Message-ID: <38D8C53B.3E10AF1A@plum.de> Luke Kenneth Casson Leighton wrote: > when using domain user map, when logging in and then accessing the samba > server, i re-enabled map_nt_and_unix_username() to allow the nt username > to be remapped to the unix username / share. It still doesn't work here :(( Ok .. in log.smb I got: nt name TESTWG\administrator gid 0 mapped to S-1-5-21-3091665109-2374745032-4202777493-500 unixname = root, ntname = TESTWG\administrator type = 1 load_name_map: Added 1 entries to name map. nobody is in 1 groups: 99 uid 99 registered to name nobody Clearing default real name uid 99 vuid 100 registered to unix name nobody ahh .. maybe here: ? switch message SMBsesssetupX (pid 8241) passlen1: 24 passlen2: 24 passlen: 24 24 Domain=[PRANGHL] NativeOS=[Windows 2000 2195] NativeLanMan=[Window sesssetupX:name=[Administrator] lp_file_list_changed() file /opt/samba-tng//lib/smb.conf -> /opt/samba-tng//lib/smb.conf last mod_time: 51:43 2000 lookupsmbpwntnam: nt user name PRANGHL\administrator name 'PRANGHL\administrator' split into domain:PRANGHL and nt name:administrator' Checking SMB password, user administrator domain PRANGHL password_ok: check SMB auth check_domain_security: PRANGH(2) get_any_dc_name: domain PRANGHL domain_client_validate: could not find domain PRANGHL, using local SAM cli_connection_init_auth: \\. \PIPE\lsarpc copy_nt_creds: null creds ncalrpc_l_use_add ncalrpc_l_find: lsarpc [8241,0] root is in 7 groups: 0, 1, 2, 3, 4, 6, 10 uid 0 registered to name root Clearing default real name uid 0 vuid 101 registered to unix name root storing user 2031,65 This one confuses me: cli_nt_login_network: 286 make_id_info2: 854 cli_net_sam_logon: srv:\\. mc:PRANGH ll: 2 make_sam_info: 959 make_clnt_info: 1158 make_clnt_srv: 1013 00009c smb_io_unistr2 uni_domain_name 009c uni_max_len: 00000007 00a0 undoc : 00000000 00a4 uni_str_len: 00000007 00a8 buffer : P.R.A.N.G.H.L. 0000b6 smb_io_unistr2 uni_user_name 00b8 uni_max_len: 0000000d 00bc undoc : 00000000 00c0 uni_str_len: 0000000d 00c4 buffer : a.d.m.i.n.i.s.t.r.a.t.o.r. 0000de smb_io_unistr2 uni_wksta_name 00e0 uni_max_len: 00000006 00e4 undoc : 00000000 00e8 uni_str_len: 00000006 00ec buffer : P.R.A.N.G.H. and later 00e0 buffer_other_sids: 00000000 0000e4 smb_io_unistr2 user_name 00e4 uni_max_len: 0000000d 00e8 undoc : 00000000 00ec uni_str_len: 0000000d 00f0 buffer : a.d.m.i.n.i.s.t.r.a.t.o.r. 00010c smb_io_unistr2 full_name 010c uni_max_len: 00000004 0110 undoc : 00000000 0114 uni_str_len: 00000004 0118 buffer : r.o.o.t. 000120 smb_io_unistr2 - NULL logon_script 000120 smb_io_unistr2 profile_path 0120 uni_max_len: 0000001e 0124 undoc : 00000000 0128 uni_str_len: 0000001e 012c buffer : \.\.p.r.a.n.g.h.\.a.d.m.i.n.i.s.t.r.a.t.o.r.\.p.r.o.f.i.l.e. 000168 smb_io_unistr2 home_dir 0168 uni_max_len: 00000016 016c undoc : 00000000 0170 uni_str_len: 00000016 0174 buffer : \.\.p.r.a.n.g.h.\.a.d.m.i.n.i.s.t.r.a.t.o.r. 0001a0 smb_io_unistr2 - NULL dir_drive 01a0 num_groups2 : 00000007 0001a4 smb_io_gid 01a4 g_rid: 000001f4 01a8 attr : 00000007 a few lines later: 0217 id_auth[5] : 05 0218 sub_auths : 00000015 b84710d5 8d8bbbc8 fa814b95 0228 auth_resp : 00000001 022c status : 00000000 cli_net_sam_logon: clnt_deal_with_creds: 153 cred_create sess_key : 662F1CD20A3CC54F stor_cred: 5658BF69C7645E55 timestamp: 38d8cff8 timecred : 4E2898A2C7645E55 calc_cred: AA045363282FF7E8 cred_assert challenge : AA045363282FF7E8 calculated: AA045363282FF7E8 credentials check ok new clnt cred: 4E2898A2C7645E55 domain_client_validate: user PRANGHLadministrator OK domain_client_validate: check lockout / pwd expired! password_ok: domain auth succeeded No such user administrator - using guest account nobody is in 1 groups: 99 uid 99 registered to name nobody Clearing default real name uid 99 vuid 103 registered to unix name nobody hmm ... strange !? he HAD mapped administrator correctly .. or do I need to use root=PRANGHL/Administrator in domainuser.map ?? TIA, Michael From abrooks at css.tayloru.edu Wed Mar 22 15:09:36 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:29:06 2003 Subject: Problems logging onto domain In-Reply-To: Message-ID: > Subject: Re: Problems logging onto domain > > tom, > > you should be using a root account for the domain in the network control > panel, not smbpasswd -a -m tompc$ or createuser tompc$. > > > only use createuser tompc$ with the -j DOMAINNAME option, and only _after_ > you have actually joined tompc$ to the domain, and _only_ as a security > measure due to microsoft using an insecure trust account password. What??? Am I reading this right? That to create a machine account password one needs to use the _GUI_ and cannot do anything on the UN*X side? If so, that is TERRIBLE! Are we really taking a step that far backwards? Or am I reading this all wrong? -Aaron +-------> Aaron D. Brooks, 765 . 998 . 5168 Computing Systems Resource Manager Taylor University, CSS Department abrooks [SHIFT"2"] css.tayloru.edu From mg at plum.de Wed Mar 22 09:13:51 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:06 2003 Subject: Multiple NALs & TNG 1.1 (and previous). References: <4.3.1.0.20000320200144.00b3a5e0@mail> Message-ID: <38D88ECF.F7AD02C9@plum.de> "Dmitri B.Gofmekler" wrote: > > Hello, > > Caught the following problem: > > Linux 6.1 running SAMBA-TNG-ALPHA-1.1 > (Also it acts as a masqarading router, so it has a two NICs) > > External name: ns.foo.com (regular address a.b.c.d) > Internal name: master.lan.int (no route address 192.168.0.1) > > The problem is that I can not login into the domain from Windows NT 4.0 (SP > 5) Workstation. Error message is about unpresent system's computer account > on it's promary pdc or incorrect password. (samedits test 'ntlogon' reports > 'Yes' without the error messages. coputer$ user exist in /etc/passwd and > smbpasswd too with a type W). > > NetBIOS name of PDC is not written in smb.conf, but it is NS, because > ns.foo.com is a default hostname. > > Any advices? > (I already know, that the better way will to setup other PC for a samba > server, but I can't, also I can not change default hostname/external > name/internal name, because some other services depends on it). > Do you use the interfaces and bind interfaces only paramter ? Running 1.1 on a 3-NIC machine here without major problems (still got that administrator thingie) Regards, Michael From s_colombo at iol.it Wed Mar 22 15:08:13 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:29:06 2003 Subject: Windows 2000 problem Message-ID: Hi , I have a samba server 2.05a which is used from several NT 4 boxes. I 'm now installing a windows 2000 client . I have problems trying to connect to the samba server . When I double-click on the Samba server Icon ( in the network neighborough ) I got an RPC error Has anyone seen the problem ? Thanks Stefano Colombo ( scolombo@cdmtc.it ) System / Network Engineer CDM Tecnoconsulting SPA v. M.L.King 38/2 40132, Bologna Italy tel : +39 051 4132611 fax : +39 051 4132627 WEB : http://www.cdmtc.it -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1852 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000322/0c5781b7/winmail.bin From Daniel.Moeller at de.bosch.com Wed Mar 22 15:07:32 2000 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/AST10) *) Date: Tue Dec 2 02:29:06 2003 Subject: problem with authentification Message-ID: <782FA6543FA5D111933D0000F86AEFA803A82EB2@simail5.si.bosch.de> Hello, I've been lurking for some time now. I have a problem/question, but i'm not sure if i'm posting in the correct list. We have a samba-server with samba 2.0.6 on an Compaq SP700 PC-machine with SuSE Linux 6.2 (Kernel 2.2.14). There area around 1500 clients, about 150 concurrent. We also have a NT-Domain with a NT4 SP4 PDC. "security" is set to domain, the SAMBA-Server has been integrated into the NT domain via "Server Manager for Domains". Sometimes NT-clients cannot connect to the SAMBA server, the error in the logfile is as follow: [2000/03/17 11:42:59, 2] libsmb/namequery.c:name_query(314) Got a positive name query response from 130.1.12.202 ( 130.1.23.3 130.1.16.160 130.1.18.224 130.1.20.225 130.1.23.3 130.1.23.4 130.1.32.175 130.1.36.184 130.1 .54.197 130.1.3.181 ) [2000/03/17 11:43:00, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1174) cli_nt_session_open: cli_nt_create failed on pipe \NETLOGON to machine PDC. Error was ERRDOS - ERRpipebusy (All instances of the requested pipe are busy.) [2000/03/17 11:43:00, 0] smbd/password.c:domain_client_validate(1404) domain_client_validate: unable to open the domain client session to machine *. Error was : ERRDOS - ERRpipebusy (All instances of the requested pipe are busy. ). I've browsed through the mailinglist archives and found some messages around mid 1999 with a similar error, but this doesn't help me. Can you help me? Regards, Danny From gosha at arvid.ee Wed Mar 22 15:10:05 2000 From: gosha at arvid.ee (Dmitri B.Gofmekler) Date: Tue Dec 2 02:29:06 2003 Subject: Problems logging onto domain In-Reply-To: References: Message-ID: <4.3.1.0.20000322170750.00b2a9a0@mail> At 02:05 AM 23.03.00 +1100, you wrote: >What??? Am I reading this right? That to create a machine account password >one needs to use the _GUI_ and cannot do anything on the UN*X side? If so, >that is TERRIBLE! Are we really taking a step that far backwards? Or am I >reading this all wrong? Tried to do it without adding an UNIX user pcname$ - does not works. It worked (on my side, RH 6.1 TNG 1.2) without a creating the user in smbpasswd, need only to create UNIX user pcname$ and after it check "join" with root. Best, ---- Dmitri B. Gofmekler , ICQ: 8168758 ---- "http://www.sill.ee/~gosha/gosha.asc" - for PGP Encrypted messages. ===================================== Phone: (+372) 6 563981 Fax: (+372) 6 563000 A-Arvid Computers Ltd. < http://www.arvid.ee > From alet at unice.fr Wed Mar 22 15:26:00 2000 From: alet at unice.fr (Jerome Alet) Date: Tue Dec 2 02:29:06 2003 Subject: problem with exiting profiles when switching from NT4 to Samba 2.0.6 Message-ID: Hi, I'm currently switching my PDC from a NT4 machine to a Samba 2.0.6 one, and I change my domain name as well at the same time. it works fine for now (3 hours only ;-), but I've got a small problem: existing (from the old domain) roving NT4WKS profiles seem to be readonly. The existing profiles and home directories were already served by the same samba machine, but with a samba-1.9.18 version, the NT4 server just did the authentication. I'm upgrading to samba-2.0.6 and NT-to-the-trashcan versions. I can't even change the screen background, I've got an error message saying that NT is unable to display my new wallpaper. It's impossible to change IE's preferences and some other softwares' as well. I've deleted all local profiles to be sure that the server profiles would be downloaded: it's ok, but they are really read-only: it doesn't seem to be a synchronisation problem between the wks and the server because I've got error messages before doing any modification. The files are named NTuser.DAT, not NTuser.MAN of course. If I delete the server and local profiles and then recreate them when opening a new connection, it works fine and read-write without changing any configuration in smb.conf. I know I could delete all profiles and recreate them, because I really have only ten accounts, but I wonder if another solution exists or not because one of my accounts is very important and have lots of software installed so I don't know if they will all work after that. any help, idea or link will be much appreciated. thanks in advance. Jerome ALET - alet@unice.fr - http://cortex.unice.fr/~jerome Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30 28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE From gosha at arvid.ee Wed Mar 22 15:36:32 2000 From: gosha at arvid.ee (Dmitri B.Gofmekler) Date: Tue Dec 2 02:29:06 2003 Subject: problem with exiting profiles when switching from NT4 to Samba 2.0.6 In-Reply-To: Message-ID: <4.3.1.0.20000322173129.00b32b40@mail> At 02:28 AM 23.03.00 +1100, you wrote: >I know I could delete all profiles and recreate them, because I really >have only ten accounts, but I wonder if another solution exists or not >because one of my accounts is very important and have lots of software >installed so I don't know if they will all work after that. > >any help, idea or link will be much appreciated. In system (control panel) is a tab - profiles. (Don't remember about the server, Workstation has). There is a button - "copy to" or something like it, you should use this tool to make a copies of your profile to some other place and there is possible to chenge the user who permitted to use this profile, change it to user in new domain. Advices: 1. You can use any workstation, that has a local cached copies of user profiles. 2. Do not copy profile for user, currently logged into domain - logoff will rewrite the profile. Hope it helps. Best, ---- Dmitri B. Gofmekler , ICQ: 8168758 ---- "http://www.sill.ee/~gosha/gosha.asc" - for PGP Encrypted messages. ===================================== Phone: (+372) 6 563981 Fax: (+372) 6 563000 A-Arvid Computers Ltd. < http://www.arvid.ee > From p.mayers at ic.ac.uk Wed Mar 22 15:37:33 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:29:06 2003 Subject: samba-tng-alpha-1.2.tar.gz Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F813A5@icex1.cc.ic.ac.uk> I'm confused - which is the domain, TESTWG or PRANGHL? It looks like NT is sending the wrong username, or samba is thinking something is what it isn't (techy speak for "hmm..."). >From an NT4 box (to simplify matters) try this: net use z: \\THEPDCNAME\sharename /user:THEDOMAINNAME\administrator And see what the logs hold. Cheers, Phil ===================== The world is divided into two kinds of people, those who divide the world into two kinds of people, and those who don't... -----Original Message----- From: Michael Glauche [mailto:mg@plum.de] Sent: Wednesday, March 22, 2000 3:01 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: samba-tng-alpha-1.2.tar.gz Luke Kenneth Casson Leighton wrote: > when using domain user map, when logging in and then accessing the samba > server, i re-enabled map_nt_and_unix_username() to allow the nt username > to be remapped to the unix username / share. It still doesn't work here :(( Ok .. in log.smb I got: nt name TESTWG\administrator gid 0 mapped to S-1-5-21-3091665109-2374745032-4202777493-500 unixname = root, ntname = TESTWG\administrator type = 1 load_name_map: Added 1 entries to name map. nobody is in 1 groups: 99 uid 99 registered to name nobody Clearing default real name uid 99 vuid 100 registered to unix name nobody ahh .. maybe here: ? switch message SMBsesssetupX (pid 8241) passlen1: 24 passlen2: 24 passlen: 24 24 Domain=[PRANGHL] NativeOS=[Windows 2000 2195] NativeLanMan=[Window sesssetupX:name=[Administrator] lp_file_list_changed() file /opt/samba-tng//lib/smb.conf -> /opt/samba-tng//lib/smb.conf last mod_time: 51:43 2000 lookupsmbpwntnam: nt user name PRANGHL\administrator name 'PRANGHL\administrator' split into domain:PRANGHL and nt name:administrator' Checking SMB password, user administrator domain PRANGHL password_ok: check SMB auth check_domain_security: PRANGH(2) get_any_dc_name: domain PRANGHL domain_client_validate: could not find domain PRANGHL, using local SAM cli_connection_init_auth: \\. \PIPE\lsarpc copy_nt_creds: null creds ncalrpc_l_use_add ncalrpc_l_find: lsarpc [8241,0] root is in 7 groups: 0, 1, 2, 3, 4, 6, 10 uid 0 registered to name root Clearing default real name uid 0 vuid 101 registered to unix name root storing user 2031,65 This one confuses me: cli_nt_login_network: 286 make_id_info2: 854 cli_net_sam_logon: srv:\\. mc:PRANGH ll: 2 make_sam_info: 959 make_clnt_info: 1158 make_clnt_srv: 1013 00009c smb_io_unistr2 uni_domain_name 009c uni_max_len: 00000007 00a0 undoc : 00000000 00a4 uni_str_len: 00000007 00a8 buffer : P.R.A.N.G.H.L. 0000b6 smb_io_unistr2 uni_user_name 00b8 uni_max_len: 0000000d 00bc undoc : 00000000 00c0 uni_str_len: 0000000d 00c4 buffer : a.d.m.i.n.i.s.t.r.a.t.o.r. 0000de smb_io_unistr2 uni_wksta_name 00e0 uni_max_len: 00000006 00e4 undoc : 00000000 00e8 uni_str_len: 00000006 00ec buffer : P.R.A.N.G.H. and later 00e0 buffer_other_sids: 00000000 0000e4 smb_io_unistr2 user_name 00e4 uni_max_len: 0000000d 00e8 undoc : 00000000 00ec uni_str_len: 0000000d 00f0 buffer : a.d.m.i.n.i.s.t.r.a.t.o.r. 00010c smb_io_unistr2 full_name 010c uni_max_len: 00000004 0110 undoc : 00000000 0114 uni_str_len: 00000004 0118 buffer : r.o.o.t. 000120 smb_io_unistr2 - NULL logon_script 000120 smb_io_unistr2 profile_path 0120 uni_max_len: 0000001e 0124 undoc : 00000000 0128 uni_str_len: 0000001e 012c buffer : \.\.p.r.a.n.g.h.\.a.d.m.i.n.i.s.t.r.a.t.o.r.\.p.r.o.f.i.l.e. 000168 smb_io_unistr2 home_dir 0168 uni_max_len: 00000016 016c undoc : 00000000 0170 uni_str_len: 00000016 0174 buffer : \.\.p.r.a.n.g.h.\.a.d.m.i.n.i.s.t.r.a.t.o.r. 0001a0 smb_io_unistr2 - NULL dir_drive 01a0 num_groups2 : 00000007 0001a4 smb_io_gid 01a4 g_rid: 000001f4 01a8 attr : 00000007 a few lines later: 0217 id_auth[5] : 05 0218 sub_auths : 00000015 b84710d5 8d8bbbc8 fa814b95 0228 auth_resp : 00000001 022c status : 00000000 cli_net_sam_logon: clnt_deal_with_creds: 153 cred_create sess_key : 662F1CD20A3CC54F stor_cred: 5658BF69C7645E55 timestamp: 38d8cff8 timecred : 4E2898A2C7645E55 calc_cred: AA045363282FF7E8 cred_assert challenge : AA045363282FF7E8 calculated: AA045363282FF7E8 credentials check ok new clnt cred: 4E2898A2C7645E55 domain_client_validate: user PRANGHLadministrator OK domain_client_validate: check lockout / pwd expired! password_ok: domain auth succeeded No such user administrator - using guest account nobody is in 1 groups: 99 uid 99 registered to name nobody Clearing default real name uid 99 vuid 103 registered to unix name nobody hmm ... strange !? he HAD mapped administrator correctly .. or do I need to use root=PRANGHL/Administrator in domainuser.map ?? TIA, Michael From kevinc at grainsystems.com Wed Mar 22 15:46:46 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:29:06 2003 Subject: samba-tng-alpha-1.0.tar.gz References: Message-ID: <38D8EAE6.80105FE9@grainsystems.com> Luke Kenneth Casson Leighton wrote: > > i did that with the entire set of entries in /etc/group. > this could be done with a script. > i am considering adding a syntax "*=*_G" to the domainnamenap code. Since this sort of fix almost seems unavoidably neccessary (_tons_ of existing installations use identical user and group names), it would be nice to have a way of fixing this at the NT<->unix name mapping level. Sure, we can write scripts to mass change group names, but then you've got dozens of different OSes to write them for. A mass map mechanism could be a relatively easy way of accomodating this without redesigning the NT user/group namespace or requiring new Samba installations to do mass group name changes. - Kevin Colby kevinc@grainsystems.com From p.mayers at ic.ac.uk Wed Mar 22 15:51:26 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:29:06 2003 Subject: samba-tng-alpha-1.0.tar.gz Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F813A6@icex1.cc.ic.ac.uk> Yep. What about the group "root". Are we expected to change that name as well? I don't think so. Cheers, Phil ===================== The world is divided into two kinds of people, those who divide the world into two kinds of people, and those who don't... -----Original Message----- From: Kevin Colby [mailto:kevinc@grainsystems.com] Sent: Wednesday, March 22, 2000 3:50 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: samba-tng-alpha-1.0.tar.gz Luke Kenneth Casson Leighton wrote: > > i did that with the entire set of entries in /etc/group. > this could be done with a script. > i am considering adding a syntax "*=*_G" to the domainnamenap code. Since this sort of fix almost seems unavoidably neccessary (_tons_ of existing installations use identical user and group names), it would be nice to have a way of fixing this at the NT<->unix name mapping level. Sure, we can write scripts to mass change group names, but then you've got dozens of different OSes to write them for. A mass map mechanism could be a relatively easy way of accomodating this without redesigning the NT user/group namespace or requiring new Samba installations to do mass group name changes. - Kevin Colby kevinc@grainsystems.com From isyn at isi.wat.waw.pl Wed Mar 22 16:03:13 2000 From: isyn at isi.wat.waw.pl (isyn@isi.wat.waw.pl) Date: Tue Dec 2 02:29:06 2003 Subject: Problems with other workgroups... Message-ID: I have a samba 2.0.6 server with three interfaces and four workgroups, i have been writing about few weeks ago. All of four workgroups are now visible, but when i try to connect to them from one of the Win98 i Can't. I can't browse any workgroups except this which are on the same interface. Here is my smb.conf ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [global] workgroup = CYBERNA domain groups = 4rok 2rok 3rok server string = AKADEMIK WCY hosts allow = 192.168. character set = iso8859-2 bind interfaces only = yes interfaces = 192.168.1.254/255.255.255.0 192.168.2.254/255.255.255.0 192.168.3.254/255.255.255.0 192.168.4.254/255.255.255.0 lock dir = /usr/local/samba/var/locks/ log file = /var/log/samba/log.%m browseable = yes browse list = yes netbios name = dino remote announce = 192.168.2.255/3rok 192.168.3.255/2rok remote browse sync = 148.81.116.98 wins support = yes wins proxy = yes encrypt passwords = no max log size = 1000 debug level = 3 dns proxy = yes name resolve order = bcast wins lmhosts domain master = yes local master = yes preferred master = yes os level = 255 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- ROBERT MAGIER From jojowil at hvcc.edu Wed Mar 22 16:03:47 2000 From: jojowil at hvcc.edu (William Jojo) Date: Tue Dec 2 02:29:06 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: Message-ID: Luke, Thanks for the reply. I understand what you are getting at. However, I do have trouble compile the TNG code. And have for some time. I would've tried the samedit program if I could get by the enumeration constant problem on the first file make tries. Then if I comment out the offending enumeration constant, I cannot get it to create the shared libraries. I've sent several emails to this list (samba@samba.org) regarding just this problem and am a little offended that when AIX is having a problem it seems to get ignored - similar to the email I sent regarding quotas. I would love to use the TNG code for our installation, but simply can't due to problems compiling and a lack of support. As far as why we have to do things the way we are: simple - we're an educational institution that must keep up to date with current hardware and software technology. This means we have to roll out 3 builds a year - one for each semester. Perhaps there are others in the same boat - or worse. Now, this is very simple for a staff of 3 to handle with the simple tool known as smbpasswd. We're using 2.0.6 and don't have samedit. If and when we can get the code to compile, we'll try it your way. Until then we'll continue to find our own solutions. Bill On Mon, 20 Mar 2000, Luke Kenneth Casson Leighton wrote: > On Sun, 19 Mar 2000, William Jojo wrote: > > > > > Luke, > > > > Why would you disable the -m option of smbpasswd? We use Ghost to re-image a PC > > here and we need to reset the machine account after a rebuild so it will > > gracefully join the domain without having to jump through hoops. > > because 1) having a default well-known workstation trust account password > is a security risk: the trust account is used to encrypt user passwords. > > because 2) if you _must_ do this, you can use samedit's "createuser > wkstaname$ -p wkstaname" to explicitly set the trust account password to > the [very insecure] initial value. > > oh, and it gets even better if you add a backup domain controller with the > trust account password [as the bdc name]: then you run the risk of losing > your entire SAM database to an attacker, as they pretend to be the BDC, > using the default password and suck all user profile (plus passwords) > group, alias and domain information off your PDC -- after all, that's what > SAM synchronisation is supposed to do!!! > > > > A little history - we build a master image and then ditribute that to 600 PCs on > > our campus. By resetting the machine account through smbpasswd, we can simply > > rename the machine (since every machine now has the same name from the master > > image) and after a reboot, it's happy. > > > > If you would recommend a different method, I'm all ears, but I think disabling > > smbpasswd -m would be a grave mistake. > > you can use samedit's createuser with -j to totally randomise the local > workstation trust account password _and_ this totally random value will be > stored in the PDC's SAM database, too, so the workstation is synchronised > with the PDC. > > this can be done just as well in an NT-only environment as it can in a > mixed samba-NT environment. > > you should be able to do this as a one-step-in-a-script on a secure local > network: > > samedit -S thepdc -U admin%pdcpwd -W pdcdomname -l log > [$ ] use \\wkstaname -U localadmin%localpwd -W wkstaname > connect blah blah: OK > > [$ ] use -u > connect to PDC > connect to wksta > > [$ ] createuser wkstaname$ -j PDCDOMNAME > creating trust account: OK [this is done to PDC using pdc admin pwd] > setting $MACHINE.ACC: OK [this is done to wksta using wksta locadm pwd] > > now -- at this point, you should be able to go to the wksta and the pdc, > and change the name, and voila. > > however, if you ask nicely, i might investigate how to change the local > workstation name, by adding new commands: > > [$ ] srvinfoset -n newworkstationname > > [$ ] samuserset wkstaname$ -n newworkstationname$ > > then you can do this, afterwards: > > regedit -S wkstaname -U localadmin%localpwd -W wkstaname > [$ ] shutdown --reboot --force-close (or -r -f). > > luke > > From alet at unice.fr Wed Mar 22 16:30:06 2000 From: alet at unice.fr (Jerome Alet) Date: Tue Dec 2 02:29:06 2003 Subject: problem with exiting profiles when switching from NT4 to Samba 2.0.6 In-Reply-To: <4.3.1.0.20000322173129.00b32b40@mail> Message-ID: WONDERFUL !!! thanks a lot, it Works Great (tm). thanks again. bye, Jerome On Thu, 23 Mar 2000, Dmitri B.Gofmekler wrote: > At 02:28 AM 23.03.00 +1100, you wrote: > >I know I could delete all profiles and recreate them, because I really > >have only ten accounts, but I wonder if another solution exists or not > >because one of my accounts is very important and have lots of software > >installed so I don't know if they will all work after that. > > > >any help, idea or link will be much appreciated. > > In system (control panel) is a tab - profiles. (Don't remember about the > server, Workstation has). There is a button - "copy to" or something like > it, you should use this tool to make a copies of your profile to some other > place and there is possible to chenge the user who permitted to use this > profile, change it to user in new domain. From gtm at oracom.com Wed Mar 22 16:56:12 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:29:06 2003 Subject: passwords Message-ID: <38D8FB2C.D8ED945A@oracom.com> Hi All, Is there a utility that reads the /etc/passwd or shadow file and makes a smbpasswd file w/ the correct passwords? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From abrooks at css.tayloru.edu Wed Mar 22 17:59:32 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:29:06 2003 Subject: samba-tng-alpha-1.0.tar.gz In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F813A6@icex1.cc.ic.ac.uk> Message-ID: > -----Original Message----- > From: Kevin Colby [mailto:kevinc@grainsystems.com] > Sent: Wednesday, March 22, 2000 3:50 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: samba-tng-alpha-1.0.tar.gz > > > Luke Kenneth Casson Leighton wrote: > > > > i did that with the entire set of entries in /etc/group. > > this could be done with a script. > > i am considering adding a syntax "*=*_G" to the domainnamenap code. > > Since this sort of fix almost seems unavoidably neccessary (_tons_ > of existing installations use identical user and group names), > it would be nice to have a way of fixing this at the NT<->unix > name mapping level. Sure, we can write scripts to mass change > group names, but then you've got dozens of different OSes to > write them for. > > A mass map mechanism could be a relatively easy way of accomodating > this without redesigning the NT user/group namespace or requiring > new Samba installations to do mass group name changes. > > - Kevin Colby > kevinc@grainsystems.com Hmmm. Idea. _Maybe_ there are some seriously stupid problems with this thought but I couldn't think of anything in our setup here which would cause problems. Maybe not so else where, so people speak up... What if the UN*X groups were translated into NT groups by changing their names with an appended string such as "_NTGROUP". (e.g. UN*X group "root" becomes "root_NTGROUP", "staff" becomes "staff_NTGROUP" and so on.) This still allows us to do macro substitutions in the smb.conf file such as @%g_NTGROUP and _maybe_, just _maybe_, all of the world could be very happy. Or not. I could be overlooking something very, very basic and deserve to be flogged. Just a thought. -Aaron P.S. On second thought, rather than "_NTGROUP", I think "_SMBGROUP" would be more accurate. +-------> Aaron D. Brooks, 765 . 998 . 5168 Computing Systems Resource Manager Taylor University, CSS Department abrooks [SHIFT"2"] css.tayloru.edu From abrooks at css.tayloru.edu Wed Mar 22 18:02:00 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:29:06 2003 Subject: samba-tng-alpha-1.0.tar.gz In-Reply-To: Message-ID: > > > i am considering adding a syntax "*=*_G" to the domainnamenap code. Perhaps, if I were not an inebreated dolt, I would have seen this line. And not wasted anyone elses brain cells. My appologies. I do think that "_SMBGROUP" would be better than "_G" due to the lesser likely hood of name collisions. Mea Culpa, -Aaron +-------> Aaron D. Brooks, 765 . 998 . 5168 Computing Systems Resource Manager Taylor University, CSS Department abrooks [SHIFT"2"] css.tayloru.edu From giulioo at pobox.com Wed Mar 22 17:57:09 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:29:06 2003 Subject: Windows 2000 problem In-Reply-To: References: Message-ID: <20000322175758.B38A22AE8A@i3.golden.dom> On Thu, 23 Mar 2000 02:14:21 +1100, hai scritto: > I have a samba server 2.05a which is used from several NT 4 boxes. > I 'm now installing a windows 2000 client . I have problems trying > When I double-click on the Samba server Icon ( in the network >neighborough ) I got an RPC error > Has anyone seen the problem ? Maybe. Try adding or deleting a share and see if it helps. Then upgrade to 2.0.6 or 2.0.7pre2. I had the problem with 2.0.6. I deleted a share and the problem disappeared. 2.0.7pre2 has some patches related to new win2k behaviors. -- giulioo@pobox.com From thien_vu at hotmail.com Wed Mar 22 18:47:17 2000 From: thien_vu at hotmail.com (Thien Vu) Date: Tue Dec 2 02:29:06 2003 Subject: Automounting of user directories on Linux Message-ID: <20000322184717.49626.qmail@hotmail.com> Hi, We would like to implement a NFS type system, but I can't quite figure out how to have the user's home directory, which is exported as an Samba share, mount to the local machine. I would like to do it with out have the user become root. Is this possible? I've taken a look at various options in mount, fstab, smbmount and smbmnt. Any suggestions would be useful. Thanks, Thien ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From Hans-Peter.Raschke at gmx.de Wed Mar 22 18:51:07 2000 From: Hans-Peter.Raschke at gmx.de (Hans-Peter Raschke) Date: Tue Dec 2 02:29:06 2003 Subject: joining Domain using samba-tng-alpha-1.2 Message-ID: <00032220021900.10479@qmpc2> Hello, currently I'm trying to setup a BDC with samba-tng-alpha-1.2 with an NT4-Server. When creating the machine account an error appears: [DS\root@PDC_DS]$ createuser QMPC2$ -s -j DS createuser QMPC2$ -s -j DS SAM Create Domain User Domain: DS Name: QMPC2$ ACB: [S ] ... Create Domain User: OK Join QMPC2 to Domain DS LSA_OPENSECRET: LSA_OPENSECRET: Set $MACHINE.ACC: FAILED A samsync command afterwards cannot succeed. LSA_QUERYSECRET: cmd_sam_sync: no trust account password On the NT server the machine account appears, but connection is refused (wrong password). Any hints? thx HP ----------------------------------------------------------- Hans-Peter Raschke E-Mail: Hans-Peter.Raschke@gmx.de Wintermann DatenService Tel.: ++49 441 9304064 Langenweg 16 Fax: ++49 441 9304069 D-26125 Oldenburg From eskimo at direct.ca Wed Mar 22 11:31:27 2000 From: eskimo at direct.ca (eskimo) Date: Tue Dec 2 02:29:06 2003 Subject: Automounting of user directories on Linux In-Reply-To: <20000322184717.49626.qmail@hotmail.com> Message-ID: what? why would you want to automount the user's home directory in linux when the home directory is already local to the user? you might want to explain a little clearer.. --- original message Hi, We would like to implement a NFS type system, but I can't quite figure out how to have the user's home directory, which is exported as an Samba share, mount to the local machine. I would like to do it with out have the user become root. Is this possible? I've taken a look at various options in mount, fstab, smbmount and smbmnt. Any suggestions would be useful. Thanks, --- end of original message From scottf at scs.unr.edu Wed Mar 22 19:34:15 2000 From: scottf at scs.unr.edu (Scott.) Date: Tue Dec 2 02:29:06 2003 Subject: Automounting of user directories on Linux In-Reply-To: Message-ID: On Thu, 23 Mar 2000, eskimo wrote: > what? > why would you want to automount the user's home directory in linux when the > home directory is already local to the user? > you might want to explain a little clearer.. He might be asking the same thing i've been thinking about: A user's home directory is a share off of an NT machine. How, when the user logs in (preferable) or at boot time can the linux box mount those shares as the user's home directory? Of course, he may have something else in mind, but this is something i've been meaning to ask. I would like it to be able to be done when the user logs in, but how soon in the login process is the user changed to the $HOME directory? The smbmount'ing would have to be done before the use is placed in their home directory. (Hoping this is what the other gentleman had in mind.) ====---- - - - - - - - - - ____ __ Scott Fritzinger | \ | |/\ /\ Computing Helpdesk Specialist | \| < O O > Helpdesk: (775) 784.4320 | |\ | \o/ Office: (775) 784.6500 x338 |__| \ ___|evada WolfPack From thien_vu at hotmail.com Wed Mar 22 19:43:10 2000 From: thien_vu at hotmail.com (Thien Vu) Date: Tue Dec 2 02:29:06 2003 Subject: Automounting of user directories on Linux Message-ID: <20000322194310.85829.qmail@hotmail.com> >> what? why would you want to automount the user's home directory in linux when the home directory is already local to the user? you might want to explain a little clearer.. >> Say I have a Samba Server "SERVER" and 2 Linux workstation "WKSTN1" and "WKSTN2". I want it so that when a user logs into either of the workstations, in the login script, it will mount \\SERVER\USERNAME (Home directory of USERNAME) from the SERVER to the local directory of /home/USERNAME. In effect, have roaming home directories on Linux, so that when USERNAME logs into either WKSTN1 or WKSTN2, their home directory will be the same thing. Thien ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From skvidal at phy.duke.edu Wed Mar 22 20:00:19 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:29:06 2003 Subject: Automounting of user directories on Linux In-Reply-To: <20000322194310.85829.qmail@hotmail.com> Message-ID: > >> > > Say I have a Samba Server "SERVER" and 2 Linux workstation "WKSTN1" and > "WKSTN2". I want it so that when a user logs into either of the > workstations, in the login script, it will mount \\SERVER\USERNAME (Home > directory of USERNAME) from the SERVER to the local directory of > /home/USERNAME. In effect, have roaming home directories on Linux, so that > when USERNAME logs into either WKSTN1 or WKSTN2, their home directory will > be the same thing. I think I understand - I kinda agree - except for the problems with file permissions this could arguably be MUCH faster than NFS - and does not suffer the array of authentication problems that NFS has. you would have to do some interesting things with PAM and with the mount points. It would take A LOT of work but it might be doable. -sv From kellermg at potsdam.edu Wed Mar 22 20:15:06 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:29:06 2003 Subject: Automounting of user directories on Linux References: <20000322184717.49626.qmail@hotmail.com> Message-ID: <38D929CA.67461976@potsdam.edu> Thien Vu wrote: > > Hi, > > We would like to implement a NFS type system, but I can't quite figure out > how to have the user's home directory, which is exported as an Samba share, > mount to the local machine. I would like to do it with out have the user > become root. Is this possible? I've taken a look at various options in > mount, fstab, smbmount and smbmnt. Any suggestions would be useful. If all of the home directories on the SMB serve are in the same folder, export that folder (callit "Home" or "Dirs" or something). Then use smbmnt to mount that folder to /home - As long as the /etc/passwd file has their home directory listed as /home/username - It works great. Very fast (TCP over NFS's UDP) and actually has user-level authentication instead of the cheeze authentication NFS uses. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From skvidal at phy.duke.edu Wed Mar 22 20:26:56 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:29:06 2003 Subject: Automounting of user directories on Linux In-Reply-To: <38D929CA.67461976@potsdam.edu> Message-ID: > If all of the home directories on the SMB serve are in the same folder, > export that folder (callit "Home" or "Dirs" or something). Then use > smbmnt to mount that folder to /home - As long as the /etc/passwd file > has their home directory listed as /home/username - It works great. Very > fast (TCP over NFS's UDP) and actually has user-level authentication > instead of the cheeze authentication NFS uses. how do you deal with file permission problems? -sv From lkcl at samba.org Wed Mar 22 20:29:41 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:06 2003 Subject: Problems logging onto domain In-Reply-To: <200003221243.MAA26239@picard.ee.ucl.ac.uk> Message-ID: netmon is on the nt srv cd in the reskit directory. please do not use netmon v2, it's pathetic and i refuse to use it, therefore any files in netmon v2 format i cannot access, i have to use hexedit to examine them, which is better than nothing!!! > Is netmon in the NT resource pack? > > Tom. > > ---------------------------------------------------------------------------- > Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk > Department of Electronic and Electrical Engineering, > University College London, TEL: +44 (0)20 7679 3898 > Torrington Place, FAX: +44 (0)20 7388 9307 > London, UK, WC1E 7JE. > ---------------------------------------------------------------------------- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From kellermg at potsdam.edu Wed Mar 22 20:50:59 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:29:06 2003 Subject: Automounting of user directories on Linux References: Message-ID: <38D93233.5815B3B8@potsdam.edu> Seth Vidal wrote: > > > If all of the home directories on the SMB serve are in the same folder, > > export that folder (callit "Home" or "Dirs" or something). Then use > > smbmnt to mount that folder to /home - As long as the /etc/passwd file > > has their home directory listed as /home/username - It works great. Very > > fast (TCP over NFS's UDP) and actually has user-level authentication > > instead of the cheeze authentication NFS uses. > > how do you deal with file permission problems? Good question! *sheepish grin* I'll go back to sleep. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From lkcl at samba.org Wed Mar 22 21:41:02 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:07 2003 Subject: samba-tng-alpha-1.2.tar.gz In-Reply-To: <38D8C53B.3E10AF1A@plum.de> Message-ID: ok, you have partially answered your own question, with the SMBsesssetupX message, there. what is the domain PRANGHL? it looks like you are connection from a trusted domain or a workstation, and the domain name is being rejected as unknown, which is the *correct* behaviour. also, what doesn't work? you don't explain what action you took that generated this error message. please remember that if you want an answer to a question, try to avoid phrases with the word "it" :) best regards, luke On Wed, 22 Mar 2000, Michael Glauche wrote: > Luke Kenneth Casson Leighton wrote: > > when using domain user map, when logging in and then accessing the samba > > server, i re-enabled map_nt_and_unix_username() to allow the nt username > > to be remapped to the unix username / share. > > It still doesn't work here :(( > > Ok .. in log.smb I got: > > nt name TESTWG\administrator gid 0 mapped to > S-1-5-21-3091665109-2374745032-4202777493-500 > unixname = root, ntname = TESTWG\administrator type = 1 > load_name_map: Added 1 entries to name map. > nobody is in 1 groups: 99 > uid 99 registered to name nobody > Clearing default real name > uid 99 vuid 100 registered to unix name nobody > > ahh .. maybe here: ? > > switch message SMBsesssetupX (pid 8241) > passlen1: 24 passlen2: 24 > passlen: 24 24 Domain=[PRANGHL] NativeOS=[Windows 2000 2195] > NativeLanMan=[Window > sesssetupX:name=[Administrator] > lp_file_list_changed() > file /opt/samba-tng//lib/smb.conf -> /opt/samba-tng//lib/smb.conf last > mod_time: > 51:43 2000 > > lookupsmbpwntnam: nt user name PRANGHL\administrator > name 'PRANGHL\administrator' split into domain:PRANGHL and nt > name:administrator' > Checking SMB password, user administrator domain PRANGHL > password_ok: check SMB auth > check_domain_security: PRANGH(2) > get_any_dc_name: domain PRANGHL > domain_client_validate: could not find domain PRANGHL, using local SAM > cli_connection_init_auth: \\. \PIPE\lsarpc > copy_nt_creds: null creds > ncalrpc_l_use_add > ncalrpc_l_find: lsarpc [8241,0] > root is in 7 groups: 0, 1, 2, 3, 4, 6, 10 > uid 0 registered to name root > Clearing default real name > uid 0 vuid 101 registered to unix name root > storing user 2031,65 > > This one confuses me: > > cli_nt_login_network: 286 > make_id_info2: 854 > cli_net_sam_logon: srv:\\. mc:PRANGH ll: 2 > make_sam_info: 959 > make_clnt_info: 1158 > make_clnt_srv: 1013 > 00009c smb_io_unistr2 uni_domain_name > 009c uni_max_len: 00000007 > 00a0 undoc : 00000000 > 00a4 uni_str_len: 00000007 > 00a8 buffer : P.R.A.N.G.H.L. > 0000b6 smb_io_unistr2 uni_user_name > 00b8 uni_max_len: 0000000d > 00bc undoc : 00000000 > 00c0 uni_str_len: 0000000d > 00c4 buffer : a.d.m.i.n.i.s.t.r.a.t.o.r. > 0000de smb_io_unistr2 uni_wksta_name > 00e0 uni_max_len: 00000006 > 00e4 undoc : 00000000 > 00e8 uni_str_len: 00000006 > 00ec buffer : P.R.A.N.G.H. > > and later > 00e0 buffer_other_sids: 00000000 > 0000e4 smb_io_unistr2 user_name > 00e4 uni_max_len: 0000000d > 00e8 undoc : 00000000 > 00ec uni_str_len: 0000000d > 00f0 buffer : a.d.m.i.n.i.s.t.r.a.t.o.r. > 00010c smb_io_unistr2 full_name > 010c uni_max_len: 00000004 > 0110 undoc : 00000000 > 0114 uni_str_len: 00000004 > 0118 buffer : r.o.o.t. > 000120 smb_io_unistr2 - NULL logon_script > 000120 smb_io_unistr2 profile_path > 0120 uni_max_len: 0000001e > 0124 undoc : 00000000 > 0128 uni_str_len: 0000001e > 012c buffer : > \.\.p.r.a.n.g.h.\.a.d.m.i.n.i.s.t.r.a.t.o.r.\.p.r.o.f.i.l.e. > 000168 smb_io_unistr2 home_dir > 0168 uni_max_len: 00000016 > 016c undoc : 00000000 > 0170 uni_str_len: 00000016 > 0174 buffer : > \.\.p.r.a.n.g.h.\.a.d.m.i.n.i.s.t.r.a.t.o.r. > 0001a0 smb_io_unistr2 - NULL dir_drive > 01a0 num_groups2 : 00000007 > 0001a4 smb_io_gid > 01a4 g_rid: 000001f4 > 01a8 attr : 00000007 > > a few lines later: > 0217 id_auth[5] : 05 > 0218 sub_auths : 00000015 b84710d5 8d8bbbc8 fa814b95 > 0228 auth_resp : 00000001 > 022c status : 00000000 > cli_net_sam_logon: > clnt_deal_with_creds: 153 > cred_create > sess_key : 662F1CD20A3CC54F > stor_cred: 5658BF69C7645E55 > timestamp: 38d8cff8 > timecred : 4E2898A2C7645E55 > calc_cred: AA045363282FF7E8 > cred_assert > challenge : AA045363282FF7E8 > calculated: AA045363282FF7E8 > credentials check ok > new clnt cred: 4E2898A2C7645E55 > domain_client_validate: user PRANGHLadministrator OK > domain_client_validate: check lockout / pwd expired! > password_ok: domain auth succeeded > No such user administrator - using guest account > nobody is in 1 groups: 99 > uid 99 registered to name nobody > Clearing default real name > uid 99 vuid 103 registered to unix name nobody > > hmm ... strange !? > he HAD mapped administrator correctly .. > or do I need to use > > root=PRANGHL/Administrator > > in domainuser.map ?? > > TIA, > Michael > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Mar 22 21:43:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:07 2003 Subject: Problems logging onto domain In-Reply-To: Message-ID: aaron, can i suggest that you examine NTBUGTRAQ archives for details on the security procedure to follow, if you are concerned about the internal security of your NT/samba network. On Wed, 22 Mar 2000, Aaron D. Brooks wrote: > > Subject: Re: Problems logging onto domain > > > > tom, > > > > you should be using a root account for the domain in the network control > > panel, not smbpasswd -a -m tompc$ or createuser tompc$. > > > > > > only use createuser tompc$ with the -j DOMAINNAME option, and only _after_ > > you have actually joined tompc$ to the domain, and _only_ as a security > > measure due to microsoft using an insecure trust account password. > > What??? Am I reading this right? That to create a machine account password > one needs to use the _GUI_ and cannot do anything on the UN*X side? If so, > that is TERRIBLE! Are we really taking a step that far backwards? Or am I > reading this all wrong? > > -Aaron > > +-------> > Aaron D. Brooks, 765 . 998 . 5168 > Computing Systems Resource Manager > Taylor University, CSS Department > abrooks [SHIFT"2"] css.tayloru.edu > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mg at plum.de Wed Mar 22 22:00:54 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:29:07 2003 Subject: samba-tng-alpha-1.2.tar.gz References: Message-ID: <38D94296.581048BE@plum.de> Luke Kenneth Casson Leighton wrote: > > ok, you have partially answered your own question, with the SMBsesssetupX > message, there. > > what is the domain PRANGHL? > > it looks like you are connection from a trusted domain or a workstation, > and the domain name is being rejected as unknown, which is the *correct* > behaviour. > > also, what doesn't work? you don't explain what action you took that > generated this error message. please remember that if you want an answer > to a question, try to avoid phrases with the word "it" :) > TESTWG = domain, nt5 in WORKGROUP TESTWG, PRANGHL is nt5 client. All works when logged in as "mg", only as "administrator" it fails. TIA, Michael From D.Bannon at latrobe.edu.au Wed Mar 22 22:25:04 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:29:07 2003 Subject: samba-tng-alpha-1.0.tar.gz (group names) In-Reply-To: <38D63C80.D9401292@siac.com> References: <38D63AA0.74172573@siac.com> Message-ID: <3.0.6.32.20000323092504.008bae00@bioserve.latrobe.edu.au> At 07:45 PM 22/03/2000 +1100, Michael Breuer wrote: >I spoke too soon... there doesn't seem to be a nice way to use an alternate passwd file. However... how about a simpler hack... add >"_G" (or something) to all unix groups. Then create group map entries where appropriate. > I'd be a bit wary of doing this. I tried it when these sort of problems cropped up un the old 'head' branch. Went through the /etc/group file and uppercased all groups that had the same name as users. It produced a very long list of things that broke. Lots of systems use group names and don't expect to see them changed. Each one was easy enough to fix but I kept finding more ..... In the end time pressure got the better of me and I backed out. Still running the head branch from mid 99. David David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From lkcl at samba.org Wed Mar 22 23:17:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:07 2003 Subject: samba-tng-alpha-1.2.tar.gz In-Reply-To: <38D94296.581048BE@plum.de> Message-ID: On Wed, 22 Mar 2000, Michael Glauche wrote: > Luke Kenneth Casson Leighton wrote: > > > > ok, you have partially answered your own question, with the SMBsesssetupX > > message, there. > > > > what is the domain PRANGHL? > > > > it looks like you are connection from a trusted domain or a workstation, > > and the domain name is being rejected as unknown, which is the *correct* > > behaviour. > > > > also, what doesn't work? you don't explain what action you took that > > generated this error message. please remember that if you want an answer > > to a question, try to avoid phrases with the word "it" :) > > > > > TESTWG = domain, nt5 in WORKGROUP TESTWG, PRANGHL is nt5 client. > > All works when logged in as "mg", only as "administrator" it fails. ok, logins, not SMB file access. but from what you showed from the log files, you are making a file access as PRANGHL\administrator,, which if that is the case, is being correctly rejected. maybe it's... ok, can you try renaming the local "administrator' account to something else, or use a _different_ name for TESTWG\administrator root=Admin, in domain name map. From thien_vu at hotmail.com Thu Mar 23 00:02:19 2000 From: thien_vu at hotmail.com (Thien Vu) Date: Tue Dec 2 02:29:07 2003 Subject: Automounting of user directories on Linux References: Message-ID: <20000323000238.69534.qmail@hotmail.com> Exactly, thats why I was wondering if it could be done as a user logs into the system. Would the most reasonable solution run a login script that temporarily gives them root access to allow for direct mounting of the SMB share? Thien ----- Original Message ----- From: "Seth Vidal" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, March 22, 2000 12:30 PM Subject: Re: Automounting of user directories on Linux > > If all of the home directories on the SMB serve are in the same folder, > > export that folder (callit "Home" or "Dirs" or something). Then use > > smbmnt to mount that folder to /home - As long as the /etc/passwd file > > has their home directory listed as /home/username - It works great. Very > > fast (TCP over NFS's UDP) and actually has user-level authentication > > instead of the cheeze authentication NFS uses. > > how do you deal with file permission problems? > > -sv > > > From geordy at nai.nu Thu Mar 23 00:13:55 2000 From: geordy at nai.nu (Geordy Korte) Date: Tue Dec 2 02:29:07 2003 Subject: Status of domain logons from w2k clients. In-Reply-To: <38D63AA0.74172573@siac.com> Message-ID: Hello samba team, First I would like to congrat you guys/girls on one great product. I have been using samba 2.0.6 for a couple of months and have been very happy. A couples of days ago two new workstations arrived at the office and they had Windows 2000 (AHHHHHHH) Prof. You guest it no connection when loging onto the PDC server (Samba). Okay so start CVS and get playing. I downloaded TNG 1.2 and compiled it. I have read the Mailling lists and it seems the problem is due to a password authentication. From what I can figure out it seems the LM/NT passwords do not match. Without sounding like the other 1500 people that would like to see this problem solved, I was wondering if anyone could answer me the next couple of questions: 1. Is the problem related to LM/NT password. 2. If so any clues as to when it could be fixed. 3. If the problem cant be solved, is there anyway to tell w2k to act like a normal NT machine and be nice 4. Am I a total idiot and has someone gotten the config to work ?(of so please e-mail me)(config = Samba as PDC for a w2k network with roaming profiles and SAM user authentication) If anyone could please help me I would be gratefull... Thanx in advanced and keep up the good work. -- Geordy Korte ----------------------------------------------------------- geordy@nai.nu | ICQ 14458242 http://www.nai.nu | Finger geordy@nai.nu for PGP key ------------------------|---------------------------------- From abrock at georgefox.edu Wed Mar 22 23:26:05 2000 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:29:07 2003 Subject: samba-tng-alpha-1.1.tar.gz In-Reply-To: Message-ID: <4.2.2.20000322171114.00a6e770@localhost> Okay, I have just hit a point here at work where I have to get this working soon. So, I am once more looking into samba ... :) While I am not entirely familiar with the history behind this other message, I am experiencing what appears to be similar problems on my Sparc/Solaris 2.7 machine. Initially, we have a machine setup as both PDC and WINS server running Samba 2.0.6. Obviously, this is only good for Win95 machines. So, I wanted to leave WINS on the original machine (since I ran into VERY weird behavior the last time I moved it to TNG), but need to move the PDC to another machine. So I copied the sid files, smbpasswd, and smb.conf files to the new installation (cvs from around 3pm this afternoon, 3/22/2000). Edited both configs in accordance with the Samba TNG Faq, and started them up. Everything seemed to be working fine, until some people tried to login that I had not yet created UNIX accounts for. However, myself and several others who already had UNIX accounts (and identical uids to the original PDC) had no problems. I thought, this should be easy. So I deleted the unknown people from the smbpasswd file, and created their UNIX accounts. Next, I used rcpclient to create them. So far so good. However, when I attempted to change their password, I receive the following error: [root@.]$ samuserset helpdsk -p anything57 samuserset helpdsk -p anything57 SAM Set User Info: helpdsk Password: ??? Set User Info: Failed [root@.]$ When I looked in the logs, the only thing that seems to make any sense at all is found in log.samr and I have enclosed it below. Let me know if you want me to increase the logging level or do something else. Thanks in advance, Tony *** START /opt/samba-tng/var/log.samr *** [2000/03/22 16:29:16, 1] msrpc/msrpcd.c:main(460) samrd version TNG-prealpha started. Copyright Andrew Tridgell 1992-1999 create_pipe_socket: /opt/samba-tng/var/locks/.msrpc perms=448 /opt/samba-tng/var/locks/.msrpc/samr perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /opt/samba-tng/var/locks/.msrpc/samr failed TODO: verify that the rid exists ERROR: setgroups call failed! TODO: verify that the rid exists ERROR: setgroups call failed! ERROR: setgroups call failed! TODO: verify that the rid exists ERROR: setgroups call failed! TODO: verify that the rid exists ERROR: setgroups call failed! ERROR: setgroups call failed! TODO: verify that the rid exists decode_pw_buffer: incorrect password length (954580735). ERROR: setgroups call failed! TODO: verify that the rid exists ERROR: setgroups call failed! ERROR: setgroups call failed! TODO: verify that the rid exists decode_pw_buffer: incorrect password length (954580735). TODO: verify that the rid exists ERROR: setgroups call failed! TODO: verify that the rid exists ERROR: setgroups call failed! ERROR: setgroups call failed! TODO: verify that the rid exists decode_pw_buffer: incorrect password length (954580735). *** END /opt/samba-tng/var/log.samr *** At 12:51 PM 3/19/00 -0800, lkcl@samba.org wrote: >ok, firstly, make sure that there is read-permission to everyone all the >way up to domainuser.map. > >secondly, try just "root" username, removing the domainuser.map. > >i just tried smbclient myself, and it worked fine, with _and_ without the >domainuser.map, by the way. > >sooo.... how about this: > >try: > >samedit -S . -U root% -l lo >[$] samuserset mg -p test > >then examine the mg line in smbpasswd, it should be like this: >mg:0:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U >]:LCT-38D2E810: > >check that the password is correct, ok? > >also, try this: > >samedit -S . -U root% -l log >[$ ] ntlogin DOMAINNAME\username password > >this should respond yes or no. > >try a correct password as well as an incorrect one. > >try an incorrect usename, too. > >On Sun, 19 Mar 2000, Michael Glauche wrote: > > >> Michael Glauche wrote: > >> > > >> > Michael Glauche wrote: > >> > > > >> > > Have some troubles connecting to shares (did not test domain logons > >yet) > >> > > from nt5. lsarpcd tells me about missing sockets (that in the other > >> > > post). > >> > > >> > ahh .. had some trouble reconnecting drives, when using a fresh logon > >> > to alpha1.1 it works, but when nt5 has mapped a share, then you can't > >> > switch from 2.0.6 to TNG ... *grin* > >> > >> oops .. wait .. that was another thing ... 2.0.6 was running when it > >> worked. > >> > >> Now .. some more information : > >> > >> nt5 connect to share as "mg" : works > >> nt5 connect to share as "adminstrator" : fails > >> smbclient //server/share -U administrator : works > >> > >> I have a line > >> domain user map = /opt/samba-tng/private/domainuser.map > >> with > >> root=Administrator > >> > >> in it, so it should work. (according to smbclient it does !?) > >> > >> in the logfile I got: > >> load_name_map: Scanning name map /opt/samba-tng/private/domainuser.map > >> make_name_entry:,administrator,root > >> unix_name_to_nt_name_info: unix_name:root > >> unix_name_to_nt_name_info: unix gid:0 > >> unixname = root, ntname = TESTWG\administrator type = 1 > >> > >> but later I got: > >> domain_client_validate: check lockout / pwd expired! > >> No such user administrator - using guest account > >> > >> TIA, > >> Michael > >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Macmillan Technical Publishing > >ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From giseli at inf.ufsc.br Thu Mar 23 01:36:33 2000 From: giseli at inf.ufsc.br (Giseli) Date: Tue Dec 2 02:29:07 2003 Subject: Samba-tng Message-ID: What is samba-tng? Giseli *************************************** * giseli@inf.ufsc.br * * * * Graduacao em Ciencias da Computacao * * * *************************************** From mgeddes at xavier.sa.edu.au Thu Mar 23 01:54:54 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:07 2003 Subject: Samba-tng References: Message-ID: <38D9796E.2A219CAB@xavier.sa.edu.au> Giseli wrote: > > What is samba-tng? > > Giseli > > *************************************** > * giseli@inf.ufsc.br * > * * > * Graduacao em Ciencias da Computacao * > * * > *************************************** TNG stands for The Next Generation. It implements a huge amount of the NT MS-RPC stuff and really will be very good. http://www.knescke.de/projekte/samba_tng/ is Lars' Samba TNG site. It will tell you everything you need to know. -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From sharpe at ns.aus.com Wed Mar 22 14:58:31 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:29:07 2003 Subject: Problems logging onto domain In-Reply-To: References: <200003221243.MAA26239@picard.ee.ucl.ac.uk> Message-ID: <3.0.6.32.20000323005831.009dbca0@203.16.214.248> Use Ethereal ... It is open source, and with more feedback, we can make it heaps better than NetMon. It also reads and writes NetMon capture formats :-) At 07:35 AM 3/23/00 +1100, Luke Kenneth Casson Leighton wrote: >netmon is on the nt srv cd in the reskit directory. > >please do not use netmon v2, it's pathetic and i refuse to use it, >therefore any files in netmon v2 format i cannot access, i have to use >hexedit to examine them, which is better than nothing!!! > >> Is netmon in the NT resource pack? >> >> Tom. >> >> ---------------------------------------------------------------------------- >> Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk >> Department of Electronic and Electrical Engineering, >> University College London, TEL: +44 (0)20 7679 3898 >> Torrington Place, FAX: +44 (0)20 7388 9307 >> London, UK, WC1E 7JE. >> ---------------------------------------------------------------------------- >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Macmillan Technical Publishing > >ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From p.mayers at ic.ac.uk Thu Mar 23 09:34:40 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:29:07 2003 Subject: passwords Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F813AC@icex1.cc.ic.ac.uk> No, it's impossible. The passwords in /etc/passwd are not reversibly encrypted. Cheers, Phil > -----Original Message----- > From: Glenn MacGregor [SMTP:gtm@oracom.com] > Sent: Wednesday, March 22, 2000 4:58 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: passwords > > Hi All, > > Is there a utility that reads the /etc/passwd or shadow file and > makes a smbpasswd file w/ the correct passwords? > > Thanks > > Glenn > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > From david.rosenkranz at detewe.de Thu Mar 23 09:53:35 2000 From: david.rosenkranz at detewe.de (David Rosenkranz) Date: Tue Dec 2 02:29:07 2003 Subject: Roaming profile update confusion Message-ID: <38D9E99F.F307BD5A@detewe.de> Hi out there, I discovered a strange problem. I have set up SAMBA to become a PDC an it really works fine. I log on to the domain from my WinNT-Workstation and the profile is stored on the server. When I end my NT-session the profile is updated on the server, just as I want it. But whenever I log on with the same username again NT tells me that the local profile was newer than the server stored profile. I also compared the last-modified attributes of ntuser.dat on both the server and the local copy. Both dates were the same. I also run NET TIME /DOMAIN /SET /YES to sync time. What do I do wrong? David IT-Student, Berlin, Germany From lkcl at samba.org Thu Mar 23 09:59:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:07 2003 Subject: [samba-tng] sparc64 / sparc32 - assistance needed Message-ID: ok, i couldn't find the person who had a sparc64 and a sparc32, who said that they didn't have TNG working on sparc64, but had seen other people using sparc32 where it _did_ work, however i need your assistance. what i need you, or someone with a sparc64, to do is: ./configure.developer make clean make then put debug level = 100 delete all log files, and start the daemons. then join the workstation (nt4, not nt5) to the domain, using the root username/password. then examine log.samr for a "samr_set_userinfo" call which has a 516 byte password block. i need to know the byte order the decrypted password, which whill be the workstation name in lower case and will be in UNICODE. i need to know if the nt_lm_owf_genW function is generating the correct NT and LM #es. because i have a sneaking suspicion that there is a byte-order issue in there, from what people have told me. evidence for an incorrect NT and LM# generation will be that the password used in nt_lm_owf_genW will be NULL-length, because the byte ordering will be wrong. please could you therefore send the relevant parts of log.samr to the list. thx, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From willd at pindar.com Thu Mar 23 10:06:16 2000 From: willd at pindar.com (William Deakin) Date: Tue Dec 2 02:29:07 2003 Subject: passwords References: <0846B011B9A4D111A1EE006097DA4FCE02F813AC@icex1.cc.ic.ac.uk> Message-ID: <38D9EC98.DFD491DE@pindar.com> Mayers, P J wrote: > No, it's impossible. The passwords in /etc/passwd are not reversibly > encrypted. I'm not sure that this is completely true. It is *possible* to unencrypt the passwords in the passwd and/or shadow file (this is what some crackers spend alot of time trying to do) and is the reason why there is a separate passwd and shadow file. However, it is not straightforward and depends of the OS and implementation/version. Cheers, Will ********************************************************************** This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error, you must take no action based on them, nor must you copy or show them to anyone; please reply to this email and highlight the error. Security Warning: Please note that this email has been created in the knowledge that the internet email is not a 100% secure communications medium. We advise that you understand and observe this lack of security when emailing us. Viruses: Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. If you have received this email in error please notify: postmaster@pindar.com ********************************************************************** From alet at unice.fr Thu Mar 23 10:21:10 2000 From: alet at unice.fr (Jerome Alet) Date: Tue Dec 2 02:29:07 2003 Subject: passwords In-Reply-To: <38D9EC98.DFD491DE@pindar.com> Message-ID: On Thu, 23 Mar 2000, William Deakin wrote: > I'm not sure that this is completely true. It is *possible* to unencrypt > the passwords in the passwd and/or shadow file (this is what some crackers > > spend alot of time trying to do) and is the reason why there is a separate > > passwd and shadow file. However, it is not straightforward and depends of > the OS and implementation/version. Could you say more ? AFAIK it's only possible to do a brute force attack on these passwords: encrypt all possible characters combinations and compare the encrypted strings: that's very long, and generally considered impossible or near impossible (depending on the number of characters possible and the encryption algorithm) bye, Jerome From robert.schuhl at ald-vt.de Thu Mar 23 10:24:23 2000 From: robert.schuhl at ald-vt.de (Robert Schuhl) Date: Tue Dec 2 02:29:07 2003 Subject: passwords In-Reply-To: <38D9EC98.DFD491DE@pindar.com> Message-ID: <009f01bf94b1$f5b511f0$020410ac@aldvt.de> Not really, it could be one having the same hash, it is not a reversable coding, they are testing, if the password generated is having the same hash that is stored in passwd or shadow. Robert -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of William Deakin Sent: Thursday, March 23, 2000 11:06 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: passwords Mayers, P J wrote: > No, it's impossible. The passwords in /etc/passwd are not reversibly > encrypted. I'm not sure that this is completely true. It is *possible* to unencrypt the passwords in the passwd and/or shadow file (this is what some crackers spend alot of time trying to do) and is the reason why there is a separate passwd and shadow file. However, it is not straightforward and depends of the OS and implementation/version. Cheers, Will From s.striker at striker.nl Thu Mar 23 10:50:33 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:29:07 2003 Subject: passwords In-Reply-To: <38D8FB2C.D8ED945A@oracom.com> Message-ID: >Hi All, > > Is there a utility that reads the /etc/passwd or shadow file and >makes a smbpasswd file w/ the correct passwords? > > Thanks > > Glenn Hmmm, interesting point. Let's do some creative thinking. Is there a way to set the password in smbpasswd (or the samr db) the first time a user ever logs in? Meaning that if a user is marked [first time user], his password is checked in an alternative way(using pam?), and setting the password to this value if it is correct. Luke? There is a transitional fase parameter built into samba for such cases... (mind is really making squeeking sounds now :-) some faint memory tells me. It might however be disabled by now, it was a pretty long time ago. :-) Sander From willd at pindar.com Thu Mar 23 10:52:02 2000 From: willd at pindar.com (William Deakin) Date: Tue Dec 2 02:29:07 2003 Subject: passwords References: Message-ID: <38D9F752.208E10F5@pindar.com> Jerome Alet wrote: > AFAIK it's only possible to do a brute force attack on these passwords: > encrypt all possible characters combinations and compare the encrypted > strings: that's very long, and generally considered impossible or near > impossible (depending on the number of characters possible and the > encryption algorithm) Well, thinking about it some more, I probably was hasty and wrong. And yes, what I was talking about was a brute force attack. The details of what I was thinking about are hazy (its been a while) and based on cracker, a piece of software written by Alan Parfitt, and on the crypt encryption algorithm. I should add that this was carried out with the knowledge (blessing even) of the sysadmin. This was not an attempt to hack the system, but to look at password security. As I remember, under AIX and Linux (the only two OS that I tried this on) the encryption key is (was?) stored in the shadow/passwd file, substantially reducing the amount of calculation required (IIRC the key was the last two bytes of the password string). Most people pick really lousy passwords so that using the key and pemuting a dictionary (using Mr Parfits program) gets alot of passwords. When I tried this on an RS6000 under AIX and on a P75 running Linux I found that I could get 93 out of 108 of passwords (this was about 5 years ago on old AIX and linux: the crypt algorithm may have changed, and so on). From my hazy memory the crack took about 2 and 4 hours on the Linux box and the heavily used RS6000 box (40 concurrent users developing code plus an infomix database). Included in this was the root password. Best Regards, Will ********************************************************************** This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error, you must take no action based on them, nor must you copy or show them to anyone; please reply to this email and highlight the error. Security Warning: Please note that this email has been created in the knowledge that the internet email is not a 100% secure communications medium. We advise that you understand and observe this lack of security when emailing us. Viruses: Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. If you have received this email in error please notify: postmaster@pindar.com ********************************************************************** From Jean-Francois.Micouleau at dalalu.fr Thu Mar 23 11:30:25 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:29:07 2003 Subject: passwords In-Reply-To: Message-ID: On Thu, 23 Mar 2000, Sander Striker wrote: > Hmmm, interesting point. Let's do some creative thinking. > Is there a way to set the password in smbpasswd (or the > samr db) the first time a user ever logs in? Meaning that > if a user is marked [first time user], his password is > checked in an alternative way(using pam?), and setting the > password to this value if it is correct. Luke? added to samba at least 2 years ago: update encrypted password in smb.conf. It means you have to disable encypted password on the windows box as you need the clear text password to check against anything other than the NT/LM hashes. > There is a transitional fase parameter built into samba for > such cases... (mind is really making squeeking sounds now :-) > some faint memory tells me. It might however be disabled by > now, it was a pretty long time ago. :-) > > Sander > From s.striker at striker.nl Thu Mar 23 11:42:02 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:29:07 2003 Subject: passwords In-Reply-To: Message-ID: >On Thu, 23 Mar 2000, Sander Striker wrote: > >> Hmmm, interesting point. Let's do some creative thinking. >> Is there a way to set the password in smbpasswd (or the >> samr db) the first time a user ever logs in? Meaning that >> if a user is marked [first time user], his password is >> checked in an alternative way(using pam?), and setting the >> password to this value if it is correct. Luke? >> There is a transitional fase parameter built into samba >> [...] >added to samba at least 2 years ago: update encrypted password in >smb.conf. It means you have to disable encypted password on the windows >box as you need the clear text password to check against anything other >than the NT/LM hashes. Yep, that was what I was thinking about, or at least trying to remember. It is still enabled then. Might me an option. I think however that disabling encryption in the clients is considered more of a hassle. People tend to loosen their security policy for a 'short' interval if they can get away with temporary centralized modifications ie. on the server. :-) This gave me another idea though, which isn't very nice, but could/would do the trick. Whenever the 'first time user' (which has ofcourse to be defined and not disabled) logs in, the NT/LM hash is stored and used for further reference. This is a major security risk and should be done in a controlled environment. Also the time window for this should be very limited. If you don't trust everyone/anyone you can put the newly set hashes in a queue for nightly evaluation (or any other (idle) time for that matter), to crack the hash and check the password against /etc/passwd or equivalent. You would have to find a tool that does this for you... or write one :-) Hmmm, there was something in this department some time ago on samba-tech, let's see: >It is POSSIBLE to "decrypt" these passwords, but not quickly enough to >avoid the client timing out. In fact, it can take up to four days to crack >particularly tough passwords on a fairly powerful PC. >[...] >There is little practical difference between LanMan/NT hashes and plaintext: >a couple of hours of number crunching will "decrypt" the hashes anyway...) >[...] > >James Sutherland. Sander From p.mayers at ic.ac.uk Thu Mar 23 11:37:43 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:29:07 2003 Subject: passwords Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F813AF@icex1.cc.ic.ac.uk> I take objection to this - I realise I'm being picky, but that's not decryption - that's a known ciphertext attack (guessed plaintext) and it's entirely different. We regularly run crack against our password files here and change (forcibly if necessary) any weak passwords, but it's not a solution I'd pick for converting /etc/passwd to smbpasswd - there are other, better methods, like the null password and password migration options. Cheers, Phil -----Original Message----- From: William Deakin To: p.mayers@ic.ac.uk Sent: 23/03/00 10:00 Subject: Re: passwords Mayers, P J wrote: > No, it's impossible. The passwords in /etc/passwd are not reversibly > encrypted. I'm not sure that this is completely true. It is *possible* to unencrypt the passwords in the passwd and/or shadow file (this is what some crackers spend alot of time trying to do) and is the reason why there is a separate passwd and shadow file. However, it is not straightforward and depends of the OS and implementation/version. Cheers, Will ********************************************************************** This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error, you must take no action based on them, nor must you copy or show them to anyone; please reply to this email and highlight the error. Security Warning: Please note that this email has been created in the knowledge that the internet email is not a 100% secure communications medium. We advise that you understand and observe this lack of security when emailing us. Viruses: Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. If you have received this email in error please notify: postmaster@pindar.com ********************************************************************** From tom at ee.ucl.ac.uk Thu Mar 23 12:52:43 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:07 2003 Subject: [samba-tng] sparc64 / sparc32 - assistance needed Message-ID: <200003231252.MAA23683@picard.ee.ucl.ac.uk> Hello Luke, Here is the log fragment you asked for: Skipping become_unix_sec_ctx - already user api_pipe_request: validated auth pipe name: samr search name: samr Doing \PIPE\samr api_rpc_command: api_samr_rpc op 0x3a - api_rpc_command: SAMR_SET_USERINFO 000008 samr_io_q_set_userinfo 000008 smb_io_pol_hnd pol 0008 ptr: 00000000 00000c smb_io_rpc_iface uuid 000c time_low: b1ac7200 0010 time_mid: 94c5 0012 time_hiv: 01bf 0014 rem: 7c 71 00 00 09 00 00 00 001c switch_value: 0018 00001e samr_io_userinfo_ctr ctr 001e switch_value: 0018 000020 sam_io_user_info24 0020 password: 6c 6c a4 6d 56 12 78 a5 76 1a 06 ca 0d 2a 6c cd 08 b0 04 45 d0 76 82 4e 6b 87 e4 1b bd ae 57 dc c4 1f e1 96 c0 cb be 1c b4 e6 53 d0 c3 bf f6 cf 7c 01 ad 25 7d 18 92 4a ea 53 54 80 47 cb 7f be d2 c0 f6 d7 6d bb 1c 59 c0 e1 a7 1b 61 06 d 9 96 3a ed d0 d5 a8 14 72 88 8a d1 77 85 a2 b7 9f 81 c5 8e 1f 1b 6d 49 cc f0 9e 8b f8 00 13 cc b8 36 67 8c 04 e2 35 28 b7 1e 1e bf 17 d1 e4 f7 b5 c7 11 88 4d 98 92 65 77 56 e2 72 12 24 e7 1f 0d ba 79 a9 25 c2 88 c8 b9 8f 12 5c 9a 8e 07 4f c1 b3 6d 82 29 1b 13 0a ff 6e 98 49 8f b5 e3 ec 79 37 a7 ea 30 9b a0 a5 db 3f 4b 0b 18 65 f4 96 0e db 74 65 6a c0 a2 e7 c4 c8 9f 6b b9 63 02 21 21 ce 1d 1 3 32 ad 77 ee 7f 6f 76 19 54 6c 3f 60 16 07 65 28 19 ca fa 94 bd 79 a4 5b cc 89 17 35 ae 1b 58 8a 73 fa 91 24 ab 7c eb 29 cb ef ce 93 2b 8c ce f1 dc 83 fa e8 2d 7b 66 b5 71 8b 6f 1a 7b 0a 60 b0 3e 27 3d 36 2f 76 39 83 55 3a e6 87 5f c8 f5 47 4a 04 16 1f 31 4f 98 18 36 e6 b7 3c 6d 12 07 29 20 b0 65 54 ce 23 15 0c 5a 70 7d 7f 8e 3e 87 60 bf a8 84 e8 61 f7 25 c5 2b 01 +> 60 17 b7 29 95 7f ee ac 30 17 14 c7 96 84 de 52 fb 96 81 73 bc 88 d8 fb 7f e7 43 02 b1 74 a4 27 49 8a 1b e2 3f 38 3b a2 70 00 61 2b 4c f8 d8 26 0e 60 19 c3 f0 af 58 af 98 02 04 82 24 1b b3 cc e9 8b fd 71 43 fc f6 d1 de 34 7f 4f 3d 45 9e d5 93 ee 61 3a 5a 56 ed 6 f 28 9c 2f 01 8e 88 8a ce ec 68 f5 5c 6e bf b3 0e 8a e8 ac 7e ad ef 1e ec fb 82 f2 ba 00 94 f6 e4 89 4d ae 3f c8 a8 c2 d5 f0 6a c4 9f a8 ce 9f f6 0a c7 68 35 17 22 08 00 11 6f 14 1b 86 7c 38 02 c2 c8 fd 10 aa 01 36 3c bf 9a 2f f1 6d 6a 6b 3c 30 0f 4c df a7 6e 28 88 9e f0 a4 e9 54 c5 7a ff 0224 unk_0: 0000 samr_reply_set_userinfo: 2011 Found policy hnd[9] [000] 00 00 00 00 B1 AC 72 00 94 C5 01 BF 7C 71 00 00 ......r. ....|q.. [010] 09 00 00 00 .... Found policy hnd[9] [000] 00 00 00 00 B1 AC 72 00 94 C5 01 BF 7C 71 00 00 ......r. ....|q.. [010] 09 00 00 00 .... Getting policy vuser_key pnum=9 pid=29002 vuid=66 lookup user 714a,66 000000 vuid_io_key key 0000 pid : 0000714a 0004 vuid: 0066 000000 vuid_io_user_struct usr I'm sorry I can't do a configure.developer as the resultant binaries don't fit in the partition I'm using for samba. I'll be able to fix this next week when a new 18G drive arrives. The workstation name is wesley$. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From hulet at ittc.ukans.edu Thu Mar 23 15:09:12 2000 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:29:07 2003 Subject: passwords In-Reply-To: Message-ID: You disable encrypted passwords on one of your workstations and make new users log into that machine. You can also have a unique smb.conf.unsafe_machine configuration that has update encrypted = yes OR you can setup a secure website, behind a firewall, accessible only from your local network, etc where users can change their passwords. We have a button for NT (samba), unix, or both. It uses their unix password for authentication so you can make the samba password whatever you want. The web idea was suggested on this list a couple of years ago. Since almost anyone can navigate a web page, it works for us. Sorry Luke I haven't tracked the /etc/group thing down on the DEC Alpha 4.0D but I've been busy with a billion other things. Good thing since samba-tng-alpha.1.2 is already out. You write code faster than I can compile. Michael Hulet Network System Administrator ITTC, University of Kansas On Thu, 23 Mar 2000, Sander Striker wrote: > >On Thu, 23 Mar 2000, Sander Striker wrote: > > > >> Hmmm, interesting point. Let's do some creative thinking. > >> Is there a way to set the password in smbpasswd (or the > >> samr db) the first time a user ever logs in? Meaning that > >> if a user is marked [first time user], his password is > >> checked in an alternative way(using pam?), and setting the > >> password to this value if it is correct. Luke? > > >> There is a transitional fase parameter built into samba > >> [...] > > >added to samba at least 2 years ago: update encrypted password in > >smb.conf. It means you have to disable encypted password on the windows > >box as you need the clear text password to check against anything other > >than the NT/LM hashes. > > Yep, that was what I was thinking about, or at least trying to remember. > It is still enabled then. Might me an option. > I think however that disabling encryption in the clients is considered > more of a hassle. People tend to loosen their security policy for a > 'short' interval if they can get away with temporary centralized > modifications ie. on the server. :-) > This gave me another idea though, which isn't very nice, but could/would > do the trick. Whenever the 'first time user' (which has ofcourse to be > defined and not disabled) logs in, the NT/LM hash is stored and used > for further reference. This is a major security risk and should be done > in a controlled environment. Also the time window for this should be very > limited. If you don't trust everyone/anyone you can put the newly set hashes > in a queue for nightly evaluation (or any other (idle) time for that > matter), > to crack the hash and check the password against /etc/passwd or equivalent. > You would have to find a tool that does this for you... or write one :-) > > Hmmm, there was something in this department some time ago on samba-tech, > let's see: > From s.striker at striker.nl Thu Mar 23 15:39:42 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:29:07 2003 Subject: passwords In-Reply-To: Message-ID: >You disable encrypted passwords on one of your workstations and make new >users log into that machine. You can also have a unique >smb.conf.unsafe_machine configuration that has update encrypted = yes >OR you can setup a secure website, behind a firewall, accessible only from >your local network, etc where users can change their passwords. We have a >button for NT (samba), unix, or both. It uses their unix password for >authentication so you can make the samba password whatever you want. The >web idea was suggested on this list a couple of years ago. Since almost >anyone can navigate a web page, it works for us. I think this really is the best solution I've seen so far. A lot better then mine :-D Sander From tschweikle at FIDUCIA.de Thu Mar 23 15:47:23 2000 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:29:07 2003 Subject: passwords Message-ID: <0057540004326292000002L422*@MHS> On Thu, 23 Mar 2000, Sander Striker wrote: > >On Thu, 23 Mar 2000, Sander Striker wrote: > > > >> Hmmm, interesting point. Let's do some creative thinking. > >> Is there a way to set the password in smbpasswd (or the > >> samr db) the first time a user ever logs in? Meaning that > >> if a user is marked [first time user], his password is > >> checked in an alternative way(using pam?), and setting the > >> password to this value if it is correct. Luke? > > >> There is a transitional fase parameter built into samba > >> [...] > > >added to samba at least 2 years ago: update encrypted password in > >smb.conf. It means you have to disable encypted password on the windows > >box as you need the clear text password to check against anything other > >than the NT/LM hashes. > > Yep, that was what I was thinking about, or at least trying to remember. > It is still enabled then. Might me an option. > I think however that disabling encryption in the clients is considered > more of a hassle. People tend to loosen their security policy for a > 'short' interval if they can get away with temporary centralized > modifications ie. on the server. :-) > This gave me another idea though, which isn't very nice, but could/would > do the trick. Whenever the 'first time user' (which has ofcourse to be > defined and not disabled) logs in, the NT/LM hash is stored and used > for further reference. This is a major security risk and should be done > in a controlled environment. Also the time window for this should be very > limited. If you don't trust everyone/anyone you can put the newly set hashes > in a queue for nightly evaluation (or any other (idle) time for that > matter), > to crack the hash and check the password against /etc/passwd or equivalent. > You would have to find a tool that does this for you... or write one :-) > > Hmmm, there was something in this department some time ago on samba-tech, > let's see: I avoided all this stuff authenticating UNIX users against samba. I am not sure this is possible with all UNIX flowers around, but linux and solaris do work. You would have to use pam_smb to accomplish this. creating a soft link from passwd to smbpasswd makes UNIX users use smbpasswd. Win98 and NT users can change there passwords the was they are used to. -- From mbreuer at siac.com Thu Mar 23 16:23:31 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:07 2003 Subject: samba-tng-alpha-1.0.tar.gz (group names) References: <38D63AA0.74172573@siac.com> <3.0.6.32.20000323092504.008bae00@bioserve.latrobe.edu.au> Message-ID: <38DA4503.2FC715A5@siac.com> I meant doing this within SAMBA (thus not affecting UNIX). David Bannon wrote: > At 07:45 PM 22/03/2000 +1100, Michael Breuer wrote: > >I spoke too soon... there doesn't seem to be a nice way to use an > alternate passwd file. However... how about a simpler hack... add > >"_G" (or something) to all unix groups. Then create group map entries > where appropriate. > > > > I'd be a bit wary of doing this. I tried it when these sort of problems > cropped up un the old 'head' branch. Went through the /etc/group file and > uppercased all groups that had the same name as users. It produced a very > long list of things that broke. Lots of systems use group names and don't > expect to see them changed. Each one was easy enough to fix but I kept > finding more ..... > > In the end time pressure got the better of me and I backed out. Still > running the head branch from mid 99. > > David > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! From lkcl at samba.org Thu Mar 23 17:28:27 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:07 2003 Subject: passwords In-Reply-To: Message-ID: On Thu, 23 Mar 2000, Sander Striker wrote: > >Hi All, > > > > Is there a utility that reads the /etc/passwd or shadow file and > >makes a smbpasswd file w/ the correct passwords? yes, it's called unixcrack. > > > > Thanks > > > > Glenn > > Hmmm, interesting point. Let's do some creative thinking. > Is there a way to set the password in smbpasswd (or the > samr db) the first time a user ever logs in? Meaning that > if a user is marked [first time user], his password is > checked in an alternative way(using pam?), and setting the > password to this value if it is correct. Luke? > There is a transitional fase parameter built into samba for > such cases... (mind is really making squeeking sounds now :-) > some faint memory tells me. It might however be disabled by > now, it was a pretty long time ago. :-) migrate passwords = yes (or update encrypted). you have to run with plaintext passwords for a while. From lkcl at samba.org Thu Mar 23 17:45:44 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:07 2003 Subject: [samba-tng] sparc64 / sparc32 - assistance needed In-Reply-To: <200003231252.MAA23683@picard.ee.ucl.ac.uk> Message-ID: hi tom, well ./configure.developer was a simple way to siwtch on -DDEBUG_PASSWORD> use ./configure.nodebug.developer instead., then please resend. because -DDEBUG_PASSWORD was not enabmed,, you send an encrypted passsword block, and i need to see the unencrypted one plus what nt_lm_owf_genW thinks of it. thanks, luke From david.lloyd at moving-picture.co.uk Thu Mar 23 17:54:10 2000 From: david.lloyd at moving-picture.co.uk (David Lloyd) Date: Tue Dec 2 02:29:07 2003 Subject: Can't get started Message-ID: <38DA5A42.8C830779@moving-picture.co.uk> OK, I've tried everything... I've been downloading the CVS source and following the faq http://www.kneschke.de/projekte/samba_tng/faq, although I left the installation in the default location (/usr/local/samba). I've set up a machine as a PDC with two shared directories I've been able to join the new domain in the network control panel, and I can access the samba shares, but I can't log in to the domain. I get the error message "The System cannot log you onto this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." I guess this means the trust account. The samba-tng machine is called 'proto', Redhat Linux 6.1 The NT workstation is called 'tester' (or possibly 'TESTER'), NT4 sp6 /etc/passwd contains: tester$:*:801:800:NT workstation:/dev/null:/bin/false /usr/local/samba/smbpasswd contains only: root:0:9B209E99D9F4B314AAD3B435B51404EE:D21178465D8B61FA8DB6D1E91A114BDD:[ ]:LCT-38DA3F59: david:1168:366478C1B2FD5ABDAAD3B435B51404EE:87BC14334FB20DFE0D993A61018A1EA8:[U ]:LCT-38DA4443: tester$:801:2EFDA720EAF28B23996415179D875185:2EFDA720EAF28B23996415179D875185:[W ]:LCT-38DA48FF: these accounts were made exactly as per faq (although I ran 'smbpasswd david' to set my password on it, then removed the D flag from the david account by hand) the account 'david' does not exist in /etc/passwd but is a yp account. Here is the smb.conf: # Global parameters [global] workgroup = TESTDOM log level = 20 domain logons = Yes security = user encrypt passwords = Yes os level = 65 domain master = Yes preferred master = Yes local master = Yes wins support = yes time server = yes [s1] path = /samba1 read only = No guest ok = Yes [s2] path = /samba2 read only = No guest ok = Yes This is, I think, everything that I have done. My guess would be I've missed out something really obvious and stupid, but I'm really a bit green when it comes to NT. Cheers, David -- David Lloyd The Moving Picture Company 127-133 Wardour Street London W1V 4NL Tel:44 (0)20 7494 7956 Fax:44 (0)20 7287 3191 From neonatus at gimp.thz.net Thu Mar 23 18:23:40 2000 From: neonatus at gimp.thz.net (Bostjan Muller) Date: Tue Dec 2 02:29:07 2003 Subject: Cannot login from NT wks 4.0 Message-ID: <20000323192340.A330@gimp.thz.net> Hi! I have recently started to follow the TNG project and have downloaded the 22.3.2000 cvs tree and compiled it on Slackware 7 (only with -lcrypt). The problem is that whatever I do to set up the server I can allways login from my win98 machine and *NEVER* from my Nt 4.0 wks machine as an Administrator (I can login however from all the machines on the net (3) using administrator username and pass (when mounting shares on linux machines). Can someone please explain to me what do I have to do step by step to login as an Administrator on my NT 4.0 sp4 wks to samba TNG pdc machine. I tried the examples on the net and still no luck. THX in advance! Bo?tjan -- Bo?tjan M?ller [NEONATUS], NEONATUS@bigfoot.com, http://surf.to/NEONATUS RSA id: 0x90178DBD, ICQ #:7506644, PGP key: finger neonatus@gimp.thz.net GEEK CODE = PGP key Registered Linux User #87774, Powered by SuSE Linux 6.2 Succumb to natural tendencies. Be hateful and boring. From Elrond at Wunder-Nett.org Thu Mar 23 19:03:09 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:29:07 2003 Subject: samba-tng-alpha-1.2.tar.gz In-Reply-To: <38D94296.581048BE@plum.de>; from Michael Glauche on Thu, Mar 23, 2000 at 09:00:27AM +1100 References: <38D94296.581048BE@plum.de> Message-ID: <20000323200308.A13810@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Mar 23, 2000 at 09:00:27AM +1100, Michael Glauche wrote: [...] > TESTWG = domain, nt5 in WORKGROUP TESTWG, PRANGHL is nt5 client. ^^^^^^^^^ Is PRANGHL a member of the domain, or not? > All works when logged in as "mg", only as "administrator" it fails. > > TIA, > Michael Elrond From Elrond at Wunder-Nett.org Thu Mar 23 19:19:23 2000 From: Elrond at Wunder-Nett.org (Elrond) Date: Tue Dec 2 02:29:07 2003 Subject: passwords In-Reply-To: <0057540004326292000002L422*@MHS>; from tschweikle@FIDUCIA.de on Fri, Mar 24, 2000 at 02:50:36AM +1100 References: <0057540004326292000002L422*@MHS> Message-ID: <20000323201922.B13810@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Mar 24, 2000 at 02:50:36AM +1100, tschweikle@FIDUCIA.de wrote: [...] > I avoided all this stuff authenticating UNIX users against samba. > I am not sure this is possible with all UNIX flowers around, but AIX currently doesn't support PAM at all. They start have modular authentication support 4.3.3 has some ldap-thingie (which I want to investigate soon) > linux and solaris do work. AFAIK freebsd also has pam-support Elrond > You would have to use pam_smb to accomplish > this. creating a soft link from passwd to smbpasswd makes UNIX users > use smbpasswd. Win98 and NT users can change there passwords the > was they are used to. > > -- From boehm at nortelnetworks.com Thu Mar 23 19:17:22 2000 From: boehm at nortelnetworks.com (Eric Boehm) Date: Tue Dec 2 02:29:07 2003 Subject: Unable to access PC share when security = domain, works with security = server Message-ID: <20000323141722.F21793@brtpsfac.nortelnetworks.com> I don't understand what is happening with accessing my PC's share with smbclient. If my smb.conf contains workgroup = AMERICASE security = server password server = NRTPDE10, NRTPDE11, NRTPDE12 I can run smbclient '//prtpd2d6/Views' -U boehm and it connects just fine If I have workgroup = PCNTRTP security = domain password server = * and I run smbclient '//prtpd2d6/Views' -U boehm I get session setup failed: ERRDOS - ERRnoaccess (Access denied.) AMERICASE is a NT domain set up for user accounts. PCNTRTP is a domain set up for machine accounts. From the output of debugging level 10, it looks like it is trying to authenticate me against PCNTRTP. If I use smbclient '//prtpd2d6/Views' -U AMERICASE\boehm I still get session setup failed: ERRDOS - ERRnoaccess (Access denied.) (debugging output attached). What am I doing wrong or what I am not understanding correctly? -- Eric M. Boehm boehm@nortelnetworks.com -------------- next part -------------- /usr/local/samba/bin/smbclient //prtpd2d6/Views -U AMERICASE\BOEHM pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 437 load_client_codepage: loading codepage 437. Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x83 0x41 (l->u = True) (u->l = False) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x85 0x41 (l->u = True) (u->l = False) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x88 0x45 (l->u = True) (u->l = False) Adding chars 0x89 0x45 (l->u = True) (u->l = False) Adding chars 0x8a 0x45 (l->u = True) (u->l = False) Adding chars 0x8b 0x49 (l->u = True) (u->l = False) Adding chars 0x8c 0x49 (l->u = True) (u->l = False) Adding chars 0x8d 0x49 (l->u = True) (u->l = False) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x93 0x4f (l->u = True) (u->l = False) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x95 0x4f (l->u = True) (u->l = False) Adding chars 0x96 0x55 (l->u = True) (u->l = False) Adding chars 0x97 0x55 (l->u = True) (u->l = False) Adding chars 0x9b 0x0 (l->u = False) (u->l = False) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Adding chars 0x9d 0x0 (l->u = False) (u->l = False) Adding chars 0xa0 0x41 (l->u = True) (u->l = False) Adding chars 0xa1 0x49 (l->u = True) (u->l = False) Adding chars 0xa2 0x4f (l->u = True) (u->l = False) Adding chars 0xa3 0x55 (l->u = True) (u->l = False) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0xa8 0x0 (l->u = False) (u->l = False) Adding chars 0xad 0x0 (l->u = False) (u->l = False) Adding chars 0xae 0x0 (l->u = False) (u->l = False) Adding chars 0xaf 0x0 (l->u = False) (u->l = False) Adding chars 0xe0 0x0 (l->u = False) (u->l = False) Adding chars 0xe1 0x0 (l->u = False) (u->l = False) Adding chars 0xe2 0x0 (l->u = False) (u->l = False) Adding chars 0xe3 0x0 (l->u = False) (u->l = False) Adding chars 0xe4 0x0 (l->u = False) (u->l = False) Adding chars 0xe5 0x0 (l->u = False) (u->l = False) Adding chars 0xe6 0x0 (l->u = False) (u->l = False) Adding chars 0xe7 0x0 (l->u = False) (u->l = False) Adding chars 0xe8 0x0 (l->u = False) (u->l = False) Adding chars 0xe9 0x0 (l->u = False) (u->l = False) Adding chars 0xea 0x0 (l->u = False) (u->l = False) Adding chars 0xeb 0x0 (l->u = False) (u->l = False) Adding chars 0xec 0x0 (l->u = False) (u->l = False) Adding chars 0xed 0x0 (l->u = False) (u->l = False) Adding chars 0xee 0x0 (l->u = False) (u->l = False) Adding chars 0xef 0x0 (l->u = False) (u->l = False) added interface ip=47.111.69.171 bcast=47.111.79.255 nmask=255.255.240.0 added interface ip=47.140.7.148 bcast=47.140.15.255 nmask=255.255.240.0 Client started (version 2.0.6). resolve_lmhosts: Attempting lmhosts lookup for name prtpd2d6<0x20> startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory resolve_hosts: Attempting host lookup for name prtpd2d6<0x20> Connecting to 47.192.10.18 at port 139 write_socket(4,76) write_socket(4,76) wrote 76 Sent session request got smb length of 0 size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 session request ok write_socket(4,168) write_socket(4,168) wrote 168 got smb length of 93 size=93 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=20223 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=7 (0x7) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=1024 (0x400) smb_vwv[4]=17 (0x11) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=64768 (0xFD00) smb_vwv[10]=67 (0x43) smb_vwv[11]=53248 (0xD000) smb_vwv[12]=57150 (0xDF3E) smb_vwv[13]=64591 (0xFC4F) smb_vwv[14]=49044 (0xBF94) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=24 [000] 0C 86 81 CB A4 9E 6B FD 50 00 43 00 4E 00 54 00 ......k. P.C.N.T. [010] 52 00 54 00 50 00 00 00 R.T.P... size=93 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=20223 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=7 (0x7) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=1024 (0x400) smb_vwv[4]=17 (0x11) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=64768 (0xFD00) smb_vwv[10]=67 (0x43) smb_vwv[11]=53248 (0xD000) smb_vwv[12]=57150 (0xDF3E) smb_vwv[13]=64591 (0xFC4F) smb_vwv[14]=49044 (0xBF94) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=24 [000] 0C 86 81 CB A4 9E 6B FD 50 00 43 00 4E 00 54 00 ......k. P.C.N.T. [010] 52 00 54 00 50 00 00 00 R.T.P... Password: write_socket(4,147) write_socket(4,147) wrote 147 got smb length of 35 size=35 smb_com=0x73 smb_rcls=1 smb_reh=0 smb_err=5 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=20223 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=0 size=35 smb_com=0x73 smb_rcls=1 smb_reh=0 smb_err=5 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=20223 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=0 session setup failed: ERRDOS - ERRnoaccess (Access denied.) From lkcl at samba.org Thu Mar 23 20:15:32 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:07 2003 Subject: samba-tng-alpha-1.3.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha and mirrors. due to some confusion about how to use samedit's createuser command, i put a warning / security message in whenever createuser hostname$ is used. it basically says, now you can join the workstation to the domain because you have just set the trust account to the insecure, well-known initial value, and you had best join the workstation to the domain ASAP for security reasons. i also checked that profiles work: they do. it helps to have write permission to the directory that the profiles are to be stored in, i found. one person reported the usual problem with profiles, namely that on logout, a connection is maintained to the profile share and the next user logging in, the workstation attempts to reuse the connection, which is not the right thing to do. for this reason, and others, it is best to use 2.0 or cvs main for file serving. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From giulioo at pobox.com Thu Mar 23 20:42:21 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:29:07 2003 Subject: Unable to access PC share when security = domain, works with security = server In-Reply-To: <20000323141722.F21793@brtpsfac.nortelnetworks.com> References: <20000323141722.F21793@brtpsfac.nortelnetworks.com> Message-ID: <20000323204314.7081E2AE8E@i3.golden.dom> On Fri, 24 Mar 2000 06:27:24 +1100, hai scritto: >If my smb.conf contains > > workgroup = AMERICASE > security = server > password server = NRTPDE10, NRTPDE11, NRTPDE12 This way you don't need any further setup >If I have > > workgroup = PCNTRTP > security = domain > password server = * This way you need to create a machine account for samba in the ntdomain and then to join the domain with smbpasswd, first. -- giulioo@pobox.com From boehm at nortelnetworks.com Thu Mar 23 21:00:23 2000 From: boehm at nortelnetworks.com (Eric Boehm) Date: Tue Dec 2 02:29:07 2003 Subject: Unable to access PC share when security = domain, works with security = server In-Reply-To: <20000323204314.7081E2AE8E@i3.golden.dom>; from giulioo@pobox.com on Fri, Mar 24, 2000 at 07:49:01AM +1100 References: <20000323141722.F21793@brtpsfac.nortelnetworks.com> <20000323204314.7081E2AE8E@i3.golden.dom> Message-ID: <20000323160023.K21793@brtpsfac.nortelnetworks.com> On Fri, Mar 24, 2000 at 07:49:01AM +1100, Giulio Orsero wrote: > > >If my smb.conf contains > > > > workgroup = AMERICASE > > security = server > > password server = NRTPDE10, NRTPDE11, NRTPDE12 > This way you don't need any further setup Yes, but the problem I have with this setup is that sometimes NRTPDE10 doesn't respond or doesn't respond fast enough and authentication fails. > >If I have > > > > workgroup = PCNTRTP > > security = domain > > password server = * > This way you need to create a machine account for samba in the ntdomain > and then to join the domain with smbpasswd, first. I have created the machine account and joined the domain with smbpasswd. -- Eric M. Boehm boehm@nortelnetworks.com From mgeddes at xavier.sa.edu.au Thu Mar 23 21:55:49 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:07 2003 Subject: passwords References: Message-ID: <38DA92E5.D29C7064@xavier.sa.edu.au> Jean Francois Micouleau wrote: > > added to samba at least 2 years ago: update encrypted password in > smb.conf. It means you have to disable encypted password on the windows > box as you need the clear text password to check against anything other > than the NT/LM hashes. > I was under the impression (in fact I believe I have an e-mail Luke posted on this very list) that the unix password sync option could be used even with encrypt passwords = yes. If this does work, you could expire all the Samba passwords and each user would need to change their password when they log in next (assuming you can do this under Samba). -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mjwestkamper at weiinc.com Thu Mar 23 22:20:38 2000 From: mjwestkamper at weiinc.com (Mike) Date: Tue Dec 2 02:29:07 2003 Subject: Ports Message-ID: <00b101bf9516$0b8ad410$d22befcf@weiinc.com> I am running Linux/SAMBA on a file server. All works well. Whilst monitoring network traffic I note a lot of traffic from an NT4.0 box hitting the Linux box on port 137. Anyone know what it is trying to do? Also, I am setting up a firewall, hence the monitoring. Where can I find a list of ports I need to keep available for SAMBA to work. Mike -------------- next part -------------- HTML attachment scrubbed and removed From abrooks at abraham.css.tayloru.edu Thu Mar 23 22:27:18 2000 From: abrooks at abraham.css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:29:08 2003 Subject: passwords In-Reply-To: <0057540004326292000002L422*@MHS> Message-ID: Password synchronizing friends. Well, it's not pretty or perfect but we have been using the atached Perl/Expect script pretty nicely here for the last few weeks. The CGI is used in a series of dynamic and moduled html pages so I can't attach all of that (it wouldn't be of use anyways). We are running SSL on the web server so the sessions are encrypted. The Perl/Expect scripts are sort of hairy to go through but aren't really that bad. If you run in a different environment (RH6.1/Apache/PHP/NIS) you may have to do anything from changing the variables at the top of the script to reworking the expect statements. It might be nice at some point to create a config type file where you can put the Expect strings and swich on them acording to the versions of yppasswd and smbpasswd but we are just using this for here right now. As for the running environment the script only needs the following: * Run as 'nobody' or equivalent (What?? No root?? Sorry. ;) * CPAN Expect Perl module * An html form which passes variables as listed at the top of the CGI * A dynamic html form (e.g PHP) or CGI to post responses back to (i.e. the CGI passes error messages back to the web page -- we solve this by simply using one PHP page for both of the above requirements) * This doesn't need to be on either the NIS server or the smbserver * It does require the 'yppasswd' and 'smbpasswd' commands If people find this useful I can chuck it out on a web page here to be downloaded. I hope 8Kb is not too much to post to the list. _Some_ people post their whole conf files and logs so I figure I should be safe. :) This probably wasn't clear at all. If you have any questions feel free to e-mail me personally and, if it's convenient, cc: jmartin@css.tayloru.edu, as he wrote the CGI. Hope this helps someone, -Aaron P.S. As this script is currently written it will only change synchronized passwords. We have it bomb out if the two aren't the same. It's easier that way. -A. +-------> Aaron D. Brooks, 765 . 998 . 5168 Computing Systems Resource Manager Taylor University, CSS Department abrooks [SHIFT"2"] css.tayloru.edu -------------- next part -------------- #!/usr/bin/perl # Written by Joel Martin # 2000-02-17 for Taylor University CSS Department # # Global password changing script. Changes both the NIS password # database (yppasswd) and the samba database (smbpasswd -r) use Expect; # Requires the Expect Perl Module # Incoming Variable Field Names from Web Form: # # username --> Username # old --> Old password # new1 --> New password # new2 --> New password again to verify $error_email="admin\@css.tayloru.edu"; $smbserver="samson"; $sendmailpath="/usr/sbin/sendmail"; $yppasswdpath="/usr/bin/yppasswd"; $smbpasswdpath="/usr/bin/smbpasswd"; $htmlpage="index.php3?page=password"; $exptimeout=10; $Expect::Log_Stdout=0; # 1 will listen in on the conversation $html = ""; # Message placeholder if (! &VerifyForm() ) { &return_msg (2, "You must use the correct submission form."); } &ParseForm(); ### Get the data from the form submission $username = $values{username}; chomp($username); if ($username eq "" || $username eq "0") { &return_msg (2, "You must enter your username"); } $oldpassword = $values{old}; $newpassword1 = $values{new1}; $newpassword2 = $values{new2}; # Now see if yppasswd will swallow the purple rotting salmon if ($newpassword1 ne $newpassword2) { &return_msg (2, "Your new password didn't match the retype"); } ### Check existence of both password programs (yppasswd, smbpasswd) $yppasswd =Expect->spawn("/bin/su - $username -c ${yppasswdpath}",""); $smbpasswd =Expect->spawn("/bin/su - $username -c \"${smbpasswdpath} -r ${smbserver}\""); ### First check our connection to yppasswd if ($position =$yppasswd->expect($exptimeout, '-re','su: user [^ ]* does not exist', '-re','Password:')) { ### We can connect to yppasswd if ($position == 1) { ### "su" said that the username didn't exist &return_msg (2, "The username \"$username\" doesn't exist"); } print $yppasswd $oldpassword."\n"; if ($position =$yppasswd->expect($exptimeout, '-re','su: incorrect password', '-re','Please enter old password:')) { ### "su" said that the username didn't exist if ($position ==1) { &return_msg (2, "Your current password is incorrect"); } } else { ### hmmm, we shouldn't ever get here, otherwise it means yppasswd broke or changed it's output &return_msg(2,"Bad internal error #jdm1"); } } else { ### We can't connect to yppasswd &return_msg(2,"Couldn't connect to yppasswd: ".$yppasswd->exp_error()); } ### Next check our connection to smbpasswd if ($position =$smbpasswd->expect($exptimeout, '-re','su: user [^ ]* does not exist', '-re','Password:')) { ### We can connect to smbpasswd if ($position == 1) { ### We should never get here. ### "su" said that the username didn't exist but it said it did exist the first time. $html .= "That username existed once but not the second time
"; $html .= "Bad internal error #jdm2"; &return_msg(2,$html); } print $smbpasswd $oldpassword."\n"; if (($position,$error,$matched,$before,$after) =$yppasswd->expect($exptimeout, '-re','su: incorrect password', '-re','Old SMB password:')) { ### We should get here. That means the password worked once for "su" but not this time ### "su" said that the username didn't exist if ($position ==1) { $html .= "Your old password didn't match
"; $html .= "Bad internal error #jdm3"; &return_msg(2,$html); } } else { ### hmmm, we shouldn't ever get here, otherwise it means smbpasswd broke or changed it's output &return_msg(2,"Bad internal error #jdm4"); } } else { ### We can't connect to smbpasswd &return_msg(2,"Couldn't connect to smbpasswd: ".$smbpasswd->exp_error()); } ### Do the standard password rigamoral. No soft paper chunks. print $yppasswd "$oldpassword\r"; if (! $yppasswd->expect($exptimeout, '-re','enter new password')) { ### This shouldn't happen because we already verified the password via "su" $html .= "The password you typed didn't match your old password
"; $html .= "Bad internal error #jdm5"; &return_msg(2,$html); } ### User inputs new password and we pass it on to yppasswd. It has the most ### rigorous password check so will just check the password with it. print $yppasswd "$newpassword1\r"; if (! $yppasswd->expect($exptimeout, '-re','retype new password')) { $html .= "The password you typed was too simple or the same as your current password. It must be at least 6 characters long, "; $html .= "use both letters and numbers, not be based on dictionary words and can not be the same as your current password"; &return_msg(2,$html); } ### Now pass the new password on to yp print $yppasswd "$newpassword2\r"; if (! $yppasswd->expect($exptimeout, '-re','has been changed')) { $hmtl .= "For some reason the NIS password update couldn't be finished
"; $html .= "Bad internal error #jdm6"; &return_msg(2,$html); } ### Hopefully smbpasswd doesn't have any problems otherwise we have foofoo ### update anomalies. And if so we e-mail the admin noting the username print $smbpasswd "$oldpassword\r"; if (! $smbpasswd->expect($exptimeout, '-re','New SMB password:')) { $mail_text = "Subject: Password update problem for $username\n\n"; $mail_text.= $username."'s password was updated in NIS but not SMB\n"; `echo -e "$mail_text" | ${sendmailpath} ${error_email}`; $html .= "You probably have a password mismatch in the databases. "; $html .= "Please bring this issue to a systems administrator"; &return_msg(2,$html); } print $smbpasswd "$newpassword1\r"; if (! $smbpasswd->expect($exptimeout, '-re','Retype new SMB password:')) { $mail_text = "Subject: Password update problem for $username\n\n"; $mail_text.= $username."'s password was updated in NIS but not SMB\n"; `echo -e "$mail_text" | ${sendmailpath} ${error_email}`; $html .= "You probably have a password mismatch in the databases. "; $html .= "Please bring this issue to a systems administrator"; &return_msg(2,$html); } print $smbpasswd "$newpassword2\r"; if (! $smbpasswd->expect($exptimeout, '-re','changed')) { $mail_text = "Subject: Password update problem for $username\n\n"; $mail_text.= $username."'s password was updated in NIS but not SMB\n"; `echo -e "$mail_text" | ${sendmailpath} ${error_email}`; $html .= "You probably have a password mismatch in the databases. "; $html .= "Please bring this issue to a systems administrator"; &return_msg(2,$html); } &return_msg(1,"Your password has been successfully changed"); # Terminate Now # Send back a message to the password changes screen sub return_msg { ($status, $text) = @_; if ($yppasswd) { $yppasswd->hard_close(); } if ($smbpasswd) { $smbpasswd->hard_close(); } chomp $text; $encoded =""; for ($i=0; $iexp_init(\*STDIN); # Now turn off echoing $stdin->exp_stty('-echo'); # The easy way to do this is: $localpassword=; chop $localpassword; # Turn echo back on $stdin->exp_stty('echo'); # print that newline that wasn't echoed print "\n"; return $localpassword; } sub VerifyForm { local($bad, $contentType, $requestMethod, $result); $bad = 0; $contentType = $ENV{"CONTENT_TYPE"}; if ($contentType ne "application/x-www-form-urlencoded") { $bad = 1; } $requestMethod = $ENV{"REQUEST_METHOD"}; if ($requestMethod ne "POST") { $bad = 1; } $result = ! $bad; } sub ParseForm { local($fields, $name, $value, $data); read(STDIN, $data, $ENV{"CONTENT_LENGTH"}); @fields = split(/&/, $data); foreach $item (@fields) { ($name, $value) = split(/=/, $item); $name = &UnescapeString($name); $value = &UnescapeString($value); $values{$name} = $value; } } sub UnescapeString { local($s) = $_[0]; local($pos, $ascii); $s =~ s/\+/ /g; $pos = 0; while (($pos = index($s, "%", $pos)) != -1) { $ascii = hex(substr($s, $pos + 1, 2)); substr($s, $pos, 3) = pack("c", $ascii); } $s; } From mgeddes at xavier.sa.edu.au Thu Mar 23 22:37:54 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:08 2003 Subject: Ports References: <00b101bf9516$0b8ad410$d22befcf@weiinc.com> Message-ID: <38DA9CC2.77904C70@xavier.sa.edu.au> > Mike wrote: > > I am running Linux/SAMBA on a file server. All works well. Whilst > monitoring network traffic I note a lot of traffic from an NT4.0 box > hitting the Linux box on port 137. Anyone know what it is trying to > do? > > Also, I am setting up a firewall, hence the monitoring. Where can I > find a list of ports I need to keep available for SAMBA to work. > > Mike I'm pretty sure port 137 is the NetBIOS name service. So it's probably WINS or browse list traffic? Someone else would know for sure. -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From kfitzner at nexus.v-wave.com Fri Mar 24 01:43:40 2000 From: kfitzner at nexus.v-wave.com (Kurt Fitzner) Date: Tue Dec 2 02:29:08 2003 Subject: Inability to have W2K recognize domain Message-ID: I have so far had no success in getting Windows 2000 installation to join a Samba domain. I am using Samba-TNG 1.2 with the sample scripts only slightly modified (attached). I simply want to get roaming profiles working. I need no other functionality except that. Is there an easier way to accomplish this? In any case, here is a list of the symptoms I've noticed so far: - Won't work at all on a linux-libc5 system. The createuser command through rpcclient causes the program to exit with the error "Broken pipe" returned. The following are all on a nice moderm Linux glibc2.1 installation: - After following the step by step instructions in the FAQ, I found the rpcclient did not need a valid password to log into a user. I typed: 'rpcclient -S . -U root -l log' and when it asks for the password, I can type anything (or nothing) and get into the '[root@.]$' prompt and successfully create users. - Commands in rpcclient are constantly giving errors similar to (but which don't seem to affect operation otherwise): "socket connect to /tmp/.msrpc/.samr/agent failed: Connection refused" This seems to be independant of whether I supply a correct password to rpcclient. - The 'ntpass' command in rpcclient doesn't work to change passwords. At least, I can't get it to work. It always returns: - The 'ntlogin' command in rpcclient doesn't work on any accounts created inside rpcclient. It will work with accounds created with 'smbpasswd -a '. - When I try and join a domain in W2K (Control Panel->System->Network Identification), after setting the domain name, it asks me for a username and password. After selecting those, and clicking ok, it pauses for about 15 seconds and then pops up a dialog informing me the domain doesn't exist. Any help getting this to actually work would be immensely appreciated. If anyone has working, and would be willing to offer a working set oc configuration files that I can plagiarize, I would be even more grateful. Kurt Fitzner -------------- next part -------------- [global] interfaces = 192.168.1.2/24 #NetBIOS name isn't needed if it's the same as the hostname netbios name = HACK workgroup = MAINFRAME #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /opt/samba-tng/private/domaingroup.map domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\MYSAMBAPDC\%U logon path = \\MYSAMBAPDC\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba-tng/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /opt/samba-tng/profile writeable = yes #a public share [public] path = /opt/samba-tng/public browseable = yes public = yes comment = Public share From kf_bulk at nexus.v-wave.com Fri Mar 24 01:44:10 2000 From: kf_bulk at nexus.v-wave.com (Kurt Fitzner) Date: Tue Dec 2 02:29:08 2003 Subject: Inability to have W2K recognize domain Message-ID: I have so far had no success in getting Windows 2000 installation to join a Samba domain. I am using Samba-TNG 1.2 with the sample scripts only slightly modified (attached). I simply want to get roaming profiles working. I need no other functionality except that. Is there an easier way to accomplish this? In any case, here is a list of the symptoms I've noticed so far: - Won't work at all on a linux-libc5 system. The createuser command through rpcclient causes the program to exit with the error "Broken pipe" returned. The following are all on a nice moderm Linux glibc2.1 installation: - After following the step by step instructions in the FAQ, I found the rpcclient did not need a valid password to log into a user. I typed: 'rpcclient -S . -U root -l log' and when it asks for the password, I can type anything (or nothing) and get into the '[root@.]$' prompt and successfully create users. - Commands in rpcclient are constantly giving errors similar to (but which don't seem to affect operation otherwise): "socket connect to /tmp/.msrpc/.samr/agent failed: Connection refused" This seems to be independant of whether I supply a correct password to rpcclient. - The 'ntpass' command in rpcclient doesn't work to change passwords. At least, I can't get it to work. It always returns: - The 'ntlogin' command in rpcclient doesn't work on any accounts created inside rpcclient. It will work with accounds created with 'smbpasswd -a '. - When I try and join a domain in W2K (Control Panel->System->Network Identification), after setting the domain name, it asks me for a username and password. After selecting those, and clicking ok, it pauses for about 15 seconds and then pops up a dialog informing me the domain doesn't exist. Any help getting this to actually work would be immensely appreciated. If anyone has working, and would be willing to offer a working set oc configuration files that I can plagiarize, I would be even more grateful. Kurt Fitzner -------------- next part -------------- [global] interfaces = 192.168.1.2/24 #NetBIOS name isn't needed if it's the same as the hostname netbios name = HACK workgroup = MAINFRAME #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /opt/samba-tng/private/domaingroup.map domain alias map = /opt/samba-tng/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\MYSAMBAPDC\%U logon path = \\MYSAMBAPDC\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba-tng/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba-tng/profile [profile] path = /opt/samba-tng/profile writeable = yes #a public share [public] path = /opt/samba-tng/public browseable = yes public = yes comment = Public share From s_basfer at chat.ru Fri Mar 24 04:42:12 2000 From: s_basfer at chat.ru (Serge Badamshin) Date: Tue Dec 2 02:29:08 2003 Subject: REALLY need help on TNG localization (charset, client codepage)!!!! Message-ID: <00d801bf954b$579dabe0$04e270c3@admin.ktme> I wrote once, but had no answer. It's all really confusing, need a help!!! I've used samba-2.0.6 before, but needed accounts browsing, so migrated to TNG-1.1. There were many files with russian names, & I could see them well from Win98 client when using samba 2.0.6. I used charset=KOI8-R, client codepage=866. But now with the same options TNG doesn't show theese files at all. Comparing the two logs with high debug level from samba 2.0.6 and TNG 1.1, I noticed that they're encoding those filenames in different ways. When I turn off charset option, there is no encoding :) So, where is the problem? May be I should change charsets/codepages somehow or smth else? Please, help. basf mailto:basfer@newmail.ru From lkcl at samba.org Fri Mar 24 08:42:19 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:08 2003 Subject: Inability to have W2K recognize domain Message-ID: hi kurt, thanks for your report. can you please try 1.3? i was particularly interested to hear about glibc5 failing. can you please try rpcclient -S . -U root% -l log and issue an lsaquery or other simple command (srvinfo), and let me know if that works, and if not, where it fails (debug level 100). it's likely to be a socket-related issue. yes, you are correct: rpcclient -S . (which can only be run as root) can be used to do the equivalent of the "su" command on unix. it's used to boot-strap-create an administrator-level account, and i am considering, like the AS/U install procedure, to automate this (please type in an administrator username/password, initiating blah blah). i have ntpass working fine, what is the issue? can you check the private/smbpasswd file, see if it has [U ] on the user you are attempting to change-password-of, if it has [UD ] this means user account, disabled. i am pleased to see that you explicitly have guest ok = no in the [netlogon] section, btw. the agent redirector not found message can be ignored, i thought i increased the debug log level for that so it wouldn't show up, oh well. the cannot-locate-domain-controller message i definitely have fixed for various cases, now. if you still have problems with 1.3, please either send me a netmon capture (preferable v1) or increase log levels to 100, locate the relevant section in log.nmb which has a UDP packet coming in, search for the function name "process_logon_packet", and send me the request. it can be identified by having the words GETDC, your workstation name, MAILSLOT\NETLOGON\GETDCxxx i think. it may also have domain: or domain: yourdomainname in the parts afterwards, and the last few bytes will be 03 00 00 00 ff ff ff ff. regarding the password change, ntpass, i have this working with no problems, you do this: bin/rpcclient -S tngserver -U% -l log [thgserver$ ] ntpass username Old password: test New password: tttt NT password changed: OK. ntlogin will only work if you specify the root username/password on startup, or if you use it with -S . -U root - log. the reason for this is that this [testing and admin-only] command must read the $MACHINE.ACC, which is protected for security reasons and can only be accessed by root. in fact, strictly speaking, it should _only_ be accessible as root on -S . -U root, and i'm not even sure i want that to be allowed, but that's another story. regarding createuser / smbpasswd, please always do createuser username -p password, as createuser username will create an account that is disabled, with no password. i have a little more sorting out of the syntax, here, methinks, to do. your input greatly appreciated, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From simo.sorce at polimi.it Fri Mar 24 12:13:35 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:29:08 2003 Subject: lsaquery in rpcclient Message-ID: <38DB5BEF.BB63BA85@polimi.it> tng-1.3: 1. Trying to create a user account with rpcclient it ask this: please use 'lsaquery' first, to ascertain the SID is there any docs in howto use rpcclient and lsaquery option? I'm not able to create any account I've also found this in log.client: socket connect to /tmp/.msrpc/.samr/agent failed: Connection refused socket connect to /localhome/samba/var/locks/.msrpc/samr failed: Connection refused ncalrpc_l_establish_connection: failed samr) ncalrpc_l_use_add: connection failed 2. why do samba tng uses the smb.conf that reside in etc also with --prefix parameter in configure? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Fri Mar 24 12:16:31 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:29:08 2003 Subject: tng-1.3 Message-ID: <38DB5C9F.6638B152@polimi.it> I found that it also uses my samba-2.0.5a /etc/smbpasswd instead of that in /private dir. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From criz_81 at yahoo.com Fri Mar 24 11:24:52 2000 From: criz_81 at yahoo.com (=?iso-8859-1?q?Krister=20Emren?=) Date: Tue Dec 2 02:29:08 2003 Subject: Logging in on the "Any"-domain Message-ID: <20000324112452.2035.qmail@web1402.mail.yahoo.com> Hello! I would like to setup my Samba server so that it will attempt to login all clients, regardless of the domain they wish to login to. I have read through some of the code, but have not been able to find where Samba determines, based on domain name in request, if it should reply to the message or just ignore it. If any of you know where this is done, or knows of a patch which gives this funtionality, please let me know. PS. In an earlier posting, a friend of mine got the answer: "There exists a patch to allow Samba to respond to multiple domain names". However, that was not the problem. We do not need multiple domains, but *any* domain - no matter what name it has. DS. PPS. As I'm not subscribing to this list (or any of the Samba lists), I would appreciate it if any replies were sent to my e-mail address as well as to this list. DDS. / Christer __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com From eiben at busitec.de Fri Mar 24 11:53:10 2000 From: eiben at busitec.de (Henning Eiben) Date: Tue Dec 2 02:29:08 2003 Subject: Password Change from NT client In-Reply-To: Message-ID: > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > shepherd@orgx.co.nz > Sent: Wednesday, March 22, 2000 10:10 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Password Change from NT client > > > > > Every user can change their password by standard method in NT. > Problem may > > be in unix passwd sync turned on. Caused by cracklib in PAM > (control over > > "right" passwd) or in passwd chat. > > OK, after sorting out the passwd chat the password changing seems to work > fine - Thanks heaps! Well, I seem to have some trouble with my passwd chat ... could you give me a hand? This is part of my smb.conf: encrypt passwords = yes unix password sync = true passwd chat debug = true passwd chat = "*New Password*" %n\n "*New password (again)*" %n\n "*Password changed*" For some reason this doesn't work ... I changed my chat-script to this: passwd chat = "*Password*" %o\n "*New password*" %n\n "*New password (again)*" %n\n "*Password changed*" But Samba tells me, that I can't use the %o with encrypted passwords ... any hints? -- Henning Eiben eiben@busitec.de busitec GmbH business information technology http://www.busitec.de From simo.sorce at polimi.it Fri Mar 24 12:59:25 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:29:08 2003 Subject: tng-1.3 Message-ID: <38DB66AD.1426814D@polimi.it> Simo Sorce wrote: > > I found that it also uses my samba-2.0.5a /etc/smbpasswd instead of that > in /private dir. > Please forgot this nonsense, my configuration fault :( -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From iulica at dntis.ro Fri Mar 24 12:12:19 2000 From: iulica at dntis.ro (Iulian Ciorascu) Date: Tue Dec 2 02:29:08 2003 Subject: lsaquery in rpcclient In-Reply-To: <38DB5BEF.BB63BA85@polimi.it> Message-ID: On Fri, 24 Mar 2000, Simo Sorce wrote: > tng-1.3: > > 1. Trying to create a user account with rpcclient it ask this: > please use 'lsaquery' first, to ascertain the SID > is there any docs in howto use rpcclient and lsaquery option? > I'm not able to create any account > > I've also found this in log.client: > > socket connect to /tmp/.msrpc/.samr/agent failed: Connection refused > socket connect to /localhome/samba/var/locks/.msrpc/samr failed: > Connection refused > ncalrpc_l_establish_connection: failed samr) > ncalrpc_l_use_add: connection failed Make sure that all daemons are started. If not, mkdir /localhome/samba/var/locks and try again. Iulian Ciorascu Networking & Communications Department Dynamic Network Technologies Iasi, Romania Phone: +40-32-252938 Fax: +40-32-252933 http://www.dntis.ro/ From hanak at IRIS.osu.cz Fri Mar 24 12:49:19 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:29:08 2003 Subject: Password Change from NT client In-Reply-To: Message-ID: On Fri, 24 Mar 2000, Henning Eiben wrote: > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > shepherd@orgx.co.nz > > Sent: Wednesday, March 22, 2000 10:10 AM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: Password Change from NT client > > > > > > > > > Every user can change their password by standard method in NT. > > Problem may > > > be in unix passwd sync turned on. Caused by cracklib in PAM > > (control over > > > "right" passwd) or in passwd chat. > > > > OK, after sorting out the passwd chat the password changing seems to work > > fine - Thanks heaps! > > Well, I seem to have some trouble with my passwd chat ... could you give me > a hand? This is part of my smb.conf: > > encrypt passwords = yes > unix password sync = true > passwd chat debug = true > passwd chat = "*New Password*" %n\n "*New password (again)*" %n\n "*Password > changed*" > > For some reason this doesn't work ... I changed my chat-script to this: > > passwd chat = "*Password*" %o\n "*New password*" %n\n "*New password > (again)*" %n\n "*Password changed*" > > But Samba tells me, that I can't use the %o with encrypted passwords ... any > hints? > Old password is not needed, cause during passwd change effective uid is 0 (root). Passwd chat is a some kind of alchymism. If you have chat debug turned on, so you can see you trouble in log.smb. For detailed info. set log level=100. Then you will be able to solve this. For me this works fine: passwd chat = "*New password*" %n\n "*New password*" %n\n "*Successfully*" on RH. Hope this helps. Hoj O.H. From mbreuer at siac.com Fri Mar 24 15:11:53 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:08 2003 Subject: TNG alpha 1.3 - still can't join domain Message-ID: <38DB85B9.86512D0C@siac.com> Same symptoms as 1.2 - "The specified domain either does not exist or could not be contacted." Existing members work OK, shares can be mounted, browsed, etc. Note: I removed the "locks" directory when I installed 1.3. From timothy_d_cole at md.northgrum.com Fri Mar 24 15:43:31 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:29:08 2003 Subject: passwords Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47036@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: William Deakin [SMTP:willd@pindar.com] > Sent: Thursday, March 23, 2000 5:54 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: passwords > > As I remember, under AIX and Linux (the only two OS that I tried this on) > the > encryption key is (was?) stored in the shadow/passwd file, substantially > reducing the amount of calculation required (IIRC the key was the last two > bytes > of the password string). > No. This is a somewhat common misconception. The passwords are not encryped, but non-reversibly encoded. The password string in /etc/shadow (or /etc/passwd, for those who haven't converted) is a non-reversible hash of the plaintext password. The first two characters are a 'salt' value which is randomly generated and used to initialize the hash algorithm. When an input password is checked, the password the user entered is hashed with the salt value, and the resulting hashes compared -- if they are the same, there is an extremely high probability that the passwords matched. What the cracker you described did was to hash a large number of possible plaintext passwords, and compare hashes, hoping to find a password that hashed to the same value. Not decrypt an "encrypted" password using the "key". From ely at txc.com Fri Mar 24 16:32:08 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:29:08 2003 Subject: Problems with TNG alpha 1.3 Message-ID: <38DB9888.F0F9FA95@txc.com> I installed samba-tng-alpha-1.3, create user and root accounts using samedit createuser. I successfully joined NTWS to domain using NT Create Computer Account in the Domain with root account and password. I successfully login to the domain with administrative rights. But when I try to use User Manager for Domain I got the message: The remote procedure call failed. The roaming profile still doesn't work. I also cant join the NetApp filer to domain . It gives a message: CIFS server is beginning domain installation. CIFS server is locating PDC. CIFS - Primary Domain Controller must be active for installation. CIFS local server is shutting down... From Hans-Peter.Raschke at gmx.de Fri Mar 24 16:27:07 2000 From: Hans-Peter.Raschke at gmx.de (Hans-Peter Raschke) Date: Tue Dec 2 02:29:08 2003 Subject: Again: Problems joining the domain with a BDC Message-ID: <00032417480200.05209@qmpc2> Hello, now I'm really stuck and need some hints in setting up a BDC with a NT PDC. I installed samba-tng-alpha-1.2 according to Lars FAQ. But when I want to join the domain with the samba BDC an error message occurs: $ createuser QMPC2$ -s -j DS SAM Create Domain User Domain: DS Name: QMPC2$ ACB: [S ] ... Create Domain User: OK Join QMPC2 to Domain DS LSA_OPENSECRET: LSA_OPENSECRET: Set $MACHINE.ACC: FAILED On the NT PDC the machine QMPC2 account appears as an BDC. But in the event log there are errror messages like connection refused - no trust account for machine QMPC2 in the sam database (translated from german). What can I do now? thx HP ----------------------------------------------------------- Hans-Peter Raschke E-Mail: Hans-Peter.Raschke@gmx.de Wintermann DatenService Tel.: ++49 441 9304064 Langenweg 16 Fax: ++49 441 9304069 D-26125 Oldenburg From abrooks at css.tayloru.edu Fri Mar 24 17:54:14 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:29:08 2003 Subject: passwords (RE-SEND) Message-ID: Sorry for CC:ing the list so you guys didn't get the attachment. That was silly. Here is the attachment and the description again. [The attached script was written by Joel Martin.] +-------> Password synchronizing friends. Well, it's not pretty or perfect but we have been using the atached Perl/Expect script pretty nicely here for the last few weeks. The CGI is used in a series of dynamic and moduled html pages so I can't attach all of that (it wouldn't be of use anyways). We are running SSL on the web server so the sessions are encrypted. The Perl/Expect scripts are sort of hairy to go through but aren't really that bad. If you run in a different environment (RH6.1/Apache/PHP/NIS) you may have to do anything from changing the variables at the top of the script to reworking the expect statements. It might be nice at some point to create a config type file where you can put the Expect strings and swich on them acording to the versions of yppasswd and smbpasswd but we are just using this for here right now. As for the running environment the script only needs the following: * Run as 'nobody' or equivalent (What?? No root?? Sorry. ;) * CPAN Expect Perl module * An html form which passes variables as listed at the top of the CGI * A dynamic html form (e.g PHP) or CGI to post responses back to (i.e. the CGI passes error messages back to the web page -- we solve this by simply using one PHP page for both of the above requirements) * This doesn't need to be on either the NIS server or the smbserver * It does require the 'yppasswd' and 'smbpasswd' commands If people find this useful I can chuck it out on a web page here to be downloaded. I hope 8Kb (~12Kb once it get's MIMEd) is not too much to post to the list. _Some_ people post their whole conf files and logs so I figure I should be safe. :) This probably wasn't clear at all. If you have any questions feel free to e-mail me personally and, if it's convenient, cc: jmartin@css.tayloru.edu, as he wrote the CGI. Hope this helps someone, -Aaron P.S. As this script is currently written it will only change synchronized passwords. We have it bomb out if the two aren't the same. It's easier that way. -A. +-------> Aaron D. Brooks, 765 . 998 . 5168 Computing Systems Resource Manager Taylor University, CSS Department abrooks [SHIFT"2"] css.tayloru.edu -------------- next part -------------- #!/usr/bin/perl # Written by Joel Martin # 2000-02-17 for Taylor University CSS Department # # Global password changing script. Changes both the NIS password # database (yppasswd) and the samba database (smbpasswd -r) use Expect; # Requires the Expect Perl Module # Incoming Variable Field Names from Web Form: # # username --> Username # old --> Old password # new1 --> New password # new2 --> New password again to verify $error_email="admin\@css.tayloru.edu"; $smbserver="samson"; $sendmailpath="/usr/sbin/sendmail"; $yppasswdpath="/usr/bin/yppasswd"; $smbpasswdpath="/usr/bin/smbpasswd"; $htmlpage="index.php3?page=password"; $exptimeout=10; $Expect::Log_Stdout=0; # 1 will listen in on the conversation $html = ""; # Message placeholder if (! &VerifyForm() ) { &return_msg (2, "You must use the correct submission form."); } &ParseForm(); ### Get the data from the form submission $username = $values{username}; chomp($username); if ($username eq "" || $username eq "0") { &return_msg (2, "You must enter your username"); } $oldpassword = $values{old}; $newpassword1 = $values{new1}; $newpassword2 = $values{new2}; # Now see if yppasswd will swallow the purple rotting salmon if ($newpassword1 ne $newpassword2) { &return_msg (2, "Your new password didn't match the retype"); } ### Check existence of both password programs (yppasswd, smbpasswd) $yppasswd =Expect->spawn("/bin/su - $username -c ${yppasswdpath}",""); $smbpasswd =Expect->spawn("/bin/su - $username -c \"${smbpasswdpath} -r ${smbserver}\""); ### First check our connection to yppasswd if ($position =$yppasswd->expect($exptimeout, '-re','su: user [^ ]* does not exist', '-re','Password:')) { ### We can connect to yppasswd if ($position == 1) { ### "su" said that the username didn't exist &return_msg (2, "The username \"$username\" doesn't exist"); } print $yppasswd $oldpassword."\n"; if ($position =$yppasswd->expect($exptimeout, '-re','su: incorrect password', '-re','Please enter old password:')) { ### "su" said that the username didn't exist if ($position ==1) { &return_msg (2, "Your current password is incorrect"); } } else { ### hmmm, we shouldn't ever get here, otherwise it means yppasswd broke or changed it's output &return_msg(2,"Bad internal error #jdm1"); } } else { ### We can't connect to yppasswd &return_msg(2,"Couldn't connect to yppasswd: ".$yppasswd->exp_error()); } ### Next check our connection to smbpasswd if ($position =$smbpasswd->expect($exptimeout, '-re','su: user [^ ]* does not exist', '-re','Password:')) { ### We can connect to smbpasswd if ($position == 1) { ### We should never get here. ### "su" said that the username didn't exist but it said it did exist the first time. $html .= "That username existed once but not the second time
"; $html .= "Bad internal error #jdm2"; &return_msg(2,$html); } print $smbpasswd $oldpassword."\n"; if (($position,$error,$matched,$before,$after) =$yppasswd->expect($exptimeout, '-re','su: incorrect password', '-re','Old SMB password:')) { ### We should get here. That means the password worked once for "su" but not this time ### "su" said that the username didn't exist if ($position ==1) { $html .= "Your old password didn't match
"; $html .= "Bad internal error #jdm3"; &return_msg(2,$html); } } else { ### hmmm, we shouldn't ever get here, otherwise it means smbpasswd broke or changed it's output &return_msg(2,"Bad internal error #jdm4"); } } else { ### We can't connect to smbpasswd &return_msg(2,"Couldn't connect to smbpasswd: ".$smbpasswd->exp_error()); } ### Do the standard password rigamoral. No soft paper chunks. print $yppasswd "$oldpassword\r"; if (! $yppasswd->expect($exptimeout, '-re','enter new password')) { ### This shouldn't happen because we already verified the password via "su" $html .= "The password you typed didn't match your old password
"; $html .= "Bad internal error #jdm5"; &return_msg(2,$html); } ### User inputs new password and we pass it on to yppasswd. It has the most ### rigorous password check so will just check the password with it. print $yppasswd "$newpassword1\r"; if (! $yppasswd->expect($exptimeout, '-re','retype new password')) { $html .= "The password you typed was too simple or the same as your current password. It must be at least 6 characters long, "; $html .= "use both letters and numbers, not be based on dictionary words and can not be the same as your current password"; &return_msg(2,$html); } ### Now pass the new password on to yp print $yppasswd "$newpassword2\r"; if (! $yppasswd->expect($exptimeout, '-re','has been changed')) { $hmtl .= "For some reason the NIS password update couldn't be finished
"; $html .= "Bad internal error #jdm6"; &return_msg(2,$html); } ### Hopefully smbpasswd doesn't have any problems otherwise we have foofoo ### update anomalies. And if so we e-mail the admin noting the username print $smbpasswd "$oldpassword\r"; if (! $smbpasswd->expect($exptimeout, '-re','New SMB password:')) { $mail_text = "Subject: Password update problem for $username\n\n"; $mail_text.= $username."'s password was updated in NIS but not SMB\n"; `echo -e "$mail_text" | ${sendmailpath} ${error_email}`; $html .= "You probably have a password mismatch in the databases. "; $html .= "Please bring this issue to a systems administrator"; &return_msg(2,$html); } print $smbpasswd "$newpassword1\r"; if (! $smbpasswd->expect($exptimeout, '-re','Retype new SMB password:')) { $mail_text = "Subject: Password update problem for $username\n\n"; $mail_text.= $username."'s password was updated in NIS but not SMB\n"; `echo -e "$mail_text" | ${sendmailpath} ${error_email}`; $html .= "You probably have a password mismatch in the databases. "; $html .= "Please bring this issue to a systems administrator"; &return_msg(2,$html); } print $smbpasswd "$newpassword2\r"; if (! $smbpasswd->expect($exptimeout, '-re','changed')) { $mail_text = "Subject: Password update problem for $username\n\n"; $mail_text.= $username."'s password was updated in NIS but not SMB\n"; `echo -e "$mail_text" | ${sendmailpath} ${error_email}`; $html .= "You probably have a password mismatch in the databases. "; $html .= "Please bring this issue to a systems administrator"; &return_msg(2,$html); } &return_msg(1,"Your password has been successfully changed"); # Terminate Now # Send back a message to the password changes screen sub return_msg { ($status, $text) = @_; if ($yppasswd) { $yppasswd->hard_close(); } if ($smbpasswd) { $smbpasswd->hard_close(); } chomp $text; $encoded =""; for ($i=0; $iexp_init(\*STDIN); # Now turn off echoing $stdin->exp_stty('-echo'); # The easy way to do this is: $localpassword=; chop $localpassword; # Turn echo back on $stdin->exp_stty('echo'); # print that newline that wasn't echoed print "\n"; return $localpassword; } sub VerifyForm { local($bad, $contentType, $requestMethod, $result); $bad = 0; $contentType = $ENV{"CONTENT_TYPE"}; if ($contentType ne "application/x-www-form-urlencoded") { $bad = 1; } $requestMethod = $ENV{"REQUEST_METHOD"}; if ($requestMethod ne "POST") { $bad = 1; } $result = ! $bad; } sub ParseForm { local($fields, $name, $value, $data); read(STDIN, $data, $ENV{"CONTENT_LENGTH"}); @fields = split(/&/, $data); foreach $item (@fields) { ($name, $value) = split(/=/, $item); $name = &UnescapeString($name); $value = &UnescapeString($value); $values{$name} = $value; } } sub UnescapeString { local($s) = $_[0]; local($pos, $ascii); $s =~ s/\+/ /g; $pos = 0; while (($pos = index($s, "%", $pos)) != -1) { $ascii = hex(substr($s, $pos + 1, 2)); substr($s, $pos, 3) = pack("c", $ascii); } $s; } From ralf at is.rice.edu Fri Mar 24 22:36:59 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:29:08 2003 Subject: Accessing Win95/98 machines Message-ID: I have a question people. Any help will be much appreciated. When a user is logged locally to an NT box. He can access other NT boxes as well as Win95/98 machines with the run command \\machine-name\share-name. But if the user is logged to samba, then the only machines accessible are the NT machines. The question is: Why is samba refusing to talk to Win95/98 machines that way? We have Win95/98 machines loggin directly to samba and using samba shares without problems. We're using samba-2.0.6 on a solaris 2.6 box. Is there a way around this? Please help! Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From kfitzner at nexus.v-wave.com Fri Mar 24 23:20:13 2000 From: kfitzner at nexus.v-wave.com (Kurt Fitzner) Date: Tue Dec 2 02:29:08 2003 Subject: Inability to have W2K recognize domain In-Reply-To: Message-ID: >i was particularly interested to hear about glibc5 failing. can you >please try rpcclient -S . -U root% -l log and issue an lsaquery or other >simple command (srvinfo), and let me know if that works, and if not, where >it fails (debug level 100). My first attempt yeielded the same result - rpcclient exited after displaying "Broken pipe" (session results and logs attached as log_libc5_rpcclient_1.tar.gz) After a few minutes, rpcclient stopped exiting, but the commands had no effect either (log_libc5_rpcclient_2.tar.gz). >yes, you are correct: rpcclient -S . (which can only be run as root) can >be used to do the equivalent of the "su" command on unix. All right. I have also noticed, though, that the following command works: ./rpcclient -S hack -U admin -l log no matter what password I supply. > regarding the password change, ntpass, i have this working with no > problems, you do this: > bin/rpcclient -S tngserver -U% -l log > [thgserver$ ] ntpass username > Old password: test > New password: tttt > NT password changed: OK. This works fine for me. However, if I do not log in as root and try it, I get a seg fault: hack:/opt/samba-tng/bin# ./rpcclient -S hack -U admin -l log Enter Password: [admin@HACK]$ ntpass ntpass SAM NT Password Change Segmentation fault I don't get a seg fault if I supply a username to ntpass. [admin@HACK]$ ntpass admin ntpass admin SAM NT Password Change Old Password: New Password: retype: NT Password changed OK I wasn't successful this morning in getting W2K to join the domain, but when it did fail, it failed almost instantly (not after the 30 second or so pause of before). The logs were full of "ERROR: setgroups call failed!" messages, so I probably don't have something configured right. It was 4am here when i tried, though, so I wasn't too lucid. ;) Thanks for everything, hope this helps. I'll send more info as I get it. Kurt. -------------- next part -------------- A non-text attachment was scrubbed... Name: log_libc5_rpcclient_2.tar.gz Type: application/octet-stream Size: 3571 bytes Desc: log_libc5_rpcclient_2.tar.gz Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000324/9c16aef6/log_libc5_rpcclient_2.tar.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: log_libc5_rpcclient_1.tar.gz Type: application/octet-stream Size: 2935 bytes Desc: log_libc5_rpcclient_1.tar.gz Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000324/9c16aef6/log_libc5_rpcclient_1.tar.obj From lkcl at samba.org Sun Mar 26 22:16:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:08 2003 Subject: Inability to have W2K recognize domain In-Reply-To: Message-ID: kurt, it looks like you are running with mis-matched versions of rpcclient and lsarpcd or maybe smbd please look around your system for old versions of the libraries (and delete them) and old versions of the samba daemons (including the msrpc ones) and delete them, and also old versions of the client-side programs. if you look at the data in the vuser_structs it is not being picked up correctly, it's offset by 2 bytes, and variously trashed. there may be some other subtle issues. try compiling ./configure --enable-static; make clean; name on the glibc5 system, as well, and please report whether that works or not. thank you! On Fri, 24 Mar 2000, Kurt Fitzner wrote: > >i was particularly interested to hear about glibc5 failing. can you > >please try rpcclient -S . -U root% -l log and issue an lsaquery or other > >simple command (srvinfo), and let me know if that works, and if not, where > >it fails (debug level 100). > > My first attempt yeielded the same result - rpcclient exited after displaying > "Broken pipe" (session results and logs attached as > log_libc5_rpcclient_1.tar.gz) > > After a few minutes, rpcclient stopped exiting, but the commands had no > effect either (log_libc5_rpcclient_2.tar.gz). > > >yes, you are correct: rpcclient -S . (which can only be run as root) can > >be used to do the equivalent of the "su" command on unix. > > All right. I have also noticed, though, that the following command works: > ./rpcclient -S hack -U admin -l log > no matter what password I supply. > > > regarding the password change, ntpass, i have this working with no > > problems, you do this: > > bin/rpcclient -S tngserver -U% -l log > > [thgserver$ ] ntpass username > > Old password: test > > New password: tttt > > NT password changed: OK. > > This works fine for me. However, if I do not log in as root and try it, I > get a seg fault: > hack:/opt/samba-tng/bin# ./rpcclient -S hack -U admin -l log > Enter Password: > [admin@HACK]$ ntpass > ntpass > SAM NT Password Change > Segmentation fault > > I don't get a seg fault if I supply a username to ntpass. > [admin@HACK]$ ntpass admin > ntpass admin > SAM NT Password Change > Old Password: > New Password: > retype: > NT Password changed OK > > I wasn't successful this morning in getting W2K to join the domain, but when > it did fail, it failed almost instantly (not after the 30 second or so pause > of before). The logs were full of "ERROR: setgroups call failed!" messages, > so I probably don't have something configured right. It was 4am here when i > tried, though, so I wasn't too lucid. ;) > > Thanks for everything, hope this helps. I'll send more info as I get it. > > Kurt. > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From ryagatich at csn1.com Fri Mar 24 23:45:37 2000 From: ryagatich at csn1.com (Ryan Yagatich) Date: Tue Dec 2 02:29:08 2003 Subject: Accessing Win95/98 machines In-Reply-To: Message-ID: smbmount smbmount "\\servername\sharename" "\mountpoint" -W workgroup -U username that's the jist of it. ryan -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Alfredo Ramos Sent: Friday, March 24, 2000 5:39 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Accessing Win95/98 machines I have a question people. Any help will be much appreciated. When a user is logged locally to an NT box. He can access other NT boxes as well as Win95/98 machines with the run command \\machine-name\share-name. But if the user is logged to samba, then the only machines accessible are the NT machines. The question is: Why is samba refusing to talk to Win95/98 machines that way? We have Win95/98 machines loggin directly to samba and using samba shares without problems. We're using samba-2.0.6 on a solaris 2.6 box. Is there a way around this? Please help! Al. ---------------------------------------------------------------------------- ----- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu ---------------------------------------------------------------------------- ----- From markm at muffett.net Sun Mar 26 19:03:31 2000 From: markm at muffett.net (Mark Muffett) Date: Tue Dec 2 02:29:08 2003 Subject: Joining domain Message-ID: <38DE5EFC.F40EB847@muffett.net> I'm running Version 2.0.7-pre2 and I've just rebuilt an NT4 box that used to be on the domain and renamed it. Now when I try to get it to join the domain again I get "Unable to update local security in order to join domain" as an error on the NT box - no number etc. Anyone else seen this or know what to do? Mark Muffett From nanardon at ifrance.com Thu Mar 23 21:13:37 2000 From: nanardon at ifrance.com (Olivier Thauvin) Date: Tue Dec 2 02:29:08 2003 Subject: Win Join Samba Domain Message-ID: <00032322172700.00376@nanar> I'm using samba 2.0.6 on a Mandrake 6.0 and Win98 log on my domain which no probleme, I resolved many problem to contact Samba with Win 2000 ( This is for many test ) but I can see the samba ressource, I can access it, but log on my domain. If somebody have an example of smb.conf or many solution. Thanks From jens.skripczynski at igd.fhg.de Sun Mar 26 11:57:09 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:29:08 2003 Subject: samba name server not avaible ? Message-ID: <20000326135709.A4424@pclinux.igd.fhg.de> Hi, I'm living in Germany and I'm currently unable to resolve any host of samba.org: i And I'm not recieving any mail from you... lookup cvs.samba.org Server: shadowland.sc Address: 10.0.0.254 ^[*** shadowland.sc can't find cvs.samba.org: Non-existent host/domain nslookup samba.org Server: shadowland.sc Address: 10.0.0.254 *** shadowland.sc can't find samba.org: Non-existent host/domain ... Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From anders at aae.wisc.edu Mon Mar 27 03:12:05 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:29:08 2003 Subject: REALLY need help on TNG localization (charset, client codepage)!!!! In-Reply-To: <00d801bf954b$579dabe0$04e270c3@admin.ktme> from Serge Badamshin at "Mar 24, 2000 04:08:29 pm" Message-ID: <200003270312.VAA08064@pug.aae.wisc.edu> First of all.. you probably need SAMBA HEAD not SAMBA TNG, as samba TNG contains OLD code which has not been updated since the pre-2.0 release, additionaly, you may want to check out samba-technical, as this is not a NTDOM issue.. I'm sorry I can't help you out.. I'm not knowledgable on the charset stuff --Anders From lars at kneschke.de Sat Mar 25 19:15:03 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:29:08 2003 Subject: Ports References: <00b101bf9516$0b8ad410$d22befcf@weiinc.com> <38DA9CC2.77904C70@xavier.sa.edu.au> Message-ID: <38DD1037.FB1B08E5@kneschke.de> Matthew Geddes wrote: > > > Mike wrote: > > > > I am running Linux/SAMBA on a file server. All works well. Whilst > > monitoring network traffic I note a lot of traffic from an NT4.0 box > > hitting the Linux box on port 137. Anyone know what it is trying to > > do? > > > > Also, I am setting up a firewall, hence the monitoring. Where can I > > find a list of ports I need to keep available for SAMBA to work. > > > > Mike > > I'm pretty sure port 137 is the NetBIOS name service. So it's probably > WINS or browse list traffic? Someone else would know for sure. Port's 137-139 should be enough. Cu -- Watch our projects at http://www.kneschke.de/projekte! GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From it-samba at computerbild.de Sat Mar 25 12:16:05 2000 From: it-samba at computerbild.de (Ingo T. Storm) Date: Tue Dec 2 02:29:08 2003 Subject: integration NT-Dom, LDAP (Netscape, Openldap), Email References: Message-ID: <00d901bf9653$f317abd0$212ca8c0@combi.de> Hi, sorry, I do know that this is not exactly the right list to post to, but it is the best place (with the brightest minds) I could find. If you think this is of no interest here, please just ignore it. I manage an NT-Domain (soon to be 3 or 4 with full trust relationships). My some 100 users are mainly simple Windows (95 through W2K) desktop users who don't know too much about differences between Windows password, NT domain password, email accounts and the like, so I want a single logon to all services (except W9x windows "passwords"). Currently the domain has NT-PDCs and BDCs and a very nice mail server called mailsite that uses the NT SAM for authentication. I successfully run Linux Samba (2.06) servers with and without domain integration and Linux servers for all internet services except email (http, ftp, squid, socks, mailing lists, firewalling with ipchains), so I am not exactly a newbie - i just don't see the big picture yet. I would like to move this whole thing to - a Samba PDC and about 5 BDCs in different network segments (some over slow WAN links) - an LDAP server as a department directory service - Unix/Linux smtp, pop and imap servers auth'ing against PDC/LDAP - SOCKS with authentication against the PDC/LDAP if possible I assume that the single logon can only be acheived via PAM and LDAP. I've read lots of HOWTOs and FAQs but I cannot find a guide on how to integrate all the services and get a single logon to all of them. Does anyone have any nice pointers? Something to get me Samba talking to LDAP (which I do yet not fully understand) would be a very nice starting point. Cheers and sorry to bother those not interested, Ingo From snail_talk at yahoo.com Mon Mar 27 06:52:38 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:29:08 2003 Subject: Win Join Samba Domain In-Reply-To: <00032322172700.00376@nanar> Message-ID: <000201bf97b9$0a2230a0$0200000a@workstation1> Yo! > > > I'm using samba 2.0.6 on a Mandrake 6.0 and Win98 log on my > domain which no > probleme, I resolved many problem to contact Samba with support for that is of course official. Win 2000 > ( This is for > many test ) but I can see the samba ressource, I can access it, > but log on my > domain. it doesn't work in the 2.0.x series for win2k. you have to use tng. > If somebody have an example of smb.conf or many solution. > nupe. it's not a problem with your configuration file. geoff. > Thanks > From mgeddes at xavier.sa.edu.au Mon Mar 27 06:21:30 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:08 2003 Subject: integration NT-Dom, LDAP (Netscape, Openldap), Email References: <00d901bf9653$f317abd0$212ca8c0@combi.de> Message-ID: <38DEFDEA.D4E99E81@xavier.sa.edu.au> "Ingo T. Storm" wrote: It's probably not the right list, but there isn't really a list designed for this type of thing.... > - a Samba PDC and about 5 BDCs in different network segments (some over slow > WAN links) > - an LDAP server as a department directory service > - Unix/Linux smtp, pop and imap servers auth'ing against PDC/LDAP > - SOCKS with authentication against the PDC/LDAP if possible > > I assume that the single logon can only be acheived via PAM and LDAP. Take a look at PAM_SMB and PAM_NTDOM. They might be OK for your situation. I think they're available from ftp.samba.org/pub/samba/ somewhere. > > I've read lots of HOWTOs and FAQs but I cannot find a guide on how to > integrate all the services and get a single logon to all of them. Does > anyone have any nice pointers? Something to get me Samba talking to LDAP > (which I do yet not fully understand) would be a very nice starting point. There isn't a great deal out there. When I've finished working it out I intend on writing something, but time..... There is however a HOWTO on getting RedHat 6.x to work with LDAP/PAM (http://people.redhat.com/alikins/ldap/ldap.html) and another on Samba and LDAP (I think it's called the Samba-LDAP HOWTO). Sorry about the lack of link, but I usually just take a hard copy and file it (at home). The last one is from a University and although they use Solaris, it works. Apparently the Samba source is quite easy to "read". You might find some cool info there. Hope it helps, -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From p.mayers at ic.ac.uk Mon Mar 27 08:32:38 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:29:08 2003 Subject: Ports References: <00b101bf9516$0b8ad410$d22befcf@weiinc.com> <38DA9CC2.77904C70@xavier.sa.edu.au> <38DD1037.FB1B08E5@kneschke.de> Message-ID: <38DF1CA6.9BDD758F@ic.ac.uk> You might want 445 as well (NetBIOS-less SMB). Cheers, Phil Lars Kneschke wrote: > > Matthew Geddes wrote: > > > > > Mike wrote: > > > > > > I am running Linux/SAMBA on a file server. All works well. Whilst > > > monitoring network traffic I note a lot of traffic from an NT4.0 box > > > hitting the Linux box on port 137. Anyone know what it is trying to > > > do? > > > > > > Also, I am setting up a firewall, hence the monitoring. Where can I > > > find a list of ports I need to keep available for SAMBA to work. > > > > > > Mike > > > > I'm pretty sure port 137 is the NetBIOS name service. So it's probably > > WINS or browse list traffic? Someone else would know for sure. > Port's 137-139 should be enough. > > Cu > -- > Watch our projects at http://www.kneschke.de/projekte! > GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From ken at hudat.com Sat Mar 25 17:30:26 2000 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:29:09 2003 Subject: Automounting of user directories on Linux In-Reply-To: <20000322184717.49626.qmail@hotmail.com> Message-ID: On Thu, 23 Mar 2000, Thien Vu wrote: > We would like to implement a NFS type system, but I can't quite figure out > how to have the user's home directory, which is exported as an Samba share, > mount to the local machine. I would like to do it with out have the user > become root. Is this possible? I've taken a look at various options in > mount, fstab, smbmount and smbmnt. Any suggestions would be useful. since I haven't gotten this working myself, I'm hesitant to suggest it. Look into enabling autofs and (do a man on "autofs" and/or "auto.master" (auto_master or otherwise depending on your OS). -peace --- BEGIN GEEK CODE BLOCK ------------+----------- GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree." O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake y*(+) ------ END GEEK CODE BLOCK -----+ From cost at dg.net.ua Mon Mar 27 10:02:26 2000 From: cost at dg.net.ua (Constantin Zgrivets) Date: Tue Dec 2 02:29:09 2003 Subject: subscribe Message-ID: subscribe -- CZ602-RIPE From ed at schernau.com Mon Mar 27 13:11:51 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:29:09 2003 Subject: DNS Message-ID: <38DF5E17.2084FDDE@schernau.com> Something is up with samba.org -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA From simar at gmx.net Mon Mar 27 15:40:19 2000 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:29:09 2003 Subject: Ports References: <00b101bf9516$0b8ad410$d22befcf@weiinc.com> <38DA9CC2.77904C70@xavier.sa.edu.au> <38DD1037.FB1B08E5@kneschke.de> <38DF1CA6.9BDD758F@ic.ac.uk> Message-ID: <38DF80E3.A55520BF@gmx.net> Can anyone explain me what this NetBIOS-less SMB is ? Which of the daemons provides it ? Phil Mayers wrote: > You might want 445 as well (NetBIOS-less SMB). > > Cheers, > Phil > > Lars Kneschke wrote: > > > > Matthew Geddes wrote: > > > > > > > Mike wrote: > > > > > > > > I am running Linux/SAMBA on a file server. All works well. Whilst > > > > monitoring network traffic I note a lot of traffic from an NT4.0 box > > > > hitting the Linux box on port 137. Anyone know what it is trying to > > > > do? > > > > > > > > Also, I am setting up a firewall, hence the monitoring. Where can I > > > > find a list of ports I need to keep available for SAMBA to work. > > > > > > > > Mike > > > > > > I'm pretty sure port 137 is the NetBIOS name service. So it's probably > > > WINS or browse list traffic? Someone else would know for sure. > > Port's 137-139 should be enough. > > > > Cu > > -- > > Watch our projects at http://www.kneschke.de/projekte! > > GGI-TV, KSamba, PXTools, Samba TNG FAQ, myWebalizer From simar at gmx.net Mon Mar 27 15:52:04 2000 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:29:09 2003 Subject: Compile-options surs-tdb nt5ldap Message-ID: <38DF83A4.6E18549F@gmx.net> Do these options allready produce useful daemons ? Is it better to let samba use the smbpasswd-file ? From simar at gmx.net Mon Mar 27 15:55:17 2000 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:29:09 2003 Subject: Inability to have W2K recognize domain References: Message-ID: <38DF8465.64BB11BD@gmx.net> What exactly does this setgroups thing ? Luke Kenneth Casson Leighton wrote: > kurt, it looks like you are running with mis-matched versions of rpcclient > and lsarpcd or maybe smbd > > please look around your system for old versions of the libraries (and > delete them) and old versions of the samba daemons (including the msrpc > ones) and delete them, and also old versions of the client-side programs. > > if you look at the data in the vuser_structs it is not being picked up > correctly, it's offset by 2 bytes, and variously trashed. > > there may be some other subtle issues. > > try compiling ./configure --enable-static; make clean; name on the glibc5 > system, as well, and please report whether that works or not. > > thank you! > > On Fri, 24 Mar 2000, Kurt Fitzner wrote: > > > >i was particularly interested to hear about glibc5 failing. can you > > >please try rpcclient -S . -U root% -l log and issue an lsaquery or other > > >simple command (srvinfo), and let me know if that works, and if not, where > > >it fails (debug level 100). > > > > My first attempt yeielded the same result - rpcclient exited after displaying > > "Broken pipe" (session results and logs attached as > > log_libc5_rpcclient_1.tar.gz) > > > > After a few minutes, rpcclient stopped exiting, but the commands had no > > effect either (log_libc5_rpcclient_2.tar.gz). > > > > >yes, you are correct: rpcclient -S . (which can only be run as root) can > > >be used to do the equivalent of the "su" command on unix. > > > > All right. I have also noticed, though, that the following command works: > > ./rpcclient -S hack -U admin -l log > > no matter what password I supply. > > > > > regarding the password change, ntpass, i have this working with no > > > problems, you do this: > > > bin/rpcclient -S tngserver -U% -l log > > > [thgserver$ ] ntpass username > > > Old password: test > > > New password: tttt > > > NT password changed: OK. > > > > This works fine for me. However, if I do not log in as root and try it, I > > get a seg fault: > > hack:/opt/samba-tng/bin# ./rpcclient -S hack -U admin -l log > > Enter Password: > > [admin@HACK]$ ntpass > > ntpass > > SAM NT Password Change > > Segmentation fault > > > > I don't get a seg fault if I supply a username to ntpass. > > [admin@HACK]$ ntpass admin > > ntpass admin > > SAM NT Password Change > > Old Password: > > New Password: > > retype: > > NT Password changed OK > > > > I wasn't successful this morning in getting W2K to join the domain, but when > > it did fail, it failed almost instantly (not after the 30 second or so pause > > of before). The logs were full of "ERROR: setgroups call failed!" messages, > > so I probably don't have something configured right. It was 4am here when i > > tried, though, so I wasn't too lucid. ;) > > > > Thanks for everything, hope this helps. I'll send more info as I get it. > > > > Kurt. > > > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From simar at gmx.net Mon Mar 27 16:03:21 2000 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:29:09 2003 Subject: Accessing Win95/98 machines References: Message-ID: <38DF8649.44C617C@gmx.net> It is said somwhere in the samba docs that NT-Domains and Domain-logons from win95/98 is something completely different. I think that Windows NT which is logged into a Domain doesn't quite trust Win95/98 machines at least those who are not logged on to the domain. A test with a real Windows NT server could make this clear. Alfredo Ramos wrote: > I have a question people. Any help will be much appreciated. > > When a user is logged locally to an NT box. He can access other NT boxes > as well as Win95/98 machines with the run command > \\machine-name\share-name. But if the user is logged to samba, then the > only machines accessible are the NT machines. > > The question is: Why is samba refusing to talk to Win95/98 machines that > way? We have Win95/98 machines loggin directly to samba and using samba > shares without problems. > > We're using samba-2.0.6 on a solaris 2.6 box. > > Is there a way around this? > > Please help! > > Al. > > --------------------------------------------------------------------------------- > | Alfredo Ramos > This space available for rent. | New Media & Student Computing > Get your product moving. Advertise here! | Rice University. > | Email: ralf@is.rice.edu > --------------------------------------------------------------------------------- From Daniel.Breest at breest-brothers.de Mon Mar 27 18:00:22 2000 From: Daniel.Breest at breest-brothers.de (El) Date: Tue Dec 2 02:29:09 2003 Subject: Inability to have W2K recognize domain Message-ID: hi, i also have some problems to join a samba-domain with Windows 2000-clients. While trying to join my domain, i also get the message, that my domain is not available. here is, what i have done so far: -i`m using the tng-version 1.3 -all the daemons are running, -the user root is in the unix-group "domainadmins", and i have mapped this group to the nt-group "Domain Admins" -i have added the user root to the smbpasswd via "smbpasswd -a root" -i have created unix-accounts for my Win2K-WS and for my Samba-server -i have created a trustaccount for my Samba-server and my Win2K-WS via the rpcclient createuser-command here is a snapshot from my log.nmb: process_logon_packet: Group-packet Logon from 192.168.0.10: code = 12 process_logon_packet: SAMLOGON sidsize 0 ntv b process_logon_packet: SAMLOGON request from DANIEL(192.168.0.10) for , returning logon svr \\SERVER domain MYDOMAIN code 13 token=ffff process_logon_packet: Group-packet Logon from 192.168.0.10: code = 12 process_logon_packet: SAMLOGON sidsize 0 ntv b process_logon_packet: SAMLOGON request from DANIEL(192.168.0.10) for , returning logon svr \\SERVER domain MYDOMAIN code 13 token=ffff process_logon_packet: Group-packet Logon from 192.168.0.10: code = 12 process_logon_packet: SAMLOGON sidsize 0 ntv b process_logon_packet: SAMLOGON request from DANIEL(192.168.0.10) for DANIEL$, returning logon svr \\SERVER domain MYDOMAIN code 13 token=ffff wins_process_name_query: name query for name LEIPZIG<1b> from IP 192.168.0.10 wins_process_name_query: name query for name LEIPZIG<1b> returning first IP 192.168.0.0. process_logon_packet: Group-packet Logon from 192.168.0.10: code = 12 process_logon_packet: SAMLOGON sidsize 0 ntv b process_logon_packet: SAMLOGON request from DANIEL(192.168.0.10) for DANIEL$, returning logon svr \\SERVER domain MYDOMAIN code 13 token=ffff process_logon_packet: Group-packet Logon from 192.168.0.10: code = 7 process_logon_packet: GETDC request from DANIEL at IP 192.168.0.10, reporting SERVER domain MYDOMAIN 0xc ntversion=1 lm_nt token=0 lm_20 token=0 process_logon_packet: Group-packet Logon from 192.168.0.10: code = 12 process_logon_packet: SAMLOGON sidsize 0 ntv b process_logon_packet: SAMLOGON request from DANIEL(192.168.0.10) for DANIEL$, returning logon svr \\SERVER domain MYDOMAIN code 13 token=ffff process_logon_packet: Group-packet Logon from 192.168.0.10: code = 7 process_logon_packet: GETDC request from DANIEL at IP 192.168.0.10, reporting SERVER domain MYDOMAIN 0xc ntversion=1 lm_nt token=0 lm_20 token=0 after that, i get the error-message above. so, what i have done wrong so far. thanks for every hint... EL From s_basfer at chat.ru Tue Mar 28 03:22:31 2000 From: s_basfer at chat.ru (Serge Badamshin) Date: Tue Dec 2 02:29:09 2003 Subject: REALLY need help on TNG localization (charset, client codepage)!!!! Message-ID: <000b01bf9865$56dff560$58e270c3@admin.ktme> Thanks a lot, it was very helpful. I guess the reason is the old code. But, what really is SAMBA HEAD? I wanted to use samba TNG because of its NTDomain capabilities (list of users' accounts, etc). After all, is it possible to upgrade (patch, change) the corresponding code in TNG with other? Serge >First of all.. you probably need SAMBA HEAD not SAMBA TNG, >as samba TNG contains OLD code which has not been updated since the >pre-2.0 release, > >additionaly, you may want to check out samba-technical, as this is not >a NTDOM issue.. > >I'm sorry I can't help you out.. I'm not knowledgable on the >charset stuff > >--Anders > From Hans-Peter.Raschke at gmx.de Tue Mar 28 09:02:24 2000 From: Hans-Peter.Raschke at gmx.de (Hans-Peter Raschke) Date: Tue Dec 2 02:29:09 2003 Subject: _lsa_open_secret: couldn't open secret_db. Possible attack? Message-ID: <00032811045100.01920@qmpc2> Hello, in the file log.lsarpc I found the following error message: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=65534, egid=65534 ERROR: setgroups call failed! What does this mean? thx HP ----------------------------------------------------------- Hans-Peter Raschke E-Mail: Hans-Peter.Raschke@gmx.de Wintermann DatenService Tel.: ++49 441 9304064 Langenweg 16 Fax: ++49 441 9304069 D-26125 Oldenburg From tom at ee.ucl.ac.uk Tue Mar 28 10:38:59 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:09 2003 Subject: Report on cvs of 28/3/00 1130 BST Message-ID: <200003281038.LAA19522@picard.ee.ucl.ac.uk> Hello, Things that have changed since last Thursday: 1) Automatic interface detection on Sparc no longer works. Needed to add line: interfaces = 128.40.38.2/255.255.0.0 127.0.0.1/255.0.0.0 Errors are reported registering the domain: nmbd_subnetdb:namelist_entry_compare() 30 == memcmp( "EE<1e>", "EE<00>", 88 ) nmbd_subnetdb:namelist_entry_compare() -13 == memcmp( "EE<1e>", "ROME<00>", 88 ) add_name_to_subnet: Added netbios name EE<1e> with first IP 128.40.38.2 ttl=259200 nb_flags=c4 to subnet UNICAST_SUBNET initiate_name_register_packet: sending registration for name EE<1e> (bcast=No) to IP 127.0.0.1 send_netbios_packet: sending packet to ourselves. add_response_record: adding response record id:31560 to subnet UNICAST_SUBNET. num_records:19 initiate_name_register_packet: sending registration for name EE<1e> (bcast=No) to IP 127.0.0.1 send_netbios_packet: sending packet to ourselves. add_response_record: adding response record id:31561 to subnet UNICAST_SUBNET. num_records:20 is_myname("ROME") returns 1 create_server_on_workgroup: Created server entry ROME of type 40019a0b (Samba TNG-prealpha) on workgroup EE. initiate_myworkgroup_startup: Added server name entry ROME on subnet UNICAST_SUBNET add_name_to_subnet: Added netbios name *<00> with first IP 128.40.38.2 ttl=0 nb_flags=40 to subnet REMOTE_BROADCAST_SUBNET nmbd_subnetdb:namelist_entry_compare() 32 == memcmp( "*<20>", "*<00>", 88 ) add_name_to_subnet: Added netbios name *<20> with first IP 128.40.38.2 ttl=0 nb_flags=40 to subnet REMOTE_BROADCAST_SUBNET nmbd_subnetdb:namelist_entry_compare() 53 == memcmp( "__SAMBA__<20>", "*<20>", 88 ) add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 128.40.38.2 ttl=0 nb_flags=40 to subnet REMOTE_BROADCAST_SUBNET nmbd_subnetdb:namelist_entry_compare() -32 == memcmp( "__SAMBA__<00>", "__SAMBA__<20>", 88 ) nmbd_subnetdb:namelist_entry_compare() 53 == memcmp( "__SAMBA__<00>", "*<20>", 88 ) add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 128.40.38.2 ttl=0 nb_flags=40 to subnet REMOTE_BROADCAST_SUBNET nmbd_subnetdb:namelist_entry_compare() -26 == memcmp( "EE<1e>", "__SAMBA__<00>", 88 ) nmbd_subnetdb:namelist_entry_compare() 27 == memcmp( "EE<1e>", "*<20>", 88 ) find_name_on_subnet: on subnet 128.40.38.2 - name EE<1e> NOT FOUND check_elections: Cannot send election packet yet as name EE<1e> not yet registered on subnet 128.40.38.2 nmbd_subnetdb:namelist_entry_compare() -26 == memcmp( "EE<1e>", "__SAMBA__<00>", 88 ) nmbd_subnetdb:namelist_entry_compare() 27 == memcmp( "EE<1e>", "*<20>", 88 ) find_name_on_subnet: on subnet 127.0.0.1 - name EE<1e> NOT FOUND check_elections: Cannot send election packet yet as name EE<1e> not yet registered on subnet 127.0.0.1 It looks like nmbd is not working any more.... Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From Olivier.Brousselle at univ-lehavre.fr Tue Mar 28 12:43:25 2000 From: Olivier.Brousselle at univ-lehavre.fr (Olivier Brousselle) Date: Tue Dec 2 02:29:09 2003 Subject: [TNG 1.3] no RPC Message-ID: <38E0A8ED.A4EFA255@univ-lehavre.fr> Hi, I have some problems with Samba TNG 1.3 (and Samba Main 2.0.5a). It is not possible to use the "user manager for domains" and rpcclient. I've found this message in the log : >>>get_sam_domain_name: PDC/BDC MYDOMAIN >>>both /opt/samba-tng/private/MACHINE.SID and /opt/samba-tng/private/MYDOMAIN.SID >>>exist when only one should, unable to continue. >>>ERROR: Samba cannot create a SAM SID for its domain (MYDOMAIN). When I remove one of these files, it's the same thing after restart samba. Any idea ? -- Olivier Brousselle mailto:Olivier.Brousselle@univ-lehavre.fr ================================================================== Facult? des sciences Laboratoire de m?canique du lundi au mercredi jeudi et vendredi Tel : 02/32/74/43/37 02/32/74/49/67 Fax : 02/32/74/43/14 02/32/74/49/60 From pmal at space.gr Tue Mar 28 13:12:44 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:29:09 2003 Subject: Acting as PDC References: <38E0A8ED.A4EFA255@univ-lehavre.fr> Message-ID: <000b01bf98b7$4e3cae60$0602000a@space.gr> Dear friends, I'm trying to built a linux box to act as a pdc controller using the head branch. I used the basic config from the O'Reilly book. When I try to logon to this domain though I get a window from my win98 SE box that says "Microsoft Networking - Incorrect parameter" This is what I did. smb.conf [global] workgroup = SCIENIDE domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes [netlogon] comment = The domain logon service path = /usr/local/samba/netlogon public = no writeable = no browsable - n0 I then added the root and my account (smbpasswd -a root)(smbpasswd -a pmal) Still nothing happens. Any help in this would be much appreciated. With kind regards, Panagiotis From ahelberg at gmx.net Tue Mar 28 13:10:31 2000 From: ahelberg at gmx.net (andre) Date: Tue Dec 2 02:29:09 2003 Subject: list in digest form ? Message-ID: <00032815132600.00385@p166> Hello, Is there any way to get this list in digest form like the samba list ? thanks, andre From cartegw at Eng.Auburn.EDU Tue Mar 28 13:53:18 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:29:09 2003 Subject: Acting as PDC References: <38E0A8ED.A4EFA255@univ-lehavre.fr> <000b01bf98b7$4e3cae60$0602000a@space.gr> Message-ID: <38E0B94E.62DDAFDA@eng.auburn.edu> Panagiotis Malakoudis wrote: > > box that says "Microsoft Networking - Incorrect parameter" Use different names for the server netbios name and workgroup name (possibly even need unique user names). Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From it-samba at computerbild.de Tue Mar 28 13:53:39 2000 From: it-samba at computerbild.de (Ingo T. Storm) Date: Tue Dec 2 02:29:09 2003 Subject: integration NT-Dom, LDAP (Netscape, Openldap), Email References: <00d901bf9653$f317abd0$212ca8c0@combi.de> <38DEFDEA.D4E99E81@xavier.sa.edu.au> Message-ID: <002301bf98bd$26be4d70$212ca8c0@combi.de> > It's probably not the right list, but there isn't really a list designed > for this type of thing.... Thanks. That relieves me of thinking I was too dumb to find one;-) > Sorry about the lack of link, Never mind. If s.th. exists, I think I'll find it. Cheers, Ingo From cartegw at Eng.Auburn.EDU Tue Mar 28 14:06:01 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:29:09 2003 Subject: list in digest form ? References: <00032815132600.00385@p166> Message-ID: <38E0BC49.D92D4BFC@eng.auburn.edu> andre wrote: > > Hello, > > Is there any way to get this list in digest form > like the samba list ? > > thanks, andre See http://www.samba.org/listproc to change your subscription preferences. Cheers, jerry -- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From s.striker at striker.nl Tue Mar 28 14:15:02 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:29:09 2003 Subject: list in digest form ? In-Reply-To: <00032815132600.00385@p166> Message-ID: Try http://lists.samba.org. >Hello, > >Is there any way to get this list in digest form >like the samba list ? > >thanks, andre > > From tom at ee.ucl.ac.uk Tue Mar 28 14:09:35 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:09 2003 Subject: Report on samba-tng cvs 1500 BST Message-ID: <200003281409.PAA03212@picard.ee.ucl.ac.uk> Hello, Samba-TNG on Sparc64 gcc 2.8.1 cvs of 1430 BST The nmbd problems from earlier are fixed. smbclient doesn't link because libreadline.a requried -lcurses I added curses to the LIBS line in the source/Makefile. Joining domain from Win 2000 now works. Roaming profiles work. Logging in on Win 2000 and NT4 SP4 work. Only niggle is that NT4 SP4 detects a slow network connection. This could be due to debug level 100? I'm going to try spoolss printing next. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From Jean-Francois.Micouleau at dalalu.fr Tue Mar 28 14:56:21 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:29:09 2003 Subject: Report on samba-tng cvs 1500 BST In-Reply-To: <200003281409.PAA03212@picard.ee.ucl.ac.uk> Message-ID: On Wed, 29 Mar 2000, Tom Crummey wrote: > I'm going to try spoolss printing next. it's broken in the TNG branch, and I don't intend to fix it. Use the HEAD branch if you want a working spoolss. From Alan.Hourihane at pinacl.co.uk Tue Mar 28 15:45:18 2000 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:29:09 2003 Subject: NT Printing in SAMBA HEAD Message-ID: <00b301bf98cc$9e46be90$1ad120c1@pinacl.co.uk> Is NT printing in Samba HEAD much better than the TNG code from back in November last year ? Alan. -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1428 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000328/0dbcf321/winmail.bin From antonia at fib.upc.es Tue Mar 28 18:29:02 2000 From: antonia at fib.upc.es (Antonia Gomez) Date: Tue Dec 2 02:29:09 2003 Subject: bug in samba v2.0.7??? Message-ID: <38E0F9EE.AE36CB8B@fib.upc.es> Hello! We are probing the last version v2.0.7 over Digital Unix. When we edit the configuration file and samba is running, the daemon smbd is killed and generate a core file. This problem don't happen in previus versions. Any suggesttion? Thanks in advanced! Bye! -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Antonia Gomez Gonzalez FIB (Laboratori de Calcul) UPC Barcelona ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From samba at orgx.co.nz Tue Mar 28 19:42:35 2000 From: samba at orgx.co.nz (samba@orgx.co.nz) Date: Tue Dec 2 02:29:09 2003 Subject: DNS Message-ID: Yes indeed, it seems that samba.org falls off the world regularly from my viewpoint here in NZ. I have one day when I receive everything from this list (well around 50 messages/day) and other days when I get nothing at all. That's a pity since I was trying to participate in some of the threads that were going on. Any pointers to what may be happening? Richard Shepherd Organisation X Auckland New Zealand -------------- next part -------------- HTML attachment scrubbed and removed From mmbrich at ductamerica.com Tue Mar 28 20:42:04 2000 From: mmbrich at ductamerica.com (Matthew Brichacek) Date: Tue Dec 2 02:29:09 2003 Subject: two samba servers? Message-ID: <00032814455600.03080@comp03.binary.net> Hi all, I was wondering if anyone knew if it was possible to run two samba servers on one computer. What i am trying to accomplish is having a TNG server for user authentication and then another samba server running as the file and print server. So far I have been getting bind problems for ports, i knew this would probably be the case, can this be changed? Thanks Matthew From Anthony.delagarde at LW.com Tue Mar 28 20:44:25 2000 From: Anthony.delagarde at LW.com (de Lagarde, Anthony (DC)) Date: Tue Dec 2 02:29:09 2003 Subject: No subject Message-ID: I was wondering if you could help me. I have a LAN at home running NT 4.o and I have a Linux box that I would like to join the NT Domain. What version of Samba should I download and where would be the link to get it. I was also wondering is there any type of documentation that comes with it to tell me how to do it? Thank you ____________________________________ Anthony de Lagarde Latham & Watkins, LLP Technology Department 1001 Pennsylvania Avenue NW Suite 1200 Washington, DC 20004 (202) 637-3394 This email may contain material that is confidential, privileged and/or attorney work product for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. From samba at orgx.co.nz Tue Mar 28 20:25:36 2000 From: samba at orgx.co.nz (samba@orgx.co.nz) Date: Tue Dec 2 02:29:09 2003 Subject: two samba servers? Message-ID: Presumably you could do this by having 2 IP numbers on the Linux machine. Run TNG on one IP number, and regular samba on the other. Ensure each server only binds to the one IP number using the "interfaces" and "bind interfaces only" in each of the config files. I haven't actually tried this, it just strikes me that this should be possible. Cheers, Richard Shepherd Organisation X Auckland New Zealand Matthew Brichacek Sent by: samba-ntdom@samba.org 03/29/00 08:51 AM Please respond to mmbrich To: Multiple recipients of list SAMBA-NTDOM cc: Subject: two samba servers? I was wondering if anyone knew if it was possible to run two samba servers on one computer. What i am trying to accomplish is having a TNG server for user authentication and then another samba server running as the file and print server. So far I have been getting bind problems for ports, i knew this would probably be the case, can this be changed? -------------- next part -------------- HTML attachment scrubbed and removed From JasonJensen at Home.com Wed Mar 29 01:57:11 2000 From: JasonJensen at Home.com (Jason) Date: Tue Dec 2 02:29:09 2003 Subject: Report on samba-tng cvs 1500 BST References: Message-ID: <38E162F6.B235D92@Home.com> It would be so nice if you did intend to fix it. Jean Francois Micouleau wrote: > On Wed, 29 Mar 2000, Tom Crummey wrote: > > > I'm going to try spoolss printing next. > > it's broken in the TNG branch, and I don't intend to fix it. Use the HEAD > branch if you want a working spoolss. From paulnoah at noah.cnchost.com Wed Mar 29 02:32:47 2000 From: paulnoah at noah.cnchost.com (Paul Noah) Date: Tue Dec 2 02:29:10 2003 Subject: TNG 1.3 Problems Message-ID: <4.2.0.58.20000328210504.00ad3ab8@pop3.noah.cnchost.com> Hello Running a RedHat 6.1 system and SambaTNG 1.3 I have encounter the following problems smb.conf follows ****************************************************************** 1) smbpasswd -a root consistently leads to a core dump. log is here Using smbpasswd from 2.0.7pre2 works fine [root@myserver bin]# ./smbpasswd -a root doing parameter log file = /opt/samba/log/log.%m doing parameter max log size = 50 doing parameter socket options = TCP_NODELAY doing parameter domain logons = Yes doing parameter os level = 65 doing parameter preferred master = True doing parameter local master = yes doing parameter domain master = True doing parameter wins support = Yes doing parameter guest account = nobody doing parameter admin users = su doing parameter interfaces = 192.168.0.11/24 doing parameter hosts allow = localhost, 192.168.0.0/255.255.255.0 doing parameter printing = bsd doing parameter min print space = 2000 doing parameter time server = yes doing parameter vfs option = pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Added interface ip=192.168.0.11 bcast=192.168.0.255 nmask=255.255.255.0 New SMB password: Retype new SMB password: search by name: root startfileent: opening file /etc/smbpasswd getfileline: skipping comment or blank line getfileline: skipping comment or blank line getfileline: skipping comment or blank line getsmbfilepwent: returning passwd entry for unix user root, unix uid 0 unixuser:root uid:0 acb:10 pwdb_smb_map_names: unix root nt NULL unix 0 nt-1 lookupsmbpwnam: unix user name root lookupsmbpwuid: unix uid 0 initialising map /etc/domainuser.map file_modified: /etc/domainuser.map modified load_name_map: Scanning name map /etc/domainuser.map Read line |root=Administrator| make_name_entry:,Administrator,root unix_name_to_nt_name_info: unix_name:root unix_name_to_nt_name_info: unix gid:0 map_domain_name_to_sid: overriding blank name to Segmentation fault (core dumped) ****************************************************************** 2) I had an NT SP6a workstation running on a Samba 2.07pre2 domain I changed to a Sama-TNG 1.3 domain. NT WKS was unable to switch back to the 2.07 domain claiming some security problems. Microsoft recommends use of NETDOM 1.7 or above to rejoin a domain. NETDOM had no effect on the TNG1.3 domain. ****************************************************************** 3) Windows 2000 is unable to join the TNG 1.3 domain "The Specified domain does not exist or could not be contacted" NT SP6a was able to connect. from NT C:\>net view /d:MYDOMAIN Server Name Remark --------------------------------------------------- \\W2KCOMPUTER \\NTCOMPUTER \\MYSERVER SambaTNG 1.3 The command completed successfully. from Linux [root@MYSERVER bin]# ./smbclient -L myserver Added interface ip=192.168.0.11 bcast=192.168.0.255 nmask=255.255.255.0 Password: Sharename Type Comment --------- ---- ------- public Disk profile Disk IPC$ IPC IPC Service (SambaTNG 1.3) Server Comment --------- ------- MYSERVER SambaTNG 1.3 Workgroup Master --------- ------- MYDOMAIN Paul ---------------------SMB.CONF------------------------------- # Global parameters [global] workgroup = MYDOMAIN server string = SambaTNG 1.3 encrypt passwords = Yes security = user smb passwd file = /etc/smbpasswd domain user map = /etc/domainuser.map log level = 2 log file = /opt/samba/log/log.%m max log size = 50 #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY domain logons = Yes os level = 65 preferred master = True local master = yes domain master = True wins support = Yes guest account = nobody admin users = su interfaces = 192.168.0.11/24 hosts allow = localhost, 192.168.0.0/255.255.255.0 printing = bsd min print space = 2000 time server = yes vfs option = [netlogon] comment = Domain logon service path = /opt/samba/netlogon browseable = No [homes] comment = Home Directories read only = No create mask = 0755 browseable = No writable = yes [public] path = /home/samba/data guest account = nobody admin users = read only = No guest ok = Yes [profile] path = /opt/samba/profile read only = No -------------- next part -------------- HTML attachment scrubbed and removed From pkennedy at loudcloud.com Wed Mar 29 02:57:31 2000 From: pkennedy at loudcloud.com (Paul Kennedy) Date: Tue Dec 2 02:29:10 2003 Subject: Samba-tng fails to build: "No locking available. Running Samba would be unsafe" Message-ID: <38E1711B.7ADF1F7A@loudcloud.com> Is anyone else having this problem ? I'm trying to build a newly-pulled (Wednesday 2:30 UTC) samba-tng source tree, and it's failing at the configure step. I'm running Linux 2.2.12-20smp on a dual-processor HP Lpr. Running ./configure results in: ... checking how to get filesystem space usage checking statvfs64 function (SVR4)... no checking statvfs function (SVR4)... yes checking if large file support can be enabled no checking configure summary ERROR: No locking available. Running Samba would be unsafe configure: error: summary failure. Aborting config And the config.log finishes with: #if defined(HAVE_LONGLONG) && (defined(HAVE_OFF64_T) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8))) #include #else __COMPILE_ERROR_ #endif int main() { int i ; return 0; } configure:11289: gcc -o conftest -O conftest.c -lreadline -ldl -lcrypt 1>&5 configure: failed program was: #line 11285 "configure" #include "confdefs.h" #include "./tests/summary.c" From lkcl at samba.org Wed Mar 29 03:53:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:10 2003 Subject: TNG "no locking available" error, HP/UX Message-ID: paul, please can you try compiling cvs main as well, and see if that works. i just updated the configure script from cvs main, and i may have got things wrong. you _are_ doing the ./configure as root, yes? also, when did you last successfully compile TNG, which cvs date? also, what's your OS info? thx! Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From richard at caloundra.net Wed Mar 29 04:34:16 2000 From: richard at caloundra.net (Richard Ham) Date: Tue Dec 2 02:29:10 2003 Subject: Problems browsing the network.... References: <4.2.0.58.20000328210504.00ad3ab8@pop3.noah.cnchost.com> Message-ID: <00d401bf9938$0af65f80$85bc6dcb@int.calcc.qld.edu.au> Hello all, I have a strange problem (apart from the obvious 8-) when browsing the network in the Network Neighborhood - nothing appear at all apart from the Domain folder. I have a PDC (samba/Linux, 5 hr old CVS), an NT Server (4.0), and a bunch of Win9x machines. None of them can see the servers (Samba or WinNT). Any ideas where to start looking?? Regards, Richard smb.conf follows: [global] debug level = 1 interfaces = 203.109.188.131/255.255.255.192 192.168.8.1/255.255.255.0 printing = bsd printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m domain logons = yes domain master = yes security = user workgroup = unixcave encrypt passwords = yes preferred master = yes local master = yes os level = 65 time server = yes wins support = yes logon script = %g\startup.bat logon home = \\%N\%U logon path = \\coastal\profile\%U domain alias map= /usr/local/samba/lib/domain.aliases domain group map = /usr/local/samba/lib/domain.group unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *password*%n\n*password*%n\n*successfull* update encrypted = yes # share modes = yes # lock directory = /var/lock/samba # password level = 1 ######### [ End of global section] ###### [shares section deleted] From pmal at space.gr Wed Mar 29 05:38:43 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:29:10 2003 Subject: Acting as PDC References: <38E0A8ED.A4EFA255@univ-lehavre.fr> <000b01bf98b7$4e3cae60$0602000a@space.gr> <38E0B94E.62DDAFDA@eng.auburn.edu> Message-ID: <004901bf9941$0ba43ca0$0602000a@space.gr> I'll be damned!!! It actualy worked. do you have any idea why this happens? Why can't you have the same netbios name as the workgroup name? Thanx for your help... ----- Original Message ----- From: Gerald Carter To: Multiple recipients of list SAMBA-NTDOM Sent: Tuesday, March 28, 2000 4:59 PM Subject: Re: Acting as PDC > Panagiotis Malakoudis wrote: > > > > box that says "Microsoft Networking - Incorrect parameter" > > Use different names for the server netbios name and > workgroup name (possibly even need unique user names). > > > > > > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From lkcl at samba.org Wed Mar 29 07:10:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:10 2003 Subject: getopt - using gnu version Message-ID: ... may fix loads of problems with rpcclient, samedit etc! samedit createuser username -p password reported some random password, because getopt fails on solaris ultrasparc. so, at andrew's suggestion i put getopt.c in, as per rsync, and samedit and rpcclient now work on ultrasparc. another alpha release as soon as i confirm that i can join to the domain, on ultrasparc. Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From dominik.kubla at uni-mainz.de Wed Mar 29 07:54:03 2000 From: dominik.kubla at uni-mainz.de (Dominik Kubla) Date: Tue Dec 2 02:29:10 2003 Subject: two samba servers? In-Reply-To: ; from samba@orgx.co.nz on Wed, Mar 29, 2000 at 07:28:10AM +1000 References: Message-ID: <20000329095403.A4496@uni-mainz.de> On Wed, Mar 29, 2000 at 07:28:10AM +1000, samba@orgx.co.nz wrote: > Presumably you could do this by having 2 IP numbers on the Linux machine. > Run TNG on one IP number, and regular samba on the other. Ensure each > server only binds to the one IP number using the "interfaces" and "bind > interfaces only" in each of the config files. I haven't actually tried > this, it just strikes me that this should be possible. I thought so too but it does not work, at least not with 2.0.5. smbd will happily complain about an already running process despite the fact that i had defined different lock directories! Maybe i am dense, but i never got it going... (I tried this to solve my "public flag is ignored if domain authentication is used" problem.) Dominik Kubla -- Networking Group, Hospital of Johannes Gutenberg-University Obere Zahlbacher Stra?e 69, 55101 Mainz, Germany Tel: +49 (0)6131 17-2482 FAX: +49 (0)6131 17-5521 From lkcl at samba.org Wed Mar 29 07:57:10 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:10 2003 Subject: samba-tng-alpha-1.4.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha and mirror sites rpcclient and samedit etc. on sun ultras were failing because getopt cannot be reused. evidence of this is by doing a samedit "createuser username -p password" and the reported password on-screen is total garbage. this was fixed by using the GNU getopt and getopt_long functions (hooray!) in the same way that rsync does. i have access to a sun ultra 5, now, and have confirmed that TNG can have workstations joined to the domain, and that usrmgr works, and the passwords created etc on it all work. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From Alan.Hourihane at pinacl.co.uk Wed Mar 29 08:37:11 2000 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:29:10 2003 Subject: NT Printing in SAMBA HEAD In-Reply-To: <00b301bf98cc$9e46be90$1ad120c1@pinacl.co.uk> Message-ID: <001b01bf9959$f9f86d50$1ad120c1@pinacl.co.uk> Trying the SPOOLSS code in cvs main seems to be broken for me. Do we still just run nmbd and smbd ? Or do we need to run some other stuff like in TNG ? I get these errors when printing.... [2000/03/28 18:59:03, 0] lib/util_sock.c:open_pipe_sock(1079) socket connect to /usr/local/samba/var/locks/.msrpc/spoolss failed [2000/03/28 18:59:03, 1] lib/msrpc-client.c:msrpc_establish_connection(387) msrpc_establish_connection: failed spoolss) [2000/03/28 18:59:03, 0] lib/msrpc_use.c:msrpc_use_add(231) msrpc_use_add: connection failed Alan. > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On > Behalf Of Alan Hourihane > Sent: 28 March 2000 16:44 > To: Multiple recipients of list SAMBA-NTDOM > Subject: NT Printing in SAMBA HEAD > > Is NT printing in Samba HEAD much better than the TNG code from > back in November last year ? > > Alan. -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2204 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000329/71e2e2e1/winmail.bin From gosha at arvid.ee Wed Mar 29 07:46:32 2000 From: gosha at arvid.ee (Dmitri B.Gofmekler) Date: Tue Dec 2 02:29:10 2003 Subject: NT Administration tools. Message-ID: <4.3.1.0.20000329100756.00b415e0@mail> Hello, The problem is following: User Manager for Domains unable to make any changes to existing users with the message: "parameter incorrect", unable to add user with message "access denied". Logged on as root. Samba-tng 1.3 on Redhat 6.1 Client: Windows NT 4.0 SP5. What could be wrong? Thx, ---- Dmitri B. Gofmekler , ICQ: 8168758 ---- "http://www.sill.ee/~gosha/gosha.asc" - for PGP Encrypted messages. ===================================== Phone: (+372) 6 563981 Fax: (+372) 6 563000 A-Arvid Computers Ltd. < http://www.arvid.ee > From tom at ee.ucl.ac.uk Wed Mar 29 09:19:31 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:10 2003 Subject: TNG 1.3 Problems Message-ID: <200003290919.KAA10857@picard.ee.ucl.ac.uk> Hello, Could I make a plea for people to NOT send html formatted messages to the list? I for one can't read them without going to a lot of trouble. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From jrb at fluent.de Wed Mar 29 09:27:56 2000 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:29:10 2003 Subject: Looking for a WORKING version .... Message-ID: <200003290927.LAA13697@prag.fluent.de> Hi everybody, I'm getting desparate here. All I'm looking for is a PDC that allows me Domain Logins, Password setting from NTSP5 and connecting to remote machines as admin (ie. c$). Don't need user manager and such. I tried TNG on Suse Linux (Domain not available), TNG on Solaris 2.6 (internal errors, smbpasswd dumping core), 2.0.6 on Linux (doesn't allow remote connects as admin). As you can see none of those work the way intended. So I'm still using a TNG version from around Feb. 10th. Password setting doesn't work though. Can anybody tell me if there is something out there that has all the features needed and what platform it runs? Has anybody used 2.0.x successfully for remote connects? Sorry for this basic stuff Thanks Juergen Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-0 From merkes at t-online.de Wed Mar 29 09:38:36 2000 From: merkes at t-online.de (markus stephany) Date: Tue Dec 2 02:29:10 2003 Subject: two samba servers? In-Reply-To: <20000329095403.A4496@uni-mainz.de> References: <20000329095403.A4496@uni-mainz.de> Message-ID: <5485.000329@merkespages.de> Hello Dominik, Wednesday, March 29, 2000, 9:54:35 AM, you wrote: DK> On Wed, Mar 29, 2000 at 07:28:10AM +1000, samba@orgx.co.nz wrote: >> Presumably you could do this by having 2 IP numbers on the Linux machine. >> Run TNG on one IP number, and regular samba on the other. Ensure each >> server only binds to the one IP number using the "interfaces" and "bind >> interfaces only" in each of the config files. I haven't actually tried >> this, it just strikes me that this should be possible. DK> I thought so too but it does not work, at least not with 2.0.5. smbd DK> will happily complain about an already running process despite the fact DK> that i had defined different lock directories! Maybe i am dense, but DK> i never got it going... (I tried this to solve my "public flag is ignored DK> if domain authentication is used" problem.) DK> Dominik Kubla i got this working when i renamed nmbd and smbd from head samba to _nmbd and _smbd. -- rgds, markus stephany ==================================== mailto:merkes@merkespages.de http://www.merkespages.de From lists at cindy.fe.up.pt Wed Mar 29 09:50:28 2000 From: lists at cindy.fe.up.pt (lists@cindy.fe.up.pt) Date: Tue Dec 2 02:29:10 2003 Subject: W2K Message-ID: Can't join domain on W2K.. I have samba-tng-1.3.. and cvs latest. Both don't recognize the domain. (Can't find). What is the problem? Is any version able to join?? net use works ok... win nt4 sp5 works ok. win nt4 sp6a works ok. TIA, VECTOR From greg at discreet.com Wed Mar 29 12:33:35 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:29:10 2003 Subject: two samba servers? In-Reply-To: <20000329095403.A4496@uni-mainz.de> Message-ID: Others have gotten this to work but I never did. You need to use the interfaces= and bind interfaces only=yes options otherwise they both try to bind to 0.0.0.0 HTH, Greg On 29-Mar-00 Dominik Kubla wrote: > On Wed, Mar 29, 2000 at 07:28:10AM +1000, samba@orgx.co.nz wrote: >> Presumably you could do this by having 2 IP numbers on the Linux machine. >> Run TNG on one IP number, and regular samba on the other. Ensure each >> server only binds to the one IP number using the "interfaces" and "bind >> interfaces only" in each of the config files. I haven't actually tried >> this, it just strikes me that this should be possible. > > I thought so too but it does not work, at least not with 2.0.5. smbd > will happily complain about an already running process despite the fact > that i had defined different lock directories! Maybe i am dense, but > i never got it going... (I tried this to solve my "public flag is ignored > if domain authentication is used" problem.) > > Dominik Kubla > -- > Networking Group, Hospital of Johannes Gutenberg-University > Obere Zahlbacher Straße 69, 55101 Mainz, Germany > Tel: +49 (0)6131 17-2482 FAX: +49 (0)6131 17-5521 --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From cartegw at Eng.Auburn.EDU Wed Mar 29 13:49:42 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:29:10 2003 Subject: Acting as PDC References: <38E0A8ED.A4EFA255@univ-lehavre.fr> <000b01bf98b7$4e3cae60$0602000a@space.gr> <38E0B94E.62DDAFDA@eng.auburn.edu> <004901bf9941$0ba43ca0$0602000a@space.gr> Message-ID: <38E209F6.DEF93465@eng.auburn.edu> Panagiotis Malakoudis wrote: > > do you have any idea why this happens? Why can't you > have the same netbios name as the workgroup name? Never tracked it down exactly, but my guess is that the client gets confused trying to differentiate between the domain name and the server name. Don't know if it's a bug in Windows 9x or according to spec. I never checked. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mbreuer at siac.com Wed Mar 29 14:46:29 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:10 2003 Subject: TNG 1.4: Compiler errors on IRIX Message-ID: <38E21745.4B5C6DBF@siac.com> So far... traced to configure.in: 1.3 lines 216-220 are missing in 1.4. This set "HAVE_CRYPT_DECL" which seems to be required on IRIX. From fredrikf at jmeab.se Wed Mar 29 17:28:03 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:29:10 2003 Subject: Slow speed and printing dosen't work, No large disks Message-ID: <000601bf99a4$2706da30$0a00a8c0@kalve> Hello, I just got Win2k working with Samba TNG. And now i have some problems.. ;( 1. My connection to Samba is very slow! (Faster with 2.0.6) 2. I can't see large disks with Samba TNG max 4GB .. 3. I can't see any printers in Win2k but i see it from Win98 Anyone out there know how to fix this strange things ? Please help me! Kind Regard, Fredrik Falk -------------- next part -------------- HTML attachment scrubbed and removed From desert at od.uz.gov.ua Wed Mar 29 18:30:04 2000 From: desert at od.uz.gov.ua (Michael Musikhin) Date: Tue Dec 2 02:29:10 2003 Subject: samsync problem Message-ID: <10854.000329@od.uz.gov.ua> Hello. PDC (WinNT 4.0, SP 6) and BDC (linux 2.2.13, with two ethernet interfaces). With rpcclient i have following dialogue: $ ./rpcclient -S PDC -U admin%pass -W DOMAIN [DOMAIN\admin@PDC]$ lsaquery lsaquery LSA Query Info Policy Domain Member - Domain: DOMAIN SID: some-sid-xxxx Domain Controller - Domain: DOMAIN SID: some-sid-xxxx [DOMAIN\admin@PDC]$ createuser BDC$ -s -j createuser BDC$ -s -j BDC$: option requires an argument -- j SAM Create Domain User Domain: DOMAIN Name: bdc$ ACB: [S ] Resetting Trust Account to insecure, initial, well-known value: "bdc" BDC can now be joined to the domain, which should be done on a private, secure network as soon as possible Create Domain User: OK [DOMAIN\admin@PDC]$ samsync samsync LSA_QUERYSECRET: cmd_sam_sync: no trust account password I tried tng-alpha 1.3 and 1.4 with same result. What i do wrong ? Please, help. Michael mailto:desert@od.uz.gov.ua From frlord at webmethods.com Wed Mar 29 18:04:43 2000 From: frlord at webmethods.com (F. Ross Lord) Date: Tue Dec 2 02:29:10 2003 Subject: Samba vs. LDAP Message-ID: I know this isn't specific to PDC or TNG, but I am looking at integrating LDAP with SMB, NT, and any other TLA's I can think of. If anyone has any good resources on this, please forward. Thanks for your time. -- frl From fredrikf at jmeab.se Wed Mar 29 18:16:49 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:29:10 2003 Subject: Slow speed and printing dosen't work, No large disks Message-ID: <000901bf99aa$f4b47360$0a00a8c0@kalve> (sending this again, with no html) Hello, I just got Win2k working with Samba TNG. And now i have some problems.. ;( 1. My connection to Samba is very slow! (Faster with 2.0.6) 2. I can't see large disks with Samba TNG max 4GB .. 3. I can't see any printers in Win2k but i see it from Win98 Anyone out there know how to fix this strange things ? Please help me! Kind Regard, Fredrik Falk -------------- next part -------------- HTML attachment scrubbed and removed From ryagatich at csn1.com Wed Mar 29 18:54:40 2000 From: ryagatich at csn1.com (Ryan Yagatich) Date: Tue Dec 2 02:29:10 2003 Subject: W2K In-Reply-To: Message-ID: <002401bf99b0$3cdbe100$3001a8c0@r2> i'm having that same problem, but one more thing, net use is just a LANMAN protocol for mounting file-shares from one network resource to another. this has no relation to the domain joining problem except that you have samba installed. have you set the "DOMAIN LOGONS=yes" in /etc/smb.conf ? ryan --signatures are overrated-- >-----Original Message----- >From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of >lists@cindy.fe.up.pt >Sent: Wednesday, March 29, 2000 4:56 AM >To: Multiple recipients of list SAMBA-NTDOM >Subject: W2K > > > >Can't join domain on W2K.. I have samba-tng-1.3.. and cvs latest. Both >don't recognize the domain. (Can't find). > >What is the problem? Is any version able to join?? > >net use works ok... >win nt4 sp5 works ok. >win nt4 sp6a works ok. > >TIA, > >VECTOR > From ryagatich at csn1.com Wed Mar 29 18:59:41 2000 From: ryagatich at csn1.com (Ryan Yagatich) Date: Tue Dec 2 02:29:10 2003 Subject: Ports In-Reply-To: <38DD1037.FB1B08E5@kneschke.de> Message-ID: <002501bf99b0$f03badc0$3001a8c0@r2> >> I'm pretty sure port 137 is the NetBIOS name service. So it's probably >> WINS or browse list traffic? Someone else would know for sure. That's correct. >Port's 137-139 should be enough. > to find a definite list, just do a cat /etc/services | more this will tell you a good list of ports! ryan From mjwestkamper at weiinc.com Wed Mar 29 19:13:01 2000 From: mjwestkamper at weiinc.com (Mike) Date: Tue Dec 2 02:29:10 2003 Subject: Ports References: <002501bf99b0$f03badc0$3001a8c0@r2> Message-ID: <009301bf99b2$d46a06d0$d22befcf@weiinc.com> All: I started this thread, and am about to test the firewall with the port maps suggested here. I will let the list know if any ports were needed other than those put forth here. Mike Westkamper ----- Original Message ----- From: "Ryan Yagatich" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, March 29, 2000 1:54 PM Subject: RE: Ports > >> I'm pretty sure port 137 is the NetBIOS name service. So it's probably > >> WINS or browse list traffic? Someone else would know for sure. > > That's correct. > > >Port's 137-139 should be enough. > > > > to find a definite list, just do a > > cat /etc/services | more > > this will tell you a good list of ports! > > > ryan From mbreuer at siac.com Wed Mar 29 19:16:00 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:10 2003 Subject: TNG Alpha 1.4: more compile errors... Message-ID: <38E25670.1607257C@siac.com> smbwrapper/smbw.c: 431, 476: make_nmb_name too many arguments in function call (call has four, proto.h shows three). From mmbrich at ductamerica.com Wed Mar 29 18:48:52 2000 From: mmbrich at ductamerica.com (Matthew Brichacek) Date: Tue Dec 2 02:29:10 2003 Subject: two samba servers Message-ID: <00032913225500.05410@comp03.binary.net> Richard, I actually tried this already. I will explain a bit of my setup first, I have a Mandrake 6.1 box with ADSL net access. the reason i mention this is becuase i use the machine as a WAN file server for telecommuting employees, and this needs to work for that also. I gave the linux machine a public IP from my ISP and then created a subnet for my machines at home. I gave the login (TNG) server the public IP and the shares sambaver (2.0.6) the private subnet IP. I set the TNG branch up to only allow logons and have the netlogon service available. Then i set up the 2.0.6 samba to do file and printer sharing and use the TNG branch for it's authentication. Ok after all this i would boot em up and the problems I would get are as follows: 1. I compliled the two versions in seperate directories using the ./configure --prefix=/my/smb/dirs, which are /usr/local/samba - TNG /usr/local/samba2 - 2.0.6 The two netbios' are Comp03 and Linux. When i would try to look in Win98 Network Neighborhood i would only see Linux and not Comp03 but the Comp03 shares are what showed up in Linux. Comp03 is the TNG branch 2. When restarting the two services the smbd and nmbd dameons would complain about locking, i turned locking off for the 2.0.6 version and it seemed to work ok. Anyhow this is how far i have gotten on this little project and would really like to see it all pan out too. I have an old 386 25 w/ 8MB RAM that i can set up to run TNG if i need to, but i doubt it will work well. I have 5 public IP's and 5 private IP's All my windows machines and my Linux box have dual IP's, each has a public and a private. I have had people tell me that this can make a difference so i thought i would throw that in. If you need logs or config files let me know, i thought that this explination might be enough though. Thanks in advance, Matthew From sollarsa at starofthesea.pvt.k12.or.us Wed Mar 29 20:23:43 2000 From: sollarsa at starofthesea.pvt.k12.or.us (Anthony L. Sollars) Date: Tue Dec 2 02:29:10 2003 Subject: Samba vs. LDAP References: Message-ID: <38E2664F.280FEE97@starofthesea.pvt.k12.or.us> Dear F. Ross, A good resource on LDAP and this use, plus many others is http://http://k12linux.mesd.k12.or.us/ldap/ Hope this helps. Sincerely, _____________________________________________________________ Anthony L. Sollars Technology Coordinator/Computer Teacher Star of the Sea School 1411 Grand Avenue Astoria, Or 97103 (503) 325-3771 sollarsa@starofthesea.pvt.k12.or.us http://www.starofthesea.pvt.k12.or.us --Never Argue with a Fool,. --They bring you down to their level and beat you with Experience. _____________________________________________________________ From pkennedy at loudcloud.com Wed Mar 29 19:38:49 2000 From: pkennedy at loudcloud.com (Paul Kennedy) Date: Tue Dec 2 02:29:10 2003 Subject: TNG "no locking available" error, HP/UX References: Message-ID: <38E25BC9.91826100@loudcloud.com> Luke Kenneth Casson Leighton wrote: > paul, > > please can you try compiling cvs main as well, and see if that works. i > just updated the configure script from cvs main, and i may have got things > wrong. > > you _are_ doing the ./configure as root, yes? Er, no I'm not. I never have built as root in the past. I think I know what the problem was. I pulled into a fresh workarea in /usr/samba-tng and ran ./configure to successful completion. I normally like to consolidate my cvs workareas beneath my home-directory (e.g. /h/paul/projects/samba-tng). Looks like the ./configure step is failing because this directory is NFS rather than local. Pk. From mbreuer at siac.com Wed Mar 29 19:36:44 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:10 2003 Subject: TNG 1.4 - smbd crashes Message-ID: <38E25B4C.7CB50C8B@siac.com> Bus error in malloc called from db_alloc_read (tdb.c:270) with len=294. Looks like something is getting trashed. Irix 6.5.7f, Mips R10k. From mbreuer at siac.com Wed Mar 29 20:22:22 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:10 2003 Subject: TNG 1.4 - smbd crashes References: <38E25B4C.7CB50C8B@siac.com> Message-ID: <38E265FE.52C3CF09@siac.com> This also affects lsarpcd (./rpcclient ... lsaquery). Running with a speedshop's malloc... malloc traps on a call with a length of zero... comes from tdb_find:568. However... memory at this point is already trashed... rec_ptr is null inside the loop. I took a stab a running inside the debugger, I'm getting inconsistent crashes (also with memory trashed)... and never anywhere near a breakpoint. Michael Breuer wrote: > Bus error in malloc called from db_alloc_read (tdb.c:270) with len=294. Looks like something is getting trashed. > Irix 6.5.7f, Mips R10k. From sharpe at ns.aus.com Mon Mar 27 12:28:00 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:29:10 2003 Subject: Acting as PDC In-Reply-To: <38E209F6.DEF93465@eng.auburn.edu> References: <38E0A8ED.A4EFA255@univ-lehavre.fr> <000b01bf98b7$4e3cae60$0602000a@space.gr> <38E0B94E.62DDAFDA@eng.auburn.edu> <004901bf9941$0ba43ca0$0602000a@space.gr> Message-ID: <3.0.6.32.20000327212800.009ca9d0@203.16.214.248> At 11:53 PM 3/29/00 +1000, Gerald Carter wrote: >Panagiotis Malakoudis wrote: >> >> do you have any idea why this happens? Why can't you >> have the same netbios name as the workgroup name? > >Never tracked it down exactly, but my guess is that >the client gets confused trying to differentiate between the >domain name and the server name. Don't know if it's a >bug in Windows 9x or according to spec. I never checked. The client registers its NetBIOS name as a unique NetBIOS name. If it is the same as the workgroup/domain name, which is already registered, it gets back an error saying that the NetBIOS name cannot be registered! If the registration succeeds, as soon as it tries to register the workgroup/domain name, that fails. One way or the other, you are SOL. > > > >Cheers, >jerry >________________________________________________________________________ > Gerald ( Jerry ) Carter >Engineering Network Services Auburn University >jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course Author: First Australian 2-day, intensive, hands-on Samba course From uli at felix.bv.tu-berlin.de Wed Mar 29 22:14:08 2000 From: uli at felix.bv.tu-berlin.de (Ulrich Kohlhase) Date: Tue Dec 2 02:29:11 2003 Subject: Samba TNG compile on Aix 4.3 Message-ID: <38E28030.B2D6DB98@felix.bv.tu-berlin.de> Hello Samba group, the following errror occurs when compiling Samba TNG: [root@ihb2 source]# make Using FLAGS = -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGE_FILES -DLOGFILEBASE="/usr/local/samba/var" -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/samba/bin" -DFORMSFILE="/usr/local/samba/lib/ntforms.def" -DNTDRIVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/local/samba/bin/smbpasswd" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" -DSAM_DIR="/usr/local/samba/sam" -DSMB_PASSGRP_FILE="/usr/local/samba/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/local/samba/private/smbgroup" -DSMB_ALIAS_FILE="/usr/local/samba/private/smbalias" Using LIBS = -ldl Compiling rpc_client/cli_login.c with libtool In file included from include/includes.h:83, from rpc_client/cli_login.c:23: lib/getopt.h:104: warning: function declaration isn't a prototype In file included from include/includes.h:341, from rpc_client/cli_login.c:23: /usr/include/rpcsvc/yp_prot.h:342: warning: `struct ypall_callback' declared inside parameter list /usr/include/rpcsvc/yp_prot.h:342: warning: its scope is only this definition or declaration, which is probably not what you want. In file included from rpc_client/cli_login.c:23: include/includes.h:822: conflicting types for `crypt' /usr/include/unistd.h:252: previous declaration of `crypt' make: 1254-004 The error code from the last command is 1. Stop. will Samba TNG compile on Aix 4.3 anyway ? Greetings, Uli -------------- next part -------------- /* IBM_PROLOG_BEGIN_TAG */ /* This is an automatically generated prolog. */ /* */ /* bos43N src/bos/usr/include/unistd.h 1.38.2.23 */ /* */ /* Licensed Materials - Property of IBM */ /* */ /* (C) COPYRIGHT International Business Machines Corp. 1985,1995 */ /* All Rights Reserved */ /* */ /* US Government Users Restricted Rights - Use, duplication or */ /* disclosure restricted by GSA ADP Schedule Contract with IBM Corp. */ /* */ /* IBM_PROLOG_END_TAG */ /* @(#)82 1.38.2.23 src/bos/usr/include/unistd.h, incstd, bos43N, 9911A_43N 3/8/99 10:12:18 */ /* * COMPONENT_NAME: (INCSTD) Standard Include Files * * FUNCTIONS: * * ORIGINS: 3 27 * * (C) COPYRIGHT International Business Machines Corp. 1985, 1996 * All Rights Reserved * Licensed Materials - Property of IBM * * US Government Users Restricted Rights - Use, duplication or * disclosure restricted by GSA ADP Schedule Contract with IBM Corp. * * Copyright (c) 1984 AT&T * All Rights Reserved * * THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T * The copyright notice above does not evidence any * actual or intended publication of such source code. */ #ifndef _H_UNISTD #define _H_UNISTD #ifdef __cplusplus extern "C" { #endif #ifndef _H_STANDARDS #include #endif #ifndef _H_TYPES #include /* for time_t */ #endif #ifndef _H_ACCESS #include /* for the "access" function */ #endif /* * POSIX requires that certain values be included in unistd.h. It also * requires that when _POSIX_SOURCE is defined only those standard * specific values are present. This header includes all the POSIX * required entries. */ #ifdef _POSIX_SOURCE #ifdef _LARGE_FILES #define lseek lseek64 #endif /* Symbolic constants for the "lseek" function: */ #ifndef SEEK_SET #define SEEK_SET 0 /* Set file pointer to "offset" */ #define SEEK_CUR 1 /* Set file pointer to current plus "offset" */ #define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ #endif /* SEEK_SET */ #ifdef _NO_PROTO #ifndef _KERNEL extern int access(); extern unsigned int alarm(); extern int chdir(); extern int chown(); extern int close(); extern char *ctermid(); extern int dup(); extern int dup2(); extern int execl(); extern int execv(); extern int execle(); extern int execve(); extern int execlp(); extern int execvp(); extern void _exit(); extern pid_t fork(); extern long fpathconf(); extern char *getcwd(); extern gid_t getegid(); extern uid_t geteuid(); extern gid_t getgid(); extern int getgroups(); extern char *getlogin(); extern pid_t getpgrp(); extern pid_t getpid(); extern pid_t getppid(); extern uid_t getuid(); extern int isatty(); extern int link(); extern off_t lseek(); extern long pathconf(); extern int pause(); extern int pipe(); #if defined(_XOPEN_SOURCE) && ( _XOPEN_SOURCE == 500 ) extern int pthread_atfork(); #endif extern int read(); extern int rmdir(); extern int setgid(); extern int setpgid(); extern int setsid(); extern int setuid(); extern unsigned int sleep(); extern long sysconf(); extern pid_t tcgetpgrp(); extern int tcsetpgrp(); extern char *ttyname(); extern int unlink(); extern int write(); #endif /* !_KERNEL */ #else /* POSIX required prototypes */ #ifndef _KERNEL extern int access(const char *, int); extern unsigned int alarm(unsigned int); extern int chdir(const char *); extern int chown(const char *, uid_t, gid_t); extern int close(int); extern char *ctermid(char *); extern int dup(int); extern int dup2(int, int); extern int execl(const char *, const char *, ...); extern int execv(const char *, char *const []); extern int execle(const char *, const char *, ...); extern int execve(const char *, char *const [], char *const []); extern int execlp(const char *, const char *, ...); extern int execvp(const char *, char *const []); extern void _exit(int); extern pid_t fork(void); extern long fpathconf(int, int); extern char *getcwd(char *, size_t); extern gid_t getegid(void); extern uid_t geteuid(void); extern gid_t getgid(void); extern int getgroups(int, gid_t []); extern char *getlogin(void); #ifndef _BSD extern pid_t getpgrp(void); #endif /* _BSD */ extern pid_t getpid(void); extern pid_t getppid(void); extern uid_t getuid(void); extern int isatty(int); extern int link(const char *, const char *); extern off_t lseek(int, off_t, int); #ifdef _LARGE_FILE_API extern off64_t lseek64(int, off64_t, int); #endif extern long pathconf(const char *, int); extern int pause(void); extern int pipe(int []); #if defined(_XOPEN_SOURCE) && ( _XOPEN_SOURCE == 500 ) extern int pthread_atfork(void (*)(void), void (*)(void), void (*)(void)); #endif extern ssize_t read(int, void *, size_t); extern int rmdir(const char *); extern int setgid(gid_t); extern int setpgid(pid_t, pid_t); extern pid_t setsid(void); extern int setuid(uid_t); extern unsigned int sleep(unsigned int); extern long sysconf(int); extern pid_t tcgetpgrp(int); extern int tcsetpgrp(int, pid_t); extern char *ttyname(int); extern int unlink(const char *); extern ssize_t write(int, const void *, size_t); #endif /* !_KERNEL */ #endif /* !_NO_PROTO */ #define STDIN_FILENO 0 #define STDOUT_FILENO 1 #define STDERR_FILENO 2 #define _POSIX_JOB_CONTROL 1 #define _POSIX_SAVED_IDS 1 #define _POSIX_VERSION 199506L #define _POSIX2_VERSION 199209L #define _POSIX2_C_VERSION 199209L #ifdef _XOPEN_SOURCE #define _XOPEN_VERSION 500 #define _XOPEN_XCU_VERSION 4 #define _XOPEN_XPG3 1 #define _XOPEN_XPG4 1 #define _XOPEN_UNIX 1 #define _XOPEN_REALTIME (-1) #define _XOPEN_REALTIME_THREADS (-1) #define _XBS5_ILP32_OFF32 1 #define _XBS5_ILP32_OFFBIG 1 #define _XBS5_LP64_OFF64 1 #define _XBS5_LPBIG_OFFBIG 1 #define _POSIX2_C_BIND 1 #define _POSIX2_C_DEV 1 #define _POSIX2_CHAR_TERM 1 #define _POSIX2_LOCALEDEF 1 #define _POSIX2_UPE 1 #define _POSIX2_FORT_DEV (-1) #define _POSIX2_FORT_RUN (-1) #define _POSIX2_SW_DEV 1 #define _XOPEN_CRYPT 1 #define _XOPEN_SHM 1 #define _XOPEN_ENH_I18N 1 #ifdef __64BIT__ #define _XOPEN_LEGACY (-1) #else #define _XOPEN_LEGACY 1 #endif /* __64BIT__ */ extern char *optarg; extern int optind, opterr, optopt; #ifdef _NO_PROTO extern size_t confstr(); extern char *crypt(); extern void encrypt(); extern int fsync(); extern int getopt(); extern int nice(); extern void swab(); extern int chroot(); extern char *cuserid(); extern char *getpass(); #else extern size_t confstr(int, char*, size_t); extern char *crypt(const char *, const char *); extern void encrypt(char *, int); extern int fsync(int); extern int getopt(int, char* const*, const char*); extern int nice(int); extern void swab(const void *, void *, ssize_t); extern int chroot(const char *); extern char *cuserid(char *); extern char *getpass(const char *); #endif #endif /* _XOPEN _SOURCE */ /* Threads options for 1003.1c and XPG UNIX98 */ #define _POSIX_THREADS 1 #define _POSIX_THREAD_ATTR_STACKADDR 1 #define _POSIX_THREAD_ATTR_STACKSIZE 1 #define _POSIX_THREAD_PROCESS_SHARED 1 #define _POSIX_THREAD_SAFE_FUNCTIONS 1 #define _POSIX_REENTRANT_FUNCTIONS _POSIX_THREAD_SAFE_FUNCTIONS /* Realtime threads options for 1003.1c and XPG UNIX98 */ #undef _POSIX_THREAD_PRIORITY_SCHEDULING #undef _POSIX_THREAD_PRIO_INHERIT #undef _POSIX_THREAD_PRIO_PROTECT /* Draft 7 has _POSIX_THREAD_PRIORITY_SCHEDULING set */ #ifdef _AIX_PTHREADS_D7 #define _POSIX_THREAD_PRIORITY_SCHEDULING 1 #endif /* _AIX_PTHREADS_D7 */ #undef _POSIX_THREAD_FORKALL /* Realtime options for 1003.1c and XPG UNIX98 */ #undef _POSIX_ASYNCHRONOUS_IO #define _POSIX_FSYNC 1 #define _POSIX_MAPPED_FILES 1 #undef _POSIX_MEMLOCK #undef _POSIX_MEMLOCK_RANGE #define _POSIX_MEMORY_PROTECTION 1 #undef _POSIX_MESSAGE_PASSING #undef _POSIX_PRIORITIZED_IO #undef _POSIX_PRIORITY_SCHEDULING #undef _POSIX_REALTIME_SIGNALS #undef _POSIX_SEMAPHORES #undef _POSIX_SHARED_MEMORY_OBJECTS #define _POSIX_SYNCHRONIZED_IO 1 #undef _POSIX_TIMERS #define _POSIX_ASYNC_IO (-1) #undef _POSIX_SYNC_IO #define _POSIX_PRIO_IO (-1) #define _POSIX_CHOWN_RESTRICTED 0 #define _POSIX_VDISABLE 0xFF #define _POSIX_NO_TRUNC 0 #ifndef NULL #define NULL 0 #endif /* arguments for the confstr() function */ #define _CS_PATH 1 /* compile,link,lib,lint flags for 32bit, no_LARGE_FILES system */ #define _CS_XBS5_ILP32_OFF32_CFLAGS 2 #define _CS_XBS5_ILP32_OFF32_LDFLAGS 3 #define _CS_XBS5_ILP32_OFF32_LIBS 4 #define _CS_XBS5_ILP32_OFF32_LINTFLAGS 5 /* compile,link,lib,lint flags for 32bit, _LARGE_FILES system */ #define _CS_XBS5_ILP32_OFFBIG_CFLAGS 6 #define _CS_XBS5_ILP32_OFFBIG_LDFLAGS 7 #define _CS_XBS5_ILP32_OFFBIG_LIBS 8 #define _CS_XBS5_ILP32_OFFBIG_LINTFLAGS 9 /* compile,link,lib,lint flags for LP64 64bit system */ #define _CS_XBS5_LP64_OFF64_CFLAGS 10 #define _CS_XBS5_LP64_OFF64_LDFLAGS 11 #define _CS_XBS5_LP64_OFF64_LIBS 12 #define _CS_XBS5_LP64_OFF64_LINTFLAGS 13 /* compile,link,lib,lint flags for ILP64 64bit system */ /* AIX does not currently support this */ #define _CS_XBS5_LPBIG_OFFBIG_CFLAGS 14 #define _CS_XBS5_LPBIG_OFFBIG_LDFLAGS 15 #define _CS_XBS5_LPBIG_OFFBIG_LIBS 16 #define _CS_XBS5_LPBIG_OFFBIG_LINTFLAGS 17 /* Values for the above */ #define _CSPATH "/usr/bin" /* ILP32_OFF32 */ #define _CSXBS5_ILP32_OFF32_CFLAGS "-q32" #define _CSXBS5_ILP32_OFF32_LDFLAGS "-b32" #define _CSXBS5_ILP32_OFF32_LIBS "-lc -lpthread -lm" #define _CSXBS5_ILP32_OFF32_LINTFLAGS "" /* ILP32_OFFOFFBIG */ #define _CSXBS5_ILP32_OFFBIG_CFLAGS "-q32 -D_LARGE_FILES -qlonglong" #define _CSXBS5_ILP32_OFFBIG_LDFLAGS "-b32" #define _CSXBS5_ILP32_OFFBIG_LIBS "-lc -lpthread -lm" #define _CSXBS5_ILP32_OFFBIG_LINTFLAGS "-D_LARGE_FILES -qlonglong" /* LP64_OFF64 */ #define _CSXBS5_LP64_OFF64_CFLAGS "-q64" #define _CSXBS5_LP64_OFF64_LDFLAGS "-b64" #define _CSXBS5_LP64_OFF64_LIBS "-lc -lpthread -lm" #define _CSXBS5_LP64_OFF64_LINTFLAGS "-D__64BIT__" /* LPBIG_OFFBIG */ #define _CSXBS5_LPBIG_OFFBIG_CFLAGS "-q64" #define _CSXBS5_LPBIG_OFFBIG_LDFLAGS "-b64" #define _CSXBS5_LPBIG_OFFBIG_LIBS "-lc -lpthread -lm" #define _CSXBS5_LPBIG_OFFBIG_LINTFLAGS "-D__64BIT__" /* arguments for the pathconf() function */ #define _PC_CHOWN_RESTRICTED 10 #define _PC_LINK_MAX 11 #define _PC_MAX_CANON 12 #define _PC_MAX_INPUT 13 #define _PC_NAME_MAX 14 #define _PC_NO_TRUNC 15 #define _PC_PATH_MAX 16 #define _PC_PIPE_BUF 17 #define _PC_VDISABLE 18 #define _PC_ASYNC_IO 19 #define _PC_SYNC_IO 20 #define _PC_PRIO_IO 21 #define _PC_FILESIZEBITS 22 /* # bits needed to hold offset */ /* arguments for the sysconf() function, the defined numbers are used as * array index in sysconf(). * * POSIX.1(1990), Table 4-2 */ #define _SC_ARG_MAX 0 #define _SC_CHILD_MAX 1 #define _SC_CLK_TCK 2 #define _SC_NGROUPS_MAX 3 #define _SC_OPEN_MAX 4 #define _SC_STREAM_MAX 5 #define _SC_TZNAME_MAX 6 #define _SC_JOB_CONTROL 7 #define _SC_SAVED_IDS 8 #define _SC_VERSION 9 /* POSIX.1(1990), Table 2-3, required by command getconf */ #define _SC_POSIX_ARG_MAX 10 #define _SC_POSIX_CHILD_MAX 11 #define _SC_POSIX_LINK_MAX 12 #define _SC_POSIX_MAX_CANON 13 #define _SC_POSIX_MAX_INPUT 14 #define _SC_POSIX_NAME_MAX 15 #define _SC_POSIX_NGROUPS_MAX 16 #define _SC_POSIX_OPEN_MAX 17 #define _SC_POSIX_PATH_MAX 18 #define _SC_POSIX_PIPE_BUF 19 #define _SC_POSIX_SSIZE_MAX 20 #define _SC_POSIX_STREAM_MAX 21 #define _SC_POSIX_TZNAME_MAX 22 /* POSIX.2 (Draft 10), Table 41) */ #define _SC_BC_BASE_MAX 23 #define _SC_BC_DIM_MAX 24 #define _SC_BC_SCALE_MAX 25 #define _SC_BC_STRING_MAX 26 #define _SC_EQUIV_CLASS_MAX 27 #define _SC_EXPR_NEST_MAX 28 #define _SC_LINE_MAX 29 #define _SC_RE_DUP_MAX 30 #define _SC_2_VERSION 31 #define _SC_2_C_DEV 32 #define _SC_2_FORT_DEV 33 #define _SC_2_FORT_RUN 34 #define _SC_2_LOCALEDEF 35 #define _SC_2_SW_DEV 36 /* POSIX.2 (Draft 10), Table 13) */ #define _SC_POSIX2_BC_BASE_MAX 37 #define _SC_POSIX2_BC_DIM_MAX 38 #define _SC_POSIX2_BC_SCALE_MAX 39 #define _SC_POSIX2_BC_STRING_MAX 40 #define _SC_POSIX2_EQUIV_CLASS_MAX 41 #define _SC_POSIX2_EXPR_NEST_MAX 42 #define _SC_POSIX2_LINE_MAX 43 #define _SC_POSIX2_RE_DUP_MAX 44 #define _SC_PASS_MAX 45 #define _SC_XOPEN_VERSION 46 #define _SC_ATEXIT_MAX 47 #if _XOPEN_SOURCE_EXTENDED==1 #define _SC_PAGE_SIZE 48 #endif /* _XOPEN_SOURCE_EXTENDED */ #define _SC_AES_OS_VERSION 49 #define _SC_COLL_WEIGHTS_MAX 50 #define _SC_2_C_BIND 51 #define _SC_2_C_VERSION 52 #define _SC_2_UPE 53 #define _SC_2_CHAR_TERM 54 #define _SC_XOPEN_SHM 55 #define _SC_XOPEN_CRYPT 56 #define _SC_XOPEN_ENH_I18N 57 #if _XOPEN_SOURCE_EXTENDED==1 #define _SC_PAGESIZE _SC_PAGE_SIZE #define _SC_IOV_MAX 58 #endif /* _XOPEN_SOURCE_EXTENDED */ #define _SC_THREAD_SAFE_FUNCTIONS 59 #define _SC_THREADS 60 #define _SC_THREAD_ATTR_STACKADDR 61 #define _SC_THREAD_ATTR_STACKSIZE 62 #define _SC_THREAD_FORKALL 63 #define _SC_THREAD_PRIORITY_SCHEDULING 64 #define _SC_THREAD_PRIO_INHERIT 65 #define _SC_THREAD_PRIO_PROTECT 66 #define _SC_THREAD_PROCESS_SHARED 67 #define _SC_THREAD_KEYS_MAX 68 #define _SC_THREAD_DATAKEYS_MAX _SC_THREAD_KEYS_MAX #define _SC_THREAD_STACK_MIN 69 #define _SC_THREAD_THREADS_MAX 70 #ifdef _ALL_SOURCE #define _SC_NPROCESSORS_CONF 71 #define _SC_NPROCESSORS_ONLN 72 #endif /* _ALL_SOURCE */ #define _SC_XOPEN_UNIX 73 #if (_XOPEN_SOURCE == 500) /* POSIX 1003.1c and XPG UNIX98 */ /* look to defines above for meanings */ #define _SC_AIO_LISTIO_MAX 75 #define _SC_AIO_MAX 76 #define _SC_AIO_PRIO_DELTA_MAX 77 #define _SC_ASYNCHRONOUS_IO 78 #define _SC_DELAYTIMER_MAX 79 #define _SC_FSYNC 80 #define _SC_GETGR_R_SIZE_MAX 81 #define _SC_GETPW_R_SIZE_MAX 82 #define _SC_LOGIN_NAME_MAX 83 #define _SC_MAPPED_FILES 84 #define _SC_MEMLOCK 85 #define _SC_MEMLOCK_RANGE 86 #define _SC_MEMORY_PROTECTION 87 #define _SC_MESSAGE_PASSING 88 #define _SC_MQ_OPEN_MAX 89 #define _SC_MQ_PRIO_MAX 90 #define _SC_PRIORITIZED_IO 91 #define _SC_PRIORITY_SCHEDULING 92 #define _SC_REALTIME_SIGNALS 93 #define _SC_RTSIG_MAX 94 #define _SC_SEMAPHORES 95 #define _SC_SEM_NSEMS_MAX 96 #define _SC_SEM_VALUE_MAX 97 #define _SC_SHARED_MEMORY_OBJECTS 98 #define _SC_SIGQUEUE_MAX 99 #define _SC_SYNCHRONIZED_IO 100 #define _SC_THREAD_DESTRUCTOR_ITERATIONS 101 #define _SC_TIMERS 102 #define _SC_TIMER_MAX 103 #define _SC_TTY_NAME_MAX 104 #define _SC_XBS5_ILP32_OFF32 105 #define _SC_XBS5_ILP32_OFFBIG 106 #define _SC_XBS5_LP64_OFF64 107 #define _SC_XBS5_LPBIG_OFFBIG 108 #define _SC_XOPEN_XCU_VERSION 109 #define _SC_XOPEN_REALTIME 110 #define _SC_XOPEN_REALTIME_THREADS 111 #define _SC_XOPEN_LEGACY 112 #endif /* _XOPEN_SOURCE == 500 */ #ifdef _ALL_SOURCE #define _SC_REENTRANT_FUNCTIONS _SC_THREAD_SAFE_FUNCTIONS #endif /* _ALL_SOURCE */ #endif /* _POSIX_SOURCE */ #if _XOPEN_SOURCE_EXTENDED==1 #ifdef _LARGE_FILES #define ftruncate ftruncate64 #define truncate truncate64 #endif #ifndef _H_LOCKF #include /* lockf definitions for portability */ #endif #ifdef _NO_PROTO extern int brk(); extern int fchdir(); extern int fchown(); extern int ftruncate(); extern int getdtablesize(); extern long gethostid(); extern int gethostname(); extern int getpagesize(); extern pid_t getpgid(); extern pid_t getsid(); extern char *getwd(); extern int lchown(); extern int readlink(); extern void *sbrk(); extern pid_t setpgrp(); extern int setregid(); extern int setreuid(); extern int symlink(); extern void sync(); extern int truncate(); extern useconds_t ualarm(); extern int usleep(); extern pid_t vfork(); #else extern int brk(void *); extern int fchdir(int); extern int fchown(int, uid_t, gid_t); extern int ftruncate(int, off_t); #ifdef _LARGE_FILE_API extern int ftruncate64(int, off64_t); #endif extern int getdtablesize(void); extern int gethostname(char *, size_t); extern long gethostid(void); extern int getpagesize(void); extern pid_t getpgid(pid_t); extern pid_t getsid(pid_t); extern char *getwd(char *); extern int lchown(const char *, uid_t, gid_t); extern int readlink(const char *, char *, size_t); #if (_XOPEN_SOURCE == 500) || defined(__64BIT__) extern void *sbrk(intptr_t); #else extern void *sbrk(int); #endif #ifndef _BSD extern pid_t setpgrp(void); #endif /* _BSD */ extern int setregid(gid_t, gid_t); extern int setreuid(uid_t, uid_t); extern int symlink(const char *, const char *); extern void sync(void); extern int truncate(const char *, off_t); #ifdef _LARGE_FILE_API extern int truncate64(const char *, off64_t); #endif extern useconds_t ualarm(useconds_t, useconds_t); extern int usleep(useconds_t); extern pid_t vfork(void); #if _XOPEN_SOURCE==500 extern int getlogin_r(char *, size_t); extern int ttyname_r(int, char *, size_t); #ifdef _LARGE_FILES #define pread pread64 #define pwrite pwrite64 #endif /* _LARGE_FILES */ extern ssize_t pread(int, void *, size_t, off_t); extern ssize_t pwrite(int, const void *, size_t, off_t); #ifdef _LARGE_FILE_API extern ssize_t pread64(int, void *, size_t, off64_t); extern ssize_t pwrite64(int, const void *, size_t, off64_t); #endif /* _LARGE_FILE_API */ #endif /* _XOPEN_SOURCE==500 */ #endif /* _NO_PROTO */ #endif /* _XOPEN_SOURCE_EXTENDED */ #ifdef _ALL_SOURCE extern char **environ; #ifndef _KERNEL extern pid_t f_fork(); #endif /* _KERNEL */ #ifdef _NO_PROTO extern int ioctl(); #ifdef __64BIT__ extern int ioctlx(); extern int ioctl32(); extern int ioctl32x(); #endif /* __64BIT__ */ extern int readx(); extern int setgroups(); extern int writex(); extern offset_t llseek(); #else #ifndef _BSD extern int ioctl(int, int, ...); #endif /* _BSD */ #ifdef __64BIT__ extern int ioctlx(int, int, void *, long); extern int ioctl32(int, int, ...); extern int ioctl32x(int, int, unsigned int, unsigned int); #endif /* __64BIT__ */ extern int setgroups(int, gid_t []); #ifndef _KERNEL extern int readx(int, char*, unsigned, long); extern int writex(int, char*, unsigned, long); #ifdef _LARGE_FILES #define fclear fclear64 #define fsync_range fsync_range64 #endif extern off_t fclear(int, off_t); extern int fsync_range(int, int, off_t, off_t); #ifdef _LARGE_FILE_API extern off64_t fclear64(int, off64_t); extern int fsync_range64(int, int, off64_t, off64_t); #endif extern offset_t llseek(int, offset_t, int); extern int fdatasync(int); extern int finfo(const char *, int, void *, int32long64_t); extern int ffinfo(int, int, void *, int32long64_t); #endif /* ndef _KERNEL */ #endif /* _NO_PROTO */ #define _AES_OS_VERSION 1 /* OSF, AES version */ #endif /* _ALL_SOURCE */ #ifdef __cplusplus } #endif #endif /* _H_UNISTD */ From mgeddes at xavier.sa.edu.au Wed Mar 29 23:11:28 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:11 2003 Subject: Looking for a WORKING version .... References: <200003290927.LAA13697@prag.fluent.de> Message-ID: <38E28DA0.97442A42@xavier.sa.edu.au> Juergen Bock wrote: > > Hi everybody, > > I'm getting desparate here. All I'm looking for is a PDC that allows > me Domain Logins, Password setting from NTSP5 and connecting > to remote machines as admin (ie. c$). Don't need user manager > and such. Yesterday's CVS from about midday works like a bought one. I am running it on a RedHat 6.0 box and managed to get NTSP5 to join the domain using the NT Clicky boxy thing. I can run User Damager for Domains and actually managed to create a user. The logins are a litle slow, but it looks like it might be a NetBIOS name resolution thing (in my case anyway). > Can anybody tell me if there is something out there that has all the > features needed and what platform it runs? Has anybody used > 2.0.x successfully for remote connects? > Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From lkcl at samba.org Thu Mar 30 00:10:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:11 2003 Subject: TNG "no locking available" error, HP/UX In-Reply-To: <38E25BC9.91826100@loudcloud.com> Message-ID: ok, well you have to, because some of the tests (e.g. setuid tests) will fail, as non-root. oh, and yes: you always have to run the configure script on a local file system :) On Wed, 29 Mar 2000, Paul Kennedy wrote: > > > Luke Kenneth Casson Leighton wrote: > > > paul, > > > > please can you try compiling cvs main as well, and see if that works. i > > just updated the configure script from cvs main, and i may have got things > > wrong. > > > > you _are_ doing the ./configure as root, yes? > > Er, no I'm not. I never have built as root in the past. > > I think I know what the problem was. I pulled into a fresh workarea in > /usr/samba-tng and ran ./configure to successful completion. I normally like > to consolidate my cvs workareas beneath my home-directory (e.g. > /h/paul/projects/samba-tng). Looks like the ./configure step is failing > because this directory is NFS rather than local. > > Pk. > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From GLeblanc at cu-portland.edu Thu Mar 30 00:19:35 2000 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:29:11 2003 Subject: TNG "no locking available" error, HP/UX Message-ID: > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Wednesday, March 29, 2000 4:13 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: TNG "no locking available" error, HP/UX > > > ok, well you have to, because some of the tests (e.g. setuid > tests) will > fail, as non-root. Well, ok, that makes sense, kinda. But it's still "unsafe" to compile programs as root (not that it stops me). > > oh, and yes: you always have to run the configure script on a > local file > system :) ok, this one is just evil, and broken, I think. I run one tiny network from a single server, the workstations don't really have much locally... Basically just config files, everything is stored on the server, and homedirectories are all on that server. Solaris comes set up with sort of non-local home directories by default. What's up wif dat local restriction? Greg From mgeddes at xavier.sa.edu.au Thu Mar 30 01:57:01 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:11 2003 Subject: samsync problem References: <10854.000329@od.uz.gov.ua> Message-ID: <38E2B46D.AD028EA9@xavier.sa.edu.au> Michael Musikhin wrote: > > Hello. > > PDC (WinNT 4.0, SP 6) and BDC (linux 2.2.13, with two > ethernet interfaces). With rpcclient i have following dialogue: > > $ ./rpcclient -S PDC -U admin%pass -W DOMAIN > [DOMAIN\admin@PDC]$ lsaquery > lsaquery > LSA Query Info Policy > Domain Member - Domain: DOMAIN SID: some-sid-xxxx > Domain Controller - Domain: DOMAIN SID: some-sid-xxxx > [DOMAIN\admin@PDC]$ createuser BDC$ -s -j > createuser BDC$ -s -j > BDC$: option requires an argument -- j Here lies a problem. You need to specify a domain if you use the -j option. I think you'll find it hasn't joined the domain (or if you have, you've joined the BUILTIN domain on the BDC). Maybe I'm wrong..... > I tried tng-alpha 1.3 and 1.4 with same result. What i do wrong ? > Please, help. -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From lkcl at samba.org Thu Mar 30 01:59:40 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:11 2003 Subject: TNG "no locking available" error, HP/UX Message-ID: hi gregory, regarding the requirement to run ./configure on a local filesystem, to check locking, that's just the way it is. it's that way in cvs main, it's that way in 2_0. this makes it clear that you cannot expect to run samba off of a non-local file system, for example putting var/locks/ or private/ on a non-local file system, i'm sorry: that is just a really dumb thing to do. have samba accessing private/smbpasswd over nfs??? apart from the security implications, it will also result in inconsistencies in the smbpasswd file because locking over nfs may not work correctly. i've seen it happen... :) now, as for installing the binaries on a non-root file system, that's different. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Mar 30 05:28:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:11 2003 Subject: samba-tng-alpha-1.5.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha and mirror sites. stupid bug in 1.4, making it inoperable. sorry, folks. starting a merge of cvs main, nmbd has been done, now the configure script. the configure script you may find that certain functionality doesn't work (e.g lonnie borntreger reported that -DWITH_PAM should now be -DHAVE_PAM). please report anything you find with full details (OS version, compiler version, smb.conf file, log files if relevant, stack trace with full debugging enabled if relevant etc). thanks! luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From nazard at dragoninc.on.ca Thu Mar 30 05:42:41 2000 From: nazard at dragoninc.on.ca (nazard@dragoninc.on.ca) Date: Tue Dec 2 02:29:11 2003 Subject: TNG "no locking available" error, HP/UX In-Reply-To: Message-ID: <20000330054315Z12879413-9818+3504@samba.org> On 30 Mar, Luke Kenneth Casson Leighton wrote: > hi gregory, > > regarding the requirement to run ./configure on a local filesystem, to > check locking, that's just the way it is. it's that way in cvs main, it's > that way in 2_0. > > this makes it clear that you cannot expect to run samba off of a non-local > file system, for example putting var/locks/ or private/ on a non-local > file system, i'm sorry: that is just a really dumb thing to do. > > have samba accessing private/smbpasswd over nfs??? > > apart from the security implications, it will also result in > inconsistencies in the smbpasswd file because locking over nfs may not > work correctly. > > i've seen it happen... :) > > now, as for installing the binaries on a non-root file system, that's > different. That's just silly. The whole point of the test is to determine if the system supports a functional locking system. The filesystem you are compiling on (even the machine) has no bearing on where the software is actually installed/run. At minimum there should be a configure option on where to run the tests. Some people do have fully functional NFS locking. If they want to share some files over NFS that's fine. Of course some of us use LDAP which is even more insecure (all information in plaintext, including bind password). If there are security concerns, they need to be documented because they extend beyond the compilation stage. If someone wants a spare project, they should write a util to look for potential security issues in an installation. Some common protocol issues are solved simply by having a secured network. Of course, everyone's needs differ :-) -- Doug Nazar Dragon Computer Consultants Inc. Tel: (416) 708-1578 Fax: (416) 708-8081 From lkcl at samba.org Thu Mar 30 05:51:52 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:11 2003 Subject: TNG "no locking available" error, HP/UX In-Reply-To: <20000330054330Z12879962-9818+3505@samba.org> Message-ID: hi doug, good to hear from you again. On Thu, 30 Mar 2000 nazard@dragoninc.on.ca wrote: > On 30 Mar, Luke Kenneth Casson Leighton wrote: > > hi gregory, > > > > regarding the requirement to run ./configure on a local filesystem, to > > check locking, that's just the way it is. it's that way in cvs main, it's > > that way in 2_0. > > > > this makes it clear that you cannot expect to run samba off of a non-local > > file system, for example putting var/locks/ or private/ on a non-local > > file system, i'm sorry: that is just a really dumb thing to do. > That's just silly. The whole point of the test is to determine if the > system supports a functional locking system. The filesystem you are > compiling on (even the machine) has no bearing on where the software is > actually installed/run. At minimum there should be a configure option > on where to run the tests. somebody send us a patch (samba-patches@samba.org)! > Some people do have fully functional NFS locking. If they want to share under those circumstances, the configure test will succeed and samba will be happy, and off it goes. i just had a quick word with andrew: apparently we used to put up a warning, which used to be ignored, and people got data corruption as a result. so we terminate, now. From mgeddes at xavier.sa.edu.au Thu Mar 30 06:08:43 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:11 2003 Subject: domain alias map, etc Message-ID: <38E2EF6B.FB411471@xavier.sa.edu.au> Hi, Just a quick query for anyone who knows. Are the 'domain alias map', 'domain group map' and local group map options needed for all TNG machines in a domain? Whether they be PDC, BDC Member server or Workstation? If so, would the GID have to be the same across the board, or the group name? Must root be Administrator? I have my hunches about some of the answers, but can anyone tell me for sure? Thanks in advance, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From nazard at dragoninc.on.ca Thu Mar 30 06:03:11 2000 From: nazard at dragoninc.on.ca (nazard@dragoninc.on.ca) Date: Tue Dec 2 02:29:11 2003 Subject: TNG "no locking available" error, HP/UX In-Reply-To: Message-ID: <20000330060350Z13078268-3940+3425@samba.org> On 30 Mar, Luke Kenneth Casson Leighton wrote: > hi doug, good to hear from you again. yeah, the samba list has been spotty and I haven't been paying attention too much > somebody send us a patch (samba-patches@samba.org)! if I get some time.... >> Some people do have fully functional NFS locking. If they want to share > > under those circumstances, the configure test will succeed and samba will > be happy, and off it goes. > > i just had a quick word with andrew: apparently we used to put up a > warning, which used to be ignored, and people got data corruption as a > result. > > so we terminate, now. But this should be a runtime test. This isn't going to help joe user who installs an RPM, and points it to /nfs_share. I also seem to remember something about an OS which when doing locking of NFS, only locked the file locally. It'll pass the test, but fail the run . Got to love the computer industry. -- Doug Nazar Dragon Computer Consultants Inc. Tel: (416) 708-1578 Fax: (416) 708-8081 From Christian.Duclou at eeigm.inpl-nancy.fr Thu Mar 30 06:52:28 2000 From: Christian.Duclou at eeigm.inpl-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:29:11 2003 Subject: Samba vs. LDAP References: Message-ID: <38E2F9AC.A8CB785D@eeigm.inpl-nancy.fr> Have you read Ignacio's LDAP FAQ? http://www.unav.es/cti/ldap-smb-howto.html C.D. F. Ross Lord wrote: > I know this isn't specific to PDC or TNG, but I am looking at integrating > LDAP with SMB, NT, and any other TLA's I can think of. If anyone has any > good resources on this, please forward. > > Thanks for your time. > > -- frl -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: (33) 383.36.83.27 - Fax: (33) 383.36.83.36 _______________ http://eeigm.inpl-nancy.fr _____________ From hirm at chariot.net.au Thu Mar 30 09:56:39 2000 From: hirm at chariot.net.au (MWP) Date: Tue Dec 2 02:29:11 2003 Subject: TNG alpha1.5 problems.... Message-ID: <00aa01bf9a2e$3eec2620$0201a8c0@comp> Hi all... Just got and compiled tng-alpha1.5 on a RH6.0 box. When i try and browse the samba servers shares i get the error "ERROR: setgroups call failed!" in "log.lsarpc" and Win98 says the samba server is not accessible. I tried running "lsarpcd -d 10" but it didnt reveal any more information on the problem (that i could see). Any ideas on a fix? Thanks, MWP From Hans-Peter.Raschke at gmx.de Thu Mar 30 07:05:53 2000 From: Hans-Peter.Raschke at gmx.de (Hans-Peter Raschke) Date: Tue Dec 2 02:29:11 2003 Subject: samsync problem References: <10854.000329@od.uz.gov.ua> Message-ID: <00033009094700.14537@qmpc2> Am Mit, 29 Mär 2000 schrieben Sie: > Hello. > > PDC (WinNT 4.0, SP 6) and BDC (linux 2.2.13, with two > ethernet interfaces). With rpcclient i have following dialogue: > > $ ./rpcclient -S PDC -U admin%pass -W DOMAIN > [DOMAIN\admin@PDC]$ lsaquery > lsaquery > LSA Query Info Policy > Domain Member - Domain: DOMAIN SID: some-sid-xxxx > Domain Controller - Domain: DOMAIN SID: some-sid-xxxx > [DOMAIN\admin@PDC]$ createuser BDC$ -s -j > createuser BDC$ -s -j > BDC$: option requires an argument -- j You didn't join the domain. In newer versions of TNG the option -j has an argument: the domain name. So your command should look like createuser BDC$ -s -j DOMAIN > ... > Michael mailto:desert@od.uz.gov.ua HP ----------------------------------------------------------- Hans-Peter Raschke E-Mail: Hans-Peter.Raschke@gmx.de Wintermann DatenService Tel.: ++49 441 9304064 Langenweg 16 Fax: ++49 441 9304069 D-26125 Oldenburg From desert at od.uz.gov.ua Thu Mar 30 13:10:31 2000 From: desert at od.uz.gov.ua (Michael Musikhin) Date: Tue Dec 2 02:29:11 2003 Subject: samsync problem Message-ID: <2632.000330@od.uz.gov.ua> Thursday, March 30, 2000, 12:50:15 PM, you wrote: >> PDC (WinNT 4.0, SP 6) and BDC (linux 2.2.13, with two >> ethernet interfaces). With rpcclient i have following dialogue: >> >> $ ./rpcclient -S PDC -U admin%pass -W DOMAIN >> [DOMAIN\admin@PDC]$ lsaquery >> lsaquery >> LSA Query Info Policy >> Domain Member - Domain: DOMAIN SID: some-sid-xxxx >> Domain Controller - Domain: DOMAIN SID: some-sid-xxxx >> [DOMAIN\admin@PDC]$ createuser BDC$ -s -j >> createuser BDC$ -s -j >> BDC$: option requires an argument -- j HPR> You didn't join the domain. In newer versions of TNG the option -j has an HPR> argument: the domain name. So your command should look like HPR> createuser BDC$ -s -j DOMAIN failed again... can't set $MACHINE.ACC: [DOMAIN\admin@PDC]$ createuser BDC$ -s -j DOMAIN createuser BDC$ -s -j DOMAIN SAM Create Domain User Domain: DOMAIN Name: bdc$ ACB: [S ] socket connect to /tmp/.smb.0/agent failed: Connection refused error connecting to 10.4.100.2:445 (Connection refused) Create Domain User: OK Join BDC to Domain DOMAIN LSA_OPENSECRET: LSA_OPENSECRET: Set $MACHINE.ACC: FAILED this was samba-tng-alpha 1.3 where is my mistake ? help me, please. Michael mailto:desert@od.uz.gov.ua From bruce_vrieling at hotmail.com Thu Mar 30 13:43:05 2000 From: bruce_vrieling at hotmail.com (Bruce Vrieling) Date: Tue Dec 2 02:29:11 2003 Subject: NT network, without a domain? Message-ID: <20000330134305.4583.qmail@hotmail.com> Hi, I currently have a network consisting of Windows 95 clients and A Linux server running Samba 2.0.5a. We force users to log into Win95 with their Linux usernames and passwords, and we run a login script from the server which maps all their drives and printers. Pretty standard setup, and it works great. I want to migrate this to NT (NT clients, Samba server). However, I am a little uncomfortable with the work (setup and ongoing admin) involved in creating a domain. I don't want to have to worry about a smbpasswd file, and creating domain entries for machines, etc. (I do not use encrypted passwords). I'm wondering (and perhaps this is a stupid question): Can I setup an NT network to mimic my 'domainless' Win95 setup? Ie. cause authentication to occur against the Linux server, and run a login script, but do NOT create a domain. My needs are simple, and it seems a domain is overkill. Is this possible? Or is using a domain simply 'the way it needs to be done' with NT? Your input, with smb.conf suggestions, would be appreciated. Thanks. ...Bruce P.S. If I DO have to make use of a domain, which is the 'best' Samba code to use for such a project? 2.0.6/7, a TNG snapshot, or a HEAD snapshot? ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From mbreuer at siac.com Thu Mar 30 14:03:25 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:11 2003 Subject: TNG 1.5: Compile error... Message-ID: <38E35EAC.EE013ECB@siac.com> smbwrapper/smbw.c: 431 - missing closing paren.& semicolon. smbwrapper/smbw.c: 476 - too many arguments in function call. From mbreuer at siac.com Thu Mar 30 14:16:31 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:11 2003 Subject: TNG 1.5: panic & other issues... Message-ID: <38E361BC.4ED99BF2@siac.com> Irix 6.5.7/Mips R10K... 1) When attempting to join a W2K workstation to the domain: w2k reports: "The specified network name is no longer available." In the debugger... rpc_pipe_bind called with \\PIPE\samr 2) rpcclient enumu --> panic: assert failed at rpc_client/cli_pipe.c(1011) ... also reported: socket connect to /tmp/.msrpc/.samr/agent failed: no such file or directory From tom at ee.ucl.ac.uk Thu Mar 30 14:18:26 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:11 2003 Subject: Samba-TNG cvs 1500 BST 30/3/00 Message-ID: <200003301418.PAA09192@picard.ee.ucl.ac.uk> Hello, Sparc 64 Solaris 2.7 gcc 2.8.1 samba-TNG cvs 1400 BST smbclient doesn't link because libreadline requires libcurses. I assume this is an autoconf thing. I added -lcureses to the LIBS line. Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From dqpr10 at canal-plus.fr Thu Mar 30 15:33:58 2000 From: dqpr10 at canal-plus.fr (dqpr10@canal-plus.fr) Date: Tue Dec 2 02:29:11 2003 Subject: Is Samba 2.0.6 NTLMV2 comaptible ? Message-ID: <38E373E6.C9C51FB0@canal-plus.fr> I was wondering if Samba 2.0.6 understands the NTLMV2 encryption that ships with NT4SP4 and later (if enabled) ? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =- Benoit Boudeville | CANAL+ Technologies -= -= Computer System Engineer | 34, place Raoul Dautry =- =- mailto:bboudev@canal-plus.fr | 75516 Paris Cedex 15 -= -= Tel: 01.71.71.55.83 | Fax: 01.71.71.55.77 =- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -------------- next part -------------- A non-text attachment was scrubbed... Name: bboudevi.vcf Type: text/x-vcard Size: 324 bytes Desc: Carte pour Benoit Boudeville - Admin Système Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000330/cadc67dc/bboudevi.vcf From mmbrich at ductamerica.com Thu Mar 30 16:47:16 2000 From: mmbrich at ductamerica.com (Matthew Brichacek) Date: Tue Dec 2 02:29:11 2003 Subject: two samba servers In-Reply-To: <004a01bf9a2b$67fbf520$0302a8c0@SAMBA> References: <00032913225500.05410@comp03.binary.net> <004a01bf9a2b$67fbf520$0302a8c0@SAMBA> Message-ID: <00033010522800.10836@comp03.binary.net> ok someone asked me to send my config. the first one is the TNG version and the second one is the 2.0.6 version, i renamed the 2.0.6 dameons to smbd2 and nmbd2, still have the same problems i mentioned before. Thanks Matthew Smb.conf - TNG [global] wins proxy = Yes bind interfaces only = Yes domain master = Yes interfaces = 216.229.xx.xxx/255.255.255.248 preserve case = yes dos filetimes = Yes dos filetime resolution = Yes domain logons = yes encrypt passwords = yes follow symlinks = No server string = Linux DA Server lm announce = True smb passwd file = /usr/local/samba/private/smbpasswd workgroup = DUCTAMERICA update encrypted = Yes comment = Linux ;logon script = %U.bat unix password sync = Yes netbios name = COMP03 socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 60 case sensitive = no security = user short preserve case = yes os level = 200 admin users = matthew, mmbrich, matt name resolve order = lmhosts, host, wins, bcast, lock directory = /usr/local/samba/locks wins support = true username map = /dsk/user.map [Netlogon] comment = Samba Network Logon Services path = /home/netlogon locking = No case sensitive = no smb.conf - 2.0.6 {global) wins proxy = no bind interfaces only = Yes domain master = Yes interfaces = 216.229.12.163/255.255.255.248 password server = comp03 encrypt passwords = yes follow symlinks = No printing = bsd server string = Linux DA Server lm announce = True workgroup = DUCTAMERICA comment = Linux netbios name = Linux socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 60 case sensitive = no security = user short preserve case = yes os level = 0 locking = no [homes] writable = yes comment = This is your personal home directory browseable = no [public] comment = Schedule Information path = /home/shared read only = no [FTPpub] comment = FTP Server Map path = /home/ftp read only = no [Deskjet] comment = Hewlet Packard 610 CL path = /var/spool/lpd/lp writeable = no printable = yes ok tell me if this is all wrong, i set it up as best i could. i figured that this should work. Matthew From jeremy at AXISTANGENT.NET Thu Mar 30 17:06:08 2000 From: jeremy at AXISTANGENT.NET (Jeremy M. Dolan) Date: Tue Dec 2 02:29:11 2003 Subject: SWAT authentication on non-PAM system Message-ID: <00b001bf9a6a$3e1c0da0$0b4de9d8@axistangent.net> I have a Slackware 7.0 system, which uses MD5 shadowed passwords and no PAM. SWAT will not authenticate me. configure doesn't seem to have an option for MD5, when I compile sshd (from openssh.com) I need to specify --with-md5-passwords to configure. I don't see any option for this in Samba/SWAT. I hope I can figure out how to set up a simple PDC for 3 workstations with samba TNG, or this machine is lost to NT Server, we need a domain by the end of the week... =( -- Jeremy M. Dolan From mmbrich at ductamerica.com Thu Mar 30 17:14:20 2000 From: mmbrich at ductamerica.com (Matthew Brichacek) Date: Tue Dec 2 02:29:11 2003 Subject: TNG-1.0.5 Problems Message-ID: <00033011253001.10836@comp03.binary.net> Hello I was just installing the new TNG 1.0.5 and after i installed and cleaned the logs i started the dameons and was unable to access the shares on win98. The computer showed up in Network Neighborhood but i would get a \\comp03 not accessable - this device does not exist on the network. Logs and config as follows Log.lsarpc [2000/03/30 11:13:00, 1] msrpc/msrpcd.c:main(459) lsarpcd version TNG-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/03/30 11:13:00, 1] param/params.c:Parameter(342) params.c:Parameter() - Ignoring badly formed line in configuration file: /var/log/sambamsg; cat %s >> /var/log/sambamsg; rm %s! & create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/lsarpc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/lsarpc failed ERROR: setgroups call failed! ERROR: setgroups call failed! ERROR: setgroups call failed! ERROR: setgroups call failed! ERROR: setgroups call failed! ERROR: setgroups call failed! ERROR: setgroups call failed! ERROR: setgroups call failed! ERROR: setgroups call failed! ERROR: setgroups call failed! log.net [2000/03/30 11:18:42, 0] lib/charset.c:load_client_codepage(215) load_client_codepage: filename /usr/local/samba/lib/codepages/codepage.000 does not exist. log.netlogon [2000/03/30 11:13:01, 1] msrpc/msrpcd.c:main(459) netlogond version TNG-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/03/30 11:13:01, 1] param/params.c:Parameter(342) params.c:Parameter() - Ignoring badly formed line in configuration file: /var/log/sambamsg; cat %s >> /var/log/sambamsg; rm %s! & create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/netlogon perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/netlogon failed log.nmbd [2000/03/30 11:13:00, 1] nmbd/nmbd.c:main(760) Netbios nameserver version TNG-prealpha started. Copyright Andrew Tridgell 1994-1998 [2000/03/30 11:13:00, 1] param/params.c:Parameter(342) params.c:Parameter() - Ignoring badly formed line in configuration file: /var/log/sambamsg; cat %s >> /var/log/sambamsg; rm %s! & started asyncdns process 14785 Packet send failed to 198.172.10.255(137) ERRNO=Invalid argument send_netbios_packet: send_packet() to IP 198.172.10.255 port 137 failed register_name: Failed to send packet trying to register name COMP03<20> Packet send failed to 198.172.10.255(137) ERRNO=Invalid argument send_netbios_packet: send_packet() to IP 198.172.10.255 port 137 failed register_name: Failed to send packet trying to register name COMP03<03> Packet send failed to 198.172.10.255(137) ERRNO=Invalid argument send_netbios_packet: send_packet() to IP 198.172.10.255 port 137 failed register_name: Failed to send packet trying to register name COMP03<00> Packet send failed to 198.172.10.255(137) ERRNO=Invalid argument send_netbios_packet: send_packet() to IP 198.172.10.255 port 137 failed register_name: Failed to send packet trying to register name DUCTAMERICA<00> Packet send failed to 198.172.10.255(137) ERRNO=Invalid argument send_netbios_packet: send_packet() to IP 198.172.10.255 port 137 failed register_name: Failed to send packet trying to register name DUCTAMERICA<1e> Packet send failed to 198.172.10.255(138) ERRNO=Invalid argument add_domain_logon_names: Attempting to become logon server for workgroup DUCTAMERICA on subnet 216.229.12.163 add_domain_logon_names: Attempting to become logon server for workgroup DUCTAMERICA on subnet 198.172.10.113 Packet send failed to 198.172.10.255(137) ERRNO=Invalid argument send_netbios_packet: send_packet() to IP 198.172.10.255 port 137 failed register_name: Failed to send packet trying to register name DUCTAMERICA<1c> add_domain_logon_names: Attempting to become logon server for workgroup DUCTAMERICA on subnet 127.0.0.1 add_domain_logon_names: Attempting to become logon server for workgroup DUCTAMERICA on subnet UNICAST_SUBNET become_domain_master_browser_wins: Attempting to become domain master browser on workgroup DUCTAMERICA, subnet UNICAST_SUBNET. become_domain_master_browser_wins: querying WINS server at IP 127.0.0.1 for domain master browser name DUCTAMERICA<1b> on workgroup DUCTAMERICA become_logon_server_success: Samba is now a logon server for workgroup DUCTAMERICA on subnet UNICAST_SUBNET ***** Samba server COMP03 is now a domain master browser for workgroup DUCTAMERICA on subnet UNICAST_SUBNET ***** become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup DUCTAMERICA on subnet 216.229.12.163 become_domain_master_browser_bcast: querying subnet 216.229.12.163 for domain master browser on workgroup DUCTAMERICA become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup DUCTAMERICA on subnet 198.172.10.113 become_domain_master_browser_bcast: querying subnet 198.172.10.113 for domain master browser on workgroup DUCTAMERICA become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup DUCTAMERICA on subnet 127.0.0.1 become_domain_master_browser_bcast: querying subnet 127.0.0.1 for domain master browser on workgroup DUCTAMERICA become_logon_server_success: Samba is now a logon server for workgroup DUCTAMERICA on subnet 216.229.12.163 Packet send failed to 198.172.10.255(137) ERRNO=Invalid argument send_netbios_packet: send_packet() to IP 198.172.10.255 port 137 failed register_name: Failed to send packet trying to register name DUCTAMERICA<1b> become_logon_server_success: Samba is now a logon server for workgroup DUCTAMERICA on subnet 127.0.0.1 ***** Samba server COMP03 is now a domain master browser for workgroup DUCTAMERICA on subnet 216.229.12.163 ***** ***** Samba server COMP03 is now a domain master browser for workgroup DUCTAMERICA on subnet 127.0.0.1 ***** ***** Samba name server COMP03 is now a local master browser for workgroup DUCTAMERICA on subnet 216.229.12.163 ***** ***** Samba name server COMP03 is now a local master browser for workgroup DUCTAMERICA on subnet 127.0.0.1 ***** Packet send failed to 198.172.10.255(138) ERRNO=Invalid argument Packet send failed to 198.172.10.255(138) ERRNO=Invalid argument Packet send failed to 198.172.10.255(138) ERRNO=Invalid argument log.regedit empty log.samedit empty log.samr [2000/03/30 11:13:01, 1] msrpc/msrpcd.c:main(459) samrd version TNG-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/03/30 11:13:01, 1] param/params.c:Parameter(342) params.c:Parameter() - Ignoring badly formed line in configuration file: /var/log/sambamsg; cat %s >> /var/log/sambamsg; rm %s! & create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/samr perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/samr failed log.smb [2000/03/30 11:13:00, 1] smbd/server.c:main(630) smbd version TNG-prealpha started. Copyright Andrew Tridgell 1992-1998 [2000/03/30 11:13:00, 1] param/params.c:Parameter(342) params.c:Parameter() - Ignoring badly formed line in configuration file: /var/log/sambamsg; cat %s >> /var/log/sambamsg; rm %s! & file_init: Information only: requested 10000 open files, 1014 are available. No DFS map, Samba is running in NON DFS mode socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed authorise_login: TODO. split function, it's 6 levels! socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed log.srvsvc [2000/03/30 11:13:01, 1] msrpc/msrpcd.c:main(459) srvsvcd version TNG-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/03/30 11:13:01, 1] param/params.c:Parameter(342) params.c:Parameter() - Ignoring badly formed line in configuration file: /var/log/sambamsg; cat %s >> /var/log/sambamsg; rm %s! & create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/srvsvc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/srvsvc failed log.winreg [2000/03/30 11:13:02, 1] msrpc/msrpcd.c:main(459) winregd version TNG-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/03/30 11:13:02, 1] param/params.c:Parameter(342) params.c:Parameter() - Ignoring badly formed line in configuration file: /var/log/sambamsg; cat %s >> /var/log/sambamsg; rm %s! & create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/winreg perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/winreg failed log.wkssvc [2000/03/30 11:13:01, 1] msrpc/msrpcd.c:main(459) wkssvcd version TNG-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/03/30 11:13:01, 1] param/params.c:Parameter(342) params.c:Parameter() - Ignoring badly formed line in configuration file: /var/log/sambamsg; cat %s >> /var/log/sambamsg; rm %s! & create_pipe_socket: /usr/local/samba/var/locks/.msrpc perms=448 /usr/local/samba/var/locks/.msrpc/wkssvc perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /usr/local/samba/var/locks/.msrpc/wkssvc failed smb.conf [global] wins proxy = Yes bind interfaces only = Yes domain master = Yes interfaces = 216.229.xx.xxx/255.255.255.248 198.172.10.113/255.255.255.0 127.0.0.1/255.0.0.0 preserve case = yes dos filetimes = Yes dos filetime resolution = Yes domain logons = yes encrypt passwords = yes follow symlinks = No printing = bsd server string = Linux DA Server lm announce = True smb passwd file = /usr/local/samba/private/smbpasswd workgroup = DUCTAMERICA update encrypted = Yes comment = Linux ;logon script = %U.bat unix password sync = Yes netbios name = COMP03 socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 60 case sensitive = no security = user short preserve case = yes os level = 200 name resolve order = lmhosts, host, wins, bcast, lock directory = /usr/local/samba/locks wins support = true username map = /dsk/user.map [Netlogon] comment = Samba Network Logon Services path = /home/netlogon locking = No case sensitive = no [homes] writable = yes comment = This is your personal home directory browseable = no [public] comment = Schedule Information path = /home/shared read only = no [FTPpub] comment = FTP Server Map path = /home/ftp read only = no guest ok = yes public = yes browseable = yes [Deskjet] comment = Hewlet Packard 610 CL path = /var/spool/lpd/lp writeable = no printable = yes let me know if this helps.. it's on a Mandrake 6.1 machine and TNG 1.0.3 was working great. Thanks Matthew From tom at ee.ucl.ac.uk Thu Mar 30 17:53:35 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:11 2003 Subject: TNG-1.0.5 Problems Message-ID: <200003301753.SAA20747@picard.ee.ucl.ac.uk> Hello, samba-TNG cvs 18:50 BST 30/3/00 Solaris 2.7 gcc 2.8.1 rpcclient fails with the same error as you Matthew: script: ./rpcclient -S . -U root -l log Enter Password: [root@.]$ createuser asterix$ createuser asterix$ Abort (core dumped) Log: doing parameter logon script = %a.exe doing parameter logon drive = m: doing parameter logon home = \\sonic\homes doing parameter logon path = \\sonic\profile\%username% doing parameter domain logons = Yes doing parameter domain group map = /opt/samba-TNG/maps/domaingroup.map doing parameter os level = 65 doing parameter preferred master = Yes doing parameter domain master = Yes doing parameter local master = yes doing parameter wins support = Yes doing parameter hosts allow = @hosts_smb_test doing parameter mangling char = ^ doing parameter wide links = No [2000/03/30 18:17:51, 3] param/loadparm.c:lp_load(2834) pm_process() returned Yes [2000/03/30 18:17:51, 7] param/loadparm.c:lp_servicenumber(2926) lp_servicenumber: couldn't find homes added interface ip=128.40.38.34 bcast=128.40.255.255 nmask=255.255.0.0 cmd_set: options: fffffeaf set_user_password: read 2000/03/30 18:17:53 client started (version TNG-prealpha) cli_connection_init_auth: \\. \PIPE\samr copy_nt_creds: null creds ncalrpc_l_use_add ncalrpc_l_find: samr [24901,0] root is in 11 groups: 1, 0, 2, 3, 4, 5, 6, 7, 8, 9, 12 uid 0 registered to name root Clearing default real name uid 0 vuid 100 registered to unix name root vuid_init_db: opened storing user 6145,64 000000 vuid_io_key key 0000 pid : 00006145 0004 vuid: 0064 000000 vuid_io_user_struct usr 0000 uid: 00000000 0004 gid: 00000001 0008 name: root 0010 requested_name: root 0018 real_name: 0024 guest: 00000000 0028 n_groups: 0000000b 002c : 00000001 0030 : 00000000 0034 : 00000002 0038 : 00000003 003c : 00000004 0040 : 00000005 0044 : 00000006 0048 : 00000007 004c : 00000008 0050 : 00000009 0054 : 0000000c 000058 net_io_user_info3 usr 000058 smb_io_time logon_time 0058 low : 00000000 005c high: 00000000 000060 smb_io_time logoff_time 0060 low : 00000000 0064 high: 00000000 000068 smb_io_time kickoff_time 0068 low : 00000000 006c high: 00000000 000070 smb_io_time pass_last_set_time 0070 low : 00000000 0074 high: 00000000 000078 smb_io_time pass_can_change_time 0078 low : 00000000 007c high: 00000000 000080 smb_io_time pass_must_change_time 0080 low : 00000000 0084 high: 00000000 000088 smb_io_unihdr hdr_user_name 0088 uni_str_len: 0000 008a uni_max_len: 0000 008c buffer : 00000000 000090 smb_io_unihdr hdr_full_name 0090 uni_str_len: 0000 0092 uni_max_len: 0000 0094 buffer : 00000000 000098 smb_io_unihdr hdr_logon_script 0098 uni_str_len: 0000 009a uni_max_len: 0000 009c buffer : 00000000 0000a0 smb_io_unihdr hdr_profile_path 00a0 uni_str_len: 0000 00a2 uni_max_len: 0000 00a4 buffer : 00000000 0000a8 smb_io_unihdr hdr_home_dir 00a8 uni_str_len: 0000 00aa uni_max_len: 0000 00ac buffer : 00000000 0000b0 smb_io_unihdr hdr_dir_drive 00b0 uni_str_len: 0000 00b2 uni_max_len: 0000 00b4 buffer : 00000000 00b8 logon_count : 0000 00ba bad_pw_count : 0000 00bc user_id : 00000000 00c0 group_id : 00000000 00c4 num_groups : 00000000 00c8 buffer_groups : 00000000 00cc user_flgs : 00000000 00d0 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000e0 smb_io_unihdr hdr_logon_srv 00e0 uni_str_len: 0000 00e2 uni_max_len: 0000 00e4 buffer : 00000000 0000e8 smb_io_unihdr hdr_logon_dom 00e8 uni_str_len: 0000 00ea uni_max_len: 0000 00ec buffer : 00000000 00f0 buffer_dom_id : 00000000 00f4 padding : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0 0 00 00 00 00 00 00 011c num_other_sids: 00000000 0120 buffer_other_sids: 00000000 000124 smb_io_unistr2 - NULL user_name 000124 smb_io_unistr2 - NULL full_name 000124 smb_io_unistr2 - NULL logon_script 000124 smb_io_unistr2 - NULL profile_path 000124 smb_io_unistr2 - NULL home_dir 000124 smb_io_unistr2 - NULL dir_drive 0124 num_groups2 : 00000000 000128 smb_io_unistr2 - NULL logon_srv 000128 smb_io_unistr2 - NULL logon_dom 000128 smb_io_dom_sid2 dom_sid 0128 num_auths: 00000000 00012c smb_io_dom_sid sid 012c sid_rev_num: 00 012d num_auths : 00 012e id_auth[0] : 00 012f id_auth[1] : 00 0130 id_auth[2] : 00 0131 id_auth[3] : 00 0132 id_auth[4] : 00 0133 id_auth[5] : 00 ncalrpc_l_establish_connection: connecting to samr socket open succeeded. file name: /tmp/.msrpc/.samr/agent socket connect to /tmp/.msrpc/.samr/agent failed: No such file or directory redirect failed, attempt direct connection socket open succeeded. file name: /opt/samba-TNG/var/locks/.msrpc/samr create_user_creds: samr 0 0 000004 creds_io_cmd creds 0004 version: 0000 0006 command: 0000 000008 vuid_io_key key 0008 pid : 00006145 000c vuid: 0064 000e name : samr 0014 ptr_creds: 00000000 write_socket(6,24) write_socket(6,24) wrote 24 ncalrpc_l_use_add: num_users: 1 Bind RPC Pipe: \PIPE\samr Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AC .4Wx.4.. ...#Eg.. [010] 00 00 00 01 .... Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..... ....+.H` [010] 00 00 00 02 .... create_rpc_noauth_bind_req 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 1630 0002 max_rsize: 1630 0004 assoc_gid: 00006145 0008 num_elements: 01 000c context_id : 0064 000e num_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_rpc_uuid uuid 0010 time_low: 12345778 0014 time_mid: 1234 0016 time_hiv: abcd 0018 rem: ef 00 01 23 45 67 89 ac 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_rpc_uuid uuid 0024 time_low: 8a885d04 0028 time_mid: 1ceb 002a time_hiv: 11c9 002c rem: 9f e8 08 00 2b 10 48 60 0034 version: 00000002 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 00 0004 pack_type : 10 00 00 00 prs_set_packtype: bigendian: No 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 ncalrpc_l_send_prs: data: 75c68 len 72 [000] 05 00 0B 00 10 00 00 00 48 00 00 00 01 00 00 00 ........ H....... [010] 30 16 30 16 45 61 00 00 01 00 00 00 64 00 01 00 0.0.Ea.. ....d... [020] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC xW4.4... ...#Eg.. [030] 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........ [040] 2B 10 48 60 02 00 00 00 +.H`.... write_socket(6,72) write_socket(6,72) wrote 72 ncalrpc_l_receive: 123 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type : 10 00 00 00 prs_set_packtype: bigendian: No 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] 30 16 30 16 45 61 00 00 0C 00 5C 50 49 50 45 5C 0.0.Ea.. ..\PIPE\ [020] 73 61 6D 72 64 00 00 00 01 00 00 00 00 00 00 00 samrd... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... ncalrpc_l_receive: len 68 rpc_check_hdr: rdata->data_size: 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type : 10 00 00 00 prs_set_packtype: bigendian: No 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 68 prs_set_packtype: bigendian: No cli_pipe: fragment first and last both set rpc_api_pipe: return OK 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 1630 0002 max_rsize: 1630 0004 assoc_gid: 00006145 000008 smb_io_rpc_addr_str 0008 len: 000c 000a str: \PIPE\samrd. 000018 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_rpc_uuid uuid 0020 time_low: 8a885d04 0024 time_mid: 1ceb 0026 time_hiv: 11c9 0028 rem: 9f e8 08 00 2b 10 48 60 0030 version: 00000002 bind_rpc_pipe: searching pipe name: client:\PIPE\lsarpc server:\PIPE\lsass bind_rpc_pipe: searching pipe name: client:\PIPE\browser server:\PIPE\ntsvcs bind_rpc_pipe: searching pipe name: client:\PIPE\samr server:\PIPE\lsass bind_rpc_pipe: pipe_name \PIPE\lsass != expected pipe \PIPE\samrd. oh well! bind_rpc_pipe: accepted! PANIC: assert failed at rpc_client/cli_pipe.c(1011) PANIC: assert failed Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From markm at muffett.net Thu Mar 30 18:16:26 2000 From: markm at muffett.net (Mark Muffett) Date: Tue Dec 2 02:29:11 2003 Subject: Joining domain Message-ID: <38E399FA.F82BBBFD@muffett.net> I think there may be a problem with Version 2.0.7-pre2. I was unable to get an NT4 box to join the domain - NT error "Unable to update local security in order to join domain" - but all existing member workstations functioned ok. Downgrading to 2.0.6 solved the joining problem Mark Muffett From mgeddes at xavier.sa.edu.au Thu Mar 30 23:33:11 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:11 2003 Subject: NT network, without a domain? References: <20000330134305.4583.qmail@hotmail.com> Message-ID: <38E3E437.514BAA93@xavier.sa.edu.au> Bruce Vrieling wrote: > I'm wondering (and perhaps this is a stupid question): Can I setup an NT > network to mimic my 'domainless' Win95 setup? Ie. cause authentication to > occur against the Linux server, and run a login script, but do NOT create a > domain. My needs are simple, and it seems a domain is overkill. Is this > possible? Or is using a domain simply 'the way it needs to be done' with NT? > smbpasswd is needed even if you don't use a domain. The only way to get around it is to have it access the SAM of a Domain Controller. Unless you use an NT domain (even if you are running NT server), the Win95 machines will not be Authenticating against the server (except on a share-by-share basis). What do you mean by "force the users"? Do you mean you have told them to use their Linux account? Because you are using the workgroup model, you can't guarantee that Windows is authenticating anything. Using a domain can't really be classed as overkill. It's just a different way of doing things. If you want a centrally managed security model, you don't really have much alternative. It would probably be easier for you to make use of the domain. There are tools which can help keep the unix and samba passwords synchronised also. Things like linuxconf on RedHat linux will change both passwords. So you don't need to worry about the smbpasswd file at all. It keeps itself. If you want help setting up the domain, that's what the NT-DOM mailing list is for - we'd gladly offer solutions to specific problems. > > P.S. If I DO have to make use of a domain, which is the 'best' Samba code to > use for such a project? 2.0.6/7, a TNG snapshot, or a HEAD snapshot? > TNG is the best for Windows NT, but still has some issues. Samba 2.x is good for Win9x and can control a Domain consisting of NT workstations. -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Thu Mar 30 23:36:47 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:11 2003 Subject: samsync problem References: <2632.000330@od.uz.gov.ua> Message-ID: <38E3E50F.29A8F5A1@xavier.sa.edu.au> Michael Musikhin wrote: > this was samba-tng-alpha 1.3 > where is my mistake ? help me, please. I had the same problem with all versions up to the CVS from 2 days ago. It seemed to me to be a permissions thing. Can you send your smb.conf? -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From mgeddes at xavier.sa.edu.au Thu Mar 30 23:43:26 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:29:11 2003 Subject: Slow speed and printing dosen't work, No large disks References: <000901bf99aa$f4b47360$0a00a8c0@kalve> Message-ID: <38E3E69E.1C62FAE5@xavier.sa.edu.au> 1. Slow connection - do you mean logging on, file access or both? 2. What do you mean by "can't see large disks"? If you pull the case off.... 3. Again, what do you mean by can't see? If you are referring to Network Neighbourhood - don't bother. I don't think it's supported currently (?) and the whole Windows browse thing is dodgy. You should be able to specify the printer when you install the printer (\\servername\printername). -- Matthew Geddes Network Manager Xavier College Gawler, SA mgeddes@xavier.sa.edu.au "Our goal for the next release of Windows 2000 is to have zero bugs." - Lucovsky, Microsoft From gadavis at cs.ucsb.edu Fri Mar 31 00:24:43 2000 From: gadavis at cs.ucsb.edu (Geoff Davis) Date: Tue Dec 2 02:29:11 2003 Subject: Compilation problems on Mandrake 7.0 Message-ID: <38E3F04B.9C5C70A6@cs.ucsb.edu> I was trying to compile samba from CVS, and gcc ate sh*t on me towards the end of the compilation. Has anybody had this problem on their Linux Mandrake 7.0-2 boxes? I tried upgrading gcc to the version in Cooker, but the same error occurred. I did the following: # ./configure --prefix=/local # make and I get the following after a while ...snipped successful compiles... FILE="/local/private/smbpasswd" Using LIBS = -ldl -lcrypt Compiling rpcclient/rpcclient.c rpcclient/rpcclient.c: In function `main': rpcclient/rpcclient.c:770: Internal compiler error in `build_insn_chain', at global.c:1756 Please submit a full bug report. See for instructions. make: *** [rpcclient/rpcclient.o] Error 1 # echo "Oh, poo." ---------------- Uhhh, is that bad? My gcc is version 2.95.3, on a pretty much stock mandrake 7.0 install, using a K6-2 450 with 256Mb RAM and an Adaptec 2940U2W that has been rock solid up until now. Is this an actual problem with the compiler, and has anyone found a workaround, or do I need to take gcc to task here? Thanks, Geoff Davis From sam at topic.com.au Fri Mar 31 01:33:31 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:29:11 2003 Subject: SWAT authentication on non-PAM system In-Reply-To: <00b001bf9a6a$3e1c0da0$0b4de9d8@axistangent.net>; from jeremy@AXISTANGENT.NET on Fri, Mar 31, 2000 at 03:09:25AM +1000 References: <00b001bf9a6a$3e1c0da0$0b4de9d8@axistangent.net> Message-ID: <20000331113331.B9742@mail.topic.com.au> Jeremy M. Dolan wrote: > I have a Slackware 7.0 system, which uses MD5 shadowed passwords and no PAM. > > SWAT will not authenticate me. > > configure doesn't seem to have an option for MD5, when I compile sshd (from > openssh.com) I need to specify --with-md5-passwords to configure. I don't > see any option for this in Samba/SWAT. > > I hope I can figure out how to set up a simple PDC for 3 workstations with > samba TNG, or this machine is lost to NT Server, we need a domain by the end > of the week... =( First observation: You really want to use PAM, even if only for some applications. Second observation: PDC support with samba means using encrypted passwords, which means not using the password field in /etc/passwd. If you don't have a specific need for SWAT, don't worry about MD5 passwords. Yes, SWAT can make configuration of samba a little easier, but it's not necessary. -- Sam Couter sam@topic.com.au Internet Engineer http://www.topic.com.au/ tSA Consulting -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000331/d24e2710/attachment.bin From lkcl at samba.org Fri Mar 31 02:15:27 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:11 2003 Subject: Is Samba 2.0.6 NTLMV2 comaptible? Message-ID: no. only TNG. From lkcl at samba.org Fri Mar 31 04:13:14 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:29:11 2003 Subject: samba-tng-alpha-1.6.tar.gz Message-ID: ftp://samba.org/pub/samba/alpha and mirror sites mainly a maintenance update: all bzeros replaced, as was done in cvs main / 2.0. readline detection added. if someone wants to add an autoconf test to detect -lcurses being needed by solaris readline, please create and send one. usrmgr user-account changing is now accepted (on systems compiled with the default, --with-sam-pwdb=passdb, this means you can set the user's password and the account control bits: account disabled etc., all other changes are ignored), i missed out an info level. there is one field of the SAM_USER_INFO_21 structure that is not well understood, which is giving grief across the board: AS/U and compatible systmems may now not work properly, sorry, i don't have access to it to do the appropriate tests. elrond updated the libtool scripts so that they should set the LD_LIBRARY_PATH env. variable correctly, allowing the samba programs to be started without needing to do make install, you can run them from the source/bin directory (which i do all the time). tested on both solaris 2.8 ultrasparc 5 (gcc 2.8.1) and mandrake linux on x86 (gcc 2.95.2): profiles work, nt5 beta1, nt4 wks. password changes work, nt4 wks. join to domain works, nt5 beta1, nt4 wks. printing not tested (by me), couple of reports of it not working. it may not seem like it, i am monitoring the samba-ntdom and samba-technical lists off of http://samba.org/listproc, so please keep the bug reports coming in. thanks people, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From pmal at space.gr Fri Mar 31 09:00:12 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:29:11 2003 Subject: Profiles References: <99Aug30.032054edt.6461@marvin.cdf.toronto.edu> Message-ID: <034001bf9aef$86977f80$0602000a@space.gr> Dear friends, I'm using samba 2.0.6 as a pdc and I'm trying to configure user profiles. I have created the profile/ directory but my win98se box does not populate the directory. The thing is that when i logoff the box it says that is copying the profiles at \\scienide\panos (panos is the username) and not \\scienide\profile\panos as it should Any ideas on why is that happening/ My configuration is as follows: [global] netbios name = SCIENIDE workgroup = ATLANTIS encrypt passwords = yes os level = 34 wins support = yes domain master = yes local master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\scienide\profile\%U security = user log file = /var/adm/samba/log.%m [homes] comment = Home Directories browsable = no writable = yes [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no [profile] comment = User profiles path = /usr/local/samba/profile create mode = 0600 directory mode = 0700 writable = yes browsable = no From ph at ipro.se Fri Mar 31 09:30:42 2000 From: ph at ipro.se (Patrik Hildingsson) Date: Tue Dec 2 02:29:11 2003 Subject: (no subject) Message-ID: <38E47042.19728A46@ipro.se> subscribe -------------- next part -------------- A non-text attachment was scrubbed... Name: ph.vcf Type: text/x-vcard Size: 327 bytes Desc: Card for Patrik Hildingsson Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000331/644739c9/ph.vcf From hanak at IRIS.osu.cz Fri Mar 31 09:58:54 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:29:11 2003 Subject: Slow connection... Message-ID: Hi, can somebody explain when and why WinNT4.0 (SP5) detects slow connection? (Samba-2.1 as PDC on RH Linux 6.1 (cca 400 users)) Thanks for your time. O.H. From pmal at space.gr Fri Mar 31 11:24:53 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:29:11 2003 Subject: Automatic mapping of home drive for Windows NT References: <20000108183118.E91C5891D@i3.golden.dom> <20000108193332.3C46F88E9@i3.golden.dom> Message-ID: <049101bf9b03$bc5d46e0$0602000a@space.gr> Does anyone know how to stop the automatic mapping of the homes directory under drive z: in windows NT? I don't want to remove the homes statement because I use profiles but I also want my windows NT boxes to use a directory on another server as thei home directory. The same goes for my win9x boxes, the only thing is that win9x does not automatically map the homes directory. I use samba 2.0.6 Thanx in advance to everyone... Panagiotis Malakoudis Systems Administrator Space Hellas S.A. From stalder at mails-media.de Fri Mar 31 13:46:06 2000 From: stalder at mails-media.de (markus stalder) Date: Tue Dec 2 02:29:11 2003 Subject: subscribe Message-ID: <38E4AC1E.AE9BB9FE@mails-media.de> -- Mit freundlichen Gruessen, Markus Stalder stalder@mails-media.de mails+media GmbH - http://mails-media.de From snail_talk at yahoo.com Fri Mar 31 14:06:28 2000 From: snail_talk at yahoo.com (geoffrey lee) Date: Tue Dec 2 02:29:11 2003 Subject: problem with adding computers to domain Message-ID: <000001bf9b1a$4f086b30$0200000a@workstation1> hi all, seems there is a problem with adding computers to the domain for me. :( i was trying to add a computer to the domain on which the samba is the nt pdc. (i've tried this with both 2.0.6 and 2.0.7pre2 and they have the problem.) when the ntpdc is ifup ppp0 (yeh, i know it's a bad idea, :( but at least i block my ports iwth ipchains ...) it returns an error saying that it could not update the local security on my nt box. once i ifdown ppp0 then all works great again. the obvious fix is to ifdown ppp0 when i add computers, but why does this happen? Geoff. From BALY.P at chu-toulouse.fr Fri Mar 31 13:56:11 2000 From: BALY.P at chu-toulouse.fr (BALY Patrice) Date: Tue Dec 2 02:29:11 2003 Subject: problem with : smbpasswd -j NT-DOMAIN -r PDC Message-ID: Hello, I work on red hat 6.0 (kernel 2.2.5-15) and I want to join my samba server to my NT Domain (it is onfigured as PDC). But I have a problem with the command : smbpasswd -j Mydomain -r MyPDC I am getting the following error : "Modify trust password: can't resolv adress for MonPDC" and if I change the name of PDC by IP adress, I have the following error: "Machine 192.168.103.50 rejected the session setup. Error code was 131. Change trust acount password: failed to Change password for domain MyDomain" Patrice Baly From bruce_vrieling at hotmail.com Fri Mar 31 14:16:53 2000 From: bruce_vrieling at hotmail.com (Bruce Vrieling) Date: Tue Dec 2 02:29:11 2003 Subject: Why use roaming profiles? Message-ID: <20000331141653.9157.qmail@hotmail.com> Hi, I have a Samba server, and 10 users I want to migrate from Windows 95 to Windows NT, and implement a domain. The question has come up with regard to the use of Roaming Profiles: use them or not use them? Relevant considerations: 1) These users will always use their own machine; the chance of one of them logging into any machine other than their own is fairly slim. There will never be a REQUIREMENT to do so, I don't think. 2) Eventually, they will be RAS'ing into work, and connecting their home Win95 machines to network drives at work. Given the above, is there any real advantage to profiles? I have seen some disadvantages concerning the error messages users have to try and decipher when they have problems with profiles; if I could avoid the entire issue, that would be handy. Your insight would be appreciated. Thanks! ...Bruce ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From mbreuer at siac.com Fri Mar 31 14:35:51 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:29:11 2003 Subject: TNG 1.6 - success! Message-ID: <38E4B7C7.B956AA25@siac.com> With 1.6 I can now join W2K systems to the domain... usrmgr works... overall this seems to be a great vintage. From timothy_d_cole at md.northgrum.com Fri Mar 31 15:12:53 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:29:12 2003 Subject: TNG "no locking available" error, HP/UX Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F4703B@xcgmd008.md.essd.northgrum.com> Additionally, if he's doing the configure on an NFS-mounted area, it's entirely possible that he's being bitten by a bug in the nfs lock daemon. I know this is a problem with stock 10.20, anyway. I think there's been a patch availible for some time now, though. I can dig up specifics if that sounds likely. > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Tuesday, March 28, 2000 22:54 > To: Multiple recipients of list SAMBA-NTDOM > Subject: TNG "no locking available" error, HP/UX > > paul, > > please can you try compiling cvs main as well, and see if that works. i > just updated the configure script from cvs main, and i may have got things > wrong. > > you _are_ doing the ./configure as root, yes? > > also, when did you last successfully compile TNG, which cvs date? > > also, what's your OS info? > > thx! > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From timothy_d_cole at md.northgrum.com Fri Mar 31 15:14:29 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:29:12 2003 Subject: Acting as PDC Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F4703C@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Panagiotis Malakoudis [SMTP:pmal@space.gr] > Sent: Wednesday, March 29, 2000 0:41 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Acting as PDC > > I'll be damned!!! > It actualy worked. > do you have any idea why this happens? Why can't you have the same netbios > name as the workgroup name? > Because the Microsoft World has a flat namespace, and an even flatter in NetBIOS Land. In NetBIOS, users, servers, workgroups and more all exist in the same namespace. From timothy_d_cole at md.northgrum.com Fri Mar 31 15:21:39 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:29:12 2003 Subject: TNG "no locking available" error, HP/UX Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F4703D@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Wednesday, March 29, 2000 21:02 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: TNG "no locking available" error, HP/UX > > regarding the requirement to run ./configure on a local filesystem, to > check locking, that's just the way it is. it's that way in cvs main, it's > that way in 2_0. > For what it's worth, my build directories are non-local, but I install to /opt/samba. I kind of have to do that here, and it's kind of a pain to do otherwise anyway. Locking _does_ work over NFS, actually, under HP-UX, provided you've got the appropriate patches. From angus at gactr.uga.edu Fri Mar 31 15:42:42 2000 From: angus at gactr.uga.edu (Angus Robertson) Date: Tue Dec 2 02:29:12 2003 Subject: Samba success story References: <00b001bf9a6a$3e1c0da0$0b4de9d8@axistangent.net> <20000331113331.B9742@mail.topic.com.au> Message-ID: <38E4C772.3F049C7D@gactr.uga.edu> Hey, I just want to congratulate the Samba team on all their great work. We have been running Samba in production since mid october of 1999. Setup: PDC is a Dell 4350 w/ Samba 2.1 CVS from mid october (LDAP enabled) running RedHat 6.1 (kernel 2.2.12) and OpenLDAP 1.2.9 (w/o threads and w/ BerkelyDB 2.7.7). File server is an SGI Origin 2000 w/ Samba 2.0.5 and Irix 6.5.5 joined to the domain. We have 250 Dell/Gateway workstations w/ NT SP6 in the domain authenticating against the PDC and using the File server. We're using policies, profiles and login scripts (KIXTART - referencing NT groups in Samba-LDAP). The speed/reliablity is incredible. The login time is small, even with downloading the profile (we have a cap of 1.5MB), and mapping the drives/printers using KIXTART - much faster than NT server :). We've never had any of the servers or services die! Samba's been running without a hitch on both machines since our last maintenance downtime over 80 days ago. As a network/systems administrator it's great to put a solution in place and be able to forget about it. Thanks again for the hard work, I hate to think where we'd be without Samba ;). angus From tom at ee.ucl.ac.uk Fri Mar 31 16:07:09 2000 From: tom at ee.ucl.ac.uk (Tom Crummey) Date: Tue Dec 2 02:29:12 2003 Subject: Report on samba-TNG cvs 12:00 BST 31/03/00 Message-ID: <200003311607.RAA06759@picard.ee.ucl.ac.uk> Hello Sparc-64 Solaris 2.7 gcc 2.8.1 samba-TNG cvs update 12:00 BST 31/03/00. samba-TNG now builds without any manual intervention, so that the config of libreadline and libcurses is fixed. The SMB_ASSERT panics have gone. Joining the domain from Win2000 and NT4 SP4 still works. logging onto the domain works. Attempting to log in with an incorrect password results in the following: NT4 SP4: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. Win2000: The stub received bad data. Which log files should I be looking in? Tom. ---------------------------------------------------------------------------- Tom Crummey, Systems and Network Manager, EMAIL: tom@ee.ucl.ac.uk Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9307 London, UK, WC1E 7JE. ---------------------------------------------------------------------------- From sollarsa at starofthesea.pvt.k12.or.us Fri Mar 31 18:23:30 2000 From: sollarsa at starofthesea.pvt.k12.or.us (Anthony L. Sollars) Date: Tue Dec 2 02:29:12 2003 Subject: Compilation problems on Mandrake 7.0 References: <38E3F04B.9C5C70A6@cs.ucsb.edu> Message-ID: <38E4ED22.D9A30742@starofthesea.pvt.k12.or.us> Dear Geoff, Not to put down MAndrake but the four different occassions I have used this distribution have always resulted in problems. In the end the problems were always alleviated by switching to RedHat or SLackware. Many have agreed that Mandrake is a buggy distribution. Of course this is my opinion from my own experiences. I had the same compile problems when installing samba 2.0.6 on a mandrake 7.0 box, I switched to RedHat 6.1, and it compiled without a problem. Hope this helps. Sincerely, _____________________________________________________________ Anthony L. Sollars Technology Coordinator/Computer Teacher Star of the Sea School 1411 Grand Avenue Astoria, Or 97103 (503) 325-3771 sollarsa@starofthesea.pvt.k12.or.us http://www.starofthesea.pvt.k12.or.us --Never Argue with a Fool,. --They bring you down to their level and beat you with Experience. _____________________________________________________________ From mmbrich at ductamerica.com Fri Mar 31 17:27:13 2000 From: mmbrich at ductamerica.com (Matthew Brichacek) Date: Tue Dec 2 02:29:12 2003 Subject: two samba servers? Message-ID: <00033111312700.00763@comp03.binary.net> Hi, I tried renaming samba2 to _nmbd _smbd and i am able to see both machines in my net neighborhood but when i try to access the samba 2.0.6 server it asks for a password and then doesn't let me in. Here are the configs samba 2.0.6 - File and Print server {global) wins proxy = no bind interfaces only = Yes domain master = Yes interfaces = 216.229.12.163/255.255.255.248 password server = comp03 encrypt passwords = yes follow symlinks = No printing = bsd server string = Linux DA Server lm announce = True workgroup = DUCTAMERICA comment = Linux netbios name = Linux socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 60 case sensitive = no security = user short preserve case = yes os level = 0 locking = no [homes] writable = yes comment = This is your personal home directory browseable = no [public] comment = Schedule Information path = /home/shared read only = no [FTPpub] comment = FTP Server Map path = /home/ftp read only = no [Deskjet] comment = Hewlet Packard 610 CL path = /var/spool/lpd/lp writeable = no printable = yes samba - TNG - user authentication [global] wins proxy = Yes bind interfaces only = Yes domain master = Yes interfaces = 198.172.10.113/255.255.255.0 127.0.0.1/255.0.0.0 preserve case = yes dos filetimes = Yes dos filetime resolution = Yes domain logons = yes encrypt passwords = yes follow symlinks = No printing = bsd server string = Linux DA Server lm announce = True smb passwd file = /usr/local/samba/private/smbpasswd workgroup = DUCTAMERICA update encrypted = Yes comment = Linux ;logon script = %U.bat unix password sync = Yes netbios name = COMP03 socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 60 case sensitive = no security = user short preserve case = yes os level = 200 admin users = matthew, mmbrich, matt name resolve order = lmhosts, host, wins, bcast, lock directory = /usr/local/samba/locks wins support = true username map = /dsk/user.map message command = sh -c 'echo "---nDate: %T\nFrom: %f@%m\nTo: %t\n" >> /var/log/sambamsg; cat %s >> /var/log/sambamsg; rm %s! & [Netlogon] comment = Samba Network Logon Services path = /home/netlogon locking = No case sensitive = no let me know if this helps.. also is there a way to not get my TNG server to show up in the net neighborhood since once i get this working my users won't need to see it? Thanks Matthew From lpt at swl.msd.ray.com Fri Mar 31 18:35:12 2000 From: lpt at swl.msd.ray.com (Lawrence Turowski) Date: Tue Dec 2 02:29:12 2003 Subject: Getting Samba Server to Join NT Domain Message-ID: <38E4EFE0.77529433@msd.ray.com> I am setting up Samba 2.0.6 on a Solaris machine, ROBILLARD. I want it to join an NT domain, SELDOM, on a different subnet. The PDC for SELDOM is an NT 4.0 box, SELDOM-PDC. I added ROBILLARD to the domain on the PDC and joined the domain from ROBILLARD with 'smbpasswd -j SELTWK-NT'. Everything worked fine for a while. However, the PDC reboots every night, and after rebooting it thought that ROBILLARD was the PDC and demoted itself. Any ideas why this happens and what to do about it? [global] netbios name = ROBILLARD workgroup = SELDOM server string = Samba Server v2.0.6 security = domain password server = SELDOM-PDC SELDOM-BDC os level = 0 domain master = no local master = no preferred master = no remote announce = 138.127.76.90/SELTWK-NT encrypt passwords = yes interfaces = 138.127.84.115/24 logon script = %U.bat domain logons = Yes wins server = 138.127.76.90 hosts allow = 138.127.76. 127.0.0.1 printer driver file = /usr/samba/lib/printers.def smbrun = /usr/samba/bin/smbrun lock dir = /usr/samba/var/locks thanks, LT From jeremy at valinux.com Fri Mar 31 19:38:44 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:29:12 2003 Subject: Samba 2.0.7pre3 snapshot released. Message-ID: <38E4FEC4.9D793B52@valinux.com> Hi all, I just released Samba 2.0.7pre3, available from : ftp://samba.org/pub/samba/alpha/samba-2.0.7pre3.tar.gz This is the third snapshot of the code that should become the official Samba 2.0.7 and is feature complete (ie. I'm only going to accept bug fixes, not more features). This is *not* production code, but should work well as a file and print server, and contains fixes for all known Windows 2000 bugs - two more discovered since 2.0.7pre2. Please download and test this code and report back any problems to samba@samba.org. Your help in this will make the official Samba 2.0.7 release better for everyone. NOTE FOR PACKAGE MAINTAINERS ---------------------------- I have fixed the packaging for the RedHat rpm's as far as I know - so if people would test this I'd be grateful. Also, if other packaging maintainers could look at their versions of the packaging and send me fixes that would be good. Note that I will just apply these as sent as I cannot easily test most of them. The extra files that need to be installed are the make_unicodemap man pages and binaries, the "Using Samba" html and gif files, (yes I know gifs are evil, sorry, we're working on that :-) and the unicode map binary files. The final things left to do before official 2.0.7 release are : (1) Fix any reported bugs in this release (2) Get "Using Samba" updates for 2.0.7. (3) Update the packaging code for systems other than RPM based systems. So official release is "close" - please download and test this code. To everyone who contributed patches, many thinks, and please download and test this code to ensure that the functionality you wanted has been correctly implemented in the code. The updated part of the WHATSNEW.txt file follows. Regards, Jeremy Allison, Samba Team. ------------------------------------------------------------------- WHATS NEW IN Samba 2.0.7-pre3 ============================= This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. TODO Before Official 2.0.7 release ---------------------------------- Update "Using Samba" html to match 2.0.7 code. Update packaging code to include all new files. New Documentation in 2.0.7 -------------------------- O'Reilly and Associates have donated their book "Using Samba" to the Samba community to be updated in a collaberative way along with the Samba software. Starting with this release the html of "Using Samba" will be distributed with the Samba software as the online documentation for Samba. Bug fixes for the book are encouraged as is new material. Please help us make this documentation the best it can be for Samba ! SWAT (Samba Web Administration Tool) has been updated to add a link to the full text of "Using Samba" from the start screen. Note that this does not mean that the other documentation (man pages especially) are being abandoned. The Samba Team is still committed to updating and improving *all* the documentation shipped with Samba. Also, as the source code for the book is moved into a more manageable format (not raw HTML) we are committed to making it available for editing by all interested parties. The current situation of only shipping HTML with the Samba software is a first attempt at getting this documentation integrated with the Samba software and should not be regarded as the only way in which this material will be made available (it was just the quickest way to get the book integrated into 2.0.7 :-). Windows 2000 Issues ------------------- This version of Samba has been tested with Windows 2000 and the five known incompatibilities with Windows 2000 have been fixed. See the "Changes in 2.0.7" list below for details. New/Changed parameters in 2.0.7 ------------------------------- There is a new option to the autoconf "./configure" script. This is the "--with-utmp" (and attendant "--without-utmp") option. Running configure with this option will cause smbd to attempt to use utmp accounting for users who log on and log off to the Samba server. There are 5 new parameters in the smb.conf file. ump utmp dir These two parameters are only available if the "--with-utmp" option was selected at configure time. The yes/no option "utmp" specifies whether utmp records should be recorded on user logon/logoff. It defaults to "no". The "utmp dir" (which also has a synonym of "utmp directory") parameter is a string parameter specifying a pathname to the directory containing the utmp file databases. This defaults to "" (the empty string). See the smb.conf man page for more details. inherit permissions This boolean parameter causes newly created files and directories to inherit their initial permissions from their parent directory. This can be very useful in propagating such things as the set-group bit in directory heirarchies. See the smb.conf man page for more details. write cache size This integer parameter specifies (in bytes) the size of a user level per-file write cache that smbd will create for an oplocked file. This can improve performance significantly for writing files by causing writes to be done in large chunk sizes. If this parameter is set (it defaults to zero which means no write cache) to the stripe size of a raid volume then it will cause writes to be much more efficient. Up to 10 write caches can be active simultaneously per smbd (allocated for the first 10 oplocked file opens). All normal warnings about the dangers of user level caching of data apply. See the smb.conf man page for more details. source environment This pathname parameter causes Samba to read a list of environment variables from a named file on startup. This can be useful in setting up Samba in a clustered environment. See the smb.conf man page for more details. The default setting of the "level2 oplocks" parameter has changed from False to True in this release. Ability to delete users added ----------------------------- SWAT and smbpasswd can now delete users from the Samba smbpasswd file. See the man page for smbpasswd for details. Roving profile behavior finalized --------------------------------- The change in behavior with roving profiles (using the "logon home" parameter instead of the "logon path" parameter) introduced in 2.0.6 has been discovered to be consistant with the way Windows NT behaves, and has been left as the default action. Please see the additional notes in the "logon home" parameter description in the smb.conf man page for more details. Changes in 2.0.7 ----------------- 1). Fix for the semaphore promblems when compiling Samba with gcc on SGI IRIX 6.5.x. 2). Quota support for Veritas filesystem added by David Lee. 3). Incoming RPC code re-written to support multiple PDU input from the client. This should make the RPC subsystem more robust. 4). Fix from Ying Chen @ IBM to inline many frequently called functions. This decreased CPU usage by 10%. 5). Fix from Ying Chen @ IBM to use a hash table to lookup entries in the file cache. This is a significant improvement over the old linked-list lookup code. 6). smbclient issues with native language support fixed. smbclient now uses UNIX filename character sets exclusively when communicating with libsmb library. 7). smbclient fix to not print error messages when "putting" an empty file. 8). smbclient fix to cope with spaces in filenames when recursing. 9). Improved error reporting in smbclient when getting browse lists. 10). NetBIOS "scope" now supported in all Samba code/tools. 11). New mapping from code page 850 to UNIX "roman8" character set. 12). Fix for crash bug if debug file handle couldn't be opened. 13). Fix to allow mkdir to correctly set the high order permissions bits for UNIX's that don't allow this by default. 14). Fix to dynamically allocate group array for setgroups. Don't depend on NGROUPS_MAX being correctly defined in header files. 15). Fix for crash bug in floating point in snprintf. 16). "Safe" version of popen() included to allow use in code such as "source environment" patch. 17). Fix for SWAT for trailing '\n' in asctime(). 18). Wildcard match fix from weidel@multichart.de for NT wildcard processing. 19). unix_mask_match fixes for "veto files" parameter. 20). Fix for system call bug when configuring on Linux kernel 2.0.x with glibc2.1.x. 21). SO_REUSEPORT socket option added for HPUX. 22). All recv() calls changed back to read() to fix Solaris 2.5.x bug. 23). Some UNICODE conversion fixes. Not complete yet. 24). NetShareEnum fix for Windows 2000. Don't ask for 64K as Win2k can't cope with this (returns "Out of memory" error). 25). Fixes for cli_error() crashes. 26). Fix for crash when connecting to password server by DNS name not NetBIOS name. 27). Fix bug in demangling of compacted NetBIOS names. 28). Fixes for slow locking code for VMS. 29). Reply to short NetLogon packet in nmbd with short reply. 30). Correctly allign userdata to prevent crashes in nmbd. 31). Use talloc() in string buffer rotation code to prevent overwrites. 32). Added multi-byte awareness to parameter loading code. 33). Re-wrote password file modification code. We can now delete users atomically. Original patch from Bruce Tenison. 34). Fixed bug in parsing smbpasswd type entries. 35). Fixes from HP to the windows registry RPC emulation. 36). Added ability to return RPC fault PDU to unknown calls. Needed to allow Windows 2000 to return UNIX permissions as NT ACLs. 37). utmp code patch from T.D.Lee@durham.ac.uk. Not available on all platforms - test with ./configure. 38). Inherit permissions fix from David Lee. 39). Added write caching code for oplocked files. 40). Workaround for new bug in Windows 2000 where NT file create using NTtransact call sends UNICODE without bothering to set the UNICODE flag bit. 41). Workaround for new bug in Windows 2000 where it attempts to re-write existing ACLs to make them inherit only. 42). Removed unused mmap code. 43). Added correct implementation of share mode deny table. We now match Windows NT. 44). Fix recursion bug with group enumeration. 45). Fix from Bjart Kvarme to take into account changed machine passwords that haven't yet propagated from PDC to BDC. 46). Correctly skip two byte length field when accepting RPC "start of message" packets in SMBwriteX on pipes. 47). Added auto-detection of Windows 2000 clients. 48). Fix bug with rollback of POSIX locks if a lock in a range fails to apply. 49). Fix bug with registering startup smbd's in flat file. 50). Ensure usernames are converted correctly between DOS codepages and UNIX character sets. 51). Fix for timestamps being set incorrectly on copied files from Paul Eggert. 52). Fix for parsing HP specific printer definitions in make_printerdef. 53). Fix for smbclient doing an 'ls' on large directories from OS/2 servers from Christoph Pfisterer. 54). Fix for WINS server code where "do you still want name?" request was being sent to the wrong IP address. 55). Fixed "recursion desired" bits set in nmbd so we are identical to Windows NT. 56). nmbd now should process logon packets from Win95, Win98 and both versions of the NT logon packet. 57). Correctly set parameter offset value for first trans2 reply. 58). Win2K will only accept volume labels in UNICODE. 59). Ensure nmbd doesn't attempt to use the loopback interface when registering names. ------------------------------------------------------------------- -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From sanjap at moldyn.com Fri Mar 31 20:27:16 2000 From: sanjap at moldyn.com (Aleksandra Piper) Date: Tue Dec 2 02:29:12 2003 Subject: Evnt ID 3006 when browsing Linux Samba machine Message-ID: <22E7F3D5131DD2119E3700A0C9D18F6D3725F7@adams.moldyn.com> Hi, please advise me how to get rid of annoying warning message that appears in EventLog on any NT machine in my network every time when I try to browse Linux computer running Samba. The message is: Event ID: 3006 Source: Rdr The redirector received an SMB that was too short. (I found no posting on Microsoft regarding this EventID). My configuration is: NT 4.0 with SP6a and Linux RedHat 5.2 running Samba 2.04b. (Just to mention that previous release of Samba (1.19.18) that we used was not generating such redirector messages. I don't want to downgrade to version 1.9 as we applied domain security model that suits us...) Many thanks Sanja \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\ Aleksandra Piper Voice: (617) 354-3124 x41 Moldyn Inc. Fax: (617) 491-4522 955 Massachusetts Ave. 5th floor E-mail: sanjap@moldyn.com Cambridge, MA 02139-3180 http://www.moldyn.com \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\ From nanardon at ifrance.com Thu Mar 30 23:04:19 2000 From: nanardon at ifrance.com (Olivier Thauvin) Date: Tue Dec 2 02:29:12 2003 Subject: Make a PDC for NT Message-ID: <00033101105000.00440@nanar> I have a Mandrake 7.0 using samba 2.0.6 and i'm using it as Domain logon. These work fine with client Win98 but I can access to the server with Win 2k but never login on domain, when i configure the domain it answer the domain is no accessible. How configure samba to doing a PDC for NT client ? Thinks What is tng in samba-tng ? From ccoupal at justice.gov.sk.ca Fri Mar 31 21:30:00 2000 From: ccoupal at justice.gov.sk.ca (ccoupal@justice.gov.sk.ca) Date: Tue Dec 2 02:29:12 2003 Subject: FW: added/new functionality? Message-ID: <96A36F668926D31185480000F81AE18D1A3113@appsrv.justice.gov.sk.ca> Greetings, I'm configuring my fourth Samba server and I have been having more problems than the other three combined! I have created 2 shares on the server (cnv_tst_w, cnv_tst_r). They show up in the browser, and I can connect to cnv_tst_w, but when I try to connect to the cnv_tst_r, I get "the network name cannot be found". This also occurred for the cnv_tst_w share when it was called cnv_tst_write. My question is this, is there a limit to the length of shares? I thought it was 15, but cnv_tst_write didn't work and cnv_tst_w did? Why would I be able to see and connect to cnv_tst_w, but not cnv_tst_r? Chris From etakb at gmx.de Fri Mar 31 07:28:46 2000 From: etakb at gmx.de (E-T-A GmbH, KB (TechMail)) Date: Tue Dec 2 02:29:13 2003 Subject: Samba-TNG error report Message-ID: <000401bf9d5b$862dda80$1e030359@poseidon> Hello to the samba team ! I tried to send a report about an error message, but the mail was rejected, because it exceeded the mail size limitation. As I think the log files includeed in this unsendable mail are important for you, how do I manage to get them forward. Best Regards Lothar Hofmeister E-T-A GmbH Altdorf, Germany -------------- next part -------------- HTML attachment scrubbed and removed