From jbeauchamp at gesinc.com Fri Sep 1 00:20:40 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:31:17 2003 Subject: Sharing a Drive References: Message-ID: <012701c013aa$7b2eb300$1d01a8c0@internal.net> BlankIan: When posting to the list, please don't use Rich Text, it foos up peoples email clients :). You will need to post more information than what you have given for anyone to be able to help you. Please repost and provide the relevant portions of your smb.conf file for everyone to be able to see what shares, if any you have configured. Regards, James ----- Original Message ----- From: Ian Collins - IS Admin. To: samba-ntdom@us4.samba.org Sent: Thursday, August 31, 2000 1:57 PM Subject: Sharing a Drive Help Needed! I have setup my Linux Box to be a file server on my NT 4 Network. I can see the Linux Box on in the Network Neighborhood on my windows Clients but when I go to the Linux box I see no drives/shares. Please help. Ian R. Collins Information Systems Administrator Olford Ministries International P.O. Box 757800, Memphis Tennessee 38175-7800 WEB: www.Olford.org Phone: 901 757 7977 Facsimile: 901 757 1372 Direct: 901 432 7177 Email: ICollins@Olford.org From tyfaciane at sonets.com Fri Sep 1 00:18:39 2000 From: tyfaciane at sonets.com (Tyrone D. Faciane Jr.) Date: Tue Dec 2 02:31:17 2003 Subject: the logon path blues... In-Reply-To: <39AE9D51.475B9964@hline.localhealth.net> References: <39AE9D51.475B9964@hline.localhealth.net> Message-ID: <00083119213800.11777@pitbull> James, Hope this helps On Thu, 31 Aug 2000, you wrote: >=20 > I am severely depressed :< >=20 > Had just gotten to know Samba and Linux over the past couple of weeks, > and, until now, everything had been going smooth. But I'm now in the > last stages of converting my network, and they suddenly won't behave. >=20 > I have defined my logon path, where I understand the profiles are > supposed to save out to. However, all my profiles are still saving out > to the user's home directory. What's the deal? Can't you have a home > directory independent of the logon path? this worked for me in the global section of smb.conf. logon home =3D \\%L\profiles\%U >=20 > Also, I've tested Machine and User policies in the config.pol and they > work fine, but Group policies do not. (See my 8/30 posting for my > original rantings.) My groups in /etc/group match the names of my grou= p > policies in config.pol, but the settings won't take for members of thos= e > groups. (I do not have individual user policies for the members of the > group policies I've created, and I do not have a default user policy, s= o > there should be no policy conflicts.) >=20 > I have attached my smb.conf file if anyone cares to take a look and > offer advice. >=20 > On the client side, the Linux box is indicated as a WINS server. Logon > to NT Domain is enabled. Remote update is enabled and pointing properl= y > to the config.pol file. User profiles are enabled. I'm using both > Win95 and Win98 clients, and all dll's are fairly up to date. (Win95b > w/Y2k patches, Win98 v.2) >=20 > Anybody know a happy tune? ---------------------------------------- Content-Type: text/plain; name=3D"smb.txt" Content-Transfer-Encoding: 7bit Content-Description:=20 ---------------------------------------- --=20 Tyrone D. Faciane Jr. Small Office Network Solutions Linux--Samba--Windows http://www.sonets.com From drek at bigstudios.com Fri Sep 1 13:34:06 2000 From: drek at bigstudios.com (Agent Drek) Date: Tue Dec 2 02:31:17 2003 Subject: memory hungry smbd in samba-tng? In-Reply-To: Message-ID: On Thu, 31 Aug 2000, Agent Drek wrote: > how can I tame the memory usage of smbd? Why does it want that much memory? > This is running on FreeBSD4.1. Should I just investigate running smbd from > 2.0.7? In the meantime I'll add more swap. > is this a dumb question? I could REALLY use some advice! -- Agent Drek Big Animation Inc > 'digital plumber' http://www.bigstudios.com From shurik at webmail.ru Fri Sep 1 13:38:14 2000 From: shurik at webmail.ru (=?koi8-r?B?8tXCzMXXIOHMxcvTwc7E0g==?=) Date: Tue Dec 2 02:31:17 2003 Subject: (no subject) Message-ID: <141210733.20000901173814@webmail.ru> confirm 439608 From omihelpdesk at yahoo.com Fri Sep 1 15:58:20 2000 From: omihelpdesk at yahoo.com (Help Desk) Date: Tue Dec 2 02:31:17 2003 Subject: (no subject) Message-ID: <20000901155820.13364.qmail@web6303.mail.yahoo.com> THanks for taking a lok at this. Please email me at Icollins@Olford.org THanks a millions __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/x-unknown Size: 10652 bytes Desc: smb.conf Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000901/ff5989aa/smb.bin From mendes at mgconecta.com.br Fri Sep 1 15:07:53 2000 From: mendes at mgconecta.com.br (mendes) Date: Tue Dec 2 02:31:17 2003 Subject: Samba and Openssl - I can't compile it again!!! Message-ID: <00090112171101.01352@armagedon> Hello I have been trying to compile samba with ssl support for over a week. I tried soft links and whatever to get --with-sslinc to see the /usr/include/openss but the samba refuses to find ssl.h I installed openssl-0.95a from official rpms. There is no /usr/local/ssl or similar. The headers are located at /usr/include/openssl. Could someone give detailed instructions on how to compile samba with ssl support? Thanks a lot. Regards Eduardo PS. I received the follwoing suggestion: make a link in $ssldir/include/openssl calles openssl that points to $ssldir/include/openssl (yes ;-) ) but I have to be honest - I couldn't follow it. If I have $ssldir/include/openssl, what is the point to link it to $ssldir/include/openssl ??? From jens.skripczynski at igd.fhg.de Fri Sep 1 14:26:48 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:18 2003 Subject: Creating Admin User fot NT In-Reply-To: <001001c01374$abb8c140$2800a8c0@linora.com>; from chad@linora.com on Thu, Aug 31, 2000 at 11:55:37AM -0600 References: <001001c01374$abb8c140$2800a8c0@linora.com> Message-ID: <20000901162648.A30963@igd.fhg.de> Chad Nixon: > I am running Red Hat 6.1 and using Samba as a PDC. I have been able to > create user accounts and authenticate NT workstations to the domain. > However, I cannot create a Domain Admin or Administrator user. I have tried > creating domaingroup.map, localgroup.map, and domainuser.map file but Samba > will process the smb.conf files after enter in the following parameters > domain group map = /path/domaingroup.map > local group map = /path/localgroup.map > domain user map = /path/domainuser.map > > I get the error "Unknown parameter "domain group map" encountered " running > testparm Any suggestions would be appreciated What samba version are u using ? also see: SAMBA-TNG FAQ http://www.kneschke.de/projekte/samba_tng/index.php3 SAMBA Bug report "How to" http://www.kneschke.de/projekte/samba_tng/faq/bugreport.php3 SAMBA Bug report template http://www.kneschke.de/projekte/samba_tng/faq/samba-bugreport-template.txt Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From timothy_d_cole at md.northgrum.com Fri Sep 1 14:25:24 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:18 2003 Subject: win2000 and NTFS support Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47146@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Mike Westkamper [SMTP:mjwestkamper@weiinc.com] > Sent: Thursday, August 31, 2000 19:23 > To: Carl_Engstrom@procom.com > Cc: samba-ntdom@samba.org > Subject: Re: win2000 and NTFS support > > The Win 2000 support works, mostly, as long as it is not the PDC. I am > using > the latest release, not TNG, and am serving files to a real mixed bak > including > win 2k. I use a little NT box as the PDC and Linux/SAMBA for the main > filestore. The authentication is the NT 4.0 PDC (SECURITY=DOMAIN), however > everything else is Linux. The software RAID works very well in this > configuration. > > Carl_Engstrom@procom.com wrote: > > > I'm new to this group, so I appologize for not knowing where the > "archive > > search" is to look this question up... > > > > I'm wondering whether the current version of SAMBA supports, windows > 2000 > > clients in domain mode or mixed mode and if there is support for NTFS > style > > file level permissions. > > > > Thanks > > > > carl > Note that NTFS-esque ACLs aren't supported. ACLs likely won't ever be, except on Unix systems that support them natively. From timothy_d_cole at md.northgrum.com Fri Sep 1 17:05:55 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:18 2003 Subject: memory hungry smbd in samba-tng? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47149@xcgmd008.md.essd.northgrum.com> Depends, really. IIRC, there are a few things (e.g. printer lists) that consume more memory than they should. Are you actually running near OOM? > -----Original Message----- > From: Agent Drek [SMTP:drek@bigstudios.com] > Sent: Friday, September 01, 2000 9:34 > To: samba-ntdom@samba.org > Subject: Re: memory hungry smbd in samba-tng? > > On Thu, 31 Aug 2000, Agent Drek wrote: > > > how can I tame the memory usage of smbd? Why does it want that much > memory? > > This is running on FreeBSD4.1. Should I just investigate running smbd > from > > 2.0.7? In the meantime I'll add more swap. > > > > is this a dumb question? I could REALLY use some advice! > > -- > Agent Drek > > Big Animation Inc > 'digital plumber' > http://www.bigstudios.com > From drek at bigstudios.com Fri Sep 1 17:10:27 2000 From: drek at bigstudios.com (Agent Drek) Date: Tue Dec 2 02:31:18 2003 Subject: memory hungry smbd in samba-tng? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB03F47149@xcgmd008.md.essd.northgrum.com> Message-ID: On Fri, 1 Sep 2000, Cole, Timothy D. wrote: > Depends, really. IIRC, there are a few things (e.g. printer lists) that > consume more memory than they should. no printers. just 1 application that loads about 40 shared objects each time it is launched and seems to get cached by the samba server (which of course begins to grind to a halt) > > Are you actually running near OOM? > ?? not sure what you mean by 00M. any ideas? I'm at the 'while 1( beat_head_on(wall));' point. thanks, -- Agent Drek Big Animation Inc > 'digital plumber' http://www.bigstudios.com From timothy_d_cole at md.northgrum.com Fri Sep 1 17:21:54 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:18 2003 Subject: memory hungry smbd in samba-tng? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F4714A@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Agent Drek [SMTP:drek@bigstudios.com] > Sent: Friday, September 01, 2000 13:10 > To: Cole, Timothy D. > Cc: samba-ntdom@samba.org > Subject: RE: memory hungry smbd in samba-tng? > > On Fri, 1 Sep 2000, Cole, Timothy D. wrote: > > > Depends, really. IIRC, there are a few things (e.g. printer lists) that > > consume more memory than they should. > > no printers. just 1 application that loads about 40 shared objects each > time it is launched and seems to get cached by the samba server (which > of course begins to grind to a halt) > hrm, afaiK, smbd doesn't do any cacheing, really, TNG or no. Forget how Windows deals with DLLs now, but it might be that it's doing some sort of memory mapping/locking deal that exercises smbd code in a way that exposes an otherwise unnoticed memory leak. > > > > Are you actually running near OOM? > > > > ?? not sure what you mean by 00M. > Out Of Memory, since you were talking about adding more swap... From drek at bigstudios.com Fri Sep 1 17:36:33 2000 From: drek at bigstudios.com (Agent Drek) Date: Tue Dec 2 02:31:18 2003 Subject: memory hungry smbd in samba-tng? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB03F4714A@xcgmd008.md.essd.northgrum.com> Message-ID: > > no printers. just 1 application that loads about 40 shared objects each > > time it is launched and seems to get cached by the samba server (which > > of course begins to grind to a halt) > > > hrm, afaiK, smbd doesn't do any cacheing, really, TNG or no. > > Forget how Windows deals with DLLs now, but it might be that it's > doing some sort of memory mapping/locking deal that exercises smbd code in a > way that exposes an otherwise unnoticed memory leak. oh, this could be real bad then :( > > > > > > > Are you actually running near OOM? > > > > > > > ?? not sure what you mean by 00M. > > > Out Of Memory, since you were talking about adding more swap... ok. Yes, the box is running near OOM and swap grows and grows as each instance of the application is launched. In general I find that the smbd processes are large and always consume swap. -- Agent Drek Big Animation Inc > 'digital plumber' http://www.bigstudios.com From timothy_d_cole at md.northgrum.com Fri Sep 1 17:54:30 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:18 2003 Subject: memory hungry smbd in samba-tng? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F4714B@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Agent Drek [SMTP:drek@bigstudios.com] > Sent: Friday, September 01, 2000 13:37 > To: Cole, Timothy D. > Cc: samba-ntdom@samba.org > Subject: RE: memory hungry smbd in samba-tng? > > > > no printers. just 1 application that loads about 40 shared objects > each > > > time it is launched and seems to get cached by the samba server (which > > > of course begins to grind to a halt) > > > > > hrm, afaiK, smbd doesn't do any cacheing, really, TNG or no. > > > > Forget how Windows deals with DLLs now, but it might be that it's > > doing some sort of memory mapping/locking deal that exercises smbd code > in a > > way that exposes an otherwise unnoticed memory leak. > > oh, this could be real bad then :( > > > > > > > > > > > Are you actually running near OOM? > > > > > > > > > > ?? not sure what you mean by 00M. > > > > > Out Of Memory, since you were talking about adding more swap... > > ok. Yes, the box is running near OOM and swap grows and grows as each > instance of the application is launched. In general I find that the > smbd processes are large and always consume swap. > Hrm, this is a general problem, then... be interesting to see where the memory is going. How much is text, and how much is data? From jens.skripczynski at igd.fhg.de Fri Sep 1 18:11:28 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:18 2003 Subject: Creating Admin User fot NT In-Reply-To: <005301c01445$8896ff70$5c7122c8@citi.com.mx>; from hmontalv@citi.com.mx on Fri, Sep 01, 2000 at 12:50:43PM -0600 References: <20000901162648.A30963@igd.fhg.de> <005301c01445$8896ff70$5c7122c8@citi.com.mx> Message-ID: <20000901201128.A32398@igd.fhg.de> H?ctor Jos? Montalvo Herrera: > How do you make it? > I am running Red Hat 6.1 and using Samba as a PDC. I have been able to You mean Samba TNG or 2.0.7 ? (The really have different things to use). > > create user accounts and authenticate NT workstations to the domain. > > I can't make it, when I am running smbpasswd -j CITIMTY, I have this > message: Hm. You are running smbpasswd on your Linuxbox ? The you would need to use "smbpasswd -a -m WINDOWSBOX$" to make a machine account and then join the Domain with the NT Client via Network setup and change the Workgroup TAB to Domain and enter the Linux Domain. You should be able to join the Domain. Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From teilo at cdt.luth.se Fri Sep 1 19:02:59 2000 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:31:18 2003 Subject: Samba and Openssl - I can't compile it again!!! References: <00090112171101.01352@armagedon> Message-ID: <39AFFD63.DED1A49E@cdt.luth.se> mendes wrote: > > Hello > I have been trying to compile samba with ssl support for over a week. > I tried soft links and whatever to get --with-sslinc to see the > /usr/include/openss but the samba refuses to find ssl.h > I installed openssl-0.95a from official rpms. There is no > /usr/local/ssl or similar. The headers are located at /usr/include/openssl. > Could someone give detailed instructions on how to compile samba with > ssl support? cd /usr/include/openssl ln -s . openssl cd $your_samba_path ./configure --with-ssl --with-ssl-inc=/usr/include/openssl > Thanks a lot. > > Regards > > Eduardo > > PS. I received the follwoing suggestion: > > make a link in $ssldir/include/openssl calles openssl that points to > $ssldir/include/openssl (yes ;-) ) > > but I have to be honest - I couldn't follow it. If I have > $ssldir/include/openssl, what is the point to link it to $ssldir/include/openssl > ??? Some programs want to include ssl.h and not openssl/ssl.h. making the link in include/openssl allows you to compile these programs without adding both include/ and include/openssl to your include dir. (otherwise ssl.h includes openssl/*.h and then wont find these). I'm not sure if samba is one of these or not. but it does no harm. /James -- Technology is a word that describes something that doesn't work yet. Douglas Adams From memphis_ms at gmx.net Fri Sep 1 20:24:25 2000 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:31:18 2003 Subject: memory hungry smbd in samba-tng? References: Message-ID: <39B01079.5E5F031E@gmx.net> > ok. Yes, the box is running near OOM and swap grows and grows as each > instance of the application is launched. In general I find that the > smbd processes are large and always consume swap. Hmm, my swap is never touched, and I run SAMBA-TNG, too... Maybe not in a heavily used environment though, that could make a difference. Plus, I only have 128megs to host an e-mail, Samba, and web server. Regards, Raoul From esavage at digitalrage.org Sat Sep 2 01:47:03 2000 From: esavage at digitalrage.org (Elijah Savage) Date: Tue Dec 2 02:31:18 2003 Subject: Samba on Cladera Eserver 2.3 Message-ID: <811EE070004ED411A3EB00A0CC2148225648@DIGITALRAGENT> Performace on this samba server seems to be really bad. I was wondering if anyone on the list is using this version of linux and could recommend any tips. I have the book from SAMS Learn Samba in 24 hours and have tried different suggestions. I had Redhat 6.2 on this box before with samba setup and it seem to perform alot better. The machine is a dual celeron 466 with 256 meg of pc100 ram with a mylex raid scsi controller with 2 ibm 9.1 gig 10,000 rpm drives. When copying files to the server top show cpu at 1% to 4% so it is not under heavy load. The web site runs great just samba seems to run slow. Any recommendations other than go back to redhat 6.2 lol. # Global parameters [global] workgroup = XXXXXX netbios name = XXXXX netbios aliases = server string = Samba Server on Caldera OpenLinux interfaces = bind interfaces only = No security = DOMAIN encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No password server = XXXXXX smb passwd file = /etc/samba.d/smbpasswd root directory = / passwd program = /usr/bin/passwd passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No use rhosts = No log level = 1 syslog = 1 syslog only = No log file = max log size = 50 timestamp logs = Yes protocol = NT1 read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = Yes announce version = 4.2 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY SO_RCVBUF=13384 stat cache size = 50 load printers = Yes printcap name = /etc/printcap printer driver file = /etc/samba.d/printers.def strip dot = No character set = mangled stack = 50 coding system = client code page = 850 stat cache = Yes domain groups = domain admin group = domain guest group = domain admin users = domain guest users = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 0 lm announce = Auto lm interval = 60 preferred master = No local master = No domain master = No browse list = Yes dns proxy = No wins proxy = No wins server = 192.168.11.1 wins support = No kernel oplocks = Yes ole locking compatibility = Yes oplock break wait time = 10 smbrun = /usr/bin/smbrun config file = preload = lock dir = /var/lock/samba.d default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = No NIS homedir = No panic action = comment = path = alternate permissions = No revalidate = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 037777777777 force security mode = 037777777777 directory mask = 0755 force directory mode = 00 directory security mask = 037777777777 force directory security mode = 037777777777 guest only = No guest ok = No only user = No hosts allow = hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No print ok = No postscript = No printing = lprng print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name = printer driver = NULL printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes mangle locks = Yes oplocks = Yes level2 oplocks = No oplock contention limit = 2 strict locking = No share modes = Yes copy = include = exec = postexec = root preexec = root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 print ok = Yes browseable = No [public] comment = Public Stuff path = /home/public write list = @users read only = No guest ok = Yes [home] path = /home read only = No From eirvine at tpgi.com.au Sat Sep 2 06:24:35 2000 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:31:18 2003 Subject: Printing Multiple copies doesn't work. Message-ID: <39B09D23.9B66B0BC@tpgi.com.au> Hi all, I'm running Samba 2.07 with NT4 SP6 clients. I'm running LPRng, and have: "Printing=LPRNG" in my global section. No matter how many copies I tell the application to print, only one copy comes out of the printer. Printing from the unix prompt works as expected. ie: bash$ lpr -Pprinter-name -# 5 text.ps will print 5 copies of text.ps Eddie. From sdan at p16.pub.ro Sat Sep 2 15:37:11 2000 From: sdan at p16.pub.ro (Daniel Sercaianu) Date: Tue Dec 2 02:31:18 2003 Subject: any windows nt from my local network cannot get the lists from samba wins server Message-ID: <001b01c014f3$a9118500$030aa8c0@p16.pub.ro> Any windows nt from my local network cannot get the lists from my linux wins server.When any win nt. (configured for workgroup P16) tries to enter to workgroup (P16) it get the following error: P16 is not accessible. The account is not authorized to login from this station. the result is that it cannot get the list with local computers. I don't use any NT domain on my network and I want all computers to be in workgroup P16. Please tell me what seems to be the trouble. The smb.conf file should say everything about my network. This is the content of my smb.conf file: [global] workgroup = P16 netbios name = SERVER server string = Internet Server interfaces = 127.0.0.1/24 192.168.10.1/24 192.168.11.1/24 192.168.12.1/24 192.168.13.1/2 bind interfaces only = Yes security = SHARE announce as = NT Server announce version = 4.2 name resolve order = wins bcast load printers = No os level = 99 preferred master = Yes domain master = No wins proxy = Yes wins support = Yes remote announce = 192.168.10.255/P16 192.168.11.255/P16 192.168.12.255/P16 192.168.13.255/P16 remote browse sync = 192.168.10.255 192.168.11.255 192.168.12.255 192.168.13.255 guest ok = Yes hosts allow = 192.168. 127. guest account = nobody [homes] comment = Home Directories valid users = adiz cata sdan writeable = Yes browseable = No [incoming] comment = Put your files here path = /home/ftp/incoming/ writeable = Yes Thanks, Daniel Sercaianu -------------- next part -------------- HTML attachment scrubbed and removed From Dave at keston.u-net.com Sun Sep 3 19:30:33 2000 From: Dave at keston.u-net.com (Dave@keston.u-net.com) Date: Tue Dec 2 02:31:18 2003 Subject: TNG blues .... Message-ID: Hi, ive just built a new linux box, and wanted to put samba on it, for file sharing(user homes), with multiple users. I installed Samba TNG (cvs), and have Win NT 5 (Build RC2) running on the network, and 98 machines. however, i have had little to no luck getting the system to work as planned. I have only been able to log-in in two instances, both times haveing to use the IP of the server, and the share having guset access, ie //192.168.0.5/tmp instead of //toweringmeep/tmp i have thought it to be a problem with the NT5 Clients, and have attempted to use smbclient to log-in to the server, again, i have only done this successfully with anonymous access. below is an extract of the logfile log.toweringmeep (ie connceting to the local server) i do not get anything in the log.win2kmachine log. log.toweringmeep Rejecting user 'root': authentication failed SMB LM/NT Password did not match! Rejecting user '1e^]^_^A<9F>d<96>^K_;^F[drbin': authentication failed SMB LM/NT Password did not match! Rejecting user '1e^]^_^A<9F>d<96>^K_;^F[drbin': authentication failed SMB LM/NT Password did not match! Rejecting user '1e^]^_^A<9F>d<96>^K_;^F[drbin': authentication failed SMB LM/NT Password did not match! Rejecting user '1e^]^_^A<9F>d<96>^K_;^F[drbin': authentication failed authorise_login: TODO. split function, it's 6 levels! WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode SMB LM/NT Password did not match! Rejecting user '1e^]^_^A<9F>d<96>^K_;^F[drbin': authentication failed SMB LM/NT Password did not match! Rejecting user '1e^]^_^A<9F>d<96>^K_;^F[drbin': authentication failed (END) thats trying to connect with the user root and drbin using smbclient this is also with smbclient ... in log.lsarpc [2000/09/03 16:51:32, 1] msrpc/msrpcd.c:main(444) lsarpcd version TNG-alpha started. Copyright Andrew Tridgell 1992-1999 standard input is not a socket, assuming -D option create_pipe_socket: /usr/local/samba/var/locks/.msrpc 448 /usr/local/samba/var/locks/.msrpc/lsarpc 448 WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode log.samr [2000/09/03 16:51:18, 1] msrpc/msrpcd.c:main(444) samrd version TNG-alpha started. Copyright Andrew Tridgell 1992-1999 standard input is not a socket, assuming -D option create_pipe_socket: /usr/local/samba/var/locks/.msrpc 448 /usr/local/samba/var/locks/.msrpc/samr 448 WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode [cut] similar to above in log.srvsvc and log.svcctl however rpcclient worked fine, and i could log in as root and drbin ... this is a similar set up to the one i had running on TNG as well, but had no NT5 clients Any Ideas ?? Any help is greatly apreciated !!!! Thanks Dave copy of smb.conf [global] workgroup = RMNETNT netbios name = TOWER server string = Linuxk2.5.4-t5 security = user browsable = yes writable = yes password level = 4 null passwords = Yes log file = /usr/local/samba/var/log.%m max log size = 500 time server = Yes load printers = No os level = 64 preferred master = True domain master = True dns proxy = No guest ok = Yes hosts allow = 192.168.0. 127. locking = no case sensitive = no default case = lower preserve case = yes short preserve case = no [homes] comment = Home Directories read only = No [tmp] comment = Temporary file space path = /tmp read only = No [public] path = /home/%u/public read only = No guest ok = yes [home] path = /home/%u read only = No [drbin] comment = David Flynn path = /home/drbin read only = No ---------------------------------------------------------- Generated by U-NET WebMail - http://www.webmail.u-net.net/ U-NET a VIA NET.WORKS company A premier provider of internet services to business and serious internet users www.u-net.net Tel 0845-3308000 ---------------------------------------------------------- From sasha at acmep.ustu.ru Mon Sep 4 05:07:33 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:18 2003 Subject: any windows nt from my local network cannot get the lists from samba wis servern Message-ID: <39B32E29.470BB84C@acmep.ustu.ru> Hi! First. On Yours clients (e.g. Win95, NT) boxes maybe not configuerd Wins Server (Network Properties). Second. If You don't have any other computer on Yours network running as a Domain Master Browser, You'll are not able to get a browse list of an entier network. Make the option in smb.conf as : domain master = yes Also in my point of view the string: bind interfaces only = Yes - doesn't needed. Bye. -- Alexander Pazdnikov From impaco at mixmail.com Mon Sep 4 07:10:48 2000 From: impaco at mixmail.com (paco cornejo) Date: Tue Dec 2 02:31:18 2003 Subject: Samba-ldap Message-ID: <20000904091048.HM.600000000004BEm@mixmail.com> Hi, i'm a Spanish student, im trying to authenticate Windows 98/NT with a Solaris7 with Samba 2.1 pre-alpha which is supossed to have ldap support. I'm using OpenLdap 1.2.9 and I have some questions... 1.- Do I have to use a pam ldap module? 2.- Do I have to create news classes for Samba users for Ldap? 3.- How I have to configure Slapd.conf with Samba? 4.- And smb.conf? 5.- When I create a samba account using smbpasswd, i get an error message. (I've been folowing the installation instruction by Ignacio Coupeau, from the Navarra University) I'd like very much you could answer me any of my question, and i'll be very pleased. Thank you very much. Tu correo gratis en MixMail http://www.mixmail.com Inicia tu navegacion en http://www.ya.com From chebykin at pskov.mts.ru Mon Sep 4 08:14:52 2000 From: chebykin at pskov.mts.ru (Dmitry Chebykin) Date: Tue Dec 2 02:31:18 2003 Subject: (no subject) Message-ID: <002b01c01648$339d3110$50a9a8c0@pskov.mts.ru> From Christian.Duclou at eeigm.inpl-nancy.fr Mon Sep 4 09:18:04 2000 From: Christian.Duclou at eeigm.inpl-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:31:18 2003 Subject: Samba-ldap References: <20000904091048.HM.600000000004BEm@mixmail.com> Message-ID: <39B368CC.F788B48B@eeigm.inpl-nancy.fr> Did you take a look ta Ignacio's LDAP FAQ? http://www.unav.es/cti/ldap-smb-howto.html paco cornejo wrote: > Hi, i'm a Spanish student, im trying to authenticate > Windows 98/NT with a Solaris7 with Samba 2.1 pre-alpha > which is supossed to have ldap support. > I'm using OpenLdap 1.2.9 and I have some questions... > > 1.- Do I have to use a pam ldap module? > 2.- Do I have to create news classes for Samba users > for Ldap? > 3.- How I have to configure Slapd.conf with Samba? > 4.- And smb.conf? > 5.- When I create a samba account using smbpasswd, i > get an error message. (I've been folowing the > installation instruction by Ignacio Coupeau, from the > Navarra University) > > I'd like very much you could answer me any of my > question, and i'll be very pleased. > > Thank you very much. > > Tu correo gratis en MixMail http://www.mixmail.com > Inicia tu navegacion en http://www.ya.com -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: +33 383.3683.27 - Fax: +33 383.3683.36 _______________ http://eeigm.inpl-nancy.fr _____________ From tsc at financial.de Mon Sep 4 12:25:59 2000 From: tsc at financial.de (Thomas Schoeder) Date: Tue Dec 2 02:31:18 2003 Subject: Message-ID: <39B394D7.69D50168@financial.de> confirm 417111 From sasha at acmep.ustu.ru Mon Sep 4 14:49:20 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:18 2003 Subject: Samba check pass trouble. Help Please!!!!! Message-ID: <39B3B684.132E405A@acmep.ustu.ru> Hello. I've a NT-Domain controlled by Samba-TNG-alpha-2.6 server. On a Win95 set a User Share Level. On a Win95 there is a shared resource 'Distrib' to user 'sasha' When user 'sasha' logs on to WinNt server he can't get access to the share 'Distrib' on a Win95 box. From sasha at acmep.ustu.ru Mon Sep 4 14:51:11 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:18 2003 Subject: How to create Group Administrators Message-ID: <39B3B6F3.5E956382@acmep.ustu.ru> Hello. Does somebody know how to create a group Domain Administrators with a corresponding SID ? -- Alexander Pazdnikov From LEYMARIE_Gerard at accor-hotels.com Mon Sep 4 15:03:18 2000 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:31:18 2003 Subject: Create a specific group Message-ID: All, Is it possible to define under samba 2.0.7, a specific domain group or do I have to have the TNG version? Thks From sasha at acmep.ustu.ru Mon Sep 4 15:37:59 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:18 2003 Subject: How to create Group Administrators References: <39B3B6F3.5E956382@acmep.ustu.ru> <39B3BF59.12D06C0C@ing.sun.ac.za> Message-ID: <39B3C1AF.1E23BD98@acmep.ustu.ru> Buchan Milne wrote: > > Depends on samba version, but for 2.0.7: > "domain admin group = @domadm" where domadm is a nuix group, with > members who will be Domain Administrators. Thank You for reply! But I have samba TNG because 2.0.7 doesn't provide a list of domain users when using User Share Security in WinNt and Win95. Have any Ideas on Samba-TNG ? -- Alexander Pazdnikov From icoupeau at unav.es Mon Sep 4 18:02:21 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:31:18 2003 Subject: Samba-ldap References: <20000904091048.HM.600000000004BEm@mixmail.com> Message-ID: <39B3E3AD.85D0F3A6@unav.es> paco cornejo wrote: > > Hi, i'm a Spanish student, im trying to authenticate > Windows 98/NT with a Solaris7 with Samba 2.1 pre-alpha > which is supossed to have ldap support. > I'm using OpenLdap 1.2.9 and I have some questions... > > 1.- Do I have to use a pam ldap module? I Think the pam module is for authenticate users/shares not for PDC implementation. With pam you can allow acces to printers/disks but the PDC stuff is another thing. The http://www.unav.es/cti/ldap-smb-howto.html has a pointer to pam-ldap docs. > 2.- Do I have to create news classes for Samba users > for Ldap? Is not necessary, but some example added to HEAD howto explains an example for samba-posix accounts, it may help. I think you need ldap support for pam/posix accounts... also the authentification via pam against ldap is supported in samba. > 3.- How I have to configure Slapd.conf with Samba? > 4.- And smb.conf? the howto provides some examples. > 5.- When I create a samba account using smbpasswd, i > get an error message. (I've been folowing the > installation instruction by Ignacio Coupeau, from the > Navarra University) the very first account yields an error if you don't have: ------ snip -------- objectclass sambaConfig requires id allows nextrid --------------------- In the slapd.oc.conf. or you can test with: bin/smbpasswd -a -D 256 then, if the ldap stuff runs, you can see the negotiation with the ldap server (also with slapd -d ). -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From dleffler at alaska.com Mon Sep 4 23:11:03 2000 From: dleffler at alaska.com (Dave Leffler) Date: Tue Dec 2 02:31:18 2003 Subject: Sharing Win9x Resources Message-ID: <000301c016c5$c787ad60$120aa8c0@anchorageak.net> I'm experimenting with creating a Linux PDC for my non-profit group. I have the domain up and running with the Win98 clients, however I'd like to convert from a peer-to-peer network to a controlled network. While I don't require sharing any files/drives on the Win9x machines, I do need to share printers. Every time I bring up the share dialog on the Win98 machine and try to add a user, I get the list not available, try later dialog. Is there a way around this? Is there an smb.conf setting I missed? Dave Leffler Leffler Homepage From doclark at bellsouth.net Tue Sep 5 03:15:16 2000 From: doclark at bellsouth.net (David Clark) Date: Tue Dec 2 02:31:18 2003 Subject: Samba/NT Domain Logon Server Message-ID: I am attempting to use a Samba 2.0.3 installation to share several items on a 99% NT network. After I set 'security = domain' and did the appropriate things for the machine to join the domain, all of my windows clients' passwords could not be validated by my PDC, which is an NT 4.1. I then changed the 'announce version' to 1.5, in hopes that the Samba machine would not win any sort of 'domain logon server' type election. That seemed to clear the logons up for the windows machines after about 30 minutes. However, when I look at the nmb log file it still claims success on become a logon server for my workgroup. When checking with the server manager on the NT, it still listed itself as PDC. I have os level set to 0, and domain master set to 'no.' I am at home right now, so cannot include a copy of smb.conf. Any help would be appreciated! David Clark MIS Winston-Salem Journal From sasha at acmep.ustu.ru Tue Sep 5 05:37:24 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:18 2003 Subject: How to create Group Administrators and Administrator References: Message-ID: <39B486A8.34C4C117@acmep.ustu.ru> Ross Davis wrote: > > Hi, > > I haven't read your previous mails but I assume this is what you are > looking for or at least it'll put you in the right direction. Hope you > don't have this URL already :) > > http://www.unav.es/cti/ldap-smb/ldap-smb-TNG-howto.html Thank You very much! I haven't that URL. Very Impressive. I'll think about using LDAP in our organization. But is there any way to manage users SID's using native Samba files : smbpasswd, domain group map, domain user map local map ??? Who to grant users different rights ??? And also. Does somebody know why when accessing a shared resource on WinNt from Win95 everything goes OK. When accessing a shared resource on Win95 from WinNT 'No access' message appeares. An access to the share is granted for a corresponding user in both cases. Any suggestions ??? Very in need ! -- Alexander Pazdnikov From sasha at acmep.ustu.ru Tue Sep 5 06:06:26 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:18 2003 Subject: Broblem with accessing shares Message-ID: <39B48D76.6B62AE3D@acmep.ustu.ru> Hello. Does somebody know why when accessing a shared resource on WinNt from Win95 everything goes OK. When accessing a shared resource on Win95 from WinNT 'No access' message appeares. An access to the share is granted for a corresponding user in both cases. IMPORTANT. With smbclient using in such a case: smbclient \\\\Win95_WS\\Share_for_user -U user smbclient \\\\WinNT_WS\\Share_for_user -U user everything works fine and access granted. All computers are in NTDOMAIN controlled by Samba-TNG-2.6 Any suggestions ??? Very in need ! -- Alexander Pazdnikov From max728 at usa.net Tue Sep 5 06:35:32 2000 From: max728 at usa.net (mathou rene) Date: Tue Dec 2 02:31:18 2003 Subject: logging problem with win98, winNT Message-ID: <20000905063533.22272.qmail@nwcst313.netaddress.usa.net> inside log.smb file i've got these following lines: [2000/09/05 10:14:09, 0] locking/shmem_sysv.c:sysv_shm_open(667) Can't create or use IPC area. Error was File exists [2000/09/05 10:14:09, 0] locking/locking.c:locking_init(174) ERROR: Failed to initialise share modes then samba server refuse user to log on win98 station saying bad password, and a few minutes later user can log on without any problem. log.smb file is now : [2000/09/05 10:14:09, 0] locking/shmem_sysv.c:sysv_shm_open(667) Can't create or use IPC area. Error was File exists [2000/09/05 10:14:09, 0] locking/locking.c:locking_init(174) ERROR: Failed to initialise share modes [2000/09/05 10:20:10, 3] locking/shmem_sysv.c:sysv_shm_open(707) Initialised IPC area of size 1048576 [2000/09/05 10:20:10, 2] smbd/server.c:main(746) Changed root to / [2000/09/05 10:20:10, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2000/09/05 10:20:10, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 0 [2000/09/05 10:20:10, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 2441, global_oplock_port = 1449 [2000/09/05 10:20:10, 3] smbd/process.c:process_smb(618) Transaction 0 of length 72 [2000/09/05 10:20:10, 2] smbd/reply.c:reply_special(97) netbios connect: name1=SMBSERVEUR name2=NEPTUNE ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 From yvesvlb at hotmail.com Tue Sep 5 09:26:35 2000 From: yvesvlb at hotmail.com (Yves Vanlerberghe) Date: Tue Dec 2 02:31:18 2003 Subject: Who can solve this...? Message-ID: Hi ! I've got a problem running the samba server, i want to log onto the domain ICONOS with my linux but i get this eroor message : [root@Oblivion bin]# smbpasswd -j ICONOS cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine NTS-ICONOS. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 2003/01/05 08:12:51 : change_trust_account_password: Failed to change password for domain ICONOS. Unable to join domain ICONOS. [root@Oblivion bin]# My smb.conf file : ;*******************section global***************** [global] encrypt passwords = yes smb passwd file = /etc/smbpasswd workgroup = ICONOS password server = NTS-ICONOS server string = Oblivion printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m lock directory = /var/lock/samba share modes = yes max log size = 50 security = DOMAIN socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no unix password sync = no comment = Oblivion netbios name = Oblivion encrypt passwords = no map to guest = never password level = 0 null passwords = yes os level = 0 preferred master = no domain master = no wins support = no dead time = 0 debug level = 0 ;*******************section homes***************** [homes] comment = Home Directories browseable = no read only = no writable = no create mode = 0750 ;*******************section printers***************** [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = True writable = no printable = yes ;*********************tmp*************************** [tmp] comment = Temporary file space path = /tmp read only = no public = yes my /etc/smbpasswd file : # Samba SMB password file vanleyv:501:392B38210528A4621486235A2333E4D2:E6C21C55E77A04C55D74515EFA5A5DB4:[U ]:LCT-3E17D8AF: root:0:392B38210528A4621486235A2333E4D2:E6C21C55E77A04C55D74515EFA5A5DB4:[U ]:LCT-3E17D8C4: i created a user root on the pdc and gave root the same password in nt as in passwd and smbpasswd the pdc is a winnt 4.0 machine can somebody help ? thx, Yves Vanlerberghe _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From mgeddes at xavier.sa.edu.au Tue Sep 5 07:54:35 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:18 2003 Subject: Who can solve this...? References: Message-ID: <39B4A6BB.662551FE@xavier.sa.edu.au> Yves Vanlerberghe wrote: > > Hi ! I've got a problem running the samba server, > i want to log onto the domain ICONOS with my linux but i get this eroor > message : > > [root@Oblivion bin]# smbpasswd -j ICONOS > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > NTS-ICONOS. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 2003/01/05 08:12:51 : change_trust_account_password: Failed to change > password for domain ICONOS. > Unable to join domain ICONOS. > [root@Oblivion bin]# > Have you created the NT trust account yet? Use Server Manager to create a workstation account for the Samba server and then try joining the domain with: smbpasswd -m -j ICONOS I think. -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From Rene.Lange at telekom.de Tue Sep 5 09:32:58 2000 From: Rene.Lange at telekom.de (=?iso-8859-1?Q?=22Lange=2C_Ren=E9=22?=) Date: Tue Dec 2 02:31:18 2003 Subject: login in into a nt-domain Message-ID: hello everyone, maybe I'm wrong with my question in your list, sorry for that if it is so. I can only access my IMAP-folder in our network if I log in into a nt- domain before. How can I do this with Linux? I think it's the part of samba, isn't it? So, where can I get a useful documentation about that? I do not have any administrative access to the pdc, I'm a pure user ;) thanks a lot .. -- Rene Lange From peter at cadcamlab.org Tue Sep 5 09:37:51 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:18 2003 Subject: Pb wiht smbmount and the accent References: <39ABA816.65F8BE8B@cti-paysloire.cnamts.fr> Message-ID: <14772.48716.103409.442733@wire.cadcamlab.org> [Philippe LEBRETON ] > I have a web server (Debian 2.1,Apache 1.3.12). I used smbmout to > mount a NTFS file system on my Web Server. Wiht my Netscape > navigator, when i list the NTFS directory mounted on the Web Server, > the accent does'nt correct. Are the filenames correct if you view them on the server itself? If so, as Giulio said, check your Samba charset and code page. If not, you probably need to investigate the `iocharset=' mount option. Peter From everling at comnitel.com Tue Sep 5 10:49:04 2000 From: everling at comnitel.com (Eoin Verling) Date: Tue Dec 2 02:31:18 2003 Subject: Cannot authenticate machine ... Message-ID: Hi, I'm running Samba 2.0.7 on SuSE 6.3, kernel 2.2.16 I'm using samba as a PDC, authenticating NT 4 (srv pk 5) clients. I have no problem setting up new NT clients and users to authenticate with samba, the problem is with machines that have already been setup. Now, the next step here is unclear to me, but basically the client machine no longer authenticates with the samba PDC. Whether it happened when I stopped samba, or changed a password. The username still authenticates fine. Upon NT login, I get the error message:- "The system cannot log you on to this domain because the systems computer account in its primary domain is missing or the password on that account is incorrect." To get around this problem, I login to the NT client as Administrator, move the machine out of the "Domain" and into a "Workgroup", reboot the machine ... change it back to the "Domain" again, and I get the "Welcome to domain". The I login as the user again, fine, except NT now creates a new profile for that user, ie .000 in c:\WINNT\Profiles ... and when I try to start Outlook (2000), I get the error "Cannot start Microsoft Outlook". If I login as Administrator I _can_ start Outlook. Now, the get the machine to login to the original profile, I edited the registry where I found the reference to .000 and changed it to So, the crux of my problem is getting Outlook to work again!! Has anyone seen this problem??? E - -- _ Eoin Verling _/ \_ 2200 Cork Airport Business Park, SysAdmin / \_/ \ Kinsale Rd., Cork, Ireland. Comnitel Technologies \_/ \_/ Ph: +353 21 7305608 everling@comnitel.com \_/ Fax: +353 21 7305624 From jgarrido at ucable.es Tue Sep 5 13:13:28 2000 From: jgarrido at ucable.es (=?ISO-8859-1?Q?Jose_Luis_Garrido_Garc=EDa?=) Date: Tue Dec 2 02:31:18 2003 Subject: Errors when connecting form NT Wst4.0 to Samba 2.0.7 for HPUX11 Message-ID: After installing and setting "WorkGroup" and "allow hosts" list with SWAT, the NT client can see the server in the netwrok neighbourhood, but when clicking the server to see the shares, I receive a message "The account is not allowed to begin session from that workstation" (Error 1240 in Windows NT Wkst). I have raised log level to 4 and receive messages in log.nmb: [2000/09/05 13:58:01, 4] libsmb/nmblib.c:(109) nmb packet from 172.28.7.178(137) header: id=15750 opcode=Release(6) response= No header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 question: q_name=DESAR02<20> q_type=32 q_class=1 additional: nmb_name=DESAR02<20> rr_type=32 rr_class=1 ttl=259200 additional 0 char @..... hex 4000AC1C07C5 [2000/09/05 13:58:01, 4] nmbd/nmbd_responserecordsdb.c:(46) add_response_record: adding response record id:15750 to subnet UNICAST_SUBNET. num_records:8 [2000/09/05 13:58:01, 4] nmbd/nmbd_packets.c:(414) initiate_name_release_packet: sending release for name UNICABLE<00> (bcast=No) to IP 172.28.7.178 And the response to the pachet sent (seems to be unable to connect to master browser): [2000/09/05 13:58:01, 0] nmbd/nmbd_responserecordsdb.c:(238) find_response_record: response packet id 15750 received with no matching record. The messages in log.smb when trying to connect from the client are: [2000/09/05 12:23:18, 1] lib/util_sock.c:(1007) Gethostbyaddr failed for 172.28.1.36 [2000/09/05 12:23:18, 2] lib/access.c:(257) Allowed connection from 172.28.1.36 (172.28.1.36) [2000/09/05 12:23:18, 3] smbd/process.c:(618) Transaction 0 of length 72 [2000/09/05 12:23:18, 2] smbd/reply.c:(96) netbios connect: name1=DESAR02 name2=PC0075 [2000/09/05 12:23:18, 3] smbd/process.c:(618) Transaction 1 of length 174 [2000/09/05 12:23:18, 3] smbd/process.c:(448) switch message SMBnegprot (pid 4585) [2000/09/05 12:23:18, 3] smbd/negprot.c:(341) Requested protocol [PC NETWORK PROGRAM 1.0] [2000/09/05 12:23:18, 3] smbd/negprot.c:(341) Requested protocol [XENIX CORE] [2000/09/05 12:23:18, 3] smbd/negprot.c:(341) Requested protocol [MICROSOFT NETWORKS 1.03] [2000/09/05 12:23:18, 3] smbd/negprot.c:(341) Requested protocol [LANMAN1.0] [2000/09/05 12:23:18, 3] smbd/negprot.c:(341) Requested protocol [LM1.2X002] [2000/09/05 12:23:18, 3] smbd/negprot.c:(341) Requested protocol [LANMAN2.1] [2000/09/05 12:23:18, 3] smbd/negprot.c:(341) Requested protocol [NT LM 0.12] [2000/09/05 12:23:18, 3] smbd/negprot.c:(424) Selected protocol NT LM 0.12 [2000/09/05 12:23:18, 3] smbd/process.c:(856) end of file from client [2000/09/05 12:23:18, 2] smbd/server.c:(408) Closing connections [2000/09/05 12:23:18, 3] smbd/server.c:(435) Server exit (normal exit) [2000/09/05 13:21:43, 1] smbd/server.c:(641) smbd version 2.0.7 started. Copyright Andrew Tridgell 1992-1998 doing parameter wins server = 172.28.7.178 [2000/09/05 13:21:43, 2] param/loadparm.c:(2481) Processing section "[share1]" doing parameter comment = share1 comment doing parameter path = /tmp [2000/09/05 13:21:43, 3] param/loadparm.c:(2805) pm_process() returned Yes [2000/09/05 13:21:43, 3] param/loadparm.c:(1594) adding IPC service [2000/09/05 13:21:43, 2] lib/interface.c:(83) added interface ip=172.28.7.197 bcast=172.28.255.255 nmask=255.255.0.0 [2000/09/05 13:21:43, 3] lib/interface.c:(63) not adding duplicate interface 172.28.7.197 [2000/09/05 13:21:43, 1] smbd/files.c:(215) file_init: Information only: requested 10000 open files, 1014 are available. [2000/09/05 13:21:43, 3] smbd/server.c:(704) loaded services [2000/09/05 13:21:43, 4] locking/shmem_sysv.c:(547) Trying sysv shmem open of size 1048576 [2000/09/05 13:21:43, 3] locking/shmem_sysv.c:(707) Initialised IPC area of size 1048576 [2000/09/05 13:21:43, 2] smbd/server.c:(746) Changed root to / open_oplock_ipc: opening loopback UDP socket. [2000/09/05 13:21:43, 3] lib/util_sock.c:(875) bind succeeded on port 0 [2000/09/05 13:21:43, 3] smbd/oplock.c:(113) open_oplock ipc: pid = 7635, global_oplock_port = 51678 [2000/09/05 13:21:43, 4] lib/time.c:(110) Serverzone is -7200 And begins again (next line): [2000/09/05 12:23:22, 1] lib/util_sock.c:(1007) Gethostbyaddr failed for 172.28.1.36 [2000/09/05 12:23:22, 2] lib/access.c:(257) Allowed connection from 172.28.1.36 (172.28.1.36) [2000/09/05 12:23:22, 3] smbd/process.c:(618) Transaction 0 of length 72 [2000/09/05 12:23:22, 2] smbd/reply.c:(96) netbios connect: name1=DESAR02 name2=PC0075 ?Anyone knows how many things are incorrect in my smbd.conf file?: coding system = client code page = 850 workgroup = UNICABLE netbios name = DESAR02 netbios aliases = netbios scope = server string = Samba 2.0.7 interfaces = lan0 172.28.7.197/255.255.248.0 bind interfaces only = No security = USER encrypt passwords = No update encrypted = No allow trusted domains = Yes hosts equiv = min password length = 5 map to guest = Never null passwords = No password server = smb passwd file = /etc/opt/samba/private/smbpasswd root directory = / passwd program = /bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = /users.map password level = 0 username level = 0 unix password sync = No restrict anonymous = No use rhosts = Yes debug level = 1 syslog = 1 syslog only = No log file = max log size = 5000 debug timestamp = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = Yes announce version = 4.2 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY stat cache size = 50 load printers = Yes printcap name = /etc/printcap printer driver file = /opt/samba/lib/printers.def strip dot = No character set = mangled stack = 50 stat cache = Yes domain groups = domain admin group = domain guest group = domain admin users = domain guest users = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = Yes domain master = No browse list = Yes dns proxy = Yes wins proxy = No wins server = 172.28.7.178 wins support = No wins hook = kernel oplocks = Yes ole locking compatibility = Yes oplock break wait time = 10 smbrun = /opt/samba/bin/smbrun config file = auto services = lock directory = /var/opt/samba/locks default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = No NIS homedir = No source environment = panic action = comment = path = revalidate = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = force user = force group = writeable = No create mask = 0744 force create mode = 00 security mask = -1 force security mode = -1 directory mask = 0755 force directory mode = 00 directory security mask = -1 force directory security mode = -1 inherit permissions = No guest only = No guest ok = No only user = No hosts allow = 172.28.0.0/255.255.0.0 hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No write cache size = 0 printable = No postscript = No printing = hpux print command = lp -c -d%p %s; rm %s lpq command = lpstat -o%p lprm command = cancel %p-%j lppause command = lpresume command = queuepause command = disable %p queueresume command = enable %p printer = printer driver = NULL printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = No oplock contention limit = 2 strict locking = No share modes = Yes copy = include = preexec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No [share1] comment = share1 comment path = /tmp Thanks: Jos? Luis Garrido From tobias at uni-x.se Tue Sep 5 13:20:47 2000 From: tobias at uni-x.se (tobias@uni-x.se) Date: Tue Dec 2 02:31:18 2003 Subject: UID problem Message-ID: Hello, I have a network with a latest HEAD branch (000904), where the UID always is set to something like "Unknown user on domain [DOMAIN]" on the roaming profile. It seems like samba is unable to map UID to whatever NT is using for UID. I have tried to change the owner on the local machine, but of course every time I login it gets changed back to "Unknown user". The server is running Linux x86 (SuSE 6.3), the client's are running WinNT 4 SP6. Can anyone please help, it's quite urgent. /Tobias Best regards Tobias Olsson _______________________________________________________________ F?renade X AB Voice: +46 (0)40 459220 tobias@uni-x.se Weiler's Law: Nothing is impossible for the man who doesn't have to do it himself. From andyzb at ltiflex.com Tue Sep 5 13:29:16 2000 From: andyzb at ltiflex.com (Andy Zbikowski) Date: Tue Dec 2 02:31:18 2003 Subject: [OT] Address change? Message-ID: <39B4F52C.58B9FC60@ltiflex.com> Hey! Someone went and broke my procmail filters! Any reason why the list address changed from samba-ntdom@samba.org to samba-ntdom@us4.samba.org? -- Andy Zbikowski, Sys Admin | (WEB) http://www.ltiflex.com LTI Flexible Products, Inc. | (PH) 763-428-9119 (EX) 132 21801 Industrial Blvd | (FX) 763-428-9126 Rogers, MN 55374 | (PCS) 612-306-6055 -------------- next part -------------- A non-text attachment was scrubbed... Name: andyzb.vcf Type: text/x-vcard Size: 421 bytes Desc: Card for Andy Zbikowski Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000905/7f3381e2/andyzb.vcf From vorlon at netexpress.net Tue Sep 5 13:44:16 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:18 2003 Subject: Samba/NT Domain Logon Server In-Reply-To: Message-ID: On Mon, 4 Sep 2000, David Clark wrote: > I am attempting to use a Samba 2.0.3 installation to share several items on > a 99% NT network. After I set 'security = domain' and did the appropriate > things for the machine to join the domain, all of my windows clients' > passwords could not be validated by my PDC, which is an NT 4.1. > > I then changed the 'announce version' to 1.5, in hopes that the Samba > machine would not win any sort of 'domain logon server' type election. That > seemed to clear the logons up for the windows machines after about 30 > minutes. However, when I look at the nmb log file it still claims success on > become a logon server for my workgroup. When checking with the server > manager on the NT, it still listed itself as PDC. I have os level set to 0, > and domain master set to 'no.' I am at home right now, so cannot include a > copy of smb.conf. Any help would be appreciated! David, You should make sure that you have 'domain logons' turned off in your smb.conf file. The only machines that should be accepting domain logons for a domain are the PDC and any BDCs. Since you're running 2.0.3 which doesn't have BDC support, and you clearly /don't/ want this Samba box to be the PDC, you should definitely get rid of the 'domain logons = yes' line you seem to have set in your smb.conf. There shouldn't be any need to twiddle 'announce version' or 'os level' after that. Indeed, 'os level' should be set fairly high, as Samba should always win out over any Win9x boxes on your network. Steve Langasek postmodern programmer From tobias at uni-x.se Tue Sep 5 14:07:03 2000 From: tobias at uni-x.se (tobias@uni-x.se) Date: Tue Dec 2 02:31:19 2003 Subject: [OT] Address change? In-Reply-To: <39B4F52C.58B9FC60@ltiflex.com> Message-ID: Hello, oops, sorry about that, think I got the address from the verification when I joined the list. /Tobias On Tue, 5 Sep 2000, Andy Zbikowski wrote: > Date: Tue, 05 Sep 2000 08:29:16 -0500 > From: Andy Zbikowski > To: samba-ntdom list > Subject: [OT] Address change? > > Hey! Someone went and broke my procmail filters! Any reason why the list > address changed from samba-ntdom@samba.org to samba-ntdom@us4.samba.org? > > -- > Andy Zbikowski, Sys Admin | (WEB) http://www.ltiflex.com > LTI Flexible Products, Inc. | (PH) 763-428-9119 (EX) 132 > 21801 Industrial Blvd | (FX) 763-428-9126 > Rogers, MN 55374 | (PCS) 612-306-6055 Best regards Tobias Olsson _______________________________________________________________ F?renade X AB Voice: +46 (0)40 459220 tobias@uni-x.se First Law of Bicycling: No matter which way you ride, it's uphill and against the wind. From olpa at sybcom.de Tue Sep 5 14:26:54 2000 From: olpa at sybcom.de (olpa@sybcom.de) Date: Tue Dec 2 02:31:19 2003 Subject: Authentification via PAM AND smbpasswd Message-ID: Hello, I want to authenticate users against the NDS via PAM and use samba TNG as a PDC. Efforts to use normal samba with PAM/NDS were successfull, but using the PDC features needs the use of smbpasswd for (at least) machine trust accounts. Is it possible to use the smbpasswd system for machine accounts and to use PAM as authentification system for users at the same time ? This would imply, that the passwords come in clear text, and I know that for this, there is a registry patch... Help would be thankfully welcomed... --- "We all know Linux is great...it does infinite loops in 5 seconds." (Linus Torvalds about the superiority of Linux on the Amterdam Linux Symposium) --- Oliver Pabst .-------------------------. mailto:olpa@sybcom.de : : phone :+49 681 56600600 : project department : SYBCOM GmbH fax :+49 681 56600660 : : http://www.sybcom.de From ink at inconnu.isu.edu Tue Sep 5 14:59:59 2000 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:31:19 2003 Subject: [OT] Address change? In-Reply-To: <39B4F52C.58B9FC60@ltiflex.com> Message-ID: On Tue, 5 Sep 2000, Andy Zbikowski wrote: > Hey! Someone went and broke my procmail filters! Any reason why the list > address changed from samba-ntdom@samba.org to samba-ntdom@us4.samba.org? Don't complain, we finally have mime-encoded digests! :) -- The wheel is turning but the hamster is dead. Craig Kelley -- kellcrai@isu.edu http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block From olpa-samba at sybcom.de Tue Sep 5 15:41:00 2000 From: olpa-samba at sybcom.de (olpa-samba@sybcom.de) Date: Tue Dec 2 02:31:19 2003 Subject: Authentification via PAM AND smbpasswd Message-ID: Hello, I want to authenticate users against the NDS via PAM and use samba TNG as a PDC. Efforts to use normal samba with PAM/NDS were successfull, but using the PDC features needs the use of smbpasswd for (at least) machine trust accounts. Is it possible to use the smbpasswd system for machine accounts and to use PAM as authentification system for users at the same time ? This would imply, that the passwords come in clear text, and I know that for this, there is a registry patch... Help would be thankfully welcomed... --- "We all know Linux is great...it does infinite loops in 5 seconds." (Linus Torvalds about the superiority of Linux on the Amterdam Linux Symposium) --- Oliver Pabst .-------------------------. mailto:olpa@sybcom.de : : phone :+49 681 56600600 : project department : SYBCOM GmbH fax :+49 681 56600660 : : http://www.sybcom.de From kenb at nwcc.edu Tue Sep 5 16:11:08 2000 From: kenb at nwcc.edu (Ken Barber) Date: Tue Dec 2 02:31:19 2003 Subject: Sharing Win9x Resources Message-ID: <90CF2A4C7C7CD411A651009027DE91385566@eve.nwcc.edu> > -----Original Message----- > From: "Dave Leffler" > To: > Subject: Sharing Win9x Resources > Date: Mon, 4 Sep 2000 15:11:03 -0800 > charset="iso-8859-1" > > I'm experimenting with creating a Linux PDC for my non-profit > group. I have > the domain up and running with the Win98 clients, however I'd like to > convert from a peer-to-peer network to a controlled network. > While I don't > require sharing any files/drives on the Win9x machines, I do > need to share > printers. Every time I bring up the share dialog on the > Win98 machine and > try to add a user, I get the list not available, try later dialog. > > Is there a way around this? Is there an smb.conf setting I missed? > > Dave Leffler > Leffler Homepage Dave, You don't say which version of Samba you're using. My top student worker and I just spent a week and a half setting up a little lab in an unused computer classroom playing with various versions of Samba. We needed to do something similar to what you want: give domain users rights/permissions on the local machines. We found that there's a difference between a PDC authenticating a user logging into the domain, and the PDC responding to a request from a workstation that wants to assign rights/permissions to a user. All of the current releases of Samba (2.0.7, the soon-to-be-released next version, and TNG) will do the former without problems. However, only TNG will to the latter. We had a lot of fun playing with it and learned a lot, but there's no way we're going to put alpha software (i.e., TNG) on a production server! We decided to install NT on an old, slow box for a domain controller and then use the Samba box (running the current stable release, thank you) for file and print services. Good luck. Ken Barber Network Administrator Northwest Christian College Eugene, Oregon USA From Chuck_Moore at compuware.com Tue Sep 5 16:08:17 2000 From: Chuck_Moore at compuware.com (Moore, Charlie) Date: Tue Dec 2 02:31:19 2003 Subject: Trust relationship between NT and Linux Message-ID: To whom it may concern; I'm running Samba on Linux to a primary domain (NT). I keep getting error messages which reads: The trust relationship between this workstation and the primary domain failed. Can you lead me in the right direction of which files have to be referenced to insure success? Many Thanx; Chuck Moore cmoore@compuware.com From cma at toronto.circadence.com Tue Sep 5 16:55:45 2000 From: cma at toronto.circadence.com (Carl Ma) Date: Tue Dec 2 02:31:19 2003 Subject: samba performance Message-ID: <200009051702.NAA07349@mail.toronto.vr1.com> Hello all, In our company, We share all the windows applications from the samba server, which is HP LC1000, clients are running Win2000 and map the applications filesystem as local disk driver. Everything is ok. Last week, we switched our samba server from HP LC1000 to a PC server running RH6.2. Now the performance for browser & copy is ok, however if we start the window applications, it may take 60 - 90 seconds. The attached file is my samba configuration. Can anyone advise on it? Thank you in advance! carl -------------- next part -------------- # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] workgroup = TORONTO_NT netbios name = cmsamba password server = 26.204.50.10 security = server remote announce = 26.204.51.255 hosts allow = 26.204. 26.204. 127. guest account = nobody dead time = 20 log file = /var/log/samba/log.%m max log size = 50 read prediction = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = host interfaces = eth0 26.204.50.26/255.255.254.0 bind interfaces only = True ; include = /etc/smb.conf.%m ; username map = /etc/smbusers ; Handle the filename between NT - UNIX # mangled names = no # mangled stack = 100 # preserve case = yes preserve case = no # short preserve case = yes case sensitive = no default case = lower password level = 1 status = yes browsable = yes message command = /usr/sbin/mail -s 'message from %f on %m' cma < %s ; rm %s & #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes create mode = 0700 # This one is useful for people to share files [tmp] comment = Temporary file space path = /tmp read only = no public = yes # A publicly accessible directory, but read only, except for people in # the "qa" group [public] comment = Public Stuff path = /export/home1 public = yes writable = yes printable = no write list = @qa [build] comment = QA Code building path = /cm-build public = no writable = yes printable = no create mask = 775 group = qa From ZolnOtt at t-online.de Tue Sep 5 19:16:26 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:19 2003 Subject: Create a specific group References: Message-ID: <39B5468A.BA0CD48C@t-online.de> Hallo Gerard! Try it with: domain groups = Bye Michael LEYMARIE Gerard wrote: > > All, > > Is it possible to define under samba 2.0.7, a specific domain group or do I > have to have the TNG version? > > Thks From ZolnOtt at t-online.de Tue Sep 5 19:01:12 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:19 2003 Subject: Sharing Win9x Resources References: <000301c016c5$c787ad60$120aa8c0@anchorageak.net> Message-ID: <39B542F8.82B52CBC@t-online.de> Hallo Dave! I understand that you have a printer at the samba-Server an everybody can print with it. I send you my application for my smb.conf. It works. I hope, that i can help you Michael Dave Leffler wrote: > > I'm experimenting with creating a Linux PDC for my non-profit group. I have > the domain up and running with the Win98 clients, however I'd like to > convert from a peer-to-peer network to a controlled network. While I don't > require sharing any files/drives on the Win9x machines, I do need to share > printers. Every time I bring up the share dialog on the Win98 machine and > try to add a user, I get the list not available, try later dialog. > > Is there a way around this? Is there an smb.conf setting I missed? > > Dave Leffler > Leffler Homepage -------------- next part -------------- ; win95.conf: ; 000510 ; Zusatz zu smb.conf ; ; globale Einstellungen logon script = logon_win9x.bat printer driver file = /usr/local/samba/lib/printers.def [netlogon] path = /home/logon writable = no public = no locking = no [epsty800] comment = Epson Stylus 800 printable = yes ;writable = no printer = lp public = no path = /var/spool/samba printer driver location = \\%L\amtek\druckertreiber printer driver = Epson Stylus 800 ESC/P 2 valid users = @zolnott ; ; Ende Win95.conf From ZolnOtt at t-online.de Tue Sep 5 18:43:10 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:19 2003 Subject: Trust relationship between NT and Linux References: Message-ID: <39B53EBD.D595B841@t-online.de> Hallo Charlie! I want to know more. It to less information. What is your opionen in your smb.conf: security = user, domain master = yes Bye, Michael "Moore, Charlie" wrote: > > To whom it may concern; > > I'm running Samba on Linux to a primary domain (NT). > I keep getting error messages which reads: The trust relationship > between this workstation and the primary domain failed. > > Can you lead me in the right direction of which files have to be referenced > to insure success? > Many Thanx; > > Chuck Moore > cmoore@compuware.com From ZolnOtt at t-online.de Tue Sep 5 19:14:54 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:19 2003 Subject: How to create Group Administrators References: <39B3B6F3.5E956382@acmep.ustu.ru> <39B3BF59.12D06C0C@ing.sun.ac.za> <39B3C1AF.1E23BD98@acmep.ustu.ru> Message-ID: <39B5462E.9FB012AE@t-online.de> Hallo Alexander! Try it with: username map = /usr/local/samba/lib/domain_user.map domain group map = /usr/local/samba/lib/domain_group.map But I don`t know, whether it work. It should work with the TNG, but by me it do not. You have to write into username map: UnixUser = NTUser an into group map UnixGroup = NTGroup I hope, that i can help you Michael Pazdnikov Alexander wrote: > > Buchan Milne wrote: > > > > Depends on samba version, but for 2.0.7: > > "domain admin group = @domadm" where domadm is a nuix group, with > > members who will be Domain Administrators. > > Thank You for reply! > But I have samba TNG because 2.0.7 doesn't provide a list > of domain users when using User Share Security in WinNt > and Win95. > > Have any Ideas on Samba-TNG ? > > -- > Alexander Pazdnikov From RW4328 at msg.pacbell.com Tue Sep 5 19:43:54 2000 From: RW4328 at msg.pacbell.com (WEVER, RENE (SBCSI)) Date: Tue Dec 2 02:31:19 2003 Subject: Win9x and NT mix Message-ID: <714B95825A53D2119EA800805FE62E420A0DC463@msgsrv21.srv.pacbell.com> I just began using Samba on our server, and have set it up for the users to Authenticate against an NT server. NT Workstation users have no problem Mapping the directories I have set up in smb.conf; however the Windows 98 users are not able to see or map the directories. Anything I should be watching out for? <<<< Samba 2.0.7 dns proxy = yes security = server password server = ntsrvr os level = 30 wins server = {ntsrvr's IP-Address} win proxy = yes >>>> -Rene Rene.Wever@sbc.com From ZolnOtt at t-online.de Tue Sep 5 20:19:41 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:19 2003 Subject: Win9x and NT mix References: <714B95825A53D2119EA800805FE62E420A0DC463@msgsrv21.srv.pacbell.com> Message-ID: <39B5555D.CDED75C2@t-online.de> Hallo Rene! I have both System and no problems I write at the end of global path: include = /usr/local/samba/lib/%a.conf I have two more conf-files. One called WinNT.conf and the other Win95.conf And in both of them i wrote the espacially configuration for both system. I hope, that i can help you Michael "WEVER, RENE (SBCSI)" wrote: > > I just began using Samba on our server, and have set it up for the users to > Authenticate against an NT server. > > NT Workstation users have no problem Mapping the directories I have set up > in smb.conf; however the Windows 98 users are not able to see or map the > directories. Anything I should be watching out for? > > <<<< Samba 2.0.7 > dns proxy = yes > security = server > password server = ntsrvr > os level = 30 > wins server = {ntsrvr's IP-Address} > win proxy = yes > >>>> > > -Rene > Rene.Wever@sbc.com -------------- next part -------------- ; win95.conf: ; 000510 ; Zusatz zu smb.conf ; ; globale Einstellungen logon script = logon_win9x.bat printer driver file = /usr/local/samba/lib/printers.def [netlogon] path = /home/logon writable = no public = no locking = no [epsty800] comment = Epson Stylus 800 printable = yes ;writable = no printer = lp public = no path = /var/spool/samba printer driver location = \\%L\amtek\druckertreiber printer driver = Epson Stylus 800 ESC/P 2 valid users = @zolnott ; ; Ende Win95.conf -------------- next part -------------- ; WinNT.conf: ; 000515 ; Zusatz zu smb.conf ; ; globale Einstellungen logon script = logon_winNT.bat logon drive = H: logon home = \\%N\%U [netlogon] path = /home/logon writable = no public = no locking = no [epsty800] comment = Epson Stylus 800 printable = yes writable = no printer = lp public = no path = /var/spool/samba valid users = @zolnott ; ; Ende WinNT.conf -------------- next part -------------- echo off echo Starten des Zeitservers net time \\laptop /set /yes echo Verbinden mit Home-Verzeichnis... net use h: \\laptop\homes echo Verbinden mit Download-Verzeichnis... net use i: \\laptop\download echo Verbinden mit CD-ROM... net use r: \\laptop\cd-rom pause -------------- next part -------------- @echo off echo ******************************************************* echo * Willkommen in der Samba-gesteuerten NT-D?mane * echo * der Familie Zolnhofer und Ott * echo * Author: Michael Ott * echo ******************************************************* pause echo Starten des Zeitservers net time \\laptop /set /yes echo Verbinden mit Home-Verzeichnis... net use h: \\laptop\homes echo Verbinden mit Download-Verzeichnis... net use i: \\laptop\download echo Verbinden mit CD-ROM... net use r: \\laptop\cd-rom From luisrdz at rctech.com.mx Tue Sep 5 20:24:51 2000 From: luisrdz at rctech.com.mx (=?iso-8859-1?Q?Ing._Luis_A._Rodr=EDguez_Cant=FA?=) Date: Tue Dec 2 02:31:19 2003 Subject: samba-nt domain Message-ID: <001101c01777$59433e20$6501a8c0@internet.net> Hi, im new using linux, i have samba 2.0.6 version. I have in my company a windows nt server and windows 98 workstations, my nt domain name is "ciesa" , i added a linux server and i want to know if my linux server can have a domain name, like nt server, for example "ciesalx", if that is possible, what configuration is required? thank you Luis R. -------------- next part -------------- HTML attachment scrubbed and removed From kenb at nwcc.edu Tue Sep 5 22:22:57 2000 From: kenb at nwcc.edu (Ken Barber) Date: Tue Dec 2 02:31:19 2003 Subject: Trust relationship between NT and Linux Message-ID: <90CF2A4C7C7CD411A651009027DE9138556F@eve.nwcc.edu> > -----Original Message----- > From: "Moore, Charlie" > To: "'samba-ntdom@samba.org'" > Subject: Trust relationship between NT and Linux > Date: Tue, 5 Sep 2000 12:08:17 -0400 > charset="iso-8859-1" > > To whom it may concern; > > I'm running Samba on Linux to a primary domain (NT). > I keep getting error messages which reads: The trust relationship > between this workstation and the primary domain failed. > > Can you lead me in the right direction of which files have to > be referenced > to insure success? > Many Thanx; > > Chuck Moore > cmoore@compuware.com Chuck, I presume that the NT domain controller is a "real" NT box. You have to get the Samba box to join the domain. 0. Make sure that you have "security = domain" set in your smb.conf file (it sounds like you already have this done). 1. Go to the PDC, run Server Manager and add your Samba box's name to the list of NT Workstations/Servers. 2. Go to your Samba box, logged in as root of course, and enter: smbpasswd -j Restart Samba and everything should be fine. Ken Barber Network Admin Northwest Christian College Eugene, Oregon USA From jnp at myoc.net Tue Sep 5 22:51:13 2000 From: jnp at myoc.net (Jnp) Date: Tue Dec 2 02:31:19 2003 Subject: User Manager for Domains In-Reply-To: <90CF2A4C7C7CD411A651009027DE9138556F@eve.nwcc.edu> Message-ID: <4.2.0.58.20000905153447.00a962e0@mrgates.myoc.net> Hi list, this is my first question. I inherited a Samba environment a few months ago, but the mailing lists were down, or I could not subscribe to them. I have worked out most of my problems but still have a question. I am running Samba 2.0.7 as a pdc, my workstations are NT4 clients. When I go to User Manager for Domains, and click on the Administrators group, on the client box, so I can add the user as an Administrator of their own box, I can pick the User from the list, but then if I go back to the User Manager for Domains screen, it shows: MYOC\Account Unknown (myoc is my domain name) I think the problem may have something to do with the password files, because once before, there were some users that were in the smbpasswd file, but not /etc/passwd, and I would not see any users in User Manager for Domains until I fixed the passwd files. That's just a guess at this point though. Also, is there a way to set up a main Administrator account so the admin could actually get into the hard drives of the users, to update software, etc? I know you can set up an admin user to have access to all the samba shares, but can you do it so they can see the private shares (the user's hard drives). I hear you can do that with an NT pdc, but I don't have an NT domain controller, and don't really want one at the moment. Thanks to all in advance! -- John From mgeddes at xavier.sa.edu.au Tue Sep 5 23:36:45 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:19 2003 Subject: User Manager for Domains References: <4.2.0.58.20000905153447.00a962e0@mrgates.myoc.net> Message-ID: <39B5838D.D7BDD765@xavier.sa.edu.au> Jnp wrote: > I > am running Samba 2.0.7 as a pdc, my workstations are NT4 clients. When I > go to User Manager for Domains, and click on the Administrators group, on > the client box, so I can add the user as an Administrator of their own box, > I can pick the User from the list, but then if I go back to the User > Manager for Domains screen, it shows: Samba 2.0.x does not support the many "advanced features" of windows NT (all of the RPC stuff). > MYOC\Account Unknown (myoc is my domain name) I think the problem may > have something to do with the password files, because once before, there Check your samba log files. It will tell you if this is the case. > Also, is there a way to set up a main Administrator account so the admin > could actually get into the hard drives of the users, to update software, > etc? I know you can set up an admin user to have access to all the samba > shares, but can you do it so they can see the private shares (the user's > hard drives). I hear you can do that with an NT pdc, but I don't have an > NT domain controller, and don't really want one at the moment. Thanks to > all in advance! Yes. I can't remember exactly how stable Samba works, but the documentation does have it. You should also have a copy of 'Using Samba' as part of your 2.0.7 distribution Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From peter at cadcamlab.org Wed Sep 6 02:09:34 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:19 2003 Subject: [OT] Address change? References: <39B4F52C.58B9FC60@ltiflex.com> Message-ID: <14773.42700.935349.893571@wire.cadcamlab.org> [Andy Zbikowski ] > Hey! Someone went and broke my procmail filters! Any reason why the list > address changed from samba-ntdom@samba.org to samba-ntdom@us4.samba.org? My theory is that both are now valid and some people are using the second one. And now that we're on the new list software, it doesn't go in and rewrite all the headers like the old one did (thanks Tim!) so you see just what the poster sent. My .procmailrc just looks for "samba-ntdom@". Peter From peter at cadcamlab.org Wed Sep 6 02:14:21 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:19 2003 Subject: Authentification via PAM AND smbpasswd References: Message-ID: <14773.42888.542315.610482@wire.cadcamlab.org> [olpa-samba@sybcom.de ] > I want to authenticate users against the NDS via PAM and use samba > TNG as a PDC. Can't have both. The problem is that as a PDC, Samba needs to store NT password hashes and do its own authentication; it cannot use PAM, whether that be pam_ldap or anything else, because PAM is not quite flexible enough to allow for the necessary challenge-response from the application side. Basically, a PDC must have `encryption = yes'.... What you need is for Samba to use a direct LDAP or NDS lookup, and store its own passwords in your NDS database. This may be possible -- Samba does have *some* LDAP support -- but I have no idea how to go about setting it up. Peter From gerry at mccb.org Wed Sep 6 11:46:55 2000 From: gerry at mccb.org (Gerry Kirk) Date: Tue Dec 2 02:31:19 2003 Subject: Modified share permissions not getting to users unless log off done Message-ID: <4.3.1.1.20000906114404.00b0ce40@mail.mccb.org> Samba 2.0.6, SuSE 6.1, NT PDC, Win 95/98 clients Step 1: Create a samba share Step 2: Access the share from a client machine Step 3: Modify samba share, e.g., change valid users list Step 4: Again access share from a client machine Result: changes in step 3 not recognized from client unless I log off from client and re-log in. Any ideas? Thanks, Gerry From gerry at mccb.org Wed Sep 6 11:43:59 2000 From: gerry at mccb.org (Gerry Kirk) Date: Tue Dec 2 02:31:19 2003 Subject: unable to write to a directory beneath a shared directory Message-ID: <4.3.1.1.20000906111552.00b0a580@mail.mccb.org> Samba 2.0.6, SuSE 6.1, Win95/98 clients, NT PDC I created a Samba share with the following config: [anniv] browseable = yes path = /home/org/30anniv force create mode = 0777 read only = no With this configuration, any new directories created under it have unix permissions set to 0755 and all files have 0777. The problem is that no one other than the owner can modify or create new files in this directory. I then manually set the unix permissions to a subdirectory of anniv to 0777. Still, no one can modify, create or delete files from a Win 95/98 machine unless they are the owner of that directory. Alright, I then added the following to the [anniv] share definition: force directory mode = 0777 Guess what? This worked. What I don't understand, is that in the end, both approaches (manually setting vs. samba setting) generated the same directory permissions. Why didn't the first approach work? Aack! Gerry From olpa at sybcom.de Wed Sep 6 07:30:59 2000 From: olpa at sybcom.de (olpa@sybcom.de) Date: Tue Dec 2 02:31:19 2003 Subject: Authentification via PAM AND smbpasswd In-Reply-To: <14773.42888.542315.610482@wire.cadcamlab.org> Message-ID: On Yesterday, Peter Samuelson wrote: > Date: Tue, 5 Sep 2000 21:14:21 -0500 (CDT) > From: Peter Samuelson > To: olpa@sybcom.de > Cc: samba-ntdom@us4.samba.org > Subject: Re: Authentification via PAM AND smbpasswd > > > [olpa-samba@sybcom.de ] > > I want to authenticate users against the NDS via PAM and use samba > > TNG as a PDC. > > Can't have both. The problem is that as a PDC, Samba needs to store NT > password hashes and do its own authentication; it cannot use PAM, > whether that be pam_ldap or anything else, because PAM is not quite > flexible enough to allow for the necessary challenge-response from the > application side. > > Basically, a PDC must have `encryption = yes'.... > > What you need is for Samba to use a direct LDAP or NDS lookup, and > store its own passwords in your NDS database. This may be possible -- > Samba does have *some* LDAP support -- but I have no idea how to go > about setting it up. > > Peter Hi, I experienced a bit with SAMBA <-> LDAP and this will require the change of the schema for the NDS. I thought more of something like password encryption for machines = yes password encryption for users = no and then, for the latter case use PAM (and thus NDS) --- Running Windows on a Pentium is like having a brand new Porsche but only be able to drive backwards with the handbrake on. (Unknown source) --- Oliver Pabst .-------------------------. mailto:olpa@sybcom.de : : phone :+49 681 56600600 : project department : SYBCOM GmbH fax :+49 681 56600660 : : http://www.sybcom.de From Christian.Hirsch at de.bertrandt.com Wed Sep 6 09:29:41 2000 From: Christian.Hirsch at de.bertrandt.com (Hirsch, Christian, SI) Date: Tue Dec 2 02:31:19 2003 Subject: map nt groups to unix groups Message-ID: <4DE518E627FDD011BE6A00A0C93B23280181F2ED@SI_SV_MAIL> Hello I try to map ntgroups to unixgroup in a username map file. But it does not work. A Nt-user who is member of an ntgroup which is mapped to a unixgroup which has rights to access a specific directory can not access this directory. If a add the user additionally to the unixgroup ( add the username in the file /etc/group to the specific group) it works. I read this in the docu: Each of the entries in the username map file should be listed as follows: the Unix username, followed by an equal sign (=), followed by one or more whitespace-separated SMB client usernames. Note that unless instructed otherwise, (i.e., a guest connection), Samba will expect both the client and the server user to have the same password. You can also map NT groups to one or more specific Unix groups using the @ sign. Here are some examples: jarwin = JosephArwin manderso = MarkAnderson users = @account Can I map ntgroups to unixgroups ? Or must I organize my file /etc/group with each username behind the groupname ? Thank you very much Mit freundlichen Gr??en Christian Hirsch IT-Abteilung Bertrandt Ingenieurb?ro Sindelfingen Email: christian.hirsch@de.bertrandt.com Telefon: 07031/6995-317 Telefax: 07031/6995-100 From jens.skripczynski at igd.fhg.de Wed Sep 6 09:58:00 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:19 2003 Subject: [OT] Address change? In-Reply-To: <39B4F52C.58B9FC60@ltiflex.com>; from andyzb@ltiflex.com on Tue, Sep 05, 2000 at 08:29:16AM -0500 References: <39B4F52C.58B9FC60@ltiflex.com> Message-ID: <20000906115800.A13478@igd.fhg.de> Andy Zbikowski: > Hey! Someone went and broke my procmail filters! Any reason why the list > address changed from samba-ntdom@samba.org to samba-ntdom@us4.samba.org? try: TO: (|<)samba-ntdom@(us4.|)samba.org Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From tmanthey at gmx.de Wed Sep 6 11:38:01 2000 From: tmanthey at gmx.de (Tobias Manthey) Date: Tue Dec 2 02:31:19 2003 Subject: Samba-TNG 2.6 PDC Administration with W2K Message-ID: <11468.968240281@www25.gmx.net> Hi all, Thanks to the detailed description on sambahq.de I was beeing able to successfully set up samba-tng 2.6 as PDC and joined several W2K workstations to the domain. But now I would like to use the windows administration tools to administer my users and permissions. For NT4 WKS there where serveral tools available (e.g. User Manager for Domains). How can I achieve windows based adminstration with W2K? TIA! Tobias Btw.: The informations of how to set up samba-tng that come with the original tar-ball arey kinda sparse. (Or I was to stupid to find em? :-o ) I am sure future users would love to see at least some links to further informations. ;-)) -- Sent through GMX FreeMail - http://www.gmx.net From gcarter at valinux.com Wed Sep 6 13:00:51 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:19 2003 Subject: Authentification via PAM AND smbpasswd References: Message-ID: <39B64003.F572A0C1@valinux.com> olpa@sybcom.de wrote: > > I thought more of something like > > password encryption for machines = yes > password encryption for users = no > > and then, for the latter case use PAM (and thus NDS) Nope. The need for password encryption is built into the domain control protocol IIRC. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From vorlon at netexpress.net Wed Sep 6 13:56:35 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:19 2003 Subject: Authentification via PAM AND smbpasswd In-Reply-To: Message-ID: On Wed, 6 Sep 2000 olpa@sybcom.de wrote: > I experienced a bit with SAMBA <-> LDAP and this will require the change > of the schema for the NDS. > I thought more of something like > password encryption for machines = yes > password encryption for users = no > and then, for the latter case use PAM (and thus NDS) This is not possible, because that's not how NT works. An NT workstation won't authenticate against the domain controller using plaintext passwords, so configuring the PDC to use them wouldn't gain you anything. Steve Langasek postmodern programmer From dobos_s at IBCnet.hu Wed Sep 6 18:29:50 2000 From: dobos_s at IBCnet.hu (dobos_s@IBCnet.hu) Date: Tue Dec 2 02:31:19 2003 Subject: Novell Client and Samba again... Message-ID: Hi! There is an old problem which is not solved yet. If NT workstation has Novell Client on it, and it is logging into samba domain, a blue death occurs: STOP: c000021a (Fatal System Error) The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000). The system has been shut down. I searched the MS TechNet cd, tried several service packs, searched the internet, and found only one solution: Samba TNG. But TNG was not good for us for other reasons. So my question is: why is TNG working, and 2.0.7 not? I had written this question to this list in 1998 too. Nobody helped me. I really know that there are a lot of other problems for each of You, but I please You: do something! Dobos Sanyi ps: please cc to my address, I am not a member of samba-ntdom list. From Jwinn at krauto.com Wed Sep 6 19:04:50 2000 From: Jwinn at krauto.com (Jeremy Winn) Date: Tue Dec 2 02:31:19 2003 Subject: What the hell??? Message-ID: <01c01835$550ad340$d8fea8c0@-jwinn.krauto.com> I am running Samba 2.06 and NT 4. Even though I have Samba set up as a BDC when I boot up NT Samba comes up as PDC. Then when I open up User Manager for Domains It gives me an error message saying "A remote procedure call (RPC) protocol error occurred." What does this mean. What can I do to fix it. If C-4 explosive is involved thats ok! I am ready to blow up to. -------------- next part -------------- HTML attachment scrubbed and removed From hwimmer at bakerref.com Wed Sep 6 22:35:20 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:31:19 2003 Subject: What the hell??? References: <01c01835$550ad340$d8fea8c0@-jwinn.krauto.com> Message-ID: <008801c01852$bdc19820$9f01a8c0@zeus> not sure but check your o/s level in the conf file...can samba even be a bdc? i dont think it does that. also, i have never had the user manager work. i have had the same error with no answer from the group. solution, dont use usrmgr, command line unix.... ----- Original Message ----- From: Jeremy Winn To: samba-ntdom@us4.samba.org Sent: Wednesday, September 06, 2000 3:04 PM Subject: What the hell??? I am running Samba 2.06 and NT 4. Even though I have Samba set up as a BDC when I boot up NT Samba comes up as PDC. Then when I open up User Manager for Domains It gives me an error message saying "A remote procedure call (RPC) protocol error occurred." What does this mean. What can I do to fix it. If C-4 explosive is involved thats ok! I am ready to blow up to. -------------- next part -------------- HTML attachment scrubbed and removed From mgeddes at xavier.sa.edu.au Wed Sep 6 23:31:57 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:19 2003 Subject: Samba-TNG 2.6 PDC Administration with W2K References: <11468.968240281@www25.gmx.net> Message-ID: <39B6D3ED.B296B51E@xavier.sa.edu.au> Tobias Manthey wrote: > > Hi all, > Thanks to the detailed description on sambahq.de I was beeing able to > successfully set up samba-tng 2.6 as PDC and joined several W2K workstations to > the domain. > But now I would like to use the windows administration tools to administer > my users and permissions. For NT4 WKS there where serveral tools available > (e.g. User Manager for Domains). How can I achieve windows based > adminstration with W2K? Not very easily. Not all of the RPC stuff has been completed. It may be possible, but it's not highly likely. If you get it to work, write it down ;-). > Btw.: The informations of how to set up samba-tng that come with the > original tar-ball arey kinda sparse. (Or I was to stupid to find em? :-o ) > I am sure future users would love to see at least some links to further > informations. ;-)) Samba docs are stored in yodl format. Check the docs/yodldocs directory of your source. Also check my .sig. Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From GRyle at maf.org Wed Sep 6 16:53:13 2000 From: GRyle at maf.org (Greg Ryle) Date: Tue Dec 2 02:31:19 2003 Subject: logon scripts Message-ID: <00AC1978.C21317@maf.org> I am new to the list and just inherited a domain with a linux box running Samba 2.0.6 as a PDC. I am wondering if anyone has any domain logon scripts for machines or for individual users I can see as an example? Thanks Greg From ehurd at east3.com Wed Sep 6 12:39:03 2000 From: ehurd at east3.com (Eric Hurd) Date: Tue Dec 2 02:31:19 2003 Subject: Error Code 0 Message-ID: <1101262FBB30D4119A4900010235566303BB81@SERVER1> Here is the current message that I am getting. Any help would be appreciated I am runing Solaris 7 on a Sun box. Thanks Eric # ./smbclient -L alpha -N added interface ip=10.1.1.98 bcast=10.1.1.255 nmask=255.255.255.0 Anonymous login successful Domain=[alpha_dom] OS=[UNIX 5.7 Generic_106541-10] Server=[SunLink Server] Sharename Type Comment -------------- ------- ------------ Error returning browse list: code 0 Server Comment --------- ------------- ALPHA SunLink Server Workgroup Master ---------------- ----------- ALPHA_DOM ALPHA EAST3 SERVER1 From luohp at beijing.oilfield.slb.com Thu Sep 7 01:08:07 2000 From: luohp at beijing.oilfield.slb.com (Luo Hua Ping) Date: Tue Dec 2 02:31:19 2003 Subject: DHCP PC cannot access Samba Server Message-ID: <39B6EA77.3280FAA5@beijing.oilfield.slb.com> Hi, I have a SPARC 10 running solaris 2.6 as Samba server and a PC running WINNT 4.0 as client. When the PC uses the fixed IP address, it can access the SPARC10. But when I change it to use DHCP, the PC cannot access the server. I got such warning message: "The chjs10 is no accessible. The network path is not found." The samba server's configuration file is: [global] workgroup = ASIA server string = Samba Server chjs10 hosts allow = 163.184.22.,127. encrypt passwords = yes short preserve case = yes preserve case = yes security = user [public] path = /data2/public public = yes writable = yes [homes] public = yes writable = yes Does anybody know why ? Thanks in advance Luo Huaping From mgeddes at xavier.sa.edu.au Thu Sep 7 01:35:38 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:19 2003 Subject: DHCP PC cannot access Samba Server References: <39B6EA77.3280FAA5@beijing.oilfield.slb.com> Message-ID: <39B6F0EA.82229C1C@xavier.sa.edu.au> Luo Hua Ping wrote: > > Hi, > > I have a SPARC 10 running solaris 2.6 as Samba server and a PC running > WINNT 4.0 as client. When the PC uses the fixed IP address, it can > access the SPARC10. But when I change it to use DHCP, the PC cannot > access the server. I got such warning message: > > "The chjs10 is no accessible. > The network path is not found." > Your smb.conf also had a hosts allow = line in it. Is that set to the Dynamic IP address of the NT box? It could also be the WINS settings. -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From garcian002 at hawaii.rr.com Thu Sep 7 04:52:47 2000 From: garcian002 at hawaii.rr.com (Nelson C. Garcia) Date: Tue Dec 2 02:31:19 2003 Subject: logon scripts In-Reply-To: <00AC1978.C21317@maf.org> Message-ID: Here's the best example I have found: ----- begin quote rem Default logon script, create links to this file. net time \\bioserve /set /yes @echo off if %OS%.==Windows_NT. goto WinNT :Win95 net use k: \\trillion\bio_prog net use p: \\bcfile\homes goto end :WinNT net use k: \\trillion\bio_prog /persistent:no net use p: \\bcfile\homes /persistent:no :end --- end quote All credit should go to David Bannon at the following URL: http://bioserve.biochem.latrobe.edu.au/samba/ The scripts will be run as a batch file by Windows, therefore each line must end on a CR+LF combination. I recommend editing the script using a Windows text editor and then moving it to the [netlogon] share. While you are at it, run the script from the Windows command prompt in order to test it. Aloha, Nelson -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Greg Ryle Sent: Wednesday, September 06, 2000 6:53 AM To: samba-ntdom@samba.org Subject: logon scripts I am new to the list and just inherited a domain with a linux box running Samba 2.0.6 as a PDC. I am wondering if anyone has any domain logon scripts for machines or for individual users I can see as an example? Thanks Greg From irvinee at yahoo.com.au Thu Sep 7 05:00:14 2000 From: irvinee at yahoo.com.au (=?iso-8859-1?q?Edward=20Irvine?=) Date: Tue Dec 2 02:31:19 2003 Subject: logon scripts Message-ID: <20000907050014.24550.qmail@web3906.mail.yahoo.com> Hi, --- Greg Ryle wrote: > > I am new to the list and just inherited a > domain with a linux box > running Samba 2.0.6 as a PDC. I am wondering > if anyone has any domain > logon scripts for machines or for individual > users I can see as an > example? > > Thanks Greg > > > Here is a very messy one that needs to be cleaned up! _____________________________________________________________________________ http://geocities.yahoo.com.au - Yahoo! Australia & NZ GeoCities - Build your own Web Site - for free! -------------- next part -------------- $ cat /usr/local/samba/bin/makelogonscript.pl #!/usr/bin/perl # # log when a user "logs into the network" # and generate a custom logon script # # This script should be called from the "root_preexec" command # in the logon share of Samba - see /usr/local/etc/smb.conf # for details. # Basically, this script wants to fill up the samba "netlogon" # share (~/.winprofile) with the sort of stuff windows 9x wants # to see. Currently this means that: # a) ~/.winprofile exists and is a directory. # b) they need the CONFIG.POL policy file in ~/.winprofile # -- the correct policy for the correct type of user, # -- either student or teacher. # c) ~/.winprofile contains a profile PROFILE.DAT # # ARGV[0] is the root directory of the calling samba share, # ARGV[1] is the user name of the person logging in through samba, # ARGV[2] is the client computer they are logging in to. # ARGV[3] is the client architecture (Win95, WinNT), # ARGV[4] is the NetBios name of this machine. ############################# Command line arguments ###################### $this_directory=$ARGV[0]; # Should be user's directory for windows # profiles and policies. $this_user=$ARGV[1]; # User's login name. $client_machine=$ARGV[2]; # Wintel computer they are logging in from. $client_architecture=$ARGV[3];# What sort of OS (Win95, WinNT ... $netbios_name=$ARGV[4]; # The netbios alias of this machine. ############################## Here goes! ################################# use File::stat; use File::Path; use File::Copy; ############################## Some constants ############################ if ($client_architecture eq 'Win95') { # Location of the student's USER.DAT skeleton file. $STUDENT_USER_DAT= '/usr/local/samba/profiles/student/USER.DAT'; # Location of the student's CONFIG.POL file. $STUDENT_CONFIG_POL='/usr/local/samba/profiles/student/CONFIG.POL'; # Location of the teacher's skeleton USER.DAT file $TEACHER_USER_DAT='/usr/local/samba/profiles/teacher/USER.DAT'; # Location of the teacher's CONFIG.POL file. $TEACHER_CONFIG_POL='/usr/local/samba/profiles/teacher/CONFIG.POL'; # Possible Net_BIOS names. (netbios aliases in /usr/local/etc/smb.conf) } else { # UGLY HACK added for NT4 support. # Location of the student's NTUSER.DAT skeleton file. $STUDENT_USER_DAT= '/usr/local/samba/profiles/student/NTUSER.DAT'; # Location of the student's NTCONFIG.POL file. $STUDENT_CONFIG_POL='/usr/local/samba/profiles/student/NTCONFIG.POL'; # Location of the teacher's skeleton NTUSER.DAT file $TEACHER_USER_DAT='/usr/local/samba/profiles/teacher/NTUSER.DAT'; # Location of the teacher's NTCONFIG.POL file. $TEACHER_CONFIG_POL='/usr/local/samba/profiles/teacher/NTCONFIG.POL'; # Possible Net_BIOS names. (netbios aliases in /usr/local/etc/smb.conf) } $PLAINTEXT='aretha'; $ENCRYPTED='nt'; # Get the user_id number and group_id number of this user. ($uid, $gid) = ((getpwnam($this_user))[2,3]); # Get the time right now. (tm) ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec')[$mon]; # And write an entry to the logfile... open LOG, ">>/var/log/netlogon.log"; print LOG "$month $mday $hour $min $sec\t$this_user\tlogged into\t$client_machin e\t$client_architecture\t$netbios_name\n"; ############################################################################# # # Profile Directory check. # # Now we will check to make certain that nothing too wierd has # been done to this directory... kids haven't hacked it up 'n stuff. # ############################################################################# # Make sure this directory exists. Make sure its not an # ordinary file either, and has all the right permissions $rc=0; # result count. unless (-d $this_directory){ if (-e $this_directory){ # Hmm.. Not a directory! system("rm -R -f $this_directory"); $rc += $? >> 8; print LOG "*** Warning: removed $this_directory\n"; } system("mkdir -p -m 0750 $this_directory"); $rc += $? >> 8; print LOG "*** Warning: had to create $this_directory\n"; } print LOG "*** Warning: Some funny result codes returned from the above! $! \n" if($rc); # Check permissions on the directory, and fix if need be. $sb = stat($this_directory); if($uid != $sb->uid || $gid != $sb->gid){ chown($uid, $gid, $this_directory); } # End of check. Their profile directory should now exist in an # untampered state. Let's keep going. # Figure out if the user belongs to # the group "admin" and/or the group "staff". These # users get access to special shares. $admin_person = 0; $staff_person = 0; $admin_entries = (getgrnam("admin"))[3]; $admin_person++ if ($admin_entries =~ /$this_user\b/); $staff_entries = (getgrnam("staff"))[3]; $staff_person++ if ($staff_entries =~ /$this_user\b/); $exec_entries = (getgrnam("exec"))[3]; $exec_person++ if ($exec_entries =~ /$this_user\b/); $cst_entries = (getgrnam("cst"))[3]; $cst_person++ if ($cst_entries =~ /$this_user\b/); # Armed with what sort of groups they belong to, we can # now write the logon script. Note the use of the MS-DOS # carriage returns. open LOGON, ">$this_directory/$this_user.BAT"; print LOGON "\@echo off\r\n"; #this is a hack to delete those huge cookie folders that pile up in # windows machines. It is ugly as sin. It smells. But it works. print LOGON "DELTREE /Y C:\\WINDOWS\\Profiles\\$this_user\\Cookies \r\n" if ($ui d > 3000 and $client_architecture =~ /Win95/ ); # this hack is to put a "/persistent:no" modifier on the NET USE # commands for NT4 clients. if ($client_architecture =~ /Win95/){ $persistent = ' '; } else { $persistent = '/PERSISTENT:NO'; } print LOGON "NET TIME \\\\ARETHA /YES /SET\r\n"; print LOGON "NET USE F: \\\\ARETHA\\faculties $persistent\r\n" if ($staff_person ); print LOGON "NET USE H: /HOME $persistent\r\n" if ($client_architecture eq 'Win9 5'); print LOGON "NET USE P: \\\\ARETHA\\$this_user $persistent\r\n"; # user's unix home dir print LOGON "NET USE Q: \\\\ARETHA\\all_share $persistent\r\n"; print LOGON "NET USE R: \\\\ARETHA\\teach_share $persistent\r\n" if ($staff_pers on); print LOGON "NET USE S: \\\\ARETHA\\admin_share $persistent\r\n" if ($admin_pers on); print LOGON "NET USE T: \\\\ARETHA\\exec_share $persistent\r\n" if ($exec_person ); print LOGON "NET USE U: \\\\ARETHA\\cst_share $persistent\r\n" if ($cst_person); print LOGON "NET USE V: \\\\AJAX\\all_share $persistent\r\n" if ($this_user eq " fhs"); # print LOGON "DELTREE /Y C:\\WINDOWS\\*.PWL $persistent\r\n" if ($client_archit ecture eq 'Win95'); #print LOGON "PAUSE\r\n"; print LOGON "EXIT\r\n"; close LOGON; # Students all get the same CONFIG.POL into their directory. # If the skeleton USER.DAT is newer than the student version, # then copy that too. if ( $client_architecture =~ /Win95/ ) { my ($ctime1, $ctime2 ); # timestamps for files. if ($uid >= 3000){ # must be a student. copy( $STUDENT_CONFIG_POL, "$this_directory/CONFIG.POL" ) || warn "$0 Warning: failed to copy. $!\n"; # get the timestamp on the skeleton USER.DAT my $inode = stat( $STUDENT_USER_DAT ) || warn "$0 warning: failed to stat. $!\n"; $ctime1 = $inode->ctime; # get the timestamp on the students actual user.dat if ( -e "$this_directory/USER.DAT" ) { $inode = stat( "$this_directory/USER.DAT" ) ||warn "$0 Warning: failed to stat. $!\n"; $ctime2 = $inode->ctime; } else { $ctime2 = 0; } if ($ctime2 < $ctime1) { copy( $STUDENT_USER_DAT , "$this_directory/USER.DAT" ); chown( $uid, $gid, "$this_directory/USER.DAT" ); } # Zap any old Mandatory Profiles that may be around. if( -e "$this_directory/USER.MAN" ){ unlink ( "$this_directory/USER.MAN" ); } } else { # must be a teacher type of person. This is easi er if($uid > 1001) { # as there are not user.dat skeletons yet. copy( $TEACHER_CONFIG_POL , "$this_directory/CONFIG.POL" ); system("touch $this_directory/USER.DAT"); } } } else { # Ugly hack for NT4 support. my ($ctime1, $ctime2 ); # timestamps for files. if ($uid >= 3000){ # must be a student. copy( $STUDENT_CONFIG_POL, "$this_directory/NTCONFIG.POL" ) || warn "$0 Warning: failed to copy. $!\n"; # get the timestamp on the skeleton NTUSER.DAT my $inode = stat( $STUDENT_USER_DAT ) || warn "$0 warning: failed to stat. $!\n"; $ctime1 = $inode->ctime; # get the timestamp on the students actual user.dat if ( -e "$this_directory/NTUSER.DAT" ) { $inode = stat( "$this_directory/NTUSER.DAT" ) ||warn "$0 Warning: failed to stat. $!\n"; $ctime2 = $inode->ctime; } else { $ctime2 = 0; } if ($ctime2 < $ctime1) { copy( $STUDENT_USER_DAT , "$this_directory/NTUSER.DAT" ); chown( $uid, $gid, "$this_directory/NTUSER.DAT" ); } # Zap any old Mandatory Profiles that may be around. if( -e "$this_directory/NTUSER.MAN" ){ unlink ( "$this_directory/NTUSER.MAN" ); } } else { # must be a teacher type of person. if($uid > 1001) { copy( $TEACHER_CONFIG_POL , "$this_directory/NTCONFIG.POL" ); # get the timestamp on the skeleton NTUSER.DAT my $inode = stat( $TEACHER_USER_DAT ) || warn "$0 warning: failed to stat. $!\n"; $ctime1 = $inode->ctime; # get the timestamp on the teachers actual user.dat if ( -e "$this_directory/NTUSER.DAT" ) { $inode = stat( "$this_directory/NTUSER.DAT" ) ||warn "$0 Warning: failed to stat. $!\n"; $ctime2 = $inode->ctime; } else { $ctime2 = 0; } if ($ctime2 < $ctime1) { # copy( $TEACHER_USER_DAT , "$this_directory/NTUSER.DAT" ); # chown( $uid, $gid, "$this_directory/NTUSER.DAT" ); } } } } # copy( $TEACHER_USER_DAT , "$this_directory/NTUSER.DAT" ); # print "$ARGV[0] $this_user uid = $uid \n"; # dlete any NTCONFIG.POL files around - they don't seem to work. system("rm $this_directory/NTCONFIG.POL"); close LOG; exit; [sysop@Aretha ~] From npmolino at stanford.edu Thu Sep 7 06:26:35 2000 From: npmolino at stanford.edu (Neil Molino) Date: Tue Dec 2 02:31:19 2003 Subject: win2k & smb Message-ID: Hello, I've read a lot of the archives and still can't figure this out. Sorry for being dense. I am trying to get a win2k professional machine to connect to a linux samba server RH5.2, but samba upgraded to samba-2.0.6-9. It seems that I've read conflicting acounts about whether it is necessary to use TNG. My basic problem is that the samba server doesn't appear in the Computers Near Me section under My Network Places. I can find it when I search under the Entire Network. I find the machine and try to open it (i.e double click). I get an error-box saying "\\egg is not accessible. The account is not authorized to log in from this station." In smb.conf I've allowed the 192.168.1. subnet (I believe this is the correct term). I have security=user. Do I need security=server? If so, and I specify the win2k machine as the NT-server-name, what do I need to do to that machine to make it know that it is a password server? Thanks so much. Desperate in Palo Alto, neil From mgeddes at xavier.sa.edu.au Thu Sep 7 06:52:35 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:19 2003 Subject: win2k & smb References: Message-ID: <39B73B33.BF11199A@xavier.sa.edu.au> Neil Molino wrote: > > Hello, > > I've read a lot of the archives and still can't figure this out. Sorry for > being dense. I am trying to get a win2k professional machine to connect to > a linux samba server RH5.2, but samba upgraded to samba-2.0.6-9. It seems > that I've read conflicting acounts about whether it is necessary to use TNG. > > My basic problem is that the samba server doesn't appear in the Computers > Near Me section under My Network Places. I can find it when I search under > the Entire Network. I find the machine and try to open it (i.e double > click). I get an error-box saying "\\egg is not accessible. The account is > not authorized to log in from this station." > > In smb.conf I've allowed the 192.168.1. subnet (I believe this is the > correct term). I have security=user. Do I need security=server? If so, > and I specify the win2k machine as the NT-server-name, what do I need to do > to that machine to make it know that it is a password server? > > Thanks so much. > > Desperate in Palo Alto, > > neil You cannot use Samba 2.x as a PDC for WinNT /Win2k Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From everling at comnitel.com Thu Sep 7 08:27:36 2000 From: everling at comnitel.com (Eoin Verling) Date: Tue Dec 2 02:31:19 2003 Subject: win2k & smb In-Reply-To: <39B73B33.BF11199A@xavier.sa.edu.au> Message-ID: > > In smb.conf I've allowed the 192.168.1. subnet (I believe this is the > > correct term). I have security=user. Do I need > security=server? If so, > > and I specify the win2k machine as the NT-server-name, what do > I need to do > > to that machine to make it know that it is a password server? > > > > Thanks so much. > > > > Desperate in Palo Alto, > > > > neil > > You cannot use Samba 2.x as a PDC for WinNT /Win2k > > Matt > Whaooo ... hang on. I'm using Samba 2.0.7 as a PDC for WinNT clients. What you need to do is create machine accounts for the NT clients, on the samba machine (see the docs on the web site for how to do it) ... then create user accounts on the samba machine, then set your NT client to connect to your domain (whatever domain you decided in your smb.conf) and that's it! I haven't checked win2k, but am about to. E - -- _ Eoin Verling _/ \_ 2200 Cork Airport Business Park, SysAdmin / \_/ \ Kinsale Rd., Cork, Ireland. Comnitel Technologies \_/ \_/ Ph: +353 21 7305608 everling@comnitel.com \_/ Fax: +353 21 7305624 From Christian.Duclou at eeigm.inpl-nancy.fr Thu Sep 7 08:45:37 2000 From: Christian.Duclou at eeigm.inpl-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:31:20 2003 Subject: logon scripts References: <00AC1978.C21317@maf.org> Message-ID: <39B755B1.C7CEB49C@eeigm.inpl-nancy.fr> Hi, We have NT4 workstations In the [global] section of "smb.conf" we have : # One script for all the members of the group : %G # /usr/local/samba/netlogon/%G.bat logon script = %G.bat Example of a group MS-Dos script : @echo off @TITLE DOMAINE TARGUIZ %username% @net use u: /DELETE @net use p: /DELETE @net use s: /DELETE @net use t: /DELETE @net use u: \\SAMBASRV\%username% 1>NUL 2>&1 @net use p: \\SAMBASRV\public 1>NUL 2>&1 @net use s: \\SAMBASRV\site 1>NUL 2>&1 @net use t: \\SAMBASRV\agora 1>NUL 2>&1 IF EXIST \\SAMBASRV\netlogon\%username%.bat CALL \\SAMBASRV\netlogon\%username%.bat @echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ BIENVENUE SUR TARGUIZ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ %username% ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greg Ryle wrote: > > I am new to the list and just inherited a domain with a linux box > running Samba 2.0.6 as a PDC. I am wondering if anyone has any domain > logon scripts for machines or for individual users I can see as an > example? > > Thanks Greg -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: +33 383.3683.27 - Fax: +33 383.3683.36 _______________ http://eeigm.inpl-nancy.fr _____________ From Christian.Duclou at eeigm.inpl-nancy.fr Thu Sep 7 09:03:20 2000 From: Christian.Duclou at eeigm.inpl-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:31:20 2003 Subject: samba-nt domain References: <001101c01777$59433e20$6501a8c0@internet.net> Message-ID: <39B759D8.9D335188@eeigm.inpl-nancy.fr> Hi You can take a look at http://www.kneschke.de/projekte/samba_tng/files/index.php3 or http://www.kneschke.de/projekte/samba_tng/books/index.php3 or http://www.eeigm.inpl-nancy.fr/Docs/samba2.0.xx/html/index.html Ing. Luis A. Rodr?guez Cant? wrote: > Hi, im new using linux, i have samba 2.0.6 version.I have in my > company a windows nt server and windows 98 workstations,my nt domain > name is "ciesa" , i added a linux server and i want to knowif my > linux server can have a domain name, like nt server, for > example"ciesalx", if that is possible, what configuration is > required?thank you Luis R. -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: +33 383.3683.27 - Fax: +33 383.3683.36 _______________ http://eeigm.inpl-nancy.fr _____________ From tobias at uni-x.se Thu Sep 7 09:07:11 2000 From: tobias at uni-x.se (tobias@uni-x.se) Date: Tue Dec 2 02:31:20 2003 Subject: UID problem In-Reply-To: Message-ID: Hello, I still don't know what the problem is, but it solved itself when I deleted every single profile(both locally and on the server) and recreated them. It still reports "Unknown user on domain [DOMAIN]", but it works, which is the main thing. Before this, everytime I tried to write to the registry, it reported itself unable to write. (maybe this was a corrupted registry problem). /Tobias On Tue, 5 Sep 2000, tobias@uni-x.se wrote: > Date: Tue, 5 Sep 2000 15:20:47 +0200 (MET DST) > From: "tobias@uni-x.se" > To: samba-ntdom@lists.samba.org > Subject: UID problem > > Hello, > > I have a network with a latest HEAD branch (000904), where > the UID always is set to something like "Unknown user on domain [DOMAIN]" > on the roaming profile. It seems like samba is unable to map UID to > whatever NT is using for UID. > > I have tried to change the owner on the local machine, but of course > every time I login it gets changed back to "Unknown user". > > The server is running Linux x86 (SuSE 6.3), the client's are running > WinNT 4 SP6. > > Can anyone please help, it's quite urgent. > > /Tobias Best regards Tobias Olsson _______________________________________________________________ F?renade X AB Voice: +46 (0)40 459220 tobias@uni-x.se Katz' Law: Man and nations will act rationally when all other possibilities have been exhausted. From ivar at ivariarvutid.com Thu Sep 7 11:10:41 2000 From: ivar at ivariarvutid.com (ivar) Date: Tue Dec 2 02:31:20 2003 Subject: Samba TNG passwd problems. Message-ID: <39B777B1.94EC82A2@ivariarvutid.com> I installed samba 2.6 alpha TNG. The W2000 seems to find the domain 'KLASS' , but no suitable user : password combination. I used smbpasswd file originally created for samba 2.0.7 located in the /opt/samba-tng/private directory. The error message in Rejecting user 'ivar': authentication failed socket connect to /opt/samba-tng/var/locks/.msrpc/lsarpc failed ncalrpc_l_establish_connection: failed lsarpc) ncalrpc_l_use_add: connection failed SMB LM/NT Password did not match! How can I create new users for samba-tng, as there seems to be no smbpasswd command? Thanks, Ivar From dobos_s at IBCnet.hu Thu Sep 7 12:08:43 2000 From: dobos_s at IBCnet.hu (dobos_s@IBCnet.hu) Date: Tue Dec 2 02:31:20 2003 Subject: Novell Client ans Samba again... Message-ID: Hi! There is an old problem which is not solved yet. If NT workstation has Novell Client on it, and it is logging into samba domain, a blue death occurs: STOP: c000021a (Fatal System Error) The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000). The system has been shut down. I searched the MS TechNet cd, tried several service packs, searched the internet, and found only one solution: Samba TNG. But TNG was not good for us for other reasons. So my question is: why is TNG working, and 2.0.7 not? I had written this question to this list in 1998 too. Nobody helped me. I really know that there are a lot of other problems for each of You, but I please You: do something! Dobos Sanyi ps: please cc to my address, I am not a member of samba-ntdom list. From chebykin at pskov.mts.ru Thu Sep 7 12:38:52 2000 From: chebykin at pskov.mts.ru (Dmitry Chebykin) Date: Tue Dec 2 02:31:20 2003 Subject: nt printer driver Message-ID: <006a01c018c8$94775bf0$50a9a8c0@pskov.mts.ru> Hello! Who can explain how I can utilize this? But my primary question is how I can implement driver download from TNG for NT like it made for Win9x (see PRINTER_DRIVER.txt for example)? -- Dmitry From ctooley at amoa.org Thu Sep 7 13:28:33 2000 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:31:20 2003 Subject: logon scripts Message-ID: <86256953.0046EB70.00@amoa.org> I've found the Resource Kits to be invaluable in building scripts. There are quite a few things that aren't advertised openly that are possible from the scripts. I even did a complete rollover from one Samba server acting as a PDC to another Samba Server acting as PDC of a different domain, automatically with login scripts and reboot hacks. Chris Tooley GRyle@maf.org (Greg Ryle) on 09/06/2000 11:53:13 AM To: samba-ntdom@samba.org cc: (bcc: Chris Tooley/AMOA) Subject: logon scripts I am new to the list and just inherited a domain with a linux box running Samba 2.0.6 as a PDC. I am wondering if anyone has any domain logon scripts for machines or for individual users I can see as an example? Thanks Greg From gcarter at valinux.com Thu Sep 7 13:07:14 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:20 2003 Subject: nt printer driver References: <006a01c018c8$94775bf0$50a9a8c0@pskov.mts.ru> Message-ID: <39B79302.E19C9E11@valinux.com> Dmitry Chebykin wrote: > > Hello! > > Who can explain how I can utilize this? But my primary > question is how I can implement driver download from TNG for > NT like it made for Win9x (see PRINTER_DRIVER.txt for > example)? The main push for printing enhancements have gone in HEAD, not TNG. While we are working on documenting it at the moment, the main idea is to use either an NT client's Add Printer Wizard or Imprints (imprints.sourceforge.net) to install the drivers on the Samba server (just like an NT print server). The instructions in PRINTER_DRIVER.txt are going away. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From simo.sorce at polimi.it Thu Sep 7 15:41:12 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:20 2003 Subject: Novell Client ans Samba again... References: Message-ID: <39B7B718.D34628F0@polimi.it> dobos_s@IBCnet.hu wrote: > > Hi! > > There is an old problem which is not solved yet. > > If NT workstation has Novell Client on it, and it is logging into samba > domain, a blue death occurs: > > STOP: c000021a (Fatal System Error) > The Windows Logon Process system process terminated unexpectedly with a > status of 0xc0000005 (0x00000000 0x00000000). > The system has been shut down. > > I searched the MS TechNet cd, tried several service packs, searched the > internet, and found only one solution: Samba TNG. > But TNG was not good for us for other reasons. > > So my question is: why is TNG working, and 2.0.7 not? > > I had written this question to this list in 1998 too. Nobody helped me. > I really know that there are a lot of other problems for each of You, but I > please You: do something! > > Dobos Sanyi > > ps: please cc to my address, I am not a member of samba-ntdom list. The problem has yet bee seen. The Novel client seem to issue more commands then standard NT login, so samba 2.0.7 that has a limited unsupported PDC compatibility will fail to respond and the Novel client with it. TNG has a better support for most RPCs and domain facilities so the Novell client is happy. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Jonathan.W.Miner at lmco.com Thu Sep 7 13:48:33 2000 From: Jonathan.W.Miner at lmco.com (JONATHAN W MINER) Date: Tue Dec 2 02:31:20 2003 Subject: DHCP PC cannot access Samba Server References: <39B6EA77.3280FAA5@beijing.oilfield.slb.com> <39B6F0EA.82229C1C@xavier.sa.edu.au> Message-ID: <39B79CB1.FE8D9897@lmco.com> Can you use the fully qualified domain name on the PC? Try \\chjs10.your.domain.name\ instead of just \\chjs10\ We have that problem here... Matthew Geddes wrote: > > Luo Hua Ping wrote: > > > > Hi, > > > > I have a SPARC 10 running solaris 2.6 as Samba server and a PC running > > WINNT 4.0 as client. When the PC uses the fixed IP address, it can > > access the SPARC10. But when I change it to use DHCP, the PC cannot > > access the server. I got such warning message: > > > > "The chjs10 is no accessible. > > The network path is not found." > > > > Your smb.conf also had a hosts allow = line in it. Is that set to the > Dynamic IP address of the NT box? > > It could also be the WINS settings. > > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA > > ...And by the way, Lars Kneschke's Samba TNG FAQ is at > http://www.kneschke.de/projekte/samba_tng/faq/index.php3 -- Jonathan Miner - Lockheed Martin EIS/SAI LM-Xpress: jonathan.w.miner@lmco.com Phone: 603 885 UNIX - Fax: 603 885 3850 USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 From kenb at nwcc.edu Thu Sep 7 14:53:32 2000 From: kenb at nwcc.edu (Ken Barber) Date: Tue Dec 2 02:31:20 2003 Subject: Samba-TNG 2.6 PDC Administration with W2K Message-ID: <90CF2A4C7C7CD411A651009027DE91385584@eve.nwcc.edu> Tobias Manthey wrote: > > Btw.: The informations of how to set up samba-tng that come with the > original tar-ball arey kinda sparse. (Or I was to stupid to > find em? :-o ) > I am sure future users would love to see at least some links > to further > informations. ;-)) I believe I saw, somewhere in the docs with TNG, a plea for volunteers to write documentation... perhaps you can volunteer.... I shall do so myself if I ever understand TNG enough to tell others how to use it! Ken Barber Network Admin Northwest Christian Collge Eugene, Oregon USA From efdog at hotmail.com Thu Sep 7 15:35:57 2000 From: efdog at hotmail.com (Efrem Del Degan) Date: Tue Dec 2 02:31:20 2003 Subject: NTML packet for the Mac Message-ID: I am inquiring about NTLM Authentication and a doc on building an NTML packet for the Mac. Apparently, there are a bunch of APIs for the Window's platform, but nothing for the Mac. Any help would be appreciated! Thanks. -efrem _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From kenb at nwcc.edu Thu Sep 7 15:43:54 2000 From: kenb at nwcc.edu (Ken Barber) Date: Tue Dec 2 02:31:20 2003 Subject: What the hell??? Message-ID: <90CF2A4C7C7CD411A651009027DE91385586@eve.nwcc.edu> Jeremy Winn wrote: > > I am running Samba 2.06 and NT 4. Even though I have Samba > set up as a = > BDC when I boot up NT Samba comes up as PDC. Then when I open > up User = > Manager for Domains It gives me an error message saying "A remote = > procedure call (RPC) protocol error occurred." What does this > mean. What = > can I do to fix it. If C-4 explosive is involved thats ok! I > am ready to = > blow up to.=20 You cannot possibly have Samba set up as either a BDC or a PDC under 2.0.6 because neither that version, nor the current version (2.0.7), nor the next one coming out any day now, will support PDC/BDC functionality. You're getting the RPC error because Samba doesn't have any code to support that RPC. If you want to use User Manager for Domains, you'll have to play with Samba TNG. The last TNG code that we downloaded here (about two weeks ago) ALMOST worked with User Manager for Domains. But I can't help wondering: why use Loser Manager at all? Linuxconf (or, if you have RedHat, Userconf) is so much easier, faster, and more powerful.... Ken Barber Network Admin Northwest Christian College Eugene, Oregon USA "WWJD" -- What Would John (Galt) Do? From kellermg at potsdam.edu Thu Sep 7 15:40:55 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:31:20 2003 Subject: What the hell??? References: <90CF2A4C7C7CD411A651009027DE91385586@eve.nwcc.edu> Message-ID: <39B7B707.2A909BB1@potsdam.edu> Ken Barber wrote: > But I can't help wondering: why use Loser Manager at all? Linuxconf (or, > if you have RedHat, Userconf) is so much easier, faster, and more > powerful.... Those of use who are forced to use NT/9x desktops drool over User Manager, as it is a cool tool for non-IX platforms. -- Matthew Keller WebMaster & Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From ed at schernau.com Thu Sep 7 15:47:56 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:31:20 2003 Subject: What the hell??? References: <90CF2A4C7C7CD411A651009027DE91385586@eve.nwcc.edu> <39B7B707.2A909BB1@potsdam.edu> Message-ID: <39B7B8AC.2E1C5C0E@schernau.com> Matthew Keller wrote: > > Ken Barber wrote: > > But I can't help wondering: why use Loser Manager at all? Linuxconf (or, > > if you have RedHat, Userconf) is so much easier, faster, and more > > powerful.... Unless you edit a config file by hand, and linuxconf dumps core any time you try and run it. -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From wcox at tgix.com Thu Sep 7 15:52:58 2000 From: wcox at tgix.com (Will Cox) Date: Tue Dec 2 02:31:20 2003 Subject: NTML packet for the Mac In-Reply-To: Message-ID: on 9/7/2000 11:35 AM, Efrem Del Degan at efdog@hotmail.com wrote: > I am inquiring about NTLM Authentication and a doc on building an NTML > packet for the Mac. Apparently, there are a bunch of APIs for the Window's > platform, but nothing for the Mac. You won't get anything out of Microsoft on APIs for the Mac, since that's Apple's department. Mac OS uses a pluggable authentication module scheme (User Authentication Modules) supported by the AppleShare client libraries. Documentation on that is here Microsoft already offers an User Authentication Module for MacOS that supports NTLM. /cwc -- Vell, Zaphod's just zis guy, y'know. From Jwinn at krauto.com Thu Sep 7 16:17:06 2000 From: Jwinn at krauto.com (Jeremy Winn) Date: Tue Dec 2 02:31:20 2003 Subject: What the Hell part 2 Message-ID: <01c018e7$10f900c0$d8fea8c0@-jwinn.krauto.com> Maybe I am not explaining this correctly. I have made users, using linuxconf but I want to see those users on the NT machine in user manager and vice versa. Not possible???? I was able to set up the samba server as BDC, but now I am getting an error message: "Batcave not accessible. An unexpected network error occurred." FYI I am using Mandrake 7.1 Any more help is appreciated. If things are still unclear please ask for more info I will try to explain better. JWinn -------------- next part -------------- HTML attachment scrubbed and removed From bgmilne at ing.sun.ac.za Thu Sep 7 16:49:46 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:20 2003 Subject: logon scripts - NET TIME ? References: Message-ID: <39B7C72A.DAF701E9@ing.sun.ac.za> Hi, I am using NET TIME in my logon scripts, but on the NT machines most users don't have permissions to set their time. I see in this example that time setting is used on the NT machines. How do I fix mine ?? Has anyont use NTLogon (recently on freshmeat) to configure the logon scripts dynamically ? It looks quite cool, allowing you to set all login-scripts (per group, user, machine) in one file. Haven't had time to try it yet though ... Buchan "Nelson C. Garcia" wrote: > > Here's the best example I have found: > > ----- begin quote > > rem Default logon script, create links to this file. > > net time \\bioserve /set /yes > @echo off > if %OS%.==Windows_NT. goto WinNT > > :Win95 > net use k: \\trillion\bio_prog > net use p: \\bcfile\homes > goto end > :WinNT > net use k: \\trillion\bio_prog /persistent:no > net use p: \\bcfile\homes /persistent:no > > :end > > --- end quote > > All credit should go to David Bannon at the following URL: > http://bioserve.biochem.latrobe.edu.au/samba/ > > The scripts will be run as a batch file by Windows, therefore each line must > end on a CR+LF combination. I recommend editing the script using a Windows > text editor and then moving it to the [netlogon] share. While you are at > it, run the script from the Windows command prompt in order to test it. > > Aloha, > Nelson > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Greg Ryle > Sent: Wednesday, September 06, 2000 6:53 AM > To: samba-ntdom@samba.org > Subject: logon scripts > > I am new to the list and just inherited a domain with a linux box > running Samba 2.0.6 as a PDC. I am wondering if anyone has any domain > logon scripts for machines or for individual users I can see as an > example? > > Thanks Greg -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From SRuth at LANDAM.com Thu Sep 7 17:00:56 2000 From: SRuth at LANDAM.com (SRuth@LANDAM.com) Date: Tue Dec 2 02:31:20 2003 Subject: logon scripts - NET TIME ? Message-ID: <6768A16CA846D3119104009027998CC304A44E9F@LANDE04> Hi, You have to give the "Change the system time" permission to the Everyone (easiest) group or a specific (requires slightly more maintenance) group , on every workstation. This is done through the User Manager under Policies, then User Rights. sven -----Original Message----- From: Buchan Milne [mailto:bgmilne@ing.sun.ac.za] Sent: Thursday, September 07, 2000 11:50 AM To: Nelson C. Garcia Cc: samba-ntdom@samba.org Subject: Re: logon scripts - NET TIME ? Hi, I am using NET TIME in my logon scripts, but on the NT machines most users don't have permissions to set their time. I see in this example that time setting is used on the NT machines. How do I fix mine ?? Has anyont use NTLogon (recently on freshmeat) to configure the logon scripts dynamically ? It looks quite cool, allowing you to set all login-scripts (per group, user, machine) in one file. Haven't had time to try it yet though ... Buchan "Nelson C. Garcia" wrote: > > Here's the best example I have found: > > ----- begin quote > > rem Default logon script, create links to this file. > > net time \\bioserve /set /yes > @echo off > if %OS%.==Windows_NT. goto WinNT > > :Win95 > net use k: \\trillion\bio_prog > net use p: \\bcfile\homes > goto end > :WinNT > net use k: \\trillion\bio_prog /persistent:no > net use p: \\bcfile\homes /persistent:no > > :end > > --- end quote > > All credit should go to David Bannon at the following URL: > http://bioserve.biochem.latrobe.edu.au/samba/ > > The scripts will be run as a batch file by Windows, therefore each line must > end on a CR+LF combination. I recommend editing the script using a Windows > text editor and then moving it to the [netlogon] share. While you are at > it, run the script from the Windows command prompt in order to test it. > > Aloha, > Nelson > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Greg Ryle > Sent: Wednesday, September 06, 2000 6:53 AM > To: samba-ntdom@samba.org > Subject: logon scripts > > I am new to the list and just inherited a domain with a linux box > running Samba 2.0.6 as a PDC. I am wondering if anyone has any domain > logon scripts for machines or for individual users I can see as an > example? > > Thanks Greg -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From npmolino at stanford.edu Thu Sep 7 17:17:28 2000 From: npmolino at stanford.edu (Neil Molino) Date: Tue Dec 2 02:31:20 2003 Subject: Windows 2000 and Samba Message-ID: Hello again, I'm making progress. I now see the samba fileserver that I want when I go to Computers Near Me under My Network Places in Windows 2000. Unfortunately, when I double click it, I get an error message saying that "\\ns1 is not accesssible. The specified network name is no longer available." This places an error message in the /var/log/samba/feynman.log file that says: [2000/09/07 05:50:45, 0] smbd/password.c:domain_client_validate(1392) domain_client_validate: Domain password server not available. [2000/09/07 05:50:45, 0] lib/util_sec.c:assert_gid(70) Failed to set gid privileges to (-1,510) now set to (0,0) uid=(0,0) [2000/09/07 05:50:45, 0] lib/util.c:smb_panic(2456) PANIC: failed to set gid I don't think that I'm using the Win2k as a PDC (how do I tell?). Any advice would be greatly appreciated. neil From samba at apc-uk.com Thu Sep 7 17:42:32 2000 From: samba at apc-uk.com (Andrew Payne) Date: Tue Dec 2 02:31:20 2003 Subject: Windows 2000 and Samba In-Reply-To: Message-ID: Win2K Server uses the Active Directory Services to behave as a domain controller. So if you goto Start/Programs/Administrative Tools/Configure you server on the Win2K Server. You can then select Active Directory on the menu to see a brief 'about' description of Active Directory and its use. HTH Andrew Payne, MCSE+I -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Neil Molino Sent: 07 September 2000 18:17 To: Samba-Ntdom Subject: Windows 2000 and Samba Hello again, I'm making progress. I now see the samba fileserver that I want when I go to Computers Near Me under My Network Places in Windows 2000. Unfortunately, when I double click it, I get an error message saying that "\\ns1 is not accesssible. The specified network name is no longer available." This places an error message in the /var/log/samba/feynman.log file that says: [2000/09/07 05:50:45, 0] smbd/password.c:domain_client_validate(1392) domain_client_validate: Domain password server not available. [2000/09/07 05:50:45, 0] lib/util_sec.c:assert_gid(70) Failed to set gid privileges to (-1,510) now set to (0,0) uid=(0,0) [2000/09/07 05:50:45, 0] lib/util.c:smb_panic(2456) PANIC: failed to set gid I don't think that I'm using the Win2k as a PDC (how do I tell?). Any advice would be greatly appreciated. neil -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2876 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000907/35ccb3c2/smime.bin From geoffrey at ticom.com Thu Sep 7 17:47:01 2000 From: geoffrey at ticom.com (geoffrey@ticom.com) Date: Tue Dec 2 02:31:20 2003 Subject: What the hell??? In-Reply-To: <90CF2A4C7C7CD411A651009027DE91385586@eve.nwcc.edu>; from kenb@nwcc.edu on Thu, Sep 07, 2000 at 08:43:54AM -0700 References: <90CF2A4C7C7CD411A651009027DE91385586@eve.nwcc.edu> Message-ID: <20000907124701.B10152@mongo.austin.ticom.com> On Thu, Sep 07, 2000 at 08:43:54AM -0700, thus spake Ken Barber: > You cannot possibly have Samba set up as either a BDC or a PDC under 2.0.6 > because neither that version, nor the current version (2.0.7), nor the next > one coming out any day now, will support PDC/BDC functionality. Actually, you are wrong here. I have two seperate Samba v2.0.6 servers running as PDCs for their respective networks/domains. It does, indeed, work - has since at least 2.0.5a. Now, it is correct that Samba cannot act as a BDC, but as PDC it does just fine. geoffrey -- +++++++++++++++++++++++++++++++++++ Santa Claus, the Tooth Fairy, Windows 2000 ... Some things you just outgrow. ++++++++++++++++++++++++++++++++++ Key fingerprint ===> E8E2 1EC4 6640 1F9A 5A09 0DB6 FC5E BDAA D9CB 6F04 Public key available upon request. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000907/36395760/attachment.bin From samba at apc-uk.com Thu Sep 7 17:55:39 2000 From: samba at apc-uk.com (Andrew Payne) Date: Tue Dec 2 02:31:20 2003 Subject: Windows 2000 and Samba In-Reply-To: Message-ID: Yes :-) Win2K Professional cannot act as a domain controller, it is the Win2K equivalent of NT4 Workstation. Andrew Payne, MCSE+I -----Original Message----- From: Neil Molino [mailto:npmolino@stanford.edu] Sent: 07 September 2000 18:52 To: Andrew Payne Subject: RE: Windows 2000 and Samba I'm only using windows 2000 professional. Sorry to not claify that earlier. Does this change what you just said? thanks so much, neil -----Original Message----- From: Andrew Payne [mailto:samba@apc-uk.com] Sent: Thursday, September 07, 2000 10:43 AM To: Neil Molino; Samba-Ntdom Subject: RE: Windows 2000 and Samba Win2K Server uses the Active Directory Services to behave as a domain controller. So if you goto Start/Programs/Administrative Tools/Configure you server on the Win2K Server. You can then select Active Directory on the menu to see a brief 'about' description of Active Directory and its use. HTH Andrew Payne, MCSE+I -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Neil Molino Sent: 07 September 2000 18:17 To: Samba-Ntdom Subject: Windows 2000 and Samba Hello again, I'm making progress. I now see the samba fileserver that I want when I go to Computers Near Me under My Network Places in Windows 2000. Unfortunately, when I double click it, I get an error message saying that "\\ns1 is not accesssible. The specified network name is no longer available." This places an error message in the /var/log/samba/feynman.log file that says: [2000/09/07 05:50:45, 0] smbd/password.c:domain_client_validate(1392) domain_client_validate: Domain password server not available. [2000/09/07 05:50:45, 0] lib/util_sec.c:assert_gid(70) Failed to set gid privileges to (-1,510) now set to (0,0) uid=(0,0) [2000/09/07 05:50:45, 0] lib/util.c:smb_panic(2456) PANIC: failed to set gid I don't think that I'm using the Win2k as a PDC (how do I tell?). Any advice would be greatly appreciated. neil -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2876 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000907/990c0503/smime.bin From bgmilne at ing.sun.ac.za Thu Sep 7 18:10:37 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:20 2003 Subject: What the hell??? References: <90CF2A4C7C7CD411A651009027DE91385586@eve.nwcc.edu> <39B7B707.2A909BB1@potsdam.edu> Message-ID: <39B7DA1D.F15FAB7@ing.sun.ac.za> Linuxconf really sucks for some things. You can't change anything without it trying to relax security on files you set restrictive permissions on. Use webmin instead! Buchan Matthew Keller wrote: > > Ken Barber wrote: > > But I can't help wondering: why use Loser Manager at all? Linuxconf (or, > > if you have RedHat, Userconf) is so much easier, faster, and more > > powerful.... > > Those of use who are forced to use NT/9x desktops drool over User > Manager, as it is a cool tool for non-IX platforms. > -- > > Matthew Keller > WebMaster & Lead Programmer/Analyst > Distributed Computing/Telemedia > Information Services Division > State University of New York at Potsdam > > Website: http://mattwork.potsdam.edu/ > PGP: http://mattwork.potsdam.edu/crypto/ > Webcam: http://webcam.mattwork.potsdam.edu:85/ -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From bgmilne at ing.sun.ac.za Thu Sep 7 18:14:43 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:20 2003 Subject: What the Hell part 2 References: <01c018e7$10f900c0$d8fea8c0@-jwinn.krauto.com> Message-ID: <39B7DB13.DD2D690F@ing.sun.ac.za> Samba 2.0.7 can not be a BDC. If samba is your PDC, your NT clients should be able to see thie list of domain members when you run user manager for domains. If not, you should check your smbpasswd file for entries without amtching unix users. I had a problem in which my list was truncated, similar to this. Also running Mandrake 7.1 /samba 2.0.7. Buchan > Jeremy Winn wrote: > > Maybe I am not explaining this correctly. I have made users, using > linuxconf but I want to see those users on the NT machine in user > manager and vice versa. Not possible???? I was able to set up the > samba server as BDC, but now I am getting an error message: "Batcave > not accessible. An unexpected network error occurred." FYI I am using > Mandrake 7.1 > Any more help is appreciated. If things are still unclear please > ask for more info I will try to explain better. > > JWinn -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From kenb at nwcc.edu Thu Sep 7 18:42:34 2000 From: kenb at nwcc.edu (Ken Barber) Date: Tue Dec 2 02:31:20 2003 Subject: What the hell??? Message-ID: <90CF2A4C7C7CD411A651009027DE91385593@eve.nwcc.edu> Sir, I respectfully disagree. Samba 2.0.x is able to act as a file and print server only. It cannot participate in trust relationships with other domains, cannot replicate account information to a BDC running NT Server, and cannot answer authentication requests from trusting machines -- it can only authenticate users for its own shares -- and is therefore not a PDC. If you only have a single domain (or don't need trust relationships with any other domain) and don't need to give its accounts any kind of rights or permissions on any machines other than itself, then Samba 2.0.x will serve you very nicely. But it's still not a PDC. P.S. Great .sig! The trouble with all the Windows-bashing jokes is that most of them are true.... Ken Barber Network Admin Northwest Christian College Eugene, Oregon USA "WWJD" -- What Would John [Galt] Do? > -----Original Message----- > From: geoffrey@ticom.com [mailto:geoffrey@ticom.com] > Sent: Thursday, September 07, 2000 10:47 AM > To: Ken Barber > Cc: samba-ntdom@us4.samba.org > Subject: Re: What the hell??? > > > On Thu, Sep 07, 2000 at 08:43:54AM -0700, thus spake Ken Barber: > > > You cannot possibly have Samba set up as either a BDC or a > PDC under 2.0.6 > > because neither that version, nor the current version > (2.0.7), nor the next > > one coming out any day now, will support PDC/BDC functionality. > > Actually, you are wrong here. I have two seperate Samba v2.0.6 servers > running as PDCs for their respective networks/domains. It > does, indeed, > work - has since at least 2.0.5a. Now, it is correct that > Samba cannot act > as a BDC, but as PDC it does just fine. > > geoffrey > -- > +++++++++++++++++++++++++++++++++++ > Santa Claus, > the Tooth Fairy, > Windows 2000 ... > Some things you just outgrow. > ++++++++++++++++++++++++++++++++++ > > Key fingerprint ===> E8E2 1EC4 6640 1F9A 5A09 0DB6 FC5E BDAA > D9CB 6F04 > Public key available upon request. > From ZolnOtt at t-online.de Thu Sep 7 18:42:04 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:20 2003 Subject: map nt groups to unix groups References: <4DE518E627FDD011BE6A00A0C93B23280181F2ED@SI_SV_MAIL> Message-ID: <39B7E17C.A15239A4@t-online.de> hallo christian! with whitch version do you work. you must use an tng-version, but i don?t know, with whitch one does it work. bye michael "Hirsch, Christian, SI" wrote: > > Hello > > I try to map ntgroups to unixgroup in a username map file. > But it does not work. A Nt-user who is member of an ntgroup which is mapped > to a unixgroup which has rights to access a specific directory can not > access this directory. If a add the user additionally to the unixgroup ( add > the username in the file /etc/group to the specific group) it works. > > I read this in the docu: > > Each of the entries in the username map file should be listed as follows: > the Unix username, followed by an equal sign (=), followed by one or more > whitespace-separated SMB client usernames. Note that unless instructed > otherwise, (i.e., a guest connection), Samba will expect both the client and > the server user to have the same password. You can also map NT groups to one > or more specific Unix groups using the @ sign. Here are some examples: > jarwin = JosephArwin > manderso = MarkAnderson > users = @account > > Can I map ntgroups to unixgroups ? Or must I organize my file /etc/group > with each username behind the groupname ? > > Thank you very much > > Mit freundlichen Gr??en > > Christian Hirsch > > IT-Abteilung > Bertrandt Ingenieurb?ro Sindelfingen > Email: christian.hirsch@de.bertrandt.com > Telefon: 07031/6995-317 > Telefax: 07031/6995-100 From doug.davis at eds.com Thu Sep 7 21:27:28 2000 From: doug.davis at eds.com (Davis, Doug) Date: Tue Dec 2 02:31:20 2003 Subject: Error NT_STATUS_INVALID_COMPUTER_NAME Message-ID: <4E6A7BDC24CDD311B11400508BDF0A380106E2E9@usahm009.exmi01.exch.eds.com> Hello, I need some assistance/ guidance with Samba and Windows 2000 user authentication. Let me describe what I'm trying to do and then what I'm seeing in the log files (NT_STATUS_INVALID_COMPUTAER_NAME) Background: I have a Windows 2000 Domain and a Samba 2.0.6 Server. I want the Samba Server to act as a member server in Domain Mode. I would like the Windows 2000 Domain controller to authenicate users. I have added the Samba Server to the Domain and it seems to work fine in Server Mode. As soon as I switch to domain mode, (and set encrypted passwd and create the smbpasswd file with user ID's) I receive the following error in the log file for the client. 2000/09/07 15:37:29, 5] rpc_parse/parse_prs.c:(372) 0020 status: c0000122 [2000/09/07 15:37:29, 0] rpc_client/cli_netlogon.c:(249) cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME <---------------- ERROR [2000/09/07 15:37:29, 0] rpc_client/cli_login.c:(49) cli_nt_setup_creds: request challenge failed [2000/09/07 15:37:29, 0] smbd/password.c:(1412) domain_client_validate: unable to setup the PDC credentials to machine 148.90.159.110. Error was : NT_STATUS_INVALID_COMPUTER_NAME. [2000/09/07 15:37:29, 6] lib/util_sock.c:(557) write_socket(9,45) [2000/09/07 15:37:29, 6] lib/util_sock.c:(560) write_socket(9,45) wrote 45 [2000/09/07 15:37:29, 10] lib/util_sock.c:(599) got smb length of 35 [2000/09/07 15:37:29, 5] lib/util.c:(451) What the log file is telling me is this: The Samba server couldn't make the connection to the Windows 2000 DC (PDC emulator). It then falls back to the smbpasswd file for user authentication. The question is this: How do I get rid of the Error and Make the Windows 2000 Server Authenticate Users. Doug Davis From mgeddes at xavier.sa.edu.au Thu Sep 7 23:18:13 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:20 2003 Subject: Error NT_STATUS_INVALID_COMPUTER_NAME References: <4E6A7BDC24CDD311B11400508BDF0A380106E2E9@usahm009.exmi01.exch.eds.com> Message-ID: <39B82235.C95C62D7@xavier.sa.edu.au> "Davis, Doug" wrote: > > Hello, > > I need some assistance/ guidance with Samba and Windows 2000 user > authentication. > > Let me describe what I'm trying to do and then what I'm seeing in the log > files (NT_STATUS_INVALID_COMPUTAER_NAME) What is the computer name of the machines involved? -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From David.Bear at asu.edu Fri Sep 8 00:50:38 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:31:20 2003 Subject: to tng or to head Message-ID: I'd like to use rpcclient to remotely control the NT sam -- remotely change a password on NT.. I currently use 2.0.7 but I know the rpc code is 'better' in tng and 'head?'. Should I get head or tng? Isn't 'good' code merge from tng into head? and therefor head is more 'stable'? which is what I want. David Bear Support Systems Analyst, ASU internet: David.Bear@Asu.Edu voice: (602)-965-8257 fax: (602)-965-9189 From mgeddes at xavier.sa.edu.au Fri Sep 8 01:53:02 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:20 2003 Subject: to tng or to head References: Message-ID: <39B8467E.7446A886@xavier.sa.edu.au> David Bear wrote: > > I'd like to use rpcclient to remotely control the NT sam -- remotely change a > password on NT.. I currently use 2.0.7 but I know the rpc code is 'better' in > tng and 'head?'. Should I get head or tng? Isn't 'good' code merge from tng > into head? and therefor head is more 'stable'? which is what I want. > It really depends on how you are using Samba. Samba TNG is not recommended for production use, but many of us do it anyway and have no problems (the majority of problems are with compilation and configuration - the latest code is quite good at the moment). I have personally implemented Samba TNG for a number of organisations (sshhh! don't tell the samba team!) and they have had no problems. If you just need a file server, use Samba 2.0.x. If you are just wanting the rpcclient side of things, install Samba TNG on your workstation (I am assuming you have a Unix machine that is not a production server). The documentation in TNG is better for samedit/regedit/rpcclient (but of course, I *would* say that ;-)). Oh yeah, and we're here to answer any questions you need.... Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From jeremy at valinux.com Fri Sep 8 02:13:16 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:20 2003 Subject: Win2k domain auth problem with Samba 2.0.7 Message-ID: <39B84B3C.FEF204C@valinux.com> Hi all, I recently did some work for Agilent (formally HP) to fix Samba 2.0.7 to work with their (large) domain infrastructure that uses Win2k PDC's with SID history. There was a problem with 2.0.7 that caused "security=domain" to fail when SID history was being maintained. I've fixed this in the Samba HEAD (to be 2.2.x release) branch, and this code is checked in. However, Ray Frush at Agilent mentioned that there were other sites with this problem so I'm enclosing the patch I did for Agilent so others can test and ensure it fixes the issue. Hope this is helpful, Cheers, Jeremy Allison, Samba Team. Patch follows : -------------------------------------------------------- --- /home/jeremy/src/samba-2/samba/source/include/rpc_lsa.h Mon Apr 5 17:39:45 1999 +++ include/rpc_lsa.h Thu Aug 31 15:25:14 2000 @@ -52,7 +52,7 @@ #define LSA_LOOKUPRIDS 0xFD #define LSA_MAX_GROUPS 96 -#define LSA_MAX_SIDS 32 +#define LSA_MAX_SIDS 128 /* DOM_QUERY - info class 3 and 5 LSA Query response */ typedef struct dom_query_info --- /home/jeremy/src/samba-2/samba/source/include/rpc_netlogon.h Mon Apr 19 18:01:43 1999 +++ include/rpc_netlogon.h Thu Aug 31 15:27:24 2000 @@ -120,6 +120,10 @@ UNISTR2 uni_logon_dom; /* logon domain unicode string */ DOM_SID2 dom_sid; /* domain SID */ + + uint32 num_other_groups; /* other groups */ + DOM_GID other_gids[LSA_MAX_GROUPS]; /* group info */ + DOM_SID2 other_sids[LSA_MAX_SIDS]; /* undocumented - domain SIDs */ } NET_USER_INFO_3; --- /home/jeremy/src/samba-2/samba/source/rpc_parse/parse_net.c Mon Apr 19 18:01:44 1999 +++ rpc_parse/parse_net.c Thu Sep 7 19:09:00 2000 @@ -1080,6 +1080,8 @@ init_unistr2(&usr->uni_logon_dom, logon_dom, len_logon_dom); init_dom_sid2(&usr->dom_sid, dom_sid); + + usr->num_other_groups = num_other_sids; /* "other" sids are set up above */ } @@ -1198,11 +1200,22 @@ if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */ return False; - SMB_ASSERT_ARRAY(usr->other_sids, usr->num_other_sids); + if (usr->num_other_sids) { + SMB_ASSERT_ARRAY(usr->other_sids, usr->num_other_sids); - for (i = 0; i < usr->num_other_sids; i++) { - if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */ + if(!prs_uint32("num_other_groups", ps, depth, &usr->num_other_groups)) return False; + + SMB_ASSERT_ARRAY(usr->other_gids, usr->num_other_groups); + + for (i = 0; i < usr->num_other_groups; i++) { + if(!smb_io_gid("", &usr->other_gids[i], ps, depth)) /* other GIDs */ + return False; + } + for (i = 0; i < usr->num_other_sids; i++) { + if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */ + return False; + } } return True; -------------------------------------------------------- -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From dlowenstein at kefta.com Fri Sep 8 02:44:35 2000 From: dlowenstein at kefta.com (Dave Lowenstein) Date: Tue Dec 2 02:31:20 2003 Subject: samba-ntdom digest, Vol 1 #39 - 7 msgs In-Reply-To: <20000907190128.CCA3052A00@us4.samba.org> Message-ID: Okay, so I really should have been paying more attention around here. I'm finally attempting to set up a samba server as a pdc and am having no luck. I guess what I'm looking for (and haven't found yet) is a comprehensive list of the essential things that I'll need in my smb.conf file to run as a pdc. Pardon me if this is an rtfm type of situation, pointing me in the direction of the f.m. is all I ask for. Thanks Dave Dave Lowenstein MIS Manager Kefta.com dlowenstein@kefta.com From johan.ostensson at orebro.lantmen.se Fri Sep 8 05:19:59 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:31:20 2003 Subject: samba-ntdom digest, Vol 1 #39 - 7 msgs Message-ID: <20000908052113.44F40659834@au2.samba.org> for samba 2.0.7 (does only very limited pdc-ing, but stable. this is what I use at the moment) http://bioserve.biochem.latrobe.edu.au/samba/ for samba-tng (only alpha status on this) http://www.kneschke.de/projekte/samba_tng/index.php3 /johan johan.ostensson@orebro.lantmen.se (work) johan.ostensson@swipnet.se (home) > -----Ursprungligt meddelande----- > Fr?n: Dave Lowenstein [mailto:dlowenstein@kefta.com] > Skickat: den 8 september 2000 04:45 > Till: johan.ostensson@orebro.lantmen.se; samba-ntdom@lists.samba.org > ?mne: RE: samba-ntdom digest, Vol 1 #39 - 7 msgs > > > Okay, so I really should have been paying more attention > around here. I'm > finally attempting to set up a samba server as a pdc and am > having no luck. > I guess what I'm looking for (and haven't found yet) is a > comprehensive list > of the essential things that I'll need in my smb.conf file to > run as a pdc. > Pardon me if this is an rtfm type of situation, pointing me > in the direction > of the f.m. is all I ask for. Thanks > > > Dave > > > > Dave Lowenstein > MIS Manager > Kefta.com > dlowenstein@kefta.com > > From Andreas.Breede at o-tel-o.de Fri Sep 8 14:21:39 2000 From: Andreas.Breede at o-tel-o.de (Andreas.Breede@o-tel-o.de) Date: Tue Dec 2 02:31:20 2003 Subject: What the Hell part 2 Message-ID: <41256954.004EDA40.00@LTNA00001997.o-tel-o.DE> I also have the same problem: Samba (on AIX) 2.0.7 as PDC (NT-Workstation login into the domain working) but the domain user manager showed "Account unknown" for all domain users. I've just checked that every user in smbpasswd has a counterpart in unix passwd (just compared the user names nothing else) Meanwhile I gave up using Samba as PDC, but I would like to do so if possible! Samba 2.0.7 can not be a BDC. If samba is your PDC, your NT clients should be able to see thie list of domain members when you run user manager for domains. If not, you should check your smbpasswd file for entries without amtching unix users. I had a problem in which my list was truncated, similar to this. Also running Mandrake 7.1 /samba 2.0.7. Buchan > Jeremy Winn wrote: > > Maybe I am not explaining this correctly. I have made users, using > linuxconf but I want to see those users on the NT machine in user > manager and vice versa. Not possible???? I was able to set up the > samba server as BDC, but now I am getting an error message: "Batcave > not accessible. An unexpected network error occurred." FYI I am using > Mandrake 7.1 > Any more help is appreciated. If things are still unclear please > ask for more info I will try to explain better. > > JWinn -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From doug.davis at eds.com Fri Sep 8 14:05:09 2000 From: doug.davis at eds.com (Davis, Doug) Date: Tue Dec 2 02:31:20 2003 Subject: Error NT_STATUS_INVALID_COMPUTER_NAME Message-ID: <4E6A7BDC24CDD311B11400508BDF0A380106E2EB@usahm009.exmi01.exch.eds.com> he standard smb.conf configuration as set up by the CIFS/9000 samba_setup script sets the parameter "password server = *" when "security = domain". This tells the server to search for a PDC or BDC using WORKGROUP<1C> and the name resolve order, then attempt to authenticate from the resulting list. Matthew, I have found the problem. The following informtion is what I found out. The smb.conf has "password server=IPaddress". Since the CIFS/9000 server wants to talk NetBIOS, but it is given an IP address, it is either resolving the IP address to a non-NetBIOS name (DNS - which is what W2K uses), or the IP address is allowing it to connect directly to the Windows 2000 password server. The key here is that the Windows 2000 password server can have a computer name that is different from its NetBIOS name. If the IP address is resolved to the computer name, and NOT THE NetBIOS NAME, the computer name will be invalid for the Windows 2000 domain, and the cli_net_req_challenge will be rejected with "NT_STATUS_INVALID_COMPUTER_NAME". Since we are using the computer IP address for its password server, I suspect that this is using the computer name to set up the connection with the CIFS/9000 for the authentication of the user connection, and *NOT* the NetBIOS name of the W2K server. By changing back to "password server = *", or the W2K NetBIOS name, they should then authenticate against the W2K server. The smbpasswd file (in /var/opt/samba/private) is not neccessary when "security = domain", and should be removed at this site. The server will try smbpasswd if no PDC/DC is available, but managing the file is too cumbersome. Doug Davis Doug.Davis@eds.com -----Original Message----- From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] Sent: Thursday, September 07, 2000 7:18 PM To: Davis, Doug Cc: 'samba-ntdom@lists.samba.org' Subject: Re: Error NT_STATUS_INVALID_COMPUTER_NAME "Davis, Doug" wrote: > > Hello, > > I need some assistance/ guidance with Samba and Windows 2000 user > authentication. > > Let me describe what I'm trying to do and then what I'm seeing in the log > files (NT_STATUS_INVALID_COMPUTAER_NAME) What is the computer name of the machines involved? -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From simo.sorce at polimi.it Fri Sep 8 16:07:40 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:20 2003 Subject: What the hell??? References: <90CF2A4C7C7CD411A651009027DE91385593@eve.nwcc.edu> Message-ID: <39B90ECC.4ADBF9CE@polimi.it> Ken Barber wrote: > > Sir, I respectfully disagree. > > Samba 2.0.x is able to act as a file and print server only. It cannot > participate in trust relationships with other domains, cannot replicate > account information to a BDC running NT Server, and cannot answer > authentication requests from trusting machines -- it can only authenticate > users for its own shares -- and is therefore not a PDC. > > If you only have a single domain (or don't need trust relationships with any > other domain) and don't need to give its accounts any kind of rights or > permissions on any machines other than itself, then Samba 2.0.x will serve > you very nicely. But it's still not a PDC. > > P.S. Great .sig! The trouble with all the Windows-bashing jokes is that > most of them are true.... > > Ken Barber > Network Admin > Northwest Christian College > Eugene, Oregon USA Oh man, you are wrong. 2.0.x PDC support is weak, not supported and limited but it is definitely a PDC. I have an NT DOMAIN with samba 2.0.7 as Primary Domain Controller and it works, of course I don't have Trust relationships and cannot you MS tools to manage the PDC, but it WORKS and well. And more, if you set badly the smb.conf it may show to NT4 workstation as a BDC (and if you have a smbpasswd file sometimes it happens to authenticate some user) but it will fail in 99% queries. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From mlevesqu at licef.teluq.uquebec.ca Fri Sep 8 14:13:12 2000 From: mlevesqu at licef.teluq.uquebec.ca (Marc Levesque) Date: Tue Dec 2 02:31:20 2003 Subject: NT4 Printer problem...name is invalid Message-ID: <00090810180001.17897@4444.licef.teluq.uquebec.ca> Hi, I ran Samba 2.0.7 on sol7 since a couple of month... This week, I try to upgrade to Samba 3.0.0pre all works great except only one thing... I cannot connect my printers from my NT servers... Works with 95/98/2000 but NT 4 SP5 dont...? The error message is, The printer name is invalid ! Any Idea, new feature in 3.0.0pre I need to configure ? Thanks Marc Levesque sysadmin mlevesqu@teluq.uquebec.ca From ross at csn.ul.ie Fri Sep 8 14:22:12 2000 From: ross at csn.ul.ie (Ross Davis) Date: Tue Dec 2 02:31:20 2003 Subject: SSL/TNG2.6/OpenLDAP2.0.1 Message-ID: Hi all, Is SSL support broken in TNG2.6? Has anybody tried TNG2.6 with OpenLDAP2.0.1 (without SSL even)? I compiled OpenLDAP agaist the latest version of OpenSSL as so: env CPPFLAGS=-I"/usr/local/ssl/include/" LDFLAGS=-L"/usr/local/ssl/lib/" ./configure --prefix=/ --with-tls --enable-shared Then I tried to compile SAMBA as so: ./configure --prefix=/ --with-ldap --with-ssl --with--sslinc=/usr/local/ssl/include/openssl/ But I get these errors: checking configure summary configure: error: summary failure. Aborting config And these from my config.log: configure:11454: gcc -o conftest -DHAVE_CRYPT_DECL -I/usr/local/ssl/include -O -I/usr/local/etc/openldap/include/ -L/usr/local/ssl/lib -L/usr/local/etc/openldap/libraries/ conftest.c -lssl -lcrypto -lreadline -lcurses -ldl -lcrypt -lldap -llber 1>&5 /lib/libldap.so: undefined reference to `res_query' /lib/libldap.so: undefined reference to `dn_expand' collect2: ld returned 1 exit status configure: failed program was: #line 11450 "configure" #include "confdefs.h" #include "./tests/summary.c" Any ideas? Cheers, Ross From jahall at nea.org Fri Sep 8 14:18:18 2000 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:31:20 2003 Subject: NT4 Printer problem...name is invalid Message-ID: I had the same problem. I shortened the printer name to fewer than 10 or 11 characters and everything worked fine after that. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - Hi, I ran Samba 2.0.7 on sol7 since a couple of month... This week, I try to upgrade to Samba 3.0.0pre all works great except only one thing... I cannot connect my printers from my NT servers... Works with 95/98/2000 but NT 4 SP5 dont...? The error message is, The printer name is invalid ! Any Idea, new feature in 3.0.0pre I need to configure ? Thanks Marc Levesque sysadmin mlevesqu@teluq.uquebec.ca - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - From geoffrey at ticom.com Fri Sep 8 14:49:52 2000 From: geoffrey at ticom.com (geoffrey@ticom.com) Date: Tue Dec 2 02:31:20 2003 Subject: Where to get TNG Message-ID: <20000908094952.A14805@mongo.austin.ticom.com> Hey guys, I keep hearing about the samba TNG code, and how the documentation, PDC support, etc. is better. So, is this in the cvs repository? How might I obtain the TNG source to attempt to build and work with it? I do realize that it is not considered useable on production systems. Thanks for all pointers. geoffrey -- +++++++++++++++++++++++++++++++++++ Santa Claus, the Tooth Fairy, Windows 2000 ... Some things you just outgrow. ++++++++++++++++++++++++++++++++++ Key fingerprint ===> E8E2 1EC4 6640 1F9A 5A09 0DB6 FC5E BDAA D9CB 6F04 Public key available upon request. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000908/4ec6336e/attachment.bin From J.L.Gilmour at exeter.ac.uk Fri Sep 8 14:59:26 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:31:20 2003 Subject: Where to get TNG In-Reply-To: <20000908094952.A14805@mongo.austin.ticom.com> from "geoffrey@ticom.com" at Sep 8, 2000 09:49:52 am Message-ID: <943227.200009081459@olib> > > I keep hearing about the samba TNG code, and how the > documentation, PDC support, etc. is better. So, is this in the cvs > repository? How might I obtain the TNG source to attempt to build and work > with it? I do realize that it is not considered useable on production > systems. Yep, the code is in the CVS repository. I forget the password, otherwise I'd give you instrcutions. As to not being suitable for production systems, we're using it live now - around 300 undergrads use it to access filespace and to authenticate NT logins. It seems pretty good for an alpha system. Jayne. p.s. I can highly recommend O'Reilly's Using Samba book -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter "Why is line printer paper strongest at the perforations?" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From c.misfeldt at ndr.de Fri Sep 8 16:14:34 2000 From: c.misfeldt at ndr.de (c.misfeldt@ndr.de) Date: Tue Dec 2 02:31:21 2003 Subject: name resolve problem Message-ID: <41256954.005974AC.00@lolns02.notes.ndr.de> Some time ago I set up a samba/netatalk server to share files files from our NT-network with one MacIntosh workstation. The samba version is 1.9.18p10 (...which is not quite new but worked up to now). Mac and our NT network are connected to the linux box each having their own network adapter. Recently we added a third network adapter to this server to connect a Win98 PC to the Linux machine. Since then sometimes it happens that the samba server isn't reachable from the network. When it is pinged "by name" the name is resolved to the ip-number of the Win98 box. This is how the linux server is configured: wins support = no wins server = 172... interfaces = ip/netmask(1) ip/netmask(2) All ip-numbers and routings are static Does anyone have an idea how this can happen? Should I update to a newer version of Samba? (...all I need is a plublic share that is writable from the net...) In advance... Claus From c.misfeldt at ndr.de Fri Sep 8 17:03:59 2000 From: c.misfeldt at ndr.de (c.misfeldt@ndr.de) Date: Tue Dec 2 02:31:21 2003 Subject: name resolve problem Message-ID: <41256954.005DFB2A.00@lolns02.notes.ndr.de> oops-((( I just had to realize that I mixed up ip's somehow. In case of trouble the name of the server is resolved to the ip-number of the newly installed network adapter. I assume, the problem I descibed was due to misconfiguration of the /etc/hosts (one name - two ip-numbers...). Since the problem does not happen regularly I can't tell if I'm right for now... If you have other suggestions or just want to call me names feel free to let me know... Claus From ross at csn.ul.ie Fri Sep 8 17:08:44 2000 From: ross at csn.ul.ie (Ross Davis) Date: Tue Dec 2 02:31:21 2003 Subject: SSL/TNG2.6/OpenLDAP2.0.1 In-Reply-To: Message-ID: Well, with some more fiddling it's dying at a later stage now: (lsarpcd) These are the errors I get: Using LIBS = -lssl -lcrypto -lreadline -lcurses -ldl -lcrypt -lldap -llber Linking bin/lsarpcd bin/.libs/libsmb.so: undefined reference to `sslutil_disconnect' bin/.libs/libsmb.so: undefined reference to `sslutil_connect' bin/.libs/libsamba.so: undefined reference to `sslFd' bin/.libs/libsmb.so: undefined reference to `sslutil_fd_is_ssl' bin/.libs/libsamba.so: undefined reference to `ssl' collect2: ld returned 1 exit status make: *** [bin/lsarpcd] Error 1 smbd compiled fine so can I take it that the 'TNG daemons' don't support SSL? Ross > Is SSL support broken in TNG2.6? Has anybody tried TNG2.6 with > OpenLDAP2.0.1 (without SSL even)? > I compiled OpenLDAP agaist the latest version of OpenSSL as so: From ryanbooz at alumni.psu.edu Fri Sep 8 21:45:33 2000 From: ryanbooz at alumni.psu.edu (Ryan Booz) Date: Tue Dec 2 02:31:21 2003 Subject: three domains with one samba machine? Message-ID: <39B95DFD.4DFE6950@alumni.psu.edu> Hey all, I've been doing some research about domains. I need to set up at least to domains from the samba server, one for office and one for lab. The one I use now is LAB. I've got two different addresses bound to the network card, but when I try and start two different Samba daemons, things go a little screwy. I have separate smb.conf files for each which I specify at the command line (-s smb.conf.elem or smb.conf.lab), and I make sure that I've cleared out the pid files in /var/lock/samba so that things start ok. When I first start the second daemon (the main samba server is started from init.d at startup) the clients lose all the network neighborhood, yet I can log in fine. Within a few seconds, a workgroup of ELEM appears, but nothing else. Eventually everything comes back on line, accept the ELEM workgroup (domain). Even when I set a machine to log into ELEM domain, it appears to log into LAB because my shares are the same, even though I do not create some of those shares in the ELEM group. Nothing seems to be interfering, but I can't get anything to log on to ELEM. Any help is appreciated. I'll include both smb.conf files below signature. Thanks! Ryan Booz Tech Coordinator Belleville Mennonite School ----------------- smb.conf.lab ----------------------------- # Global parameters [global] #this is the global section of the conf file. It sets parameters for the #overall machine. workgroup = LAB netbios name = SERVER server string = File and Auth. Server interfaces = 192.168.0.1 bind interfaces only = yes # #password encryption for Win 95/98 computers # encrypt passwords = yes unix password sync = yes smb passwd file = /etc/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* ; passwd chat debug = Yes # #log files and settings for logs of computer connections # log file = /var/log/samba/log.%m max log size = 50 debug level = 2 name resolve order = wins lmhosts bcast # #General settings for the connections with reguard to network # deadtime = 10 keepalive = 60 socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = no logon home = \\%L\%U\profile logon script = %G.bat unix realname = yes # # Domain login settings. With these, we will always win election! # domain logons = Yes security = user os level = 65 preferred master = yes domain master = yes dns proxy = No wins proxy = Yes wins support = yes short preserve case = map to guest = never password level = 0 null passwords = no #================ Share Definitions =============================== [homes] comment = Home Directoory read only = No create mask = 0700 directory mask = 0700 browseable = no hide dot files = yes veto files = /.bash*/.k*/.x*/ oplocks = no locking = no share modes = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon/%G write list = booz leon admin users = booz leon writeable = no browsable = yes case sensitive = no locking = No share modes = no guest ok = no ; hide files = ; dont descend = ;[profiles] ; path = /pchome/%G/%U/profile ; create mask = 0700 ; directory mode = 0700 ; browseable = yes ; writable = yes [admin] comment = Root on server path = / valid users = booz leon admin users = booz leon read only = No create mask = 0700 browseable = No [tmp] root preexec = /etc/smblogs %U %m comment = Temporary file space path = /pchome/tmp read only = No create mask = 0755 guest ok = Yes root postexec = /etc/smblogsout %U %m [scripts] path = /home/samba/netlogon create mask = 0755 admin users = booz leon write list = booz leon valid users = booz leon browseable = No [adm_temp] comment = Administration temp directory path = /pchome/adm_temp valid users = booz leon write list = booz leon admin users = booz leon writable = yes browseable = No [wp] path = /pchome/classes/wp valid users = +wp +adm force create mode = 0444 browseable = No writable = yes [comp_app] path = /pchome/classes/comp_app browseable = No writable = yes valid users = +adm +capp_2 +capp_1 force create mode = 0770 force directory mode = 0770 [atrt] path = /pchome/classes/atrt read only = No force create mode = 0777 force directory mode = 0777 guest ok = Yes browseable = no oplocks = No share modes = no locking = no [quill] path = /pchome/classes/quill writable = yes valid users = +quill +adm +teacher write list = +quill +adm +teacher browseable = no force create mode = 0770 force directory mode = 0770 [yearbook] path = /pchome/classes/yearbook writable = yes valid users = +yearbook +adm +teacher write list = +yearbook +adm +teacher browseable = no force create mode = 0770 force directory mode = 0770 =================================end smb.conf.lab ======================== ----------------------smb.conf.elem ----------------------------- # Global parameters [global] #this is the global section of the conf file. It sets parameters for the #overall machine. workgroup = ELEM netbios name = SERVER server string = File and Auth. Server interfaces = 192.168.0.3 bind interfaces only = yes # #password encryption for Win 95/98 computers # encrypt passwords = yes unix password sync = yes smb passwd file = /etc/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* ; passwd chat debug = Yes # #log files and settings for logs of computer connections # log file = /var/log/samba/log.%m.elem max log size = 50 debug level = 2 name resolve order = wins lmhosts bcast # #General settings for the connections with reguard to network # deadtime = 10 keepalive = 60 socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = no logon home = \\%L\%U\profile logon script = %G.bat unix realname = yes # # Domain login settings. With these, we will always win election! # domain logons = Yes security = user os level = 65 preferred master = yes domain master = yes dns proxy = No wins proxy = Yes wins support = yes ; short preserve case = map to guest = never password level = 0 null passwords = no #================ Share Definitions =============================== [homes] comment = Home Directoory read only = No create mask = 0700 directory mask = 0700 browseable = no hide dot files = yes veto files = /.bash*/.k*/.x*/ ; oplocks = no ; locking = no ; share modes = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon/%G write list = booz leon admin users = booz leon writeable = no browsable = yes case sensitive = no locking = No share modes = no guest ok = no ; hide files = ; dont descend = ;[profiles] ; path = /pchome/%G/%U/profile ; create mask = 0700 ; directory mode = 0700 ; browseable = yes ; writable = yes [admin] comment = Root on server path = / valid users = booz leon admin users = booz leon read only = No create mask = 0700 browseable = No [tmp] root preexec = /etc/smblogs %U %m comment = Temporary file space path = /pchome/tmp read only = No create mask = 0755 guest ok = Yes root postexec = /etc/smblogsout %U %m [scripts] path = /home/samba/netlogon create mask = 0755 admin users = booz leon write list = booz leon valid users = booz leon browseable = No [adm_temp] comment = Administration temp directory path = /pchome/adm_temp valid users = booz leon write list = booz leon admin users = booz leon writable = yes browseable = No ============================ end smb.conf.elem ======================= From mlevesqu at licef.teluq.uquebec.ca Fri Sep 8 18:00:05 2000 From: mlevesqu at licef.teluq.uquebec.ca (Marc Levesque) Date: Tue Dec 2 02:31:21 2003 Subject: NT4 Printer problem...name is invalid In-Reply-To: References: Message-ID: <00090814024006.17897@4444.licef.teluq.uquebec.ca> I had underscore in my printers name.... I made some aliases without it and it's all working ! Thanks ! Marc On Fri, 08 Sep 2000, jahall@nea.org wrote: > I had the same problem. I shortened the printer name to fewer than 10 or 11 > characters and everything worked fine after that. > > > > Jay > - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - > Hi, > > I ran Samba 2.0.7 on sol7 since a couple of month... > This week, I try to upgrade to Samba 3.0.0pre all works great except only one > thing... > > I cannot connect my printers from my NT servers... > Works with 95/98/2000 but NT 4 SP5 dont...? > > The error message is, The printer name is invalid ! > > Any Idea, new feature in 3.0.0pre I need to configure ? > > Thanks > Marc Levesque > sysadmin > mlevesqu@teluq.uquebec.ca > > > - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - From LudyRA at schenck-turner.com Fri Sep 8 17:38:29 2000 From: LudyRA at schenck-turner.com (Ludy, Roger) Date: Tue Dec 2 02:31:21 2003 Subject: Cannot find Samba Server in my Windows NT 'Network Neighborhood' Message-ID: Greetings - I have followed all of the advice of what I could find concerning this, but I have hit a wall. I have assigned a NetBEUI name, and all of the standard stuff. I can see the server when I do a Find Computer on the NT side, but it is not viewable in the neighborhood. Also, command line mappings, etc. work fine, interacting with the server. Any help - greatly appreciated. From hchan at Matrox.COM Fri Sep 8 20:43:28 2000 From: hchan at Matrox.COM (Ho-Kuo Chan) Date: Tue Dec 2 02:31:21 2003 Subject: Can't mount NT filesystem unless root Message-ID: <39B94F70.C769C8D7@matrox.com> Hi, I am trying to mount a directory on an NT Server on my Linux machine (Debian potato Linux kernel 2.2.17) using Samba. I have tried the following: smbmount //theServer/theDirectory /mnt/theDirectory -o username=myUsername workgroup=theWorkgroup. This works when I am logged in as root, but I can't mount as a user. I have also tried adding the follwing to fstab: //theServer/theDirectory /mnt/theDirectory defaults,ro,user,username=myUsername,workgroup=theWorkgroup,gid=100 0 0 with no success. Is it possible to use smbmount as non-root? I have read the FAQ's and checked some of the archives with no success. Thanks for you help. From hwimmer at bakerref.com Fri Sep 8 20:29:24 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:31:21 2003 Subject: samba, ldap, active directory, domains, and the serious need for a brew References: <39B95DFD.4DFE6950@alumni.psu.edu> Message-ID: <00aa01c019d3$7a3d1070$9f01a8c0@zeus> here it is....we need winnt 4, nt2000, unix, and linux. i want 1 username and password for all resources. this needs to work with nt 4's domain structure, 2000 active directory, and unix. the only idea i have is open ldap on linux and use that as the validation for linux, and 2000 how do i incorporate the other pieces. i can use nis but that doesnt fix win2k. if win2k is my pdc can i do all of this...someone please point me in the right direction ...until then i will have to drink my frustrations away..lol hayden wimmer super-geek From davis at ooi.net Fri Sep 8 20:32:41 2000 From: davis at ooi.net (Eric Davis) Date: Tue Dec 2 02:31:21 2003 Subject: Samba on SGI Origin200 as PDC Message-ID: <39B94CE9.60DEAAB7@ooi.net> Does someone know if this is supported? To have an Origin 200 SGI server running Irix 6.4 or 6.5 running Samba 2.0.X act as the PDC for a domain of NT 4.0 Workstations? If so, has anyone done it? -Eric Davis davis@ooi.net From garcian002 at hawaii.rr.com Sat Sep 9 08:54:50 2000 From: garcian002 at hawaii.rr.com (Nelson C. Garcia) Date: Tue Dec 2 02:31:21 2003 Subject: need de-newbification re: user names In-Reply-To: Message-ID: I am running Samba 2.0.7 on Linux Mandrake 7.0 as a PDC for Win NT 4.0 SP6. My smb.conf is quoted at the bottom of this email. Everything runs well, except that users complain that NT doesn't show their full names like it used to (pre-PDC). For example my locked workstation message would read " is logged on as DOLPHIN\garcianc". I verified that I did enter full names when I created each user account on the Linux box. I haven't been doing this very long. Could I have done something wrong when I ran smbpasswd? Did I miss a switch? Thanks in advance. Aloha, Nelson Garcia ------ smb.conf ---------- # Global parameters [global] workgroup = DOLPHIN netbios name = LINUXBOX server string = Samba SMB Server security = user encrypt passwords = Yes time server = Yes domain admin group = @admin logon script = %U.bat logon path = domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes comment = PDC hosts allow = 90.0.0. 127. printcap name = /etc/printcap load printers = yes [public] comment = public path = /home/public writeable = Yes create mask = 0777 directory mask = 0777 guest ok = Yes [data] comment = Data path = /home/samba/data writeable = Yes create mask = 0770 directory mask = 0770 guest ok = Yes [netlogon] comment = NETLOGON service path = /export/samba/logon browseable = No [profile] comment = User profiles path = /export/samba/profile writeable = Yes create mask = 0700 directory mask = 0700 [printers] comment = All Printers path = /var/spool/lpd/lp browseable = No printable = Yes public = Yes writeable = no create mode = 0700 [HPLaserJet4L] path = /var/spool/lpd/lp printer name = HPLaserJet4L writeable = yes # public = yes printable = yes print command = lpr -r -h -P%p %s lpq command = /usr/bin/lpq -P%p From victorm at elpasotimes.com Sat Sep 9 17:41:35 2000 From: victorm at elpasotimes.com (Victor M. Acosta) Date: Tue Dec 2 02:31:21 2003 Subject: Samba problems Message-ID: Hello Samba list members. I'm having hard time to configure my samba. I read already all docs on samba.org sites, and I have a samba book as well, but still not working. I need some assistance for people running samba. Here is my info. PDC 192.168.1.9 Linux RedHat (samba services) 192.168.1.181 My /etc/smb.conf ---- Begin /etc/smb.conf ----------- [global] guest account = nobody log file = /var/log/samba-log.%m lock directory = /var/lock/samba share modes = yes mangle case = yes case sensitive = no preserve case = yes short preserve case = no netbios name = sci-tech workgroup = RedHat security = server locking = no [lp] security = server path = /var/spool/lpd/lp printer name = lp writable = yes public = yes printable = yes print command = lpr -r -h -P %p %s [share] path = /home/share writeable = yes [homes] Comment = This is A test path = %H writeable = yes valid users = %S security = user guest only = yes browseable = yes create mask = 0700 directory mask = 0700 ----- End /etc/smb.conf ---------- Can some1 assist me please? What I'm doing wrong? is the problem on my samba conf? or is on the PDC? Thank You. Victor M. Acosta El Paso Times 300 North Campbell St. Production Technical Services El Paso Tx, 79901 Ph. (915) 546-6394 victorm@elpasotimes.com Fax.(915) 546-6456 victorm@eudoramail.com From ZolnOtt at t-online.de Sat Sep 9 20:14:08 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:21 2003 Subject: samba, ldap, active directory, domains, and the serious need for a brew References: <39B95DFD.4DFE6950@alumni.psu.edu> <00aa01c019d3$7a3d1070$9f01a8c0@zeus> Message-ID: <39BA9A10.CE5DA4DA@t-online.de> hi hayden! i had the same problem. but kow i have samba for microsoft-products and nis for linux-products. nis works at unix too, but not by me. all have the same password und the same account and the same home-directories i hope, that i can you help a little bit. Hayden Wimmer wrote: > > here it is....we need winnt 4, nt2000, unix, and linux. i want 1 username > and password for all resources. this needs to work with nt 4's domain > structure, 2000 active directory, and unix. the only idea i have is open > ldap on linux and use that as the validation for linux, and 2000 how do i > incorporate the other pieces. i can use nis but that doesnt fix win2k. if > win2k is my pdc can i do all of this...someone please point me in the right > direction ...until then i will have to drink my frustrations away..lol > > hayden wimmer > super-geek From tmanthey at gmx.de Sat Sep 9 20:23:48 2000 From: tmanthey at gmx.de (Tobias Manthey) Date: Tue Dec 2 02:31:21 2003 Subject: Samba-TNG 2.6 PDC: Local Admin Prob References: <20000909190105.60E1757CD6@us4.samba.org> Message-ID: <21217.968531028@www2.gmx.net> Hi all, is there a way to provide a user with local admin rights without giving him domain admin permissions? I tried the following smb.conf parameter local group map = /usr/local/samba/private/localmap And the file contains the line: localadmin="Builtin Administrators" But if it worked I would not post to the list, crying for help. ;-)) TIA Tobias -- Sent through GMX FreeMail - http://www.gmx.net From kris.ozzy at lineone.net Sat Sep 9 21:34:44 2000 From: kris.ozzy at lineone.net (Kristyan Osborne) Date: Tue Dec 2 02:31:21 2003 Subject: Maybe of intrest Message-ID: <01C01AA6.7C774B20.kris.ozzy@lineone.net> Hi, This might be of some intrest to some of you out there. http://sepc.cjb.net/ P.s. I know this has nothing to do with samba!!! Cheers! ------------- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. begin 600 WINMAIL.DAT M>)\^(C05`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <` M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`0V ! `"`````@`"``$$ MD 8`G $```$````0`````P``, (````+``\.``````(!_P\!````:P`````` M``"U.\+ +'<0&J&\" `K*E;"%0```/N)`/9? M`0````8```!S86UB80````(!]U\!````+ ```+\```"U.\+ +'<0&J&\" `K M*E;"%0```/N)6)E(&]F(&EN=')E# $````%````4TU44 `````>`!\,`0```!8```!KGE ;&EN96]N92YN970````#``809S8`DP,`!Q!+`0``'@`($ $```!E M````2$DL5$A)4TU)1TA40D5/1E-/345)3E1215-45$]33TU%3T993U5/5514 M2$5214A45% Z+R]315!#0TI"3D54+U!324M.3U=42$E32$%33D]42$E.1U1/ M1$]7251(4T%-0D%#2 `````"`0D0`0```!X"```:`@``[ (``$Q:1G7>I3=! M`P`*`')C<& @;V8@0A@&0!U&?%H!)!E;BX7>@C0`$%U`R 8L'00<#HO+Q$P<&,NH&-J8BYN M$4 O'&$/`4 D,;4 201DP&A!P(8"M!;!K(/(7 M=' #8' $D/YL*% &D!JT*= #H /P)V"7'_ ?@!=T5PN .34H`($L,4$@,S(M M8B&@:B *L'00\" "$ 7 84@@,38LLT=5'[!SQ1M0; ,@!\96TA@ 40`D JP2UD-+LLM -@ M8P>0&4 %P&(H4/YA,!\L,2RD!: F``!P*%#^=Q-0-G `<""Q*&$`<"20_C$8 MT#&"&2 V@A% )X,;D/$2$G,Q-R/Y"Z<7@Q.Q`@`[L ```P`0$ `````#`!$0 M`0````,`@!#_____0 `',% M\V>E&L !0 `(,% M\V>E&L !"P``@ @@!@`` M````P ```````$8``````X4````````#``* "" &``````# ````````1@`` M```0A0````````,`!8 (( 8``````, ```````!&`````%*%``!T$ ```P`( M@ @@!@``````P ```````$8`````$84````````#``N "" &``````# ```` M````1@`````!A0```````!X`%( (( 8``````, ```````!&`````%2%```! M````!0```#@N,#(`````"P`8@ @@!@``````P ```````$8`````#H4````` M```#`!J "" &``````# ````````1@`````8A0```````!X`*8 (( 8````` M`, ```````!&`````#:%```!`````0`````````>`"J "" &``````# ```` M````1@`````WA0```0````$`````````'@`K@ @@!@``````P ```````$8` M````.(4```$````!`````````!X`/0`!`````0`````````#``TT_3<``&@3 ` end From kris.ozzy at lineone.net Sat Sep 9 21:45:28 2000 From: kris.ozzy at lineone.net (Kristyan Osborne) Date: Tue Dec 2 02:31:21 2003 Subject: Maybe of intrest Message-ID: <01C01AA7.7C61F8F0.kris.ozzy@lineone.net> Hi, This might be of some intrest to some of you out there. http://sepc.cjb.net/ P.s. I know this has nothing to do with samba!!! Cheers! ------------- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. begin 600 WINMAIL.DAT M>)\^(@$5`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <` M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`0V ! `"`````@`"``$$ MD 8`F $```$````0`````P``, (````+``\.``````(!_P\!````:0`````` M``"U.\+ +'<0&J&\" `K*E;"%0```/N)``$P`0````@````G6)E(&]F(&EN=')E`' ``0```!4```!293H@36%Y8F4@ M;V8@:6YT7]AI(1U*NR`%"Z MJF0-```>`!X,`0````4```!33510`````!X`'PP!````%@```&MR:7,N;WIZ M>4!L:6YE;VYE+FYE= ````,`!A!G-@"3`P`'$$L!```>``@0`0```&4```!( M22Q42$E334E'2%1"14]&4T]-14E.5%)%4U143U-/345/1EE/54]55%1(15)% M2%144#HO+U-%4$-#2D).150O4%-)2TY/5U1(25-(05-.3U1(24Y'5$]$3U=) M5$A304U"04-(``````(!"1 !````(0(``!T"``#R`@``3%I&=2V7U[$#``H` M`"J "" &``````# ```` M````1@`````WA0```0````$`````````'@`K@ @@!@``````P ```````$8` M````.(4```$````!`````````!X`/0`!`````0`````````#``TT_3<``" 2 ` end From D.u.G.Wolff at t-online.de Sat Sep 9 23:38:34 2000 From: D.u.G.Wolff at t-online.de (Dietmar und Gabriele Wolff) Date: Tue Dec 2 02:31:21 2003 Subject: Access control lists with multiple groups and / or users Message-ID: <39BAC9F9.98CDF1F@t-online.de> Hi everybody, might be my question has been treated somewhere in the list, but I cold not find an answer to it searching the topics in the list. So, here is my question: is it possible and if, how to do it, to configure samba for handling directory and file access like Windows NT, that means controling access via access control lists containing more than one group or even a combination of user groups and individual users? Another question of mine is: is it possible to give different rights to the share than to a directory or file below the share? Thanks in advance Dietmar Wolff ___________________ Dietmar Wolff MACH Software dw@mach.de -------------- next part -------------- A non-text attachment was scrubbed... Name: D.u.G.Wolff.vcf Type: text/x-vcard Size: 254 bytes Desc: Visitenkarte für Dietmar und Gabriele Wolff Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000910/b9144ae1/D.u.G.Wolff.vcf From mgeddes at xavier.sa.edu.au Sun Sep 10 12:56:32 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:21 2003 Subject: samba, ldap, active directory, domains, and the serious need for a brew In-Reply-To: <39BA9A10.CE5DA4DA@t-online.de> References: <39B95DFD.4DFE6950@alumni.psu.edu> <00aa01c019d3$7a3d1070$9f01a8c0@zeus> <39BA9A10.CE5DA4DA@t-online.de> Message-ID: <200009101256.XAA00715@mail.xavier.sa.edu.au> > Hayden Wimmer wrote: > > > > here it is....we need winnt 4, nt2000, unix, and linux. i want 1 username > > and password for all resources. this needs to work with nt 4's domain > > structure, 2000 active directory, and unix. the only idea i have is open > > ldap on linux and use that as the validation for linux, and 2000 how do i > > incorporate the other pieces. i can use nis but that doesnt fix win2k. > if > > win2k is my pdc can i do all of this...someone please point me in the > right > > direction ...until then i will have to drink my frustrations away..lol > > > > hayden wimmer > > super-geek > > Yep. We all want the same thing (second only to wanting a Unix only environment). I've been looking at Using Samba TNG as a PDC, having the one remaining NT box as a member server (as well as various Windows Clients). We store Unix passwds in an LDAP directory and each account will have a few extra attributes to allow Samba to store it's account info in the same place. This makes writing web-based (or non web-based) admin tools really easy. The only problems I have come across is the schema for LDAP and Samba TNG. I have followed the destructions on Ignacio Coupeau's Samba TNG / LDAP HOWTO (can't remember the URL - I think Lars Kneschke's FAQ has a link. A link to the FAQ is in my .signature) and have had a few problems. The first being the password synchronisation thing. I have not yet successfully had passwd sync happening with Samba TNG. I am assuming that it still works. The other problem I have had is with a few of the attributes in the TNG schema. The problem lies with the pwdLastSet attribute and pwdMustchange attribute. The problem is not necessarily a Samba problem, but more than likely a user error (me being the user ;-)). I haven't played with active directory at all and really hope I never have to. LOL. I'd be interested to see what others have done to get this stuff working (or even mostly working). Anyway, I gotta get up in the morning for work, so if you're still drinkin' them beers, have a couple for me ;-). Hope it helps, Matt Matthew Geddes Network Manager Xavier College Gawler, SA ======================================= Xavier College Gawler, South Australia visit http://www.xavier.sa.edu.au/ --------------------------------------- Xavier College Staff E-mail is Powered by IMP http://www.horde.org/ From mgeddes at xavier.sa.edu.au Mon Sep 11 01:21:54 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:21 2003 Subject: TNG and LDAP Message-ID: <39BC33B2.F6B01DF4@xavier.sa.edu.au> Hi, I realise that TNG and LDAP is not considered to be working properly. Can anyone tell me what is or isn't working? Or even what some of the values are for certain attributes (things like pwdMustChange) Thanks, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From mgeddes at xavier.sa.edu.au Mon Sep 11 02:21:14 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:21 2003 Subject: more TNG and LDAP Message-ID: <39BC419A.2CD2E@xavier.sa.edu.au> Hi again, Anyone know what format the date/time is stored in in an LDAP database with TNG? Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From tpot at linuxcare.com.au Mon Sep 11 00:13:24 2000 From: tpot at linuxcare.com.au (Tim Potter) Date: Tue Dec 2 02:31:22 2003 Subject: Where to get TNG In-Reply-To: <943227.200009081459@olib> References: <20000908094952.A14805@mongo.austin.ticom.com> <943227.200009081459@olib> Message-ID: <14780.9124.239508.559152@gargle.gargle.HOWL> J.L.Gilmour@exeter.ac.uk writes: > > I keep hearing about the samba TNG code, and how the > > documentation, PDC support, etc. is better. So, is this in the cvs > > repository? How might I obtain the TNG source to attempt to build and work > > with it? I do realize that it is not considered useable on production > > systems. > > Yep, the code is in the CVS repository. I forget the password, otherwise > I'd give you instrcutions. Check out http://www.samba.org/samba/cvs.html or any of your favourite mirrors for cvs instructions. Regards, Tim. From mgeddes at xavier.sa.edu.au Sun Sep 10 23:39:27 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:22 2003 Subject: Where to get TNG References: <943227.200009081459@olib> Message-ID: <39BC1BAF.78F7B363@xavier.sa.edu.au> : > > > > > I keep hearing about the samba TNG code, and how the > > documentation, PDC support, etc. is better. So, is this in the cvs > > repository? How might I obtain the TNG source to attempt to build and work > > with it? I do realize that it is not considered useable on production > > systems. Follow the link in my .sig ;-) -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From jochen.ben.henda at urz.uni-heidelberg.de Sun Sep 10 16:25:21 2000 From: jochen.ben.henda at urz.uni-heidelberg.de (Jochen Ben Henda) Date: Tue Dec 2 02:31:22 2003 Subject: (no subject) Message-ID: submit From mgeddes at xavier.sa.edu.au Sun Sep 10 23:47:43 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:22 2003 Subject: Samba-TNG 2.6 PDC: Local Admin Prob References: <20000909190105.60E1757CD6@us4.samba.org> <21217.968531028@www2.gmx.net> Message-ID: <39BC1D9F.FE5E12D4@xavier.sa.edu.au> Tobias Manthey wrote: > > Hi all, > > is there a way to provide a user with local admin rights without giving > him domain admin permissions? I tried the following smb.conf parameter > > local group map = /usr/local/samba/private/localmap > > And the file contains the line: > localadmin="Builtin Administrators" > > But if it worked I would not post to the list, crying for help. ;-)) > Try: localadmin="BUILTIN\Administrators" Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From mgeddes at xavier.sa.edu.au Mon Sep 11 06:28:58 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:22 2003 Subject: Me again Message-ID: <39BC7BAA.F740EDA9@xavier.sa.edu.au> Hi, Does anyone know what the grouprid for a machine account should be? Does anyone know if the gidnumber for a machine account is actually used? Thanks, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From gerry at mccb.org Mon Sep 11 13:03:13 2000 From: gerry at mccb.org (Gerry Kirk) Date: Tue Dec 2 02:31:22 2003 Subject: Repost: Modified share permissions not getting to users unless log off done Message-ID: <4.3.1.1.20000911130207.00b10580@mail.mccb.org> Samba 2.0.6, SuSE 6.1, NT PDC, Win 95/98 clients Step 1: Create a samba share Step 2: Access the share from a client machine Step 3: Modify samba share, e.g., change valid users list Step 4: Again access share from a client machine Result: changes in step 3 not recognized from client unless I log off from client and re-log in. Any ideas? Thanks, Gerry From gerry at mccb.org Mon Sep 11 13:05:08 2000 From: gerry at mccb.org (Gerry Kirk) Date: Tue Dec 2 02:31:22 2003 Subject: repost: unable to write to a directory beneath a shared directory Message-ID: <4.3.1.1.20000911130334.00b225e0@mail.mccb.org> Samba 2.0.6, SuSE 6.1, Win95/98 clients, NT PDC I created a Samba share with the following config: [anniv] browseable = yes path = /home/org/30anniv force create mode = 0777 read only = no With this configuration, any new directories created under it have unix permissions set to 0755 and all files have 0777. The problem is that no one other than the owner can modify or create new files in this directory. I then manually set the unix permissions to a subdirectory of anniv to 0777. Still, no one can modify, create or delete files from a Win 95/98 machine unless they are the owner of that directory. Alright, I then added the following to the [anniv] share definition: force directory mode = 0777 Guess what? This worked. What I don't understand, is that in the end, both approaches (manually setting vs. samba setting) generated the same directory permissions. Why didn't the first approach work? Aack! Gerry From giulioo at pobox.com Mon Sep 11 09:11:49 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:31:22 2003 Subject: Repost: Modified share permissions not getting to users unless log off done In-Reply-To: <4.3.1.1.20000911130207.00b10580@mail.mccb.org> References: <4.3.1.1.20000911130207.00b10580@mail.mccb.org> Message-ID: <20000911091211.319EE168F9@i3.golden.dom> On Mon, 11 Sep 2000 13:03:13 +0000, you wrote: >Step 1: Create a samba share >Step 2: Access the share from a client machine >Step 3: Modify samba share, e.g., change valid users list >Step 4: Again access share from a client machine > >Result: changes in step 3 not recognized from client unless I log off from >client and re-log in. I think this should be expected, since the smbd for the client was started before the changes. You can force a "re-connect" by using smbstatus to see the client pid's and killing them. -- giulioo@pobox.com From martinm at people-com.com Mon Sep 11 09:13:53 2000 From: martinm at people-com.com (Martin Mielke) Date: Tue Dec 2 02:31:22 2003 Subject: smb.conf issue Message-ID: <5F79E0406369D411986600508BDE784E2DC3@lisa.people-com.com> Dear all, given the following scenario under Samba 2.0.6: [global] security = share password server = nt-server host allow = 172.19. [intranet] broseable = yes writable = yes public = yes guest ok = true is there any reason why a command like net use i: \\sambaserver\intranet still prompts for a passwd ??? Any ideas/suggestions are welcomed! Thanks in advance and regards, Martin From icoupeau at unav.es Mon Sep 11 09:21:15 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:31:22 2003 Subject: TNG and LDAP References: <39BC33B2.F6B01DF4@xavier.sa.edu.au> Message-ID: <39BCA40B.4841D97D@unav.es> Matthew Geddes wrote: > > Hi, > > I realise that TNG and LDAP is not considered to be working properly. > Can anyone tell me what is or isn't working? Or even what some of the > values are for certain attributes (things like pwdMustChange) > I remember that we used: pwdCanChange: 00000000 for block the passwd changes in the classrooms.... I think this can help: > > typedef struct nttime_info > { > uint32 low; > uint32 high; > > } NTTIME; > /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */ > - NTTIME is 64 bits. documented in cifs6.txt (section 3.5 page, page 30): typedef struct { ULONG LowTime; LONG HighTime; } TIME; TIME indicates a signed 64-bit integer representing either an absolute time or a time interval. Times are specified in units of 100ns. A positive value expresses an absolute time, where the base time (the 64- bit integer with value 0) is the beginning of the year 1601 AD in the Gregorian calendar. A negative value expresses a time interval relative to some base time, usually the current time. -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From mgeddes at xavier.sa.edu.au Mon Sep 11 11:26:56 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:22 2003 Subject: smb.conf issue In-Reply-To: <5F79E0406369D411986600508BDE784E2DC3@lisa.people-com.com> References: <5F79E0406369D411986600508BDE784E2DC3@lisa.people-com.com> Message-ID: <200009111126.VAA24232@mail.xavier.sa.edu.au> Quoting Martin Mielke : > Dear all, > > given the following scenario under Samba 2.0.6: > > [global] > security = share > password server = nt-server Here, you'd be wanting security=domain instead of security=share. Then join the domain and see if that helps. If that don't work, have a look in the log files.... Hope it helps, Matt Matthew Geddes Network Manager Xavier College Gawler, SA ======================================= Xavier College Gawler, South Australia visit http://www.xavier.sa.edu.au/ --------------------------------------- Xavier College Staff E-mail is Powered by IMP http://www.horde.org/ From anders at aae.wisc.edu Mon Sep 11 13:44:15 2000 From: anders at aae.wisc.edu (Anders Thorsen) Date: Tue Dec 2 02:31:22 2003 Subject: repost: unable to write to a directory beneath a shared directory Message-ID: I would suggest that you look at the "force group" and "force user" parameters... i.e. specify: force group = +anniv This will cause the samba process to run as the userID of the user and the groupID of the group anniv IF the user is a member of this group. If you specify gorce group = anniv, then the process will always be running as this group. Also consider using valid users = @anniv When using the last parameter (you REALLY SHOULD, otherwise anyone could access this directory) Ps: Force directory mode is also recommended... --Anders Gerry Kirk Sent by: samba-ntdom-admin@us4.samba.org 09/11/2000 07:05 AM To: samba-ntdom@us4.samba.org cc: Subject: repost: unable to write to a directory beneath a shared directory Samba 2.0.6, SuSE 6.1, Win95/98 clients, NT PDC I created a Samba share with the following config: [anniv] browseable = yes path = /home/org/30anniv force create mode = 0777 read only = no With this configuration, any new directories created under it have unix permissions set to 0755 and all files have 0777. The problem is that no one other than the owner can modify or create new files in this directory. I then manually set the unix permissions to a subdirectory of anniv to 0777. Still, no one can modify, create or delete files from a Win 95/98 machine unless they are the owner of that directory. Alright, I then added the following to the [anniv] share definition: force directory mode = 0777 Guess what? This worked. What I don't understand, is that in the end, both approaches (manually setting vs. samba setting) generated the same directory permissions. Why didn't the first approach work? Aack! Gerry -------------- next part -------------- HTML attachment scrubbed and removed From jahall at nea.org Mon Sep 11 12:55:54 2000 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:31:22 2003 Subject: smb.conf issue Message-ID: It should be guest ok = yes I believe. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - Dear all, given the following scenario under Samba 2.0.6: [global] security = share password server = nt-server host allow = 172.19. [intranet] broseable = yes writable = yes public = yes guest ok = true is there any reason why a command like net use i: \\sambaserver\intranet still prompts for a passwd ??? Any ideas/suggestions are welcomed! Thanks in advance and regards, Martin - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - From John.Coleman at PSS.Boeing.com Mon Sep 11 13:33:12 2000 From: John.Coleman at PSS.Boeing.com (Coleman, John C) Date: Tue Dec 2 02:31:22 2003 Subject: unsubscribe john.c.coleman@boeing.com Message-ID: <41793AA3EFCBD011A1C900805F31E8DC0434EFD9@xch-knt-10.ds.boeing.com> From martinm at people-com.com Mon Sep 11 13:42:29 2000 From: martinm at people-com.com (Martin Mielke) Date: Tue Dec 2 02:31:22 2003 Subject: smb.conf issue Message-ID: <5F79E0406369D411986600508BDE784E2DCE@lisa.people-com.com> Hello again, I circumvented it by creating a guest account on the Samba server and setting security = share. Otherwise it will not work... Any other suggestions are welcomed! Martin > > Dear all, > > given the following scenario under Samba 2.0.6: > > [global] > security = share > password server = nt-server > host allow = 172.19. > > [intranet] > broseable = yes > writable = yes > public = yes > guest ok = true > > is there any reason why a command like > > net use i: \\sambaserver\intranet > > still prompts for a passwd ??? > > Any ideas/suggestions are welcomed! > > > Thanks in advance and regards, > > Martin > > From Bielenberg at t-online.de Mon Sep 11 13:54:53 2000 From: Bielenberg at t-online.de (=?iso-8859-1?Q?G=FCnter?= Bielenberg) Date: Tue Dec 2 02:31:22 2003 Subject: Access failed Message-ID: <39BCE42D.A614C28E@t-online.de> hi all, in a school we have a net of NT-Machines hanging at a Samba server under Linux. It runs samba 2.0.7 on Linux 2.2.14 (Suse 6.4) I made a standard user at one WS, fixed the profile by renaming ntuser.dat to ntuser.man and copied this profile to the logon path at the server. When I now login at another WS as this user, I get my desktop and home directory, but when I try to start one of the M$-Office-programs, which are installed locally at all WSs I get the message 'Falsches Passwort f?r Netzzugriff' (wrong password). If I type in my admin name and password I get access to the programm. What's wrong with that? In my samba.log I find the following lines: - smbd/nttrans.c: call_nt_transact_ioctl (2516) - call_nt_transact_ioctl: currently not implemented has this something to do with my problem? What does this message mean? thanks in advance G?nter From kevinc at grainsystems.com Mon Sep 11 14:08:52 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:22 2003 Subject: samba, ldap, active directory, domains, and the serious need for a brew References: <39B95DFD.4DFE6950@alumni.psu.edu> <00aa01c019d3$7a3d1070$9f01a8c0@zeus> <39BA9A10.CE5DA4DA@t-online.de> <200009101256.XAA00715@mail.xavier.sa.edu.au> Message-ID: <39BCE774.7C15486F@grainsystems.com> We're in the same boat. The TNG-PDC/LDAP is the only thing that looks promising, but currently it might be a stretch. We've just been cooling our heels and waiting. Without that, we just can't really use Samba without creating more problems than we would solve. - Kevin Colby kevinc@grainsystems.com From owensc at enc.edu Mon Sep 11 14:58:19 2000 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:31:22 2003 Subject: more TNG and LDAP References: <39BC419A.2CD2E@xavier.sa.edu.au> Message-ID: <39BCF30B.12248F75@enc.edu> Last I checked it was simply plain-text hexidecimal representation of epoch time. cno Matthew Geddes wrote: > Hi again, > > Anyone know what format the date/time is stored in in an LDAP database > with TNG? > > Matt > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA > > ...And by the way, Lars Kneschke's Samba TNG FAQ is at > http://www.kneschke.de/projekte/samba_tng/faq/index.php3 -- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From rosbacke at nada.kth.se Mon Sep 11 14:56:53 2000 From: rosbacke at nada.kth.se (rosbacke) Date: Tue Dec 2 02:31:22 2003 Subject: NT4-Domain support for windows 2000. Message-ID: Sorry if this is a common question but I'm new to this list. I tried the samba release pre_2.2.0 from the CVS tree. I managed to get the NT-domain working with an NT4 client without to much hassle. But I never got an W2000 client to enter the domain. Should this be possible? Is it planned for the 2.2.0 release? Do I need the TNG version to get it working? --- Mikael Rosbacke From bgmilne at ing.sun.ac.za Mon Sep 11 15:21:42 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:22 2003 Subject: Can't mount NT filesystem unless root References: <39B94F70.C769C8D7@matrox.com> Message-ID: <39BCF886.B0A5AD18@ing.sun.ac.za> If users are going to smbmount, I think you need to set smbmnt and smbumount as setuid root Buchan Ho-Kuo Chan wrote: > > Hi, > I am trying to mount a directory on an NT Server on my Linux machine > (Debian potato Linux kernel 2.2.17) using Samba. I have tried the > following: > smbmount //theServer/theDirectory /mnt/theDirectory -o > username=myUsername workgroup=theWorkgroup. > This works when I am logged in as root, but I can't mount as a user. I > have also tried adding the follwing to fstab: > //theServer/theDirectory /mnt/theDirectory > defaults,ro,user,username=myUsername,workgroup=theWorkgroup,gid=100 0 0 > with no success. Is it possible to use smbmount as non-root? I have read > the FAQ's and checked some of the archives with no success. Thanks for > you help. -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From bgmilne at ing.sun.ac.za Mon Sep 11 15:27:39 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:22 2003 Subject: need de-newbification re: user names References: Message-ID: <39BCF9EB.A80FF54C@ing.sun.ac.za> This is something we 2.0.x PDC users have to live with. You will see the long names (passwd comments) do appear in some places, but not all, and you will also see "DOMAIN\Account Unknown" in some cases. Hopefully some of these will be fixed in 2.2.x Is it really so important that users can see their full name (surely they know both their own name and their account name?) Advive: when setting file security, make local groups on each machine, and make the domain account a member of this group, and set permssions only according to local or domain groups (ie Domain Admins) , then yuo can see who has permissions on the files, rather than "Account Unknown" Buchan "Nelson C. Garcia" wrote: > > I am running Samba 2.0.7 on Linux Mandrake 7.0 as a PDC for Win NT 4.0 SP6. > My smb.conf is quoted at the bottom of this email. > > Everything runs well, except that users complain that NT doesn't show their > full names like it used to (pre-PDC). > For example my locked workstation message would read " is logged > on as DOLPHIN\garcianc". I verified that I did enter full names when I > created each user account on the Linux box. > > I haven't been doing this very long. Could I have done something wrong when > I ran smbpasswd? Did I miss a switch? > > Thanks in advance. > > Aloha, > Nelson Garcia > > ------ smb.conf ---------- > > # Global parameters > > [global] > workgroup = DOLPHIN > netbios name = LINUXBOX > server string = Samba SMB Server > security = user > encrypt passwords = Yes > time server = Yes > domain admin group = @admin > logon script = %U.bat > logon path = > domain logons = Yes > os level = 64 > preferred master = Yes > domain master = Yes > wins support = Yes > comment = PDC > hosts allow = 90.0.0. 127. > printcap name = /etc/printcap > load printers = yes > > [public] > comment = public > path = /home/public > writeable = Yes > create mask = 0777 > directory mask = 0777 > guest ok = Yes > > [data] > comment = Data > path = /home/samba/data > writeable = Yes > create mask = 0770 > directory mask = 0770 > guest ok = Yes > > [netlogon] > comment = NETLOGON service > path = /export/samba/logon > browseable = No > > [profile] > comment = User profiles > path = /export/samba/profile > writeable = Yes > create mask = 0700 > directory mask = 0700 > > [printers] > comment = All Printers > path = /var/spool/lpd/lp > browseable = No > printable = Yes > public = Yes > writeable = no > create mode = 0700 > > [HPLaserJet4L] > path = /var/spool/lpd/lp > printer name = HPLaserJet4L > writeable = yes > # public = yes > printable = yes > print command = lpr -r -h -P%p %s > lpq command = /usr/bin/lpq -P%p -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From admin at mediad.de Mon Sep 11 15:36:07 2000 From: admin at mediad.de (admin) Date: Tue Dec 2 02:31:22 2003 Subject: Two PDCs over VPN-Tunnel Message-ID: <025501c01c06$015e1b60$3211a8c0@mediad.de> hi, i'm planning to connect two private subnets via the internet (using freeswan-ipsec on linux gateways (2* 256Kb-SDSL) for the vpn-tunnel). the aim is to tunnel samba between the two nets. on the one side of the tunnel ( A ) there is a NT-PDC-Box, on the other end there wille be a SAMBA-TNG-PDC (2.6) (B) still i have a lot of questions: - AFAIK i do need a single WINS server for both nets to be able to see all hosts in the network neighberhood. how do i tell the NT-box ( A ) not to behave as WINS? - on both sides of the tunnel i will have different domain/workgroup-names -> two pdcs... how will it be possible to grant access for "foreign" users (users from net B) to a domain (in net A) and the other way round? where do these users have to authenticate? - should i merge the two pdcs into a single pdc? - in general: is cross-domain-browsing and -sharing possible? - i prefer to keep two pdcs, because it doesn't make much sense to spoil bandwith caused by roaming-profiles over the internet, etc. so: how can user authentication be realized between two domains? any ideas, howtos, help would be appriciated. in the near future i might replace the NT-Box with Samba, so if you have some proposals for a 2Samba-TNG-PDC-VPN, i would like to hear them. Best regards, guenther From hchan at Matrox.COM Mon Sep 11 16:46:06 2000 From: hchan at Matrox.COM (Ho-Kuo Chan) Date: Tue Dec 2 02:31:22 2003 Subject: Can't mount NT filesystem unless root References: <39B94F70.C769C8D7@matrox.com> <200009090126.e891QfD28181@mail.digitalpipe.net> Message-ID: <39BD0C4E.8625F053@matrox.com> Thanks Nick and Rick for your input, I set suid on both smbmnt and smbumount but it still failed. Here is the error message: cannot mount on /mnt/shp3: Operation not permitted smbmnt failed: 1 mount.smbfs: ioctl failed, res=-1 Could not umount /mnt/theDirectory: Invalid argument Thanks again for your help! Nick Austin wrote: > You need to set suid on the smbmnt and smbumount to do that. > > try this > > # chown root:root /usr/bin/smbmnt /usr/bin/smbumount > # chmod u+s /usr/bin/smbmnt /usr/bin/smbumount > > that should do it! > > Hope this helps! > > On Fri, 08 Sep 2000 15:43:28 -0500, Ho-Kuo Chan said: > > > Hi, > > I am trying to mount a directory on an NT Server on my Linux machine > > (Debian potato Linux kernel 2.2.17) using Samba. I have tried the > > following: > > smbmount //theServer/theDirectory /mnt/theDirectory -o > > username=myUsername workgroup=theWorkgroup. > > This works when I am logged in as root, but I can't mount as a user. I > > have also tried adding the follwing to fstab: > > //theServer/theDirectory /mnt/theDirectory > > defaults,ro,user,username=myUsername,workgroup=theWorkgroup,gid=100 0 0 > > with no success. Is it possible to use smbmount as non-root? I have read > > the FAQ's and checked some of the archives with no success. Thanks for > > you help. > > > > > > -- > ----- > Nick Austin Systems Administrator > Digital Pipe Communications, Inc. > Phone: 650-627-5100x5224 > Fax: 650-212-2301 From bgmilne at ing.sun.ac.za Mon Sep 11 15:52:39 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:22 2003 Subject: smb.conf issue References: <5F79E0406369D411986600508BDE784E2DCE@lisa.people-com.com> Message-ID: <39BCFFC7.AF576AF5@ing.sun.ac.za> YOu probably need to do one of the following: 1)set "security=domain" and join the machine to the domain with "smbpassd -j ...." (after making a machine account on the PDC) 2)set "security=user" and populate smbpasswd with "smbpasswd -a > Hello again, > > I circumvented it by creating a guest account on the Samba server and > setting security = share. Otherwise it will not work... > > Any other suggestions are welcomed! > > Martin > > > > > Dear all, > > > > given the following scenario under Samba 2.0.6: > > > > [global] > > security = share > > password server = nt-server > > host allow = 172.19. > > > > [intranet] > > broseable = yes > > writable = yes > > public = yes > > guest ok = true > > > > is there any reason why a command like > > > > net use i: \\sambaserver\intranet > > > > still prompts for a passwd ??? > > > > Any ideas/suggestions are welcomed! > > > > > > Thanks in advance and regards, > > > > Martin > > > > -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From bgmilne at ing.sun.ac.za Mon Sep 11 15:57:20 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:22 2003 Subject: Access failed References: <39BCE42D.A614C28E@t-online.de> Message-ID: <39BD00E0.AF8B6C2@ing.sun.ac.za> Did you change the "User who may access this profile" before copying it to the samba PDC. THis is important, and needs to be set to your domain account. Buchan G?nter Bielenberg wrote: > > hi all, > > in a school we have a net of NT-Machines hanging at a Samba server > under Linux. It runs samba 2.0.7 on Linux 2.2.14 (Suse 6.4) I made a > standard user at one WS, fixed the profile by renaming ntuser.dat to > ntuser.man and copied this profile to the logon path at the server. > When I now login at another WS as this user, I get my desktop and > home directory, but when I try to start one of the > M$-Office-programs, which are installed locally at all WSs I get the > message 'Falsches Passwort f?r Netzzugriff' (wrong password). If I > type in my admin name and password I get access to the programm. > What's wrong with that? > In my samba.log I find the following lines: > - smbd/nttrans.c: call_nt_transact_ioctl (2516) > - call_nt_transact_ioctl: currently not implemented > has this something to do with my problem? What does this message > mean? > > thanks in advance > > G?nter -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From rvargo at vargo.org Mon Sep 11 16:02:35 2000 From: rvargo at vargo.org (rvargo@vargo.org) Date: Tue Dec 2 02:31:22 2003 Subject: Can't mount NT filesystem unless root Message-ID: <200009111602.e8BG2ZO02913@enterprise.vargo.org> The regular user has to have read/write permissions to the directory you are trying to mount the share to. Also make sure that you are using the smbmount/smbumount commands, using the mount/umount command is still strictly a superuser command (with exceptions). Rick Ho-Kuo Chan said: > Thanks Nick and Rick for your input, I set suid on both smbmnt and smbumount > but it still failed. Here is the error message: > cannot mount on /mnt/shp3: Operation not permitted > smbmnt failed: 1 > mount.smbfs: ioctl failed, res=-1 > Could not umount /mnt/theDirectory: Invalid argument > > Thanks again for your help! > > Nick Austin wrote: > > > You need to set suid on the smbmnt and smbumount to do that. > > > > try this > > > > # chown root:root /usr/bin/smbmnt /usr/bin/smbumount > > # chmod u+s /usr/bin/smbmnt /usr/bin/smbumount > > > > that should do it! > > > > Hope this helps! > > > > On Fri, 08 Sep 2000 15:43:28 -0500, Ho-Kuo Chan said: > > > > > Hi, > > > I am trying to mount a directory on an NT Server on my Linux machine > > > (Debian potato Linux kernel 2.2.17) using Samba. I have tried the > > > following: > > > smbmount //theServer/theDirectory /mnt/theDirectory -o > > > username=myUsername workgroup=theWorkgroup. > > > This works when I am logged in as root, but I can't mount as a user. I > > > have also tried adding the follwing to fstab: > > > //theServer/theDirectory /mnt/theDirectory > > > defaults,ro,user,username=myUsername,workgroup=theWorkgroup,gid=100 0 0 > > > with no success. Is it possible to use smbmount as non-root? I have read > > > the FAQ's and checked some of the archives with no success. Thanks for > > > you help. > > > > > > > > > > -- > > ----- > > Nick Austin Systems Administrator > > Digital Pipe Communications, Inc. > > Phone: 650-627-5100x5224 > > Fax: 650-212-2301 > > > -- From jseymour at LinxNet.com Mon Sep 11 16:22:23 2000 From: jseymour at LinxNet.com (Jim Seymour) Date: Tue Dec 2 02:31:22 2003 Subject: NTW 4.0 Workstation Admin Rights Message-ID: <20000911162223.21D004301@jimsun.LinxNet.com> Hi All, Environment: Samba 2.0.7 (compiled w/gcc) Sun Sparc Solaris WinNT 4.0 "workstations" I need to set up individual users with NTW "Administrator" rights so that log-on batch files executed on their behalf can do things like "net time \\Server /yes /set", "route add ..." and other Admin'y things. (At least I *think* I do.) But I do *not* want to give them wide-open permissions to the domain itself. I *tried* doing it by logging on to NTW as "Administrator", with the log-on "domain" set to the workstation itself, and giving a user "Administrator" rights, but when the user logs on to the domain: no workstation admin. rights. I *suspect* something must be done at the "domain" level, but the instructions in the "Samba NT domain FAQ" don't work. Nor have I been able to unearth any other clues. (Tho I'm slogging thru the archives for the mailing list even now.) Can somebody please lend me a clue? :-) TIA, Jim -- Jim Seymour | PGP Public Key available at: jseymour@LinxNet.com | http://www.cam.ac.uk.pgp.net/pgpnet/wwwkeys.html http://home.msen.com/~jimsun | http://www.trustcenter.de/cgi-bin/SearchCert.cgi From dcanedo at concero.com Mon Sep 11 17:06:57 2000 From: dcanedo at concero.com (David C. Canedo) Date: Tue Dec 2 02:31:22 2003 Subject: domain controller promotion Message-ID: <39BD1130.26461AB6@concero.com> I have "preferred master = no" in my smb.conf file YET my samba server was still promoted to PDC when our PDC went down this weekend. Is there a way to prevent this from happening? Please reply to dcanedo@concero.com as I am not on this mailing list. thanks, -- Dave Canedo Concero / IT Department From akopps at CSUA.Berkeley.EDU Mon Sep 11 19:27:00 2000 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:31:23 2003 Subject: domain controller promotion In-Reply-To: <39BD1130.26461AB6@concero.com> Message-ID: On Mon, 11 Sep 2000, David C. Canedo wrote: > I have "preferred master = no" in my smb.conf file YET my samba server was still promoted to PDC > when our PDC went down this weekend. Is there a way to prevent this from happening? > > Please reply to dcanedo@concero.com as I am not on this mailing list. > > thanks, > -- > Dave Canedo > Concero / IT Department > This option is not used to designate a machine as PDC. From jroman6 at ford.com Mon Sep 11 19:29:25 2000 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:31:23 2003 Subject: Cannot authenticate machine ... Message-ID: <15A3EDD3200808-01@WorldSecure__mailwatch.com_> I am having the very same issue. But also have not resolved it. I recently realized that my roaming profiles were set up incorrectly.(Originally, they were located in the HOMES share \\%m\%u\profile) I created a separate share named profiles. \\%m\profiles\%u) and now I get the same error. If I reboot the workstation, users are able to login, but I've asked everyone to reboot when they have finished using the workstation in order for everyone to login without an error. I am going to try changing the login script to map /persistant:no option on my drive mapping to see if it makes a difference. I let you know. -----Original Message----- From: Eoin Verling [mailto:everling@comnitel.com] Sent: Tuesday, September 05, 2000 6:49 AM To: Samba - NT Dom Subject: Cannot authenticate machine ... Hi, I'm running Samba 2.0.7 on SuSE 6.3, kernel 2.2.16 I'm using samba as a PDC, authenticating NT 4 (srv pk 5) clients. I have no problem setting up new NT clients and users to authenticate with samba, the problem is with machines that have already been setup. Now, the next step here is unclear to me, but basically the client machine no longer authenticates with the samba PDC. Whether it happened when I stopped samba, or changed a password. The username still authenticates fine. Upon NT login, I get the error message:- "The system cannot log you on to this domain because the systems computer account in its primary domain is missing or the password on that account is incorrect." To get around this problem, I login to the NT client as Administrator, move the machine out of the "Domain" and into a "Workgroup", reboot the machine ... change it back to the "Domain" again, and I get the "Welcome to domain". The I login as the user again, fine, except NT now creates a new profile for that user, ie .000 in c:\WINNT\Profiles ... and when I try to start Outlook (2000), I get the error "Cannot start Microsoft Outlook". If I login as Administrator I _can_ start Outlook. Now, the get the machine to login to the original profile, I edited the registry where I found the reference to .000 and changed it to So, the crux of my problem is getting Outlook to work again!! Has anyone seen this problem??? E - -- _ Eoin Verling _/ \_ 2200 Cork Airport Business Park, SysAdmin / \_/ \ Kinsale Rd., Cork, Ireland. Comnitel Technologies \_/ \_/ Ph: +353 21 7305608 everling@comnitel.com \_/ Fax: +353 21 7305624 From jroman6 at ford.com Mon Sep 11 19:39:40 2000 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:31:23 2003 Subject: NTW 4.0 Workstation Admin Rights Message-ID: As best as I can tell, 2.0.7 only provides you with one option for this type of administration. If you set the domain admin group = @unixgroupname (make sure you have the @ sign) This will allow everyone who logs in to the workstations to have local admin rights. Set up a separate Unix group for server side administration, and use Unix files permissions to administer things from that end. Unfortunately, they won't be able to use swat for account creation, unless you give away root's password. I am trying to work out a perl script, combined with sudo that would allow this group to add users to the domain. Rumor has it that the HEAD branch has DOMAIN GROUP MAP and DOMAIN USER MAP options in it, that would allow much greater control from the samba end. I haven't tested it, so I don't know how well it works. -----Original Message----- From: jseymour@LinxNet.com [mailto:jseymour@LinxNet.com] Sent: Monday, September 11, 2000 12:22 PM To: samba-ntdom@us4.samba.org Subject: NTW 4.0 Workstation Admin Rights Hi All, Environment: Samba 2.0.7 (compiled w/gcc) Sun Sparc Solaris WinNT 4.0 "workstations" I need to set up individual users with NTW "Administrator" rights so that log-on batch files executed on their behalf can do things like "net time \\Server /yes /set", "route add ..." and other Admin'y things. (At least I *think* I do.) But I do *not* want to give them wide-open permissions to the domain itself. I *tried* doing it by logging on to NTW as "Administrator", with the log-on "domain" set to the workstation itself, and giving a user "Administrator" rights, but when the user logs on to the domain: no workstation admin. rights. I *suspect* something must be done at the "domain" level, but the instructions in the "Samba NT domain FAQ" don't work. Nor have I been able to unearth any other clues. (Tho I'm slogging thru the archives for the mailing list even now.) Can somebody please lend me a clue? :-) TIA, Jim -- Jim Seymour | PGP Public Key available at: jseymour@LinxNet.com | http://www.cam.ac.uk.pgp.net/pgpnet/wwwkeys.html http://home.msen.com/~jimsun | http://www.trustcenter.de/cgi-bin/SearchCert.cgi From mgeddes at xavier.sa.edu.au Mon Sep 11 22:54:49 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:23 2003 Subject: About samba regedit ! References: <002801c0079f$fb67eb20$0200000a@societe.fr> Message-ID: <39BD62B9.7101550E@xavier.sa.edu.au> The man page for regedit is in the docs/yodldocs directory of the samba source. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From jseymour at LinxNet.com Mon Sep 11 23:35:19 2000 From: jseymour at LinxNet.com (Jim Seymour) Date: Tue Dec 2 02:31:23 2003 Subject: NTW 4.0 Workstation Admin Rights In-Reply-To: <15A3EA8C53901-01@WorldSecure__allegro.net_> Message-ID: <20000911233519.E02BC4301@jimsun.LinxNet.com> "Roman, James (J.D.)" wrote: > > As best as I can tell, 2.0.7 only provides you with one option for this type > of administration. If you set the > > domain admin group = @unixgroupname > (make sure you have the @ sign) > > This will allow everyone who logs in to the workstations to have local admin > rights. ... [remainder snipped] > Thanks for the follow-up. I just want to be clear on this one point: this allows anyone who is logged in to the workstation Administrator rights on that workstation (the one they're logged on to) *only*, right? I don't wanna be givin' away the store :-). Assuming such is the case: that did it. Time & route are now getting set as I wanted. Regards, Jim -- Jim Seymour | PGP Public Key available at: jseymour@LinxNet.com | http://www.cam.ac.uk.pgp.net/pgpnet/wwwkeys.html http://home.msen.com/~jimsun | http://www.trustcenter.de/cgi-bin/SearchCert.cgi From kum at germanynet.de Tue Sep 12 05:21:54 2000 From: kum at germanynet.de (michaelis) Date: Tue Dec 2 02:31:23 2003 Subject: ...unsolicited oplock break... Message-ID: <39BDBD72.2F730236@germanynet.de> Hallo, i can't find a solution to the following problem. Samba works fine as a fileserver but sometimes, mostly when transfering large files (> 1Mb) it transfers the complete file (both directions, to and from the samba-server) and then it hangs for some seconds then comes an NT-Error (an unknown network-error occured. session closed). Checking the samba-side-log-file brings: unsolicited oplock break by PID and the complete, uncorrupted, transfered file is in the list of locked files. What is wrong in that case and what can i do against this. Greetings, kuMichaelis. From gene_yee at hotmail.com Tue Sep 12 06:09:06 2000 From: gene_yee at hotmail.com (hail narcissus) Date: Tue Dec 2 02:31:23 2003 Subject: ...unsolicited oplock break... Message-ID: All this time reading of these problems and finally i have some input. :) I had the same problem and if you are like me I blamed Samba also. Turned out to be a flakey NIC on my Linux machine. I setup wu-ftp on the Linux box and tried downloading from the server and to my surprise it still broke. I suggest you do a similar test. Good chance it is something besides Samba. >From: michaelis >To: Samba-News-Liste >Subject: ...unsolicited oplock break... >Date: Tue, 12 Sep 2000 07:21:54 +0200 > >Hallo, > >i can't find a solution to the following problem. Samba works fine as a >fileserver but sometimes, mostly when transfering large files (> 1Mb) >it transfers the complete file (both directions, to and from the >samba-server) and then it hangs for some seconds then comes an NT-Error >(an unknown network-error occured. session closed). Checking the >samba-side-log-file brings: unsolicited oplock break by PID and the >complete, uncorrupted, transfered file is in the list of locked files. >What is wrong in that case and what can i do against this. > >Greetings, kuMichaelis. > _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From johan.ostensson at orebro.lantmen.se Tue Sep 12 06:24:14 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:31:23 2003 Subject: ...unsolicited oplock break... Message-ID: <20000912062504.D7B1C659820@au2.samba.org> > Turned out to be a flakey NIC on my Linux machine. I setup > wu-ftp on the > Linux box and tried downloading from the server and to my > surprise it still > broke. I suggest you do a similar test. Good chance it is something > besides Samba. We had the same problem here, it turned out to be the HP ProCurve switch in the server room. Not very fun though, since we mainly use windows here (disclaimer: not my decision) we have enough software problems ;) Johan ?stensson johan.ostensson@orebro.lantmen.se (work) johan.ostensson@swipnet.se (home) From garcian002 at hawaii.rr.com Tue Sep 12 07:30:52 2000 From: garcian002 at hawaii.rr.com (Nelson C. Garcia) Date: Tue Dec 2 02:31:23 2003 Subject: need de-newbification re: user names In-Reply-To: <39BCF9EB.A80FF54C@ing.sun.ac.za> Message-ID: Thanks Buchan. No, full names are not really important in my current small LAN. However, I am planning on setting up a similar LAN at the elementary school where I volunteer and using system policies to enforce the use of password-protected screen saver to lock the workstations. Since there will be potentially many users, I thought that it would be better if somebody could tell who is logged on when the screen saver locks the workstation. But I guess we will just have to make do with the user id. Aloha, Nelson -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Buchan Milne Sent: Monday, September 11, 2000 5:28 AM To: Nelson C. Garcia Cc: samba-ntdom@samba.org Subject: Re: need de-newbification re: user names This is something we 2.0.x PDC users have to live with. You will see the long names (passwd comments) do appear in some places, but not all, and you will also see "DOMAIN\Account Unknown" in some cases. Hopefully some of these will be fixed in 2.2.x Is it really so important that users can see their full name (surely they know both their own name and their account name?) Advive: when setting file security, make local groups on each machine, and make the domain account a member of this group, and set permssions only according to local or domain groups (ie Domain Admins) , then yuo can see who has permissions on the files, rather than "Account Unknown" Buchan "Nelson C. Garcia" wrote: > > I am running Samba 2.0.7 on Linux Mandrake 7.0 as a PDC for Win NT 4.0 SP6. > My smb.conf is quoted at the bottom of this email. > > Everything runs well, except that users complain that NT doesn't show their > full names like it used to (pre-PDC). > For example my locked workstation message would read " is logged > on as DOLPHIN\garcianc". I verified that I did enter full names when I > created each user account on the Linux box. > > I haven't been doing this very long. Could I have done something wrong when > I ran smbpasswd? Did I miss a switch? > > Thanks in advance. > > Aloha, > Nelson Garcia > > ------ smb.conf ---------- > > # Global parameters > > [global] > workgroup = DOLPHIN > netbios name = LINUXBOX > server string = Samba SMB Server > security = user > encrypt passwords = Yes > time server = Yes > domain admin group = @admin > logon script = %U.bat > logon path = > domain logons = Yes > os level = 64 > preferred master = Yes > domain master = Yes > wins support = Yes > comment = PDC > hosts allow = 90.0.0. 127. > printcap name = /etc/printcap > load printers = yes > > [public] > comment = public > path = /home/public > writeable = Yes > create mask = 0777 > directory mask = 0777 > guest ok = Yes > > [data] > comment = Data > path = /home/samba/data > writeable = Yes > create mask = 0770 > directory mask = 0770 > guest ok = Yes > > [netlogon] > comment = NETLOGON service > path = /export/samba/logon > browseable = No > > [profile] > comment = User profiles > path = /export/samba/profile > writeable = Yes > create mask = 0700 > directory mask = 0700 > > [printers] > comment = All Printers > path = /var/spool/lpd/lp > browseable = No > printable = Yes > public = Yes > writeable = no > create mode = 0700 > > [HPLaserJet4L] > path = /var/spool/lpd/lp > printer name = HPLaserJet4L > writeable = yes > # public = yes > printable = yes > print command = lpr -r -h -P%p %s > lpq command = /usr/bin/lpq -P%p -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From simo.sorce at polimi.it Tue Sep 12 09:55:21 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:23 2003 Subject: domain controller promotion References: Message-ID: <39BDFD89.2A1859B2@polimi.it> Akop Pogosian wrote: > > On Mon, 11 Sep 2000, David C. Canedo wrote: > > > I have "preferred master = no" in my smb.conf file YET my samba server was still promoted to PDC > > when our PDC went down this weekend. Is there a way to prevent this from happening? > > > > Please reply to dcanedo@concero.com as I am not on this mailing list. > > > > thanks, > > -- > > Dave Canedo > > Concero / IT Department > > > > This option is not used to designate a machine as PDC. > >From smb.conf man page: > > preferred master (G) > > This boolean parameter controls if nmbd is a preferred > master browser for its workgroup. > > If this is set to true, on startup, nmbd will force an > election, and it will have a slight advantage in win- > ning the election. It is recommended that this parame- > ter is used in conjunction with "domain master = yes", > so that nmbd can guarantee becoming a domain master. > ... > > If you don't want your Samba box to be a PDC, make sure you do not > set "domain logons" in smb.conf or use "domain logons = no" > in smb.conf file. > > Akop "domain logons = yes" is needed to retrieve the passwords from the PDC. to avoid beeing PDC you should set "domain master = no". Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From J.L.Gilmour at exeter.ac.uk Tue Sep 12 08:31:01 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:31:23 2003 Subject: ...unsolicited oplock break... In-Reply-To: <39BDBD72.2F730236@germanynet.de> from "michaelis" at Sep 12, 2000 07:21:54 am Message-ID: <1011043.200009120831@olib> > > i can't find a solution to the following problem. Samba works fine as a > fileserver but sometimes, mostly when transfering large files (> 1Mb) > it transfers the complete file (both directions, to and from the > samba-server) and then it hangs for some seconds then comes an NT-Error > (an unknown network-error occured. session closed). Checking the > samba-side-log-file brings: unsolicited oplock break by PID and the > complete, uncorrupted, transfered file is in the list of locked files. > What is wrong in that case and what can i do against this. We had a similar problem. Turned out to be less than 100% reliable hardware (10 year old Indigos). I don't think Irix 5.2 helped either! Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter "Why is line printer paper strongest at the perforations?" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From tschweikle at FIDUCIA.de Tue Sep 12 08:50:39 2000 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:31:23 2003 Subject: samba and dual homed hosts Message-ID: <0057540006776633000002L432*@MHS> Hi! Working samba on a dual homed host I found the following problem: nmb serves both subnets. There is no routing between the subnets. There are five dual homed servers and one dual homed client. All other clients are single homed. I observed: nmb delivers wrong addresses to these single homed clients. Eg: a client in subnet 10.2.247.0/24 is handled an address in subnet 192.168.13.0/24 which it can't reach. These clients, in turn, can't connect to some of the servers. Is there a way starting nmb twice? Binding each instance to one subnet, not mixing both subnets in one instance as it is now? Any help is appreciated! -- Thomas From gcarter at valinux.com Tue Sep 12 13:41:36 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:23 2003 Subject: NTW 4.0 Workstation Admin Rights References: <20000911233519.E02BC4301@jimsun.LinxNet.com> Message-ID: <39BE3290.73A9C7A7@valinux.com> Jim Seymour wrote: > > > Thanks for the follow-up. > > I just want to be clear on this one point: this allows > anyone who is logged in to the workstation Administrator > rights on that workstation (the one they're logged > on to) *only*, right? > > I don't wanna be givin' away the store :-). Umm....that should give the logged in user the group rid of Domain Admins. :-) Obviously not root, but **any** nt box they log onto will be as a Domain Admin. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ross at csn.ul.ie Tue Sep 12 14:00:13 2000 From: ross at csn.ul.ie (Ross Davis) Date: Tue Dec 2 02:31:23 2003 Subject: OpenLDAP2.0.1/SAMBA schemas Message-ID: Lo all, Has anybody translated the ver. 1.2 schemas to ver. 2.0.1 schemas? Assuming somebody has, I'd appreciate greatly if they would send them on and maybe any additional schemas that might be useful for Samba TNG2.6!? Cheers, -Ross From drek at bigstudios.com Tue Sep 12 13:53:36 2000 From: drek at bigstudios.com (Agent Drek) Date: Tue Dec 2 02:31:23 2003 Subject: memory hungry smbd in samba-tng? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB03F4714B@xcgmd008.md.essd.northgrum.com> Message-ID: On Fri, 1 Sep 2000, Cole, Timothy D. wrote: > Hrm, this is a general problem, then... be interesting to see where > the memory is going. How much is text, and how much is data? > > ok I've got more info now :) PID STAT TIME SL RE PAGEIN VSZ RSS LIM TSIZ %CPU %MEM COMMAND 274 I 0:11.22 24 641 15 20008 18196 - 324 0.0 14.2 /opt/samba-tng/sbin/smbd -D 304 I 0:04.33 21 324 2 14288 12636 - 324 0.0 9.9 /opt/samba-tng/sbin/smbd -D 278 S 0:00.03 4 625 5 4604 2636 - 324 0.0 2.1 /opt/samba-tng/sbin/smbd -D 334 I 0:00.02 20 81 1 4608 2564 - 324 0.0 2.0 /opt/samba-tng/sbin/smbd -D 280 I 0:00.03 25 510 0 4608 2340 - 324 0.0 1.8 /opt/samba-tng/sbin/smbd -D 336 S 0:00.02 13 73 2 4608 2604 - 324 0.0 2.0 /opt/samba-tng/sbin/smbd -D 200 Is 0:00.01 73 726 0 3240 1660 - 324 0.0 1.3 /opt/samba-tng/sbin/smbd -D where RSS is the 'resident set size' TSIZ is the 'text size Kb' VSZ 'virtual size in Kb' I've also found that if I launch smbd from a csh script with 'limit datasize 20M' it will crash. I think that it may have something to do with the name mangling cache as the following log message does not make sense to me: name_map_mangle( minfo.exe, need83 = FALSE, cache83 = TRUE, 6 ) samba decides that each opened file does not need name mangling and then goes ahead and sets cache83 = TRUE ... is that logical? I read though all the current bug/patch submissions and nothing seemed to point here ... I tried turning off name mangling but I could still crash the system and now people have arrived at work ( I have a ~1hr window to work with in the morning). does it sound like I'm chasing a ghost? csh suggestion came from someone on freebsd-questions who thought I should do a crash dump (trace) of smbd which is what I guess I'll do tommorow morning but this is definately getting complicated! just to reiterate that this is occuring on FreeBSD4.1-Release with a recent version of samba-tng (obtained through cvs). thanks, -- Agent Drek Big Animation Inc > 'digital plumber' http://www.bigstudios.com From stancel at netlife.de Tue Sep 12 14:15:50 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:23 2003 Subject: accountflags in smbpasswd Message-ID: <39BE3A96.E3D13247@netlife.de> Hi all, I know about U W N D accountflags. Now I saw a new one: P. May someone tell me, what it means? Are there more flags..? thank you, Marek Stancel From vorlon at netexpress.net Tue Sep 12 14:19:21 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:23 2003 Subject: samba and dual homed hosts In-Reply-To: <0057540006776633000002L432*@MHS> Message-ID: On Tue, 12 Sep 2000 tschweikle@FIDUCIA.de wrote: > Working samba on a dual homed host I found the following > problem: > nmb serves both subnets. There is no routing between the > subnets. There are five dual homed servers and one dual > homed client. All other clients are single homed. > I observed: nmb delivers wrong addresses to these single > homed clients. Eg: a client in subnet 10.2.247.0/24 is > handled an address in subnet 192.168.13.0/24 which it > can't reach. These clients, in turn, can't connect to > some of the servers. > Is there a way starting nmb twice? Binding each instance > to one subnet, not mixing both subnets in one instance > as it is now? Hi Thomas, Yes, you can force nmbd to bind to only one interface using the commands 'bind interfaces only = yes' and 'interfaces = ' in your smb.conf. It's easiest to set up two smb.conf files, one for each of the interfaces you want nmbd to bind to. Then run: smbd -D nmbd -D nmbd -D -s /path/to/other/smb.conf And each subnet should see the right addresses. HTH, Steve Langasek postmodern programmer From gcarter at valinux.com Tue Sep 12 14:45:40 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:23 2003 Subject: OpenLDAP2.0.1/SAMBA schemas References: Message-ID: <39BE4194.C15AC408@valinux.com> Ross Davis wrote: > > Lo all, > > Has anybody translated the ver. 1.2 schemas to ver. > 2.0.1 schemas? Assuming somebody has, I'd appreciate > greatly if they would send them on and maybe any > additional schemas that might be useful for Samba TNG2.6!? We (myself and Jean Francois, et. al) are currently working on providing stable LDAP support in HEAD. Stay tuned (and feel free to chime in). The plans are to come up with the initial design andthen post to samba-technical for comments. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mgreen at pilot.net Tue Sep 12 14:57:39 2000 From: mgreen at pilot.net (Mark Green) Date: Tue Dec 2 02:31:23 2003 Subject: unsubscribe Message-ID: -----Original Message----- From: Agent Drek [mailto:drek@bigstudios.com] Sent: Tuesday, September 12, 2000 6:54 AM To: Cole, Timothy D. Cc: samba-ntdom@samba.org; drek@bigstudios.com Subject: RE: memory hungry smbd in samba-tng? On Fri, 1 Sep 2000, Cole, Timothy D. wrote: > Hrm, this is a general problem, then... be interesting to see where > the memory is going. How much is text, and how much is data? > > ok I've got more info now :) PID STAT TIME SL RE PAGEIN VSZ RSS LIM TSIZ %CPU %MEM COMMAND 274 I 0:11.22 24 641 15 20008 18196 - 324 0.0 14.2 /opt/samba-tng/sbin/smbd -D 304 I 0:04.33 21 324 2 14288 12636 - 324 0.0 9.9 /opt/samba-tng/sbin/smbd -D 278 S 0:00.03 4 625 5 4604 2636 - 324 0.0 2.1 /opt/samba-tng/sbin/smbd -D 334 I 0:00.02 20 81 1 4608 2564 - 324 0.0 2.0 /opt/samba-tng/sbin/smbd -D 280 I 0:00.03 25 510 0 4608 2340 - 324 0.0 1.8 /opt/samba-tng/sbin/smbd -D 336 S 0:00.02 13 73 2 4608 2604 - 324 0.0 2.0 /opt/samba-tng/sbin/smbd -D 200 Is 0:00.01 73 726 0 3240 1660 - 324 0.0 1.3 /opt/samba-tng/sbin/smbd -D where RSS is the 'resident set size' TSIZ is the 'text size Kb' VSZ 'virtual size in Kb' I've also found that if I launch smbd from a csh script with 'limit datasize 20M' it will crash. I think that it may have something to do with the name mangling cache as the following log message does not make sense to me: name_map_mangle( minfo.exe, need83 = FALSE, cache83 = TRUE, 6 ) samba decides that each opened file does not need name mangling and then goes ahead and sets cache83 = TRUE ... is that logical? I read though all the current bug/patch submissions and nothing seemed to point here ... I tried turning off name mangling but I could still crash the system and now people have arrived at work ( I have a ~1hr window to work with in the morning). does it sound like I'm chasing a ghost? csh suggestion came from someone on freebsd-questions who thought I should do a crash dump (trace) of smbd which is what I guess I'll do tommorow morning but this is definately getting complicated! just to reiterate that this is occuring on FreeBSD4.1-Release with a recent version of samba-tng (obtained through cvs). thanks, -- Agent Drek Big Animation Inc > 'digital plumber' http://www.bigstudios.com From Ivan.RuizdeGauna at origin-it.com Tue Sep 12 15:12:09 2000 From: Ivan.RuizdeGauna at origin-it.com (Ruiz de Gauna, Ivan) Date: Tue Dec 2 02:31:23 2003 Subject: mapping a unix drive on Windows 2000 Message-ID: <1BF10ACF702DD31199180000F6C72269019F9A3F@bezax002.zavica.be.origin-it.com> Hello there, Could someone help me here? I remember I had to modify some entries in the registry to use Samba under Windows 95 R2, Windows98 and Windows NT. Now I've just installed Windows 2000 and here I am with the same problem: When logging into the unix machine, the password is not accepted. Can anyone help, please? Thanks in advance, Iv?n. -------------- next part -------------- HTML attachment scrubbed and removed From tschweikle at FIDUCIA.de Tue Sep 12 16:03:58 2000 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:31:23 2003 Subject: samba and dual homed hosts Message-ID: <0057540006784805000002L452*@MHS> On Tue, 12 Sep 2000 tschweikle@FIDUCIA.de wrote: >> Is there a way starting nmb twice? Binding each instance >> to one subnet, not mixing both subnets in one instance >> as it is now? > > Yes, you can force nmbd to bind to only one interface using > the commands 'bind interfaces only = yes' and > 'interfaces = ' in your smb.conf. It's > easiest to set up two smb.conf files, one for each of the > interfaces you want nmbd to bind to. Then run: > > smbd -D > nmbd -D > nmbd -D -s /path/to/other/smb.conf > > And each subnet should see the right addresses. Wouldn't this bind smbd to only one subnet too? I wanted to start only nmbd twice, not smbd too (maybe creating locking problems having two smbd running). Thomas From vorlon at netexpress.net Tue Sep 12 16:06:40 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:23 2003 Subject: samba and dual homed hosts In-Reply-To: <0057540006784805000002L452*@MHS> Message-ID: On Tue, 12 Sep 2000 tschweikle@FIDUCIA.de wrote: > >> Is there a way starting nmb twice? Binding each instance > >> to one subnet, not mixing both subnets in one instance > >> as it is now? > > Yes, you can force nmbd to bind to only one interface using > > the commands 'bind interfaces only = yes' and > > 'interfaces = ' in your smb.conf. It's > > easiest to set up two smb.conf files, one for each of the > > interfaces you want nmbd to bind to. Then run: > > smbd -D > > nmbd -D > > nmbd -D -s /path/to/other/smb.conf > > And each subnet should see the right addresses. > Wouldn't this bind smbd to only one subnet too? I wanted to > start only nmbd twice, not smbd too (maybe creating locking > problems having two smbd running). Ah, you're right of course. So you would actually need one smb.conf for smbd, and two different ones for nmbd. The same principle applies. Steve Langasek postmodern programmer From akopps at CSUA.Berkeley.EDU Tue Sep 12 16:48:21 2000 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:31:23 2003 Subject: domain controller promotion In-Reply-To: <39BDFD89.2A1859B2@polimi.it> Message-ID: On Tue, 12 Sep 2000, Simo Sorce wrote: > > This option is not used to designate a machine as PDC. > > >From smb.conf man page: > > > > preferred master (G) > > > > This boolean parameter controls if nmbd is a preferred > > master browser for its workgroup. > > > > If this is set to true, on startup, nmbd will force an > > election, and it will have a slight advantage in win- > > ning the election. It is recommended that this parame- > > ter is used in conjunction with "domain master = yes", > > so that nmbd can guarantee becoming a domain master. > > ... > > > > If you don't want your Samba box to be a PDC, make sure you do not > > set "domain logons" in smb.conf or use "domain logons = no" > > in smb.conf file. > > > > Akop > > "domain logons = yes" is needed to retrieve the passwords from the PDC. > to avoid beeing PDC you should set "domain master = no". > > Simo. > Not true. "domain master = no" tells nmbd not to become a domain master browser. A machine can be a PDC without being a domain master browser. If "domain logons = yes" then samba becomes a PDC and authentication is done on the samba server. If you want samba to authenticate users from some other PDC then you certainly can't have "domain logons = yes" option on the samba server because that promotes it into a PDC as well. (you need to use "password server = *" , and "security = domain" options for that.) Akop From vorlon at netexpress.net Tue Sep 12 17:04:13 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:23 2003 Subject: domain controller promotion In-Reply-To: Message-ID: On Tue, 12 Sep 2000, Akop Pogosian wrote: > > > This option is not used to designate a machine as PDC. > > > >From smb.conf man page: > > > preferred master (G) > > > This boolean parameter controls if nmbd is a preferred > > > master browser for its workgroup. > > > If this is set to true, on startup, nmbd will force an > > > election, and it will have a slight advantage in win- > > > ning the election. It is recommended that this parame- > > > ter is used in conjunction with "domain master = yes", > > > so that nmbd can guarantee becoming a domain master. > > > ... > > > If you don't want your Samba box to be a PDC, make sure you do not > > > set "domain logons" in smb.conf or use "domain logons = no" > > > in smb.conf file. > > "domain logons = yes" is needed to retrieve the passwords from the PDC. > > to avoid beeing PDC you should set "domain master = no". > Not true. "domain master = no" tells nmbd not to become a domain > master browser. A machine can be a PDC without being a domain master > browser. > If "domain logons = yes" then samba becomes a PDC and authentication > is done on the samba server. If you want samba to authenticate users > from some other PDC then you certainly can't have "domain logons = > yes" option on the samba server because that promotes it into a PDC as > well. (you need to use "password server = *" , and "security = > domain" options for that.) 'domain master = yes' is the option that causes nmbd to become a domain master browser, *BUT* NT uses the same netbios name type for 'domain master browser' as it does for 'primary domain controller'. If 'domain master = yes' and 'domain logons = yes', then Samba will act as a PDC (at least, as well as it can) and all NT workstations in that workgroup will also treat it as such. If 'domain master = no' and 'domain logons = yes', then Samba appears to be a BDC on the network. If using Samba-TNG and a proper trust relationship has been established with the PDC, then Samba will even act as a BDC. If you set 'domain master = yes' and 'domain logons = no', then all the other machines on the network will look at you askance because you're a DMB, but you're not a logon server (and therefore not a domain controller). But because you're registered as the DMB, no other server can become the PDC for that domain, either. OTOH, if there's no NT domain to speak of on your network (in which case this is hardly the appropriate forum), then by all means, set 'domain master' and 'domain logons' to whatever settings you think work best for you. Steve Langasek postmodern programmer From kellermg at potsdam.edu Tue Sep 12 17:17:58 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:31:23 2003 Subject: Lame Samba Config Question (slightly OT) Message-ID: <39BE6546.56660CA0@potsdam.edu> Somewhere my Samba logic got stupid. What I want to do is make a share (actually about 3000 of them) such that when a given user browses to the server, they see all of the shares that I have given them access too, and NOT all 3000 of them (like what happens with home directories). I would think, logically that only the "valid users" would "see" the shares, but that's not the truth. I don't care if the "other" shares are merely hidden from users, but I hate have 3000 shares listed on a server, when a given user only needs access to 5 or 10 of them- At the same time setting browseable=no seems to make them ALL invisible, and that's no good either. Below is the config I'm using for these shares. The permissions are controlled at the filesystem level, so i'm not worried about other people getting INTO the shares... Any help would be appreciated. [ZIPPYS SHARE] path = /zippyshare valid users = zippy writeable = yes -- Matthew Keller WebMaster & Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From mgreen at pilot.net Tue Sep 12 17:13:30 2000 From: mgreen at pilot.net (Mark Green) Date: Tue Dec 2 02:31:23 2003 Subject: unsubscribe Message-ID: -----Original Message----- From: Steve Langasek [mailto:vorlon@netexpress.net] Sent: Tuesday, September 12, 2000 10:04 AM To: Akop Pogosian Cc: Simo Sorce; David C. Canedo; samba-ntdom@us4.samba.org Subject: Re: domain controller promotion On Tue, 12 Sep 2000, Akop Pogosian wrote: > > > This option is not used to designate a machine as PDC. > > > >From smb.conf man page: > > > preferred master (G) > > > This boolean parameter controls if nmbd is a preferred > > > master browser for its workgroup. > > > If this is set to true, on startup, nmbd will force an > > > election, and it will have a slight advantage in win- > > > ning the election. It is recommended that this parame- > > > ter is used in conjunction with "domain master = yes", > > > so that nmbd can guarantee becoming a domain master. > > > ... > > > If you don't want your Samba box to be a PDC, make sure you do not > > > set "domain logons" in smb.conf or use "domain logons = no" > > > in smb.conf file. > > "domain logons = yes" is needed to retrieve the passwords from the PDC. > > to avoid beeing PDC you should set "domain master = no". > Not true. "domain master = no" tells nmbd not to become a domain > master browser. A machine can be a PDC without being a domain master > browser. > If "domain logons = yes" then samba becomes a PDC and authentication > is done on the samba server. If you want samba to authenticate users > from some other PDC then you certainly can't have "domain logons = > yes" option on the samba server because that promotes it into a PDC as > well. (you need to use "password server = *" , and "security = > domain" options for that.) 'domain master = yes' is the option that causes nmbd to become a domain master browser, *BUT* NT uses the same netbios name type for 'domain master browser' as it does for 'primary domain controller'. If 'domain master = yes' and 'domain logons = yes', then Samba will act as a PDC (at least, as well as it can) and all NT workstations in that workgroup will also treat it as such. If 'domain master = no' and 'domain logons = yes', then Samba appears to be a BDC on the network. If using Samba-TNG and a proper trust relationship has been established with the PDC, then Samba will even act as a BDC. If you set 'domain master = yes' and 'domain logons = no', then all the other machines on the network will look at you askance because you're a DMB, but you're not a logon server (and therefore not a domain controller). But because you're registered as the DMB, no other server can become the PDC for that domain, either. OTOH, if there's no NT domain to speak of on your network (in which case this is hardly the appropriate forum), then by all means, set 'domain master' and 'domain logons' to whatever settings you think work best for you. Steve Langasek postmodern programmer From gcarter at valinux.com Tue Sep 12 17:20:59 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:23 2003 Subject: Lame Samba Config Question (slightly OT) References: <39BE6546.56660CA0@potsdam.edu> Message-ID: <39BE65FB.3DC73CE2@valinux.com> Matthew Keller wrote: > > Somewhere my Samba logic got stupid. What I > want to do is make a share (actually about 3000 of them) > such that when a given user browses to the server, they > see all of the shares that I have given them access too, > and NOT all 3000 of them (like what happens with home directories) use and include line. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Hugo.van.der.Kooij at caiw.nl Tue Sep 12 18:12:02 2000 From: Hugo.van.der.Kooij at caiw.nl (Hugo.van.der.Kooij@caiw.nl) Date: Tue Dec 2 02:31:23 2003 Subject: OpenLDAP2.0.1/SAMBA schemas In-Reply-To: Message-ID: On Tue, 12 Sep 2000, Ross Davis wrote: > Has anybody translated the ver. 1.2 schemas to ver. 2.0.1 schemas? > Assuming somebody has, I'd appreciate greatly if they would send them on > and maybe any additional schemas that might be useful for Samba TNG2.6!? All schema files provided with openldap 1.2 made it to 2.0 as far as I know. Are you referring to other schema files? Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij@caiw.nl http://home.kabelfoon.nl/~hvdkooij/ -------------------------------------------------------------- Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html) From kellermg at potsdam.edu Tue Sep 12 19:14:52 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:31:23 2003 Subject: Lame Samba Config Question (slightly OT) References: <39BE6546.56660CA0@potsdam.edu> <39BE6820.BA1FB08B@grainsystems.com> Message-ID: <39BE80AC.79C0954@potsdam.edu> Kevin Colby wrote: > If you have need to actually structure these shares individually, > and yet still want to hide them from select users, you will need > to use different config files for these setups and include these > subconfigs with the some % macro such that the differences can be > resolved using something like "include = %u.conf". Yes, I did think about that, and may need to eventually take this route > NT-style file sharing wasn't really designed for this. > IIRC, NT itself would be utterly incapable of this. Since when is NT's incapability an issue for Samba? :-D -- Matthew Keller WebMaster & Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From stancel at netlife.de Tue Sep 12 12:36:55 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:23 2003 Subject: Accountflags in smbpasswd Message-ID: <39BE2367.D58E2F1C@netlife.de> Hi all, I know about U W N D accountflags. Now I saw a new one: P. May someone tell me, what it means? Are there more flags..? thank you, Marek Stancel From rcalderon at verticalnet.com Tue Sep 12 22:19:32 2000 From: rcalderon at verticalnet.com (Rafael Calderon) Date: Tue Dec 2 02:31:23 2003 Subject: new samba installation Message-ID: <63CF67318E86D311B6C80008C7E6A0800941E6DC@VNETEXS> Hi, I am writing because I installed samba on a solaris 2.6 client that is a part of NIS. I created the smb.conf file and ran testparm, kicked of the daemons and checked the shares with smbclient -L backup1 -N. So far everything looked good. However, when I try to map the network drive on my pc that is in an NT domain I got the following error message: "The account is not authenticated to login from this workstation". I have wins configured in the smb.con and at this point I'm out of ideas. If anyone can help me I'd really appreciate it. rcalderon@vertical.net unix administrator ============================================================================ This message is intended only for the use of the Addressee(s) and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient, dissemination of this communication is prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify postmaster@verticalnet.com immediately. ============================================================================ From mgeddes at xavier.sa.edu.au Tue Sep 12 23:09:48 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:23 2003 Subject: accountflags in smbpasswd References: <39BE3A96.E3D13247@netlife.de> Message-ID: <39BEB7BC.8B5D9C11@xavier.sa.edu.au> Marek Stancel wrote: > > Hi all, > > I know about U W N D accountflags. > Now I saw a new one: P. May someone tell me, what it means? > Are there more flags..? > > thank you, > Marek Stancel Which version of Samba are you using? If you're using Samba TNG, the samedit man page has a section for it's samuserset2 command. Play around with this command and you should be able to work out what each one is. Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From Bielenberg at t-online.de Tue Sep 12 23:02:41 2000 From: Bielenberg at t-online.de (=?iso-8859-1?Q?G=FCnter?= Bielenberg) Date: Tue Dec 2 02:31:23 2003 Subject: Access failed References: <39BCE42D.A614C28E@t-online.de> <39BD00E0.AF8B6C2@ing.sun.ac.za> Message-ID: <39BEB611.6D014557@t-online.de> Buchan Milne schrieb: > Did you change the "User who may access this profile" before copying it > to the samba PDC. THis is important, and needs to be set to your domain > account. > > Buchan hi, thanks for your help. Since I was not able to copy the profiles to my server again and set the rights correctly (but this is an other problem: Windows tells me 'unknown profile', and this cannot be copied anywhere) I got help from M$'s Knowledge Base: Q158682: Shortcuts created under Windows NT 4.0 resolve to UNC paths. (I got the german version http://www.microsoft.com/IntlKB/Germany/Support/kb/D39/D39812.HTM?L, my quotation may be incorrect) Here they describe that links (I forgot to tell that I tried to open the programs by clicking on a desktop icon) store the complete 'UNC-path' like \\\C$, and the access from another computer fails, for this absolute path is wrong on any other WS except the one, the link was created on originally. So this is a pure NT problem depending on a well-hidden function of that OS. It also appears on NT-domains with an NT-server in it. G?nter > > > G?nter Bielenberg wrote: > > > > hi all, > > > > in a school we have a net of NT-Machines hanging at a Samba server > > under Linux. It runs samba 2.0.7 on Linux 2.2.14 (Suse 6.4) I made a > > standard user at one WS, fixed the profile by renaming ntuser.dat to > > ntuser.man and copied this profile to the logon path at the server. > > When I now login at another WS as this user, I get my desktop and > > home directory, but when I try to start one of the > > M$-Office-programs, which are installed locally at all WSs I get the > > message 'Falsches Passwort f?r Netzzugriff' (wrong password). If I > > type in my admin name and password I get access to the programm. > > What's wrong with that? > > In my samba.log I find the following lines: > > - smbd/nttrans.c: call_nt_transact_ioctl (2516) > > - call_nt_transact_ioctl: currently not implemented > > has this something to do with my problem? What does this message > > mean? > > > > thanks in advance > > > > G?nter > From mmiller at cgrg.ohio-state.edu Wed Sep 13 00:07:23 2000 From: mmiller at cgrg.ohio-state.edu (Michael Miller) Date: Tue Dec 2 02:31:23 2003 Subject: Lame Samba Config Question (slightly OT) In-Reply-To: <20000912190107.3ADF15A82E@us4.samba.org> Message-ID: > Message: 8 > Date: Tue, 12 Sep 2000 13:17:58 -0400 > From: Matthew Keller > To: Samba NT DOM List > Subject: Lame Samba Config Question (slightly OT) > > > Somewhere my Samba logic got stupid. What I want to do is make a share > (actually about 3000 of them) such that when a given user browses to the > server, they see all of the shares that I have given them access too, > and NOT all 3000 of them (like what happens with home directories). I > would think, logically that only the "valid users" would "see" the > shares, but that's not the truth. I don't care if the "other" shares are > merely hidden from users, but I hate have 3000 shares listed on a > server, when a given user only needs access to 5 or 10 of them- At the > same time setting browseable=no seems to make them ALL invisible, and > that's no good either. > Below is the config I'm using for these shares. The permissions are > controlled at the filesystem level, so i'm not worried about other > people getting INTO the shares... Any help would be appreciated. > > [ZIPPYS SHARE] > path = /zippyshare > valid users = zippy > writeable = yes I have the same concern. Not as many folders to deal with, but... Anyway, I don't know of any NT option to hide those folders, other than the share$ way of creating a hidden share. you could create a login script that uses the "net use" DOS command to map the folders to drive letters. then the shares would be there without your users looking for them. I haven't created such shares on a samba box, but it's worth a try. A sample share might look like: [ZIPPYSSHARE$] path = /zippyshare valid users = zippy writeable = yes browsable = no the batch file would include: net use k: \\SAMBASERVER\ZIPPYSSHARE$ I eliminate spaces to avoid obvious problems. appropriate permissions set on the directory etc... Let me know if this works. -- Thanx, Michael Miller System Specialist Emerging Technologies Studio Advanced Computing Center for the Arts and Design The Ohio State University "If you're clear in your vision and trust the people in your team with clear objectives, they will invariably do their best to achieve everything desired, and usually deliver everything you could have hoped for and even more." -Paul Debevec From Jbascue at Communik.com Wed Sep 13 00:18:06 2000 From: Jbascue at Communik.com (Jeremiah Bascue) Date: Tue Dec 2 02:31:23 2003 Subject: It used to work! Message-ID: <51D7B7844608D31198180060974FC61956B984@EXCHANGE> 3 months ago I installed Samaba 2.0.7 on our companies Sparc E250 and everything worked flawlessly. We use NT clients and servers with the exception of a couple of Macs and the Sparc. I was laid off for a week, and when I returned, Samba doesn't work for me anymore but it does for others. What could be happening? I'm at a loss here, but I know it's something easy. Can anyone help? Jeremiah Bascue Web Server Administrator / Coder Communi(k), Inc. 503.431.7836 From kellermg at potsdam.edu Wed Sep 13 01:53:54 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:31:23 2003 Subject: Lame Samba Config Question (slightly OT) References: Message-ID: <39BEDE32.42770F30@potsdam.edu> Michael Miller wrote: <...snip...> > net use k: \\SAMBASERVER\ZIPPYSSHARE$ > > I eliminate spaces to avoid obvious problems. appropriate permissions set > on the directory etc... > > Let me know if this works. Yeesh... I hate login scripts. :) I just scripted a routine that reads my ACL files and creates "username.conf" files, which are included in smb.conf using a %U variable - Not the cleanest solution, but nicely dynamic. -- Matthew Keller WebMaster & Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From impaco at mixmail.com Wed Sep 13 06:51:39 2000 From: impaco at mixmail.com (paco cornejo) Date: Tue Dec 2 02:31:23 2003 Subject: Samba-Ldap-Suicide Message-ID: <20000913085139.HM.600000000004wSc@mixmail.com> Hi members of Samba-NtDom mail list... If my project doesnt work soon i think the only way is the suicide, pleaseee help meee....XD I have been checking all the instructions of the Samba- Ldap-Howto written by Ignacio Coupeau, i think i have configured all as the Howto, but it doesnt work!!... I think the problem may be that i cant encrypt my passwd because smbpasswd desnt create a "smbpasswd" file for storing the users an encprypted pass.ç I dont know which is the correct order to create a user.. I first use: useradd Then: i make a ldif for the user and add it with ldapadd finally: I try to use smbpasswd but i get an error message. How can i encrypt the passwd?? The rest of the installation i think is OK. Im using Samba 2.1 pre-alpha and openldap 1.2.9. All replys will be apreciated... Thanks! P.D: Excuse my English. Tu correo gratis en MixMail http://www.mixmail.com Inicia tu navegacion en http://www.ya.com From uucp at rage.so36.net Wed Sep 13 07:10:30 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:23 2003 Subject: Execution failed Message-ID: <20000913071030.6677.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:30 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:32 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071032.6729.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:32 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:34 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071034.6773.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:34 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:35 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071035.6789.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:35 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:29 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071029.6665.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:29 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:28 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071028.6641.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:28 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:40 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071040.6904.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:40 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:50 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071050.7132.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:50 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:37 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071037.6829.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:37 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:38 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071038.6853.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:38 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:54 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071054.7244.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:54 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:53 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071053.7213.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:53 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:39 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071039.6873.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:39 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:49 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071049.7099.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:49 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:38 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071038.6857.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:38 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:50 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071050.7153.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:50 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:39 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071039.6885.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:39 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:39 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071039.6877.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:39 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:38 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071038.6865.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:38 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:54 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071054.7234.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:54 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:51 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071051.7164.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:51 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:51 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071051.7176.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:51 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:51 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071051.7172.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:51 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:02 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071102.7412.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:02 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:00 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071100.7377.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:00 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:03 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071103.7426.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:03 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:05 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071105.7489.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:05 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:56 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071056.7280.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:56 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:59 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071059.7342.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:59 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:01 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071101.7404.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:01 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:00 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071100.7370.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:00 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:08 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071108.7538.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:08 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:57 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071057.7292.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:56 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:51 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071051.7168.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:51 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:05 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071105.7478.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:05 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:04 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071104.7447.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:04 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:55 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071055.7258.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:55 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:03 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071103.7433.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:03 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:59 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071059.7356.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:59 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:58 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071058.7328.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:58 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:57 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071057.7307.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:57 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:38 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071038.6861.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:38 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:08 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071108.7556.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:08 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:57 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071057.7296.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:57 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:00 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071100.7363.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:00 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:01 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071101.7388.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:00 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:10:57 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071057.7300.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:10:57 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:07 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071107.7531.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:07 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:01 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071101.7396.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:01 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:06 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:24 2003 Subject: Execution failed Message-ID: <20000913071106.7513.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:06 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From uucp at rage.so36.net Wed Sep 13 07:11:02 2000 From: uucp at rage.so36.net (uucp@rage.so36.net) Date: Tue Dec 2 02:31:25 2003 Subject: Execution failed Message-ID: <20000913071102.7408.qmail@rage.so36.net> Message from UUCP on gosh Wed Sep 13 09:11:02 2000 Your execution request failed because you are not permitted to execute rmail on this system. Execution requested was: rmail ths From daler at geoscience.org.za Wed Sep 13 07:46:42 2000 From: daler at geoscience.org.za (Dale Llewellyn Roblin) Date: Tue Dec 2 02:31:25 2003 Subject: What the ding dong is going on?? References: <20000913071054.7234.qmail@rage.so36.net> Message-ID: <39BF30E2.4F1D1923@geoscience.org.za> Is this happening to everyone or just me: I get about 1 message a minute with the follwing subject and sender: Subject: Execution failed Sender: uucp@rage.so36.net Body: > Message from UUCP on gosh Wed Sep 13 09:10:54 2000 > > Your execution request failed because you are not permitted to execute > rmail > on this system. > Execution requested was: > rmail ths From sasiuru at almamedia.fi Wed Sep 13 08:06:47 2000 From: sasiuru at almamedia.fi (Sami Siuruainen) Date: Tue Dec 2 02:31:25 2003 Subject: What the ding dong is going on?? References: <20000913071054.7234.qmail@rage.so36.net> <39BF30E2.4F1D1923@geoscience.org.za> Message-ID: <39BF3597.8FE334C2@almamedia.fi> Hello from Finland; I get that "Execution Failed" also, approx 30 mails have come since 10:11AM (EET). I have send a notification to the server root and notified about error message. I guess he/she is doing something to fix it up. Sami Siuruainen Internet Program Designer Almamedia Net Ventures, Finland (http://www.almamedia.fi/) Dale Llewellyn Roblin wrote: > > Is this happening to everyone or just me: I get about 1 message a minute > with the follwing subject and sender: > > Subject: Execution failed > Sender: uucp@rage.so36.net > Body: > > > Message from UUCP on gosh Wed Sep 13 09:10:54 2000 > > > > Your execution request failed because you are not permitted to execute > > rmail > > on this system. > > Execution requested was: > > rmail ths -------------- next part -------------- A non-text attachment was scrubbed... Name: sasiuru.vcf Type: text/x-vcard Size: 357 bytes Desc: Card for Sami Siuruainen Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000913/8bdc5724/sasiuru.vcf From Christian.Hartmann-Herrmann at web2cad.de Wed Sep 13 08:13:15 2000 From: Christian.Hartmann-Herrmann at web2cad.de (Christian.Hartmann-Herrmann@web2cad.de) Date: Tue Dec 2 02:31:25 2003 Subject: What the ding dong is going on?? Message-ID: ---------------------- Weitergeleitet von Christian Hartmann-Herrmann/GENIUS/DE am 13.09.2000 10:19 --------------------------- Dale Llewellyn Roblin am 13.09.2000 09:46:42 An: samba-ntdom@samba.org Kopie: (Blindkopie: Christian Hartmann-Herrmann/GENIUS/DE) Thema: What the ding dong is going on?? Is this happening to everyone or just me: I get about 1 message a minute with the follwing subject and sender: Subject: Execution failed Sender: uucp@rage.so36.net Body: > Message from UUCP on gosh Wed Sep 13 09:10:54 2000 > > Your execution request failed because you are not permitted to execute > rmail > on this system. > Execution requested was: > rmail ths From dvh at gtech.co.nz Wed Sep 13 08:58:14 2000 From: dvh at gtech.co.nz (David Hawke) Date: Tue Dec 2 02:31:25 2003 Subject: What the ding dong is going on?? References: <20000913071054.7234.qmail@rage.so36.net> <39BF30E2.4F1D1923@geoscience.org.za> <39BF3597.8FE334C2@almamedia.fi> Message-ID: <39BF41A6.9510AF35@gtech.co.nz> Don't panic A recipient system has (presumably) been reconfigured - it uses uucp to get its mail, and permission to execute the rmail program (which takes it from uucp to sendmail, usually) has not been set correctly. Hang in, delete the messages, until the postmaster / sysadmin on the system checks the logs and sorts it out. Note that NO mail will be going in as it isn't transferred to the MTA on the host. David H Sami Siuruainen wrote: > Hello from Finland; > > I get that "Execution Failed" also, approx 30 mails have come > since 10:11AM (EET). I have send a notification to the server > root and notified about error message. I guess he/she is doing > something to fix it up. > > Sami Siuruainen > Internet Program Designer > Almamedia Net Ventures, Finland (http://www.almamedia.fi/) > > Dale Llewellyn Roblin wrote: > > > > Is this happening to everyone or just me: I get about 1 message a minute > > with the follwing subject and sender: > > > > Subject: Execution failed > > Sender: uucp@rage.so36.net > > Body: > > > > > Message from UUCP on gosh Wed Sep 13 09:10:54 2000 > > > > > > Your execution request failed because you are not permitted to execute > > > rmail > > > on this system. > > > Execution requested was: > > > rmail ths -- ----------------------------------------------------------------------- David Hawke Ph: +64-9-624 2242 mailto:dvh@paradise.net.nz (Home) Fax: +64-9-624 2236 mailto:dvh@gtech.co.nz (Work) Mob: 0-21-995 773 From simo.sorce at polimi.it Wed Sep 13 12:07:36 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:25 2003 Subject: domain controller promotion References: <39BDFD89.2A1859B2@polimi.it> Message-ID: <39BF6E08.E055C189@polimi.it> Simo Sorce wrote: > > Akop Pogosian wrote: > > > > On Mon, 11 Sep 2000, David C. Canedo wrote: > > > > > I have "preferred master = no" in my smb.conf file YET my samba server was still promoted to PDC > > > when our PDC went down this weekend. Is there a way to prevent this from happening? > > > > > > Please reply to dcanedo@concero.com as I am not on this mailing list. > > > > > > thanks, > > > -- > > > Dave Canedo > > > Concero / IT Department > > > > > > > This option is not used to designate a machine as PDC. > > >From smb.conf man page: > > > > preferred master (G) > > > > This boolean parameter controls if nmbd is a preferred > > master browser for its workgroup. > > > > If this is set to true, on startup, nmbd will force an > > election, and it will have a slight advantage in win- > > ning the election. It is recommended that this parame- > > ter is used in conjunction with "domain master = yes", > > so that nmbd can guarantee becoming a domain master. > > ... > > > > If you don't want your Samba box to be a PDC, make sure you do not > > set "domain logons" in smb.conf or use "domain logons = no" > > in smb.conf file. > > > > Akop > > "domain logons = yes" is needed to retrieve the passwords from the PDC. > to avoid beeing PDC you should set "domain master = no". > > Simo. > whoops. There's an error change "domain logons = yes" with "logon server = PDCNAME" the correct settings are as follow: preferred master = no domain master = no domain logons = no logon server = PDCNAME > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From DavidH at invweek.co.uk Wed Sep 13 09:39:03 2000 From: DavidH at invweek.co.uk (David Hemingway) Date: Tue Dec 2 02:31:25 2003 Subject: Win2K and Samba Message-ID: <6B7F5F624EFED3118F8C00902751549D3092FA@EMAIL-SERVER> Hi I'm a newbie and was wondering whether there are an differences to setting up samba with a win2k server as opposed to an NT server. cheers From stancel at netlife.de Wed Sep 13 10:47:20 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:25 2003 Subject: change password at next Logon Message-ID: <39BF5B38.3D6B5769@netlife.de> I am using Samba-TNG. May someone tell me how to set it up, that a user have to change his password at next Logon? Thank you, Marek Stancel From doug at daynetwork.com Wed Sep 13 12:49:54 2000 From: doug at daynetwork.com (Doug Morris) Date: Tue Dec 2 02:31:25 2003 Subject: TNG machine logon description? Message-ID: <200009131249.e8DCnsG02176@majestix.daynetwork.com> I'm looking for documentation describing the basic steps for setting up TNG 2.6 as a PDC. In particular: - What daemons to run, in addition to smbd/nmbd. (I've started everything ending in 'd'). - What accounts to add. Including the correct samedit syntax for both users and machines. - How to connect the NT system to the domain. It looks like there might've been a link to a page from here http://www.kneschke.de/projekte/samba_tng/ "How to configure Samba TNG to allow domain logons from Windows NT", but that link is broken. Also, I'm not sure if that was a link to an smb.conf configuration. I believe my smb.conf is fine (included for completeness below, anyway), at least, connections using smbclient work without a problem. However, ntlogin connections in samedit fail with: cli_nt_setup_creds: auth2 challenge failed. status: c0000022 Also possibly relevant: The system is named elevedelis, netbiosname fileserver-muc. Workstation accounts exist for both fileserver-muc$ and elevedelix$, plus rainer_lap$ and rainer (a user and his laptop). Accounts were created using samedit, and of course, also exist in /etc/passwd. There is no administrator/root account in smbpasswd, should there be? If this isn't documented anywhere, and someone's willing to help me work through this, I'd be happy to write it up myself, after I have things working. Please CC me on any responses so procmail can sort the mail where I'll find it more easily. -- Doug Morris System Administrator Day Management AG http://www.daynetwork.com/ ---[ smb.conf ]--------------------------------------------------------- [global] workgroup = DAY netbios name = FILESERVER-MUC server string = Samba Server in Day Munich security = USER domain logons = Yes encrypt passwords = Yes ;debug level = 3 os level = 65 local master = Yes preferred master = Yes domain master = Yes wins support = Yes time server = Yes dns proxy = Yes logon path = \\%L\profiles\%U domain user map = /etc/samba/domainuser.map domain group map = /etc/samba/domaingroup.map log file = /var/log/samba/log.%m sam directory = /var/log/samba/sam smb passwd file = /etc/smbpasswd max log size = 50 character set = ISO8859-1 socket options = TCP_NODELAY [netlogon] comment = Network Logon Service path = /home/samba/logon guest ok = Yes public = No writeable = No browsable = No share modes = No [profiles] path = /home/samba/profiles browseable = no guest ok = yes [tmp] comment = Temporary file space path = /home/samba/tmp read only = no public = yes [homes] comment = User Home Directories browseable = Yes create mode = 0755 directory mask = 0755 map archive = no read only = no path = %H From jhills at digitaloilfield.com Wed Sep 13 14:16:47 2000 From: jhills at digitaloilfield.com (jhills) Date: Tue Dec 2 02:31:25 2003 Subject: RE Domain PDC and Master Browser In-Reply-To: <20000912190105.C47705819F@us4.samba.org> Message-ID: <003201c01d8d$410f4d50$2678a8c0@digitaloilfield.com> I currently have the following setup A windows 2000 Server and two Solaris machines running samba. I want the NT machine to be the PDC and as far as I can tell it is setup that way. Both of the SMB.conf files have the following options set: Domain logons = yes os level = 0 domain master = no preferred master = no local master = no For some reason every hour an election is forced and one or the other of the Solaris machines claims to be Domain Master. Where I have I missed the setting and what needs to be set? Please help J From ross at csn.ul.ie Wed Sep 13 14:34:13 2000 From: ross at csn.ul.ie (Ross Davis) Date: Tue Dec 2 02:31:25 2003 Subject: OpenLDAP2.0.1/SAMBA schemas In-Reply-To: Message-ID: > > Has anybody translated the ver. 1.2 schemas to ver. 2.0.1 schemas? > > Assuming somebody has, I'd appreciate greatly if they would send them on > > and maybe any additional schemas that might be useful for Samba TNG2.6!? > > All schema files provided with openldap 1.2 made it to 2.0 as far as I > know. > Are you referring to other schema files? Yes. The schemas I was using can be found at Ignacio Coupeau's site (see URL below). Can anybody do a quick translation of these into 2.0.x format!? http://www.unav.es/cti/ldap-smb/ldap-smb-TNG-howto.html#sldap.oc.conf Cheers, -Ross From business at ours.com Wed Sep 13 15:43:12 2000 From: business at ours.com (Diran Afarian) Date: Tue Dec 2 02:31:25 2003 Subject: Samba on Cobalt RaQ2 and NT Message-ID: <4.3.1.2.20000913082528.00e6c970@207.158.208.167> Hello, I got Samba going on our Cobalt RaQ2 by following directions at the link below, I got it to show up in my network neighborhood on my NT 4 (on the LAN), but I just couldn't get it to accept the permissions. I did the Product_raq.pm both with '0' and '1' but it still doesn't recognize the username or the password. Does anyone know how I can possibly get over this last step ? I tried the "admin" username and "password", I tried setting up a new user and password, it just won't let me in. Here is the link I used to get my information to set it up on the cobalt: http://www.cobalt.com/support/kb/search.php3?ques=nfs&qid=4&language=1 Thanks in advance, Diran Thank you, Diran Afarian ----------------------- You should join alladvantage and get paid 50 cents per hour of every hour you surf and 10 cents for everyone that you can get to join and so on. click at the link below and you are on your way. http://www.alladvantage.com/go.asp?refid=JGH767 If it doesn't work and you go directly to the site, please use my Member ID# JGH767 to enter in the field at the bottom of the sign up form page. If you want, email me and I will explain the system to you. it is simple and it pays. click here to ask me: mailto:diran@ours.com From samba at ours.com Wed Sep 13 15:44:04 2000 From: samba at ours.com (samba@ours.com) Date: Tue Dec 2 02:31:25 2003 Subject: Samba on Cobalt RaQ2 and NT Message-ID: <4.3.1.2.20000913084330.00e682f0@207.158.208.167> Hello, I got Samba going on our Cobalt RaQ2 by following directions at the link below, I got it to show up in my network neighborhood on my NT 4 (on the LAN), but I just couldn't get it to accept the permissions. I did the Product_raq.pm both with '0' and '1' but it still doesn't recognize the username or the password. Does anyone know how I can possibly get over this last step ? I tried the "admin" username and "password", I tried setting up a new user and password, it just won't let me in. Here is the link I used to get my information to set it up on the cobalt: http://www.cobalt.com/support/kb/search.php3?ques=nfs&qid=4&language=1 Thanks in advance, Diran From jnp at myoc.net Wed Sep 13 15:23:50 2000 From: jnp at myoc.net (Jnp) Date: Tue Dec 2 02:31:25 2003 Subject: win2k & smb In-Reply-To: References: <39B73B33.BF11199A@xavier.sa.edu.au> Message-ID: <4.2.0.58.20000913081645.00ac0350@mrgates.myoc.net> > > You cannot use Samba 2.x as a PDC for WinNT /Win2k > > > > Matt At 09:27 AM 9/7/00 +0100, Eoin Verling wrote: >Whaooo ... hang on. I'm using Samba 2.0.7 as a PDC for WinNT clients. > >What you need to do is create machine accounts for the NT clients, on the >samba machine (see the docs on the web site for how to do it) ... then >create user accounts on the samba machine, then set your NT client to >connect to your domain (whatever domain you decided in your smb.conf) and >that's it! >I haven't checked win2k, but am about to. >E I use samba 2.0.7 as a PDC for win NT clients in a production environment with over 100 workstations. I am looking into win2k also. The Samba Black Book says it is possible, but you have to use plain text passwords, and to the registry hack in [hkey_local_mackine\system\currentcontrolset\services\lanmanworkstation\para meters] Add: EnablePlainTextPassword and set dword to 00000001 The latest samba dist includes this as a reg file, so the book says. Eoin, if you get it working, please let me know, thanks! -- John From ross at csn.ul.ie Wed Sep 13 17:12:49 2000 From: ross at csn.ul.ie (Ross Davis) Date: Tue Dec 2 02:31:25 2003 Subject: OpenLDAP2.0.1/SAMBA schemas In-Reply-To: <39BFB045.D2DB4DD6@unav.es> Message-ID: > The next week we are planning to test the Open-ldap 2.0.1... From Kurt at OpenLDAP.org Wed Sep 13 17:26:49 2000 From: Kurt at OpenLDAP.org (Kurt D. Zeilenga) Date: Tue Dec 2 02:31:25 2003 Subject: OpenLDAP2.0.1/SAMBA schemas In-Reply-To: References: <39BFB045.D2DB4DD6@unav.es> Message-ID: <5.0.0.25.0.20000913102224.00a71720@router.boolean.net> At 06:12 PM 9/13/00 +0100, Ross Davis wrote: >> The next week we are planning to test the Open-ldap 2.0.1... > >>From what I've read you need OIDs for the SAMBA objectclasses, correct? Yes, all LDAPv3 schema elements must be assigned a globally unique object identifier (OID). >If so I wonder will they be given OIDs by SAMBA or OpenLDAP teams at a later >stage (or do you have to assign them yourself)!? It's the responsibility of the schema developer to obtain necessary OIDs. The schema developer can obtain these from anyone willing to assign/delegate OIDs to the developer. Normally the developer obtains a set which are under >And if OIDs are needed >does SAMBA not have to be able to handle this? (I have practically zero >knowledge of OIDs and their use, so, will somebody put me straight if I'm >wrong here?). Also, are there OIDs one can use for testing purposes? You can assign OIDs under your control for any purpose, including testing. From Kurt at OpenLDAP.org Wed Sep 13 17:40:49 2000 From: Kurt at OpenLDAP.org (Kurt D. Zeilenga) Date: Tue Dec 2 02:31:25 2003 Subject: OpenLDAP2.0.1/SAMBA schemas Message-ID: <5.0.0.25.0.20000913102819.00a72eb0@router.boolean.net> I hit the "send" button prior to completing my response. Sorry about that. This completes my response. Basically, the schema developer needs to obtain OIDs for their use. How they obtain them is quite organization specific. The schema developer, of course, can view themselves as an independent organization and obtain an OID arch for their use. There are multiple sources of such OIDs, IANA is a popular source (because they are free and easy). As far as which OIDs are used for a specification, it doesn't rightly matter as long as the assignment is permanent. (OID assignment is meant to be permanent, but some times isn't). Fictitious OIDs should not be used under any circumstances. In the case of a Samba developed LDAP schema, I would assume that the Samba organization would assign an OID for this use. If the Samba organization needs a OID, one can be easily obtained. See FAQ and/or OpenLDAP 2.0 Administrator Guide for details. OpenLDAP does have an OID for it's use, but we're not in the OID assignment business. IANA is. Kurt From awilliam at whitemice.org Wed Sep 13 17:43:42 2000 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:31:25 2003 Subject: win2k & smb In-Reply-To: <4.2.0.58.20000913081645.00ac0350@mrgates.myoc.net> Message-ID: > > > You cannot use Samba 2.x as a PDC for WinNT /Win2k Samba 2.0.7 will work as a rudimentary PDC for NT4.x > I use samba 2.0.7 as a PDC for win NT clients in a production environment > with over 100 workstations. I am looking into win2k also. The Samba Black > Book says it is possible, but you have to use plain text passwords, and to > the registry hack in > [hkey_local_mackine\system\currentcontrolset\services\lanmanworkstation\para > meters] > Add: EnablePlainTextPassword and set dword to 00000001 The latest samba > dist includes this as a reg file, so the book says. Eoin, if you get it > working, please let me know, thanks! Eh? PDC functionality REQUIRES encrypted passwords. Disable encrypted password, and Samba won't be a PDC for NT4.x. Samba 2.0.7 will NOT work as a PDC for WinY2K in any case. From kris.ozzy at lineone.net Wed Sep 13 20:41:47 2000 From: kris.ozzy at lineone.net (Kristyan Osborne) Date: Tue Dec 2 02:31:25 2003 Subject: Password changing Message-ID: <01C01DC3.0A3A8750.kris.ozzy@lineone.net> Hi, Does anyone know if it is possible to force a password change on login on a NT4 WS, when the PDC is a 2.0.7 samba server. ------------- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. begin 600 WINMAIL.DAT M>)\^(C$4`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <` M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`0V ! `"`````@`"``$$ MD 8`F $```$````0`````P``, (````+``\.``````(!_P\!````:0`````` M``"U.\+ +'<0&J&\" `K*E;"%0```/N)``$P`0````@````G M``,`2@$!"8 !`"$```!#,34Y.#$Y0D(Q.#E$-#$Q04)"-C P-3!"04%!-C0P M1 `G!P$#D 8`" 4``" ````+``(``0````L`(P```````P`F```````+`"D` M``````,`-@``````0 `Y`+!PV0C#'< !'@!P``$````6````4F4Z(%!A# $````%````4TU44 `````>`!\,`0```!8```!KGE ;&EN96]N92YN970````#``80Y8E-X@,`!Q!#`0``'@`($ $```!E```` M2$DL1$]%4T%.64].14M.3U=)1DE425-03U-324),151/1D]20T5!4$%34U=/ M4D1#2$%.1T5/3DQ/1TE.3TY!3E0T5U,L5TA%3E1(15!$0TE303(P-U-!34)! M4T525D52+2TM+0`````"`0D0`0```/0!``#P`0``BP(``$Q:1G4F!1XA`P`* M`')C<&06P9" 0\0\@%I "(" ="0!G"X 9PABP3E0T@"!74RP@=V@)\,,8$!M (%!$ M0Q=2&+ `,BXP+C<@?DB8&5M&R %$ ) &U$G5+XT)J0# M8!B !! %L6(B0/YA*@\F(2:4!: ?\!9!&R']&#!C`' 6P 5 (F ``!2 "" &``````# ````````1@````!4A0```0`` M``4````X+C R``````L`&( (( 8``````, ```````!&``````Z%```````` M`P`:@ @@!@``````P ```````$8`````&(4````````>`"F "" &``````# M````````1@`````VA0```0````$`````````'@`J@ @@!@``````P `````` M`$8`````-X4```$````!`````````!X`*X (( 8``````, ```````!&```` K`#B%```!`````0`````````>`#T``0````$``````````P`--/TW```6```` ` end From kevinc at grainsystems.com Wed Sep 13 20:28:14 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:25 2003 Subject: Password changing References: <01C01DC3.0A3A8750.kris.ozzy@lineone.net> Message-ID: <39BFE35E.1616603C@grainsystems.com> Kristyan Osborne wrote: > > Does anyone know if it is possible to force a password change on login > on a NT4 WS, when the PDC is a 2.0.7 samba server. Well, the last time this was asked, I said I recalled it being a function of the password storage mechanism, not the server process. I understood that the smbpasswd file did not support this, and thereby Samba did not normally. I think I heard that if you were using an LDAP backend you _might_ be able to trigger this, but I can't confirm this. No ever corrected me the last time I said this, so if this is wrong, I hope someone will speak up now. - Kevin Colby kevinc@grainsystems.com From alex at milton.king.net.nz Wed Sep 13 22:08:48 2000 From: alex at milton.king.net.nz (Alex King) Date: Tue Dec 2 02:31:25 2003 Subject: Win98 Shutdown problems In-Reply-To: <20000913190124.66CC332487@us4.samba.org>; from samba-ntdom-request@lists.samba.org on Wed, Sep 13, 2000 at 12:01:24PM -0700 References: <20000913190124.66CC332487@us4.samba.org> Message-ID: <20000914100848.B16065@milton.king.net.nz> We have a problem with Win98 clients not shutting down properly. We are running samba at ~40 isolated sites, a mixture of 2.07 and 2.05a on intel debian systems. There are usually less than 10 clients at each site. The clients are set up to log on to an NT domain, and they run a script generated by the server to mount between 3 and 8 shares from the server, depending on their group membership. Ie, NET USE N: //SERVER/NETWORK etc. I'd be interested to hear from people who are using Win98/samba in similar setups and whether they are having similar shutdown problems. Does anyone have any experience at troubleshooting this kind of problem? Where should I look? I've already searched mailing lists etc, and I'd really appreciate a pointer in the right direction. The problem seems to affect both Win98 and Win98SE, and the Win98SSE shutdown supliment fix/patch thing doesn't help. It is intermittant, but happems more often than not. I've noticed that logging off on a W98 machine and then shutting down with C-A-D and clicking shutown seems to increase the likelyhood of a clean shutdown, but this doesn't allways work. It seems to be due to the interaction between samba and Win98, because the macines in question shut down ok if they are isolated from the network. This shutdown problem is a serious problem for me, I'd be willing to put significant effort into fixing it (even looking into the code) I realise that the problem is likely be Win98 more than samba, but if there is anything I can do to work around it I need to do it. The servers have a mixture of network cards, 3c905, eepro, rtl8138 etc. The clients are a mixture also, but we have many (cough) presarios with realtek 8139 chipset ethernet cards. ; /etc/smb.conf [global] debug level = 2 printing = bsd printcap name = /etc/printcap hide files = AppleVolumes load printers = yes guest account = nobody invalid users = root security = user workgroup = WORKGROUP server string = %h server (Samba %v) socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 encrypt passwords = yes smbpasswd file = /etc/smbpasswd wins support = yes os level = 65 domain master = yes local master = yes preferred master = yes logon script = scripts\%U.bat logon path = \\%N\profiles\%U logon drive = H: logon home = "\\%N\%U" dns proxy = no preserve case = yes short preserve case = yes domain logons = yes unix password sync = True passwd program = /usr/bin/passwd %u passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n *Password\schanged.* . [homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 [profiles] comment = User Profiles browseable = yes writeable = yes path = /var/samba/profiles read only = no create mask = 0700 directory mask = 700 root preexec = /var/samba/bin/create-profile %U [netlogon] path = /var/samba/netlogon writeable = no guest ok = no root preexec = /var/samba/bin/makelogonscript %U %m [network] comment = comon folder writable = yes path = /var/samba/network create mask = 777 directory mask = 777 ; other shares follow.... From devin at hdinfo.com Wed Sep 13 22:53:54 2000 From: devin at hdinfo.com (Devin Gibson) Date: Tue Dec 2 02:31:26 2003 Subject: plain text password Message-ID: <5.0.0.25.0.20000913175315.0234f260@hdinfo.com> Anybody know the plain text password fix for Windows 2000? Is it the same registry key? Devin Gibson MIS Coordinator Health Data, Inc. Health Information Designs, Inc. (334)821-0947 x29 fax (334)502-6589 From mgeddes at xavier.sa.edu.au Wed Sep 13 23:20:27 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:26 2003 Subject: Win98 Shutdown problems References: <20000913190124.66CC332487@us4.samba.org> <20000914100848.B16065@milton.king.net.nz> Message-ID: <39C00BBB.D2FB2FF@xavier.sa.edu.au> Alex King wrote: > This shutdown problem is a serious problem for me, I'd be willing to put > significant effort into fixing it (even looking into the code) I realise > that the problem is likely be Win98 more than samba, but if there is > anything I can do to work around it I need to do it. > You can't look at the code. Windows 98 is a closed source product. There are a number of issues with Windows 98 not shutting down, try installing all of the relevant Microsoft patches. This is not a Samba problem, but a problem with your client. Apparently setting the "Assign IRQ to VGA" option in the CMOS helps. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From njsain at deer.oursc.k12.ar.us Wed Sep 13 22:03:03 2000 From: njsain at deer.oursc.k12.ar.us (Nathan Sain) Date: Tue Dec 2 02:31:26 2003 Subject: OpenLDAP2.0.1/SAMBA schemas In-Reply-To: <39BE4194.C15AC408@valinux.com> References: <39BE4194.C15AC408@valinux.com> Message-ID: <2447.192.168.1.132.968882583.squirrel@deer.oursc.k12.ar.us> I hope no one minds if I chime in with a few questions. It has been several months since i have monitored this list, but to me it appears: The HEAD brance as apposed to the TNG brance is the main focus for ldap development? What is the current status of the HEAD ldap support; is it better than TNG's Are you using the nt5 schema (I can't remember where I found it, tho I beleve it was on the samba-ldap-howto)? I am currently running a samba-ldap domain with mixed nt/98 workstations (about 50), with the oct 1999 ldap HEAD cvs code. I am using ldap 1.2.9 and am looking to update this system but am unsure about compability with ldap 2.1 and samba. I am more than willing to test configurations and work, just out of the loop. Nathan Sain > Ross Davis wrote: > > > > Lo all, > > > > Has anybody translated the ver. 1.2 schemas to ver. > > 2.0.1 schemas? Assuming somebody has, I'd appreciate > > greatly if they would send them on and maybe any > > additional schemas that might be useful for Samba TNG2.6!? > > We (myself and Jean Francois, et. al) are currently working > on providing stable LDAP support in HEAD. Stay tuned (and feel > free to chime in). The plans are to come up with the initial > design andthen post to samba-technical for comments. > > > > > > > Cheers, jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com > http://www.samba.org SAMBA Team jerry@samba.org > http://www.eng.auburn.edu/~cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From mgeddes at xavier.sa.edu.au Wed Sep 13 23:28:03 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:26 2003 Subject: Password changing References: <01C01DC3.0A3A8750.kris.ozzy@lineone.net> <39BFE35E.1616603C@grainsystems.com> Message-ID: <39C00D83.554C80CA@xavier.sa.edu.au> Kevin Colby wrote: > > Kristyan Osborne wrote: > > > > Does anyone know if it is possible to force a password change on login > > on a NT4 WS, when the PDC is a 2.0.7 samba server. > > Well, the last time this was asked, I said I recalled it being a > function of the password storage mechanism, not the server process. > I understood that the smbpasswd file did not support this, and > thereby Samba did not normally. I think I heard that if you were > using an LDAP backend you _might_ be able to trigger this, but > I can't confirm this. > > No ever corrected me the last time I said this, so if this is > wrong, I hope someone will speak up now. I am unsure about stable samba, but using LDAP with Samba TNG does work. -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From brandon at sci.brooklyn.cuny.edu Wed Sep 13 23:21:47 2000 From: brandon at sci.brooklyn.cuny.edu (Brandon) Date: Tue Dec 2 02:31:26 2003 Subject: OpenLDAP2.0.1/SAMBA schemas Message-ID: <200009132321.TAA14785@sci.brooklyn.cuny.edu> >I am currently running a samba-ldap domain with mixed nt/98 workstations >(about 50), with the oct 1999 ldap HEAD cvs code. I am using ldap 1.2.9 and >am looking to update this system but am unsure about compability with ldap >2.1 and samba. I am more than willing to test configurations and work, just >out of the loop. To get openldap-2.0.1 to work with samba. 2.0.1 requires schema files for eveything and as far as I know, no-one has written schema files for the old schema. The nt5 schema is included in the ldap 2.0.1 schema dir but it needs some conversion to get openldap to load it (it has single quotes around all of the OIDs which openldap doesn't seem to like). I've managed to get basic authentication to work with the old schema but haven't really had much time to create a proper schema file that works. From jvonau at home.com Wed Sep 13 23:26:14 2000 From: jvonau at home.com (Jerry Vonau) Date: Tue Dec 2 02:31:26 2003 Subject: Win98 Shutdown problems References: <20000913190124.66CC332487@us4.samba.org> <20000914100848.B16065@milton.king.net.nz> Message-ID: <39C00D16.DD7A65E0@home.com> Check the MS website, there is a update that deals with that very issue for 98SE Jerry Vonau Network Admininistrator Winnipeg Motor Express Alex King wrote: > We have a problem with Win98 clients not shutting down properly. We are > running samba at ~40 isolated sites, a mixture of 2.07 and 2.05a on intel > debian systems. There are usually less than 10 clients at each site. > > The clients are set up to log on to an NT domain, and they run a script > generated by the server to mount between 3 and 8 shares from the server, > depending on their group membership. Ie, NET USE N: //SERVER/NETWORK etc. > > I'd be interested to hear from people who are using Win98/samba in similar > setups and whether they are having similar shutdown problems. > > Does anyone have any experience at troubleshooting this kind of problem? > Where should I look? I've already searched mailing lists etc, and I'd > really appreciate a pointer in the right direction. > > The problem seems to affect both Win98 and Win98SE, and the Win98SSE > shutdown supliment fix/patch thing doesn't help. It is intermittant, but > happems more often than not. I've noticed that logging off on a W98 > machine and then shutting down with C-A-D and clicking shutown seems to > increase the likelyhood of a clean shutdown, but this doesn't allways work. > It seems to be due to the interaction between samba and Win98, because the > macines in question shut down ok if they are isolated from the network. > > This shutdown problem is a serious problem for me, I'd be willing to put > significant effort into fixing it (even looking into the code) I realise > that the problem is likely be Win98 more than samba, but if there is > anything I can do to work around it I need to do it. > > The servers have a mixture of network cards, 3c905, eepro, rtl8138 etc. > The clients are a mixture also, but we have many (cough) presarios with > realtek 8139 chipset ethernet cards. > > ; /etc/smb.conf > > [global] > debug level = 2 > printing = bsd > printcap name = /etc/printcap > hide files = AppleVolumes > load printers = yes > guest account = nobody > invalid users = root > security = user > workgroup = WORKGROUP > server string = %h server (Samba %v) > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 > encrypt passwords = yes > smbpasswd file = /etc/smbpasswd > wins support = yes > os level = 65 > domain master = yes > local master = yes > preferred master = yes > logon script = scripts\%U.bat > logon path = \\%N\profiles\%U > logon drive = H: > logon home = "\\%N\%U" > dns proxy = no > preserve case = yes > short preserve case = yes > domain logons = yes > unix password sync = True > passwd program = /usr/bin/passwd %u > passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n > *Password\schanged.* . > > [homes] > comment = Home Directories > browseable = no > read only = no > create mask = 0700 > directory mask = 0700 > > [profiles] > comment = User Profiles > browseable = yes > writeable = yes > path = /var/samba/profiles > read only = no > create mask = 0700 > directory mask = 700 > root preexec = /var/samba/bin/create-profile %U > > [netlogon] > path = /var/samba/netlogon > writeable = no > guest ok = no > root preexec = /var/samba/bin/makelogonscript %U %m > > [network] > comment = comon folder > writable = yes > path = /var/samba/network > create mask = 777 > directory mask = 777 > > ; other shares follow.... From jvonau at home.com Wed Sep 13 23:37:28 2000 From: jvonau at home.com (Jerry Vonau) Date: Tue Dec 2 02:31:26 2003 Subject: Win98 Shutdown problems References: <20000913190124.66CC332487@us4.samba.org> <20000914100848.B16065@milton.king.net.nz> <39C00D16.DD7A65E0@home.com> Message-ID: <39C00FB8.34FEF1FE@home.com> Sorry, didn't read all the way through. If you manualy un-map the drives first does it shutdown clean? Are the profiles getting copied back to the PDC? Jerry Jerry Vonau wrote: > Check the MS website, there is a update that deals with that very issue for 98SE > > Jerry Vonau > Network Admininistrator > Winnipeg Motor Express > > Alex King wrote: > > > We have a problem with Win98 clients not shutting down properly. We are > > running samba at ~40 isolated sites, a mixture of 2.07 and 2.05a on intel > > debian systems. There are usually less than 10 clients at each site. > > > > The clients are set up to log on to an NT domain, and they run a script > > generated by the server to mount between 3 and 8 shares from the server, > > depending on their group membership. Ie, NET USE N: //SERVER/NETWORK etc. > > > > I'd be interested to hear from people who are using Win98/samba in similar > > setups and whether they are having similar shutdown problems. > > > > Does anyone have any experience at troubleshooting this kind of problem? > > Where should I look? I've already searched mailing lists etc, and I'd > > really appreciate a pointer in the right direction. > > > > The problem seems to affect both Win98 and Win98SE, and the Win98SSE > > shutdown supliment fix/patch thing doesn't help. It is intermittant, but > > happems more often than not. I've noticed that logging off on a W98 > > machine and then shutting down with C-A-D and clicking shutown seems to > > increase the likelyhood of a clean shutdown, but this doesn't allways work. > > It seems to be due to the interaction between samba and Win98, because the > > macines in question shut down ok if they are isolated from the network. > > > > This shutdown problem is a serious problem for me, I'd be willing to put > > significant effort into fixing it (even looking into the code) I realise > > that the problem is likely be Win98 more than samba, but if there is > > anything I can do to work around it I need to do it. > > > > The servers have a mixture of network cards, 3c905, eepro, rtl8138 etc. > > The clients are a mixture also, but we have many (cough) presarios with > > realtek 8139 chipset ethernet cards. > > > > ; /etc/smb.conf > > > > [global] > > debug level = 2 > > printing = bsd > > printcap name = /etc/printcap > > hide files = AppleVolumes > > load printers = yes > > guest account = nobody > > invalid users = root > > security = user > > workgroup = WORKGROUP > > server string = %h server (Samba %v) > > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 > > encrypt passwords = yes > > smbpasswd file = /etc/smbpasswd > > wins support = yes > > os level = 65 > > domain master = yes > > local master = yes > > preferred master = yes > > logon script = scripts\%U.bat > > logon path = \\%N\profiles\%U > > logon drive = H: > > logon home = "\\%N\%U" > > dns proxy = no > > preserve case = yes > > short preserve case = yes > > domain logons = yes > > unix password sync = True > > passwd program = /usr/bin/passwd %u > > passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n > > *Password\schanged.* . > > > > [homes] > > comment = Home Directories > > browseable = no > > read only = no > > create mask = 0700 > > directory mask = 0700 > > > > [profiles] > > comment = User Profiles > > browseable = yes > > writeable = yes > > path = /var/samba/profiles > > read only = no > > create mask = 0700 > > directory mask = 700 > > root preexec = /var/samba/bin/create-profile %U > > > > [netlogon] > > path = /var/samba/netlogon > > writeable = no > > guest ok = no > > root preexec = /var/samba/bin/makelogonscript %U %m > > > > [network] > > comment = comon folder > > writable = yes > > path = /var/samba/network > > create mask = 777 > > directory mask = 777 > > > > ; other shares follow.... From graham.mitchell at adelaide.edu.au Thu Sep 14 00:05:43 2000 From: graham.mitchell at adelaide.edu.au (Graham Mitchell) Date: Tue Dec 2 02:31:26 2003 Subject: Win98 Shutdown problems References: <20000913190124.66CC332487@us4.samba.org> <20000914100848.B16065@milton.king.net.nz> Message-ID: <39C01657.62A44765@adelaide.edu.au> Check article number Q238096 at the MS website: http://www.support.microsoft.com/support/kb/articles/Q238/0/96.ASP I've had similar problems which were not Samba related. Installing the latest NIC driver on the Win98 end cured one of them. Graham Alex King wrote: > We have a problem with Win98 clients not shutting down properly. We are > running samba at ~40 isolated sites, a mixture of 2.07 and 2.05a on intel > debian systems. There are usually less than 10 clients at each site. > > The clients are set up to log on to an NT domain, and they run a script > generated by the server to mount between 3 and 8 shares from the server, > depending on their group membership. Ie, NET USE N: //SERVER/NETWORK etc. > > I'd be interested to hear from people who are using Win98/samba in similar > setups and whether they are having similar shutdown problems. > > Does anyone have any experience at troubleshooting this kind of problem? > Where should I look? I've already searched mailing lists etc, and I'd > really appreciate a pointer in the right direction. > > The problem seems to affect both Win98 and Win98SE, and the Win98SSE > shutdown supliment fix/patch thing doesn't help. It is intermittant, but > happems more often than not. I've noticed that logging off on a W98 > machine and then shutting down with C-A-D and clicking shutown seems to > increase the likelyhood of a clean shutdown, but this doesn't allways work. > It seems to be due to the interaction between samba and Win98, because the > macines in question shut down ok if they are isolated from the network. > > This shutdown problem is a serious problem for me, I'd be willing to put > significant effort into fixing it (even looking into the code) I realise > that the problem is likely be Win98 more than samba, but if there is > anything I can do to work around it I need to do it. > > The servers have a mixture of network cards, 3c905, eepro, rtl8138 etc. > The clients are a mixture also, but we have many (cough) presarios with > realtek 8139 chipset ethernet cards. > > ; /etc/smb.conf > > [global] > debug level = 2 > printing = bsd > printcap name = /etc/printcap > hide files = AppleVolumes > load printers = yes > guest account = nobody > invalid users = root > security = user > workgroup = WORKGROUP > server string = %h server (Samba %v) > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 > encrypt passwords = yes > smbpasswd file = /etc/smbpasswd > wins support = yes > os level = 65 > domain master = yes > local master = yes > preferred master = yes > logon script = scripts\%U.bat > logon path = \\%N\profiles\%U > logon drive = H: > logon home = "\\%N\%U" > dns proxy = no > preserve case = yes > short preserve case = yes > domain logons = yes > unix password sync = True > passwd program = /usr/bin/passwd %u > passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n > *Password\schanged.* . > > [homes] > comment = Home Directories > browseable = no > read only = no > create mask = 0700 > directory mask = 0700 > > [profiles] > comment = User Profiles > browseable = yes > writeable = yes > path = /var/samba/profiles > read only = no > create mask = 0700 > directory mask = 700 > root preexec = /var/samba/bin/create-profile %U > > [netlogon] > path = /var/samba/netlogon > writeable = no > guest ok = no > root preexec = /var/samba/bin/makelogonscript %U %m > > [network] > comment = comon folder > writable = yes > path = /var/samba/network > create mask = 777 > directory mask = 777 > > ; other shares follow.... From johan.ostensson at orebro.lantmen.se Thu Sep 14 05:44:56 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:31:26 2003 Subject: Win98 Shutdown problems Message-ID: <20000914054552.CA425659820@au2.samba.org> I had thid problem with a client a few months ago on a HP laptop. It turned out to be problems with the powersaving features of win98. With everythinh disabled it it worked as it should. Problem was that on a laptop those features could be useful sometimes... /johan > -----Ursprungligt meddelande----- > Fr?n: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Skickat: den 14 september 2000 01:50 > Till: johan.ostensson@orebro.lantmen.se; Alex King > Kopia: samba-ntdom@us4.samba.org > ?mne: Re: Win98 Shutdown problems > > > Alex King wrote: > > > This shutdown problem is a serious problem for me, I'd be > willing to put > > significant effort into fixing it (even looking into the > code) I realise > > that the problem is likely be Win98 more than samba, but if there is > > anything I can do to work around it I need to do it. > > > > You can't look at the code. Windows 98 is a closed source > product. There > are a number of issues with Windows 98 not shutting down, try > installing > all of the relevant Microsoft patches. This is not a Samba > problem, but > a problem with your client. Apparently setting the "Assign IRQ to VGA" > option in the CMOS helps. > > Matt > > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA > > ...And by the way, Lars Kneschke's Samba TNG FAQ is at > http://www.kneschke.de/projekte/samba_tng/faq/index.php3 > From everling at comnitel.com Thu Sep 14 10:40:38 2000 From: everling at comnitel.com (Eoin Verling) Date: Tue Dec 2 02:31:26 2003 Subject: win2k & smb In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > > > You cannot use Samba 2.x as a PDC for WinNT /Win2k > > Samba 2.0.7 will work as a rudimentary PDC for NT4.x > > > Add: EnablePlainTextPassword and set dword to 00000001 The > latest samba > > dist includes this as a reg file, so the book says. Eoin, if > you get it > > working, please let me know, thanks! > > Eh? PDC functionality REQUIRES encrypted passwords. Disable > encrypted password, and Samba won't be a PDC for NT4.x. Samba > 2.0.7 will NOT work as a PDC for WinY2K in any case. > Ok, I just tested Windows 2000, logging into 2.0.7 PDC domain, and it worked!!!! I know people have said it doesn't, but I did just this minute!! I didn't change the passwords encryption, didn't change my smb.conf (from when I used it for NT logons), the only thin I did do was an upgrade to Windows 2000 from NT (as opposed to a clean install). So at the CTRL/ALT/DEL login, I put in my samba user/pass/domain and away she goes. just thought some would like to know E - - -- _ Eoin Verling _/ \_ 2200 Cork Airport Business Park, SysAdmin / \_/ \ Kinsale Rd., Cork, Ireland. Comnitel Technologies \_/ \_/ Ph: +353 21 7305608 everling@comnitel.com \_/ Fax: +353 21 7305624 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOcCrGX0HaJ33kvVEEQJKHQCgk2/Am/KX1nxzssTuAUbcjDYqU5IAn3N0 kGiSzE5n6ZBUYrvaqcc5Tc6P =i3av -----END PGP SIGNATURE----- From pglemos at ufp.pt Thu Sep 14 10:54:25 2000 From: pglemos at ufp.pt (Paulo Gens Lemos) Date: Tue Dec 2 02:31:26 2003 Subject: Domain Maps Message-ID: <39C0AE61.A003A0BC@ufp.pt> Hi, I am runing samba 207 PDC and want to map the unix users and groups to windows users and groups. I added the following lines to the smb.conf file: domain group map = /usr/local/samba/lib/domaingroup.map local group map = /usr/local/samba/lib/localgroup.map domain user map = /usr/local/samba/lib/domainuser.map then created the files in /lib restarted the smbd The log.smb file reports: Unknown parameter encoutered: "domain group map" ( the same for the other two parameters ) These were the instructions of the Domain NT FAQ in the samba.org web site. What is wrong with it? Thanks Paulo Lemos From Jean-Francois.Micouleau at dalalu.fr Thu Sep 14 11:42:05 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:26 2003 Subject: win2k & smb In-Reply-To: Message-ID: On Thu, 14 Sep 2000, Eoin Verling wrote: > Ok, I just tested Windows 2000, logging into 2.0.7 PDC domain, and it > worked!!!! > > I know people have said it doesn't, but I did just this minute!! I > didn't change the passwords encryption, didn't change my smb.conf > (from when I used it for NT logons), the only thin I did do was an > upgrade to Windows 2000 from NT (as opposed to a clean install). So > at the CTRL/ALT/DEL login, I put in my samba user/pass/domain and > away she goes. > > just thought some would like to know true. What's missing in 2.0.X or HEAD, is the code to make the NT2K join the domain. J.F. From rszczesniak at mis.com.pl Thu Sep 14 11:20:37 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:26 2003 Subject: Domain Maps Message-ID: I had same problem (some time ago). Such error occurs, because stable Samba (2.0.7) doesn't support user and group name mapping. To make use of these params, you have to use Samba HEAD or Samba TNG (both unstable). As far as I know, support for mapping names is not yet implemented in stable Samba. Domain NT FAQ on www.samba.org touches Samba HEAD, mostly. Rafa? Szcze?niak Paulo Gens Lemos Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-14 12:54 Do: Samba DW: Temat: Domain Maps Hi, I am runing samba 207 PDC and want to map the unix users and groups to windows users and groups. I added the following lines to the smb.conf file: domain group map = /usr/local/samba/lib/domaingroup.map local group map = /usr/local/samba/lib/localgroup.map domain user map = /usr/local/samba/lib/domainuser.map then created the files in /lib restarted the smbd The log.smb file reports: Unknown parameter encoutered: "domain group map" ( the same for the other two parameters ) These were the instructions of the Domain NT FAQ in the samba.org web site. What is wrong with it? Thanks Paulo Lemos From simo.sorce at polimi.it Thu Sep 14 13:58:07 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:26 2003 Subject: win2k & smb References: Message-ID: <39C0D96F.FCCFD312@polimi.it> Eoin Verling wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > > > You cannot use Samba 2.x as a PDC for WinNT /Win2k > > > > Samba 2.0.7 will work as a rudimentary PDC for NT4.x > > > > > Add: EnablePlainTextPassword and set dword to 00000001 The > > latest samba > > > dist includes this as a reg file, so the book says. Eoin, if > > you get it > > > working, please let me know, thanks! > > > > Eh? PDC functionality REQUIRES encrypted passwords. Disable > > encrypted password, and Samba won't be a PDC for NT4.x. Samba > > 2.0.7 will NOT work as a PDC for WinY2K in any case. > > > > Ok, I just tested Windows 2000, logging into 2.0.7 PDC domain, and it > worked!!!! > > I know people have said it doesn't, but I did just this minute!! I > didn't change the passwords encryption, didn't change my smb.conf > (from when I used it for NT logons), the only thin I did do was an > upgrade to Windows 2000 from NT (as opposed to a clean install). So > at the CTRL/ALT/DEL login, I put in my samba user/pass/domain and > away she goes. > > just thought some would like to know > The problem is that whenever you will have to rejoin the domain you will have to reinstall NT4, join and then upgrade again to win2k :( Too bad. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Thu Sep 14 14:02:42 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:26 2003 Subject: Domain Maps References: Message-ID: <39C0DA82.F8E68E7A@polimi.it> rszczesniak@mis.com.pl wrote: > > I had same problem (some time ago). > Such error occurs, because stable Samba (2.0.7) doesn't support user and > group name mapping. > To make use of these params, you have to use Samba HEAD or Samba TNG (both > unstable). They are not necessarily unstable but alpha quality software, this means that they may work well with certain configuration and not work at all with others, as the current situation is. Some people use TNG in production environments, others are unable to ever compile it, just give a try if you really can't stay with these feature, but carefully test before putting in a production environment. > As far as I know, support for mapping names is not yet implemented in > stable Samba. > > Domain NT FAQ on www.samba.org touches Samba HEAD, mostly. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From rszczesniak at mis.com.pl Thu Sep 14 12:37:50 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:26 2003 Subject: Domain Maps Message-ID: Simo Sorce Wys?ane przez: sorce@mister.cdc.polimi.it 00-09-14 16:02 Do: rszczesniak@mis.com.pl DW: Samba NT-DOM list Temat: Re: Domain Maps rszczesniak@mis.com.pl wrote: > > I had same problem (some time ago). > Such error occurs, because stable Samba (2.0.7) doesn't support user and > group name mapping. > To make use of these params, you have to use Samba HEAD or Samba TNG (both > unstable). > They are not necessarily unstable but alpha quality software, this means > that they may work well with certain configuration and not work at all > with others, as the current situation is. Yes, of course. I meant "status: unstable", when I wrote this. I personally use combination head/tng branch in my mini (2 computers) network, and it works just fine. BTW: 1. How can I change root password from samedit ? 2. Does changing unix file permissions/ownership work from nt side ? 3. Can I set trust relationship to other nt domain ? Except of these, I don't have significant problems. > Some people use TNG in production environments, others are unable to > ever compile it, just give a try if you really can't stay with these > feature, but carefully test before putting in a production environment. > As far as I know, support for mapping names is not yet implemented in > stable Samba. > > Domain NT FAQ on www.samba.org touches Samba HEAD, mostly. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Thu Sep 14 16:06:23 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:26 2003 Subject: Domain Maps References: Message-ID: <39C0F77F.C11378A1@polimi.it> rszczesniak@mis.com.pl wrote: > > Simo Sorce > Wys?ane przez: sorce@mister.cdc.polimi.it > 00-09-14 16:02 > > > Do: rszczesniak@mis.com.pl > DW: Samba NT-DOM list > Temat: Re: Domain Maps > > rszczesniak@mis.com.pl wrote: > > > > I had same problem (some time ago). > > Such error occurs, because stable Samba (2.0.7) doesn't support user and > > group name mapping. > > To make use of these params, you have to use Samba HEAD or Samba TNG > (both > > unstable). > > > They are not necessarily unstable but alpha quality software, this means > > that they may work well with certain configuration and not work at all > > with others, as the current situation is. > > Yes, of course. I meant "status: unstable", when I wrote this. I > personally > use combination head/tng branch in my mini (2 computers) network, and it > works > just fine. > > BTW: > 1. How can I change root password from samedit ? > 2. Does changing unix file permissions/ownership work from nt side ? > 3. Can I set trust relationship to other nt domain ? > > Except of these, I don't have significant problems. 2. Yes if you are the owner of the file you can change permissions. 3. yes with TNG, read archives as it has recently addressed. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Ch.Merle at FH-Wolfenbuettel.DE Thu Sep 14 14:14:50 2000 From: Ch.Merle at FH-Wolfenbuettel.DE (Christophe Merle) Date: Tue Dec 2 02:31:26 2003 Subject: Incomplete domain user list Message-ID: <39C0DD5A.76CF2086@fh-wolfenbuettel.de> Hi, We have a Samba Server 2.0.7 (running on a Solaris 7 system) as PDC for NT 4.0 Machines and have the following problem: New added Samba Users can log in and use shares from NT-Clients but remaining invisible in the "domain user list" of NT. This user list can for example be displayed under NT with the dos-command "net user /domain". This is a problem when you for example want to give Administrator privileges to a user, the NT admin tool displays an incomplete list of users in the current domain and it's also impossible to add the desired user in the Administrator list. These incomplete user list causes several other problems with administration software using this user list. I have readed that this problem can be caused by inconsistencies in the smbpasswd (Also a user that exists in the smbpasswd but not in the /etc/passwd). I have wrote a script to check the consistency of each user und "thrusted machine" account in my smbpasswd and not found any problem. After many days of investigation i have found something very interesting: I have deleted all "thrusted machine account" from smbpasswd and left only the around 400 users in it. Each user can log in and use share from NT-Clients, but when I execute the command "net user /domain" the user list displayed contains only !! 250 users !!. I first thought the user 251 is inconsistent and I have immediatly deleted him from smbpasswd but the NT user list still contains 250 users. I think this is the source of my problem. Probably this problem is caused by a part of samba that has not been yet properly implemented. Our samba system work in a production environment so whe have a big Problem with it. And the Problem is about to become a disaster when we will add soon other 2000 Thousand users on your system. Is this limitation a known problem? Know somebody this problem and eventually a work around to bypass it? Thanks for Help C. Merle ch.merle@fh-wolfenbuettel.de University of Applied Sciences Wolfenbuettel Germany From rszczesniak at mis.com.pl Thu Sep 14 14:24:11 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:26 2003 Subject: Domain Maps Message-ID: Simo Sorce Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-14 18:06 Do: rszczesniak@mis.com.pl DW: Samba NT-DOM list Temat: Re: Domain Maps rszczesniak@mis.com.pl wrote: > > Simo Sorce > Wys?ane przez: sorce@mister.cdc.polimi.it > 00-09-14 16:02 > > > Do: rszczesniak@mis.com.pl > DW: Samba NT-DOM list > Temat: Re: Domain Maps > > rszczesniak@mis.com.pl wrote: > > > > I had same problem (some time ago). > > Such error occurs, because stable Samba (2.0.7) doesn't support user and > > group name mapping. > > To make use of these params, you have to use Samba HEAD or Samba TNG > (both > > unstable). > > > They are not necessarily unstable but alpha quality software, this means > > that they may work well with certain configuration and not work at all > > with others, as the current situation is. > > Yes, of course. I meant "status: unstable", when I wrote this. I > personally > use combination head/tng branch in my mini (2 computers) network, and it > works > just fine. > > BTW: > 1. How can I change root password from samedit ? > 2. Does changing unix file permissions/ownership work from nt side ? > 3. Can I set trust relationship to other nt domain ? > > Except of these, I don't have significant problems. > 2. Yes if you are the owner of the file you can change permissions. and that's curious, because I tried many times/combinations without success :( > 3. yes with TNG, read archives as it has recently addressed. and what about changing root (or anybody else) password from samedit ? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From timothy_d_cole at md.northgrum.com Thu Sep 14 14:32:14 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:26 2003 Subject: memory hungry smbd in samba-tng? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47152@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Agent Drek [SMTP:drek@bigstudios.com] > Sent: Tuesday, September 12, 2000 9:54 > To: Cole, Timothy D. > Cc: samba-ntdom@samba.org; drek@bigstudios.com > Subject: RE: memory hungry smbd in samba-tng? > > On Fri, 1 Sep 2000, Cole, Timothy D. wrote: > > > Hrm, this is a general problem, then... be interesting to see where > > the memory is going. How much is text, and how much is data? > > I've also found that if I launch smbd from a csh script with > 'limit datasize 20M' it will crash. I think that it may have something to > do with the name mangling cache as the following log message does not make > sense to me: > > name_map_mangle( minfo.exe, need83 = FALSE, cache83 = TRUE, 6 ) > > samba decides that each opened file does not need name mangling and then > goes ahead and sets cache83 = TRUE ... is that logical? > Depends on how the name mangling stuff is implemented, really. Maybe the name is still required in the cache to prevent collisions when other names are mangled... although, it'd need to avoid collisions with previously unaccessed filenames too (meaning it needs to rescan the directory), so that probably doesn't really buy much. This may not be the culprit, but it might be worth re-examining/fixing anyway. > I read though all the current bug/patch submissions and nothing seemed to > point here ... I tried turning off name mangling but I could still crash > the system and now people have arrived at work ( I have a ~1hr window to > work with in the morning). > > does it sound like I'm chasing a ghost? csh suggestion came from someone > on freebsd-questions who thought I should do a crash dump (trace) of smbd > which is what I guess I'll do tommorow morning but this is definately > getting complicated! > These things invariably are. I'm not really sure how much good a crash dump will do in this case, though, except perhaps to examine in-core data structures (which you could presumably do anyway by attaching a debugger). Keep in mind that the code that puts you over the top is not necessarily going to be the code that got you most of the way there. (although it is still worth a try to see where it ends up) From simo.sorce at polimi.it Thu Sep 14 16:36:34 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:26 2003 Subject: Incomplete domain user list References: <39C0DD5A.76CF2086@fh-wolfenbuettel.de> Message-ID: <39C0FE92.AAC74F0C@polimi.it> Christophe Merle wrote: > > Hi, > > We have a Samba Server 2.0.7 (running on a Solaris 7 system) as PDC for > NT 4.0 Machines and have the following problem: New added > Samba Users can log in and use shares from NT-Clients but remaining > invisible in the "domain user list" of NT. This user list can for > example be displayed under NT with the dos-command "net user /domain". > This is a problem when you for example want to give Administrator > privileges to a user, the NT admin tool displays an incomplete list of > users in the current domain and it's also impossible to add the desired > user in the Administrator list. These incomplete user list causes > several other problems with administration software using this user > list. > I have readed that this problem can be caused by inconsistencies in the > smbpasswd (Also a user that exists in the smbpasswd but not in the > /etc/passwd). I have wrote a script to check the consistency of each > user und "thrusted machine" account in my smbpasswd and not found any > problem. After many days of investigation i have found something very > interesting: > I have deleted all "thrusted machine account" from smbpasswd and left > only the around 400 users in it. Each user can log in and use share from > NT-Clients, but when I execute the command "net user /domain" the user > list displayed contains only !! 250 users !!. I first thought the user > 251 is inconsistent and I have immediatly deleted him from smbpasswd but > the NT user list still contains 250 users. I think this is the source of > my problem. Probably this problem is caused by a part of samba that has > not been yet properly implemented. > Our samba system work in a production environment so whe have a big > Problem with it. And the Problem is about to become a disaster when we > will add soon other 2000 Thousand users on your system. > Is this limitation a known problem? > Know somebody this problem and eventually a work around to bypass it? > As said many times and reported on the samba main site and mirrors: samba 2.0.x series PDC support is unsupported and above all not complete. You cannot add users to groups with NT tools and user listing will not function properly. If you need true PDC functionality you need to try samba TNG but be aware this is alpha software and you have to test carefully if you want to use this code in production environment. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Vincent.Morlot at netcourrier.com Thu Sep 14 14:32:11 2000 From: Vincent.Morlot at netcourrier.com (Vincent Morlot) Date: Tue Dec 2 02:31:26 2003 Subject: samba very slow Message-ID: <39C0E16B.866055D3@netcourrier.com> Hello, We use samba-linux with clients Workstation NT4.0 SP5. We have one PDC samba and one additionnal serveur. When we open files on the PDC all is ok, but when the files are open or write on the other one, the access time is very, very slow. On the PDC we use debian 2.1 kernel 2.2.12 samba 2.0.6 On the other server debian 2.2 kernel 2.2.12 samba 2.0.7 After various search we have found that we have a trouble with the netbios resolve name, without explain this. on the two servers the value of the parameter name resolv order in the smb.conf is the same = lmhosts host wins. Or if we try the command echo "test"|smbclient -M c010036 -dA on the additionnal server added interface ip=10.12.10.208 bcast=10.12.255.255 nmask=255.255.0.0 Client started (version 2.0.7). resolve_lmhosts: Attempting lmhosts lookup for name c010036<0x3> getlmhostsent: lmhost entry: 10.12.10.203 serveur3 Unable to resolve name c010036 on the pdc added interface ip=10.12.11.213 bcast=10.12.255.255 nmask=255.255.0.0 Client started (version 2.0.6). resolve_lmhosts: Attempting lmhosts lookup for name c010036<0x20> getlmhostsent: lmhost entry: 10.12.10.203 serveur3 resolve_wins: Attempting wins lookup for name c010036<0x20> bind succeeded on port 0 nmb packet from 127.0.0.1(137) header: id=19812 opcode=Query(0) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=C010036<20> q_type=32 q_class=1 Sending a packet of len 50 to (127.0.0.1) on port 137 nmb packet from 127.0.0.1(137) header: id=19812 opcode=Query(0) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=C010036<20> q_type=32 q_class=1 Sending a packet of len 50 to (127.0.0.1) on port 137 nmb packet from 127.0.0.1(137) header: id=19812 opcode=Query(0) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=C010036<20> q_type=32 q_class=1 Sending a packet of len 50 to (127.0.0.1) on port 137 resolve_hosts: Attempting host lookup for name c010036<0x20> Connecting to 10.12.10.36 at port 139 write_socket(3,76) write_socket(3,76) wrote 76 Sent session request got smb length of 0 size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 write_socket(3,54) write_socket(3,54) wrote 54 got smb length of 37 size=37 smb_com=0xd5 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=65535 smb_pid=2730 smb_uid=0 smb_mid=1 smt_wct=1 smb_vwv[0]=5 (0x5) smb_bcc=0 Connected. Type your message, ending it with a Control-D write_socket(3,52) write_socket(3,52) wrote 52 got smb length of 35 size=35 smb_com=0xd7 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=65535 smb_pid=2730 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=0 sent 8 bytes write_socket(3,41) write_socket(3,41) wrote 41 got smb length of 35 size=35 smb_com=0xd6 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=65535 smb_pid=2730 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=0 Please help us !! Thanks From abrock at georgefox.edu Thu Sep 14 14:59:01 2000 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:31:26 2003 Subject: Latest CVS ... Message-ID: <4.2.2.20000914075348.00b18a60@localhost> Updated against SAMBA_TNG this morning, and receive the following errors when attempting to compile on a Sun Ultra 10 running Solaris 5.7 (64-bit) and compiled with gcc version 2.95.2. Compiling lib/charcnv.c with libtool Compiling lib/charset.c with libtool Compiling lib/debug.c with libtool lib/debug.c: In function `Debug1': lib/debug.c:339: `__builtin_va_alist' undeclared (first use in this function) lib/debug.c:339: (Each undeclared identifier is reported only once lib/debug.c:339: for each function it appears in.) lib/debug.c: In function `dbgtext': lib/debug.c:621: `__builtin_va_alist' undeclared (first use in this function) make: *** [lib/debug.lo] Error 1 I configured with the following: ./configure --prefix=/opt/samba-tng --with-syslog --with-netatalk --with-utmp Tony ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From tom.uttenthaler at aon.at Thu Sep 14 15:18:29 2000 From: tom.uttenthaler at aon.at (Thomas Uttenthaler) Date: Tue Dec 2 02:31:26 2003 Subject: Samba as PDC, IIS-Authentication Message-ID: <5.0.0.25.0.20000914171242.00afe450@mail.webmasters.at> Hello Samba-List, I have a Linux- an a NT-Webserver I have been working on getting Samba running as PDC for my NT-Server. I have now joined the domain, authentication works, when I login directly (or via a remot-admin-utility) on the NT-Box. But when I login into the IIS-FTP-Server, the user is still authenticated against the local user-database. When I delete the local user, login is not possible anymore ... Is it possible that the IIS authenticates the users against the Samba PDC? Samba 2.07, SuSE Linux 7.0 NT 4.0 SP 6a german, IIS4 thanx for any hints Thomas Uttenthaler From ivar at ivariarvutid.com Thu Sep 14 13:57:28 2000 From: ivar at ivariarvutid.com (Ivar Koppel) Date: Tue Dec 2 02:31:26 2003 Subject: win2k doesnt have password to use domain Message-ID: <39C0D948.316843F4@ivariarvutid.com> Hello! I got windows 2000 Prof. to join samba-tng (2.5.3) PDC. It displays message "welcome to KHK Domain" and asks to reboot for the changes to take effect. After reboot when i try to login to KHK domain I get message "the system doesnt have account on primary doamin or incorrect password". I tried joining the domain by 2 methods - first I just clicked add domain form win2k and it created account automatically, for second computer I tried first creating account (resulting in a message "the password is set to well-known value 'arvuti2' which should be joined to domain" and then joining from win2k. Both behave the same stupid way after reboot. BTW, I noticed that when i try smbclient -L for my server, it first tries to connect to port 445, fails, and connects to port 139. For NT it connects to 445. What program should be running at 445? Is it expecting ssl or something? Thanks, Ivar From monika.plonner at almeda.de Thu Sep 14 15:52:54 2000 From: monika.plonner at almeda.de (mplonner) Date: Tue Dec 2 02:31:26 2003 Subject: networkdrive Message-ID: <39C0F456.22C0BF74@almeda.de> Hello, We have samba 2.0.5 as pdc in nt-domain. when user have one link to Networkdrive on their desktop, it shows to one I:\SHARED After a while they have quit a few Networkdrives: J:\SHARED, K:\SHARED, L:\SHARED..... How can I stop this? Thanks for any help Monkey From kevinc at grainsystems.com Thu Sep 14 16:16:15 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:26 2003 Subject: Password changing References: <01C01DC3.0A3A8750.kris.ozzy@lineone.net> <39BFE35E.1616603C@grainsystems.com> <39C00D83.554C80CA@xavier.sa.edu.au> Message-ID: <39C0F9CF.BFB6D1C6@grainsystems.com> Matthew Geddes wrote: > > I am unsure about stable samba, but using LDAP with Samba TNG does work. Yes, but does the use of LDAP allow for expiring passwords or forced password changes? That is the question. - Kevin Colby kevinc@grainsystems.com From Jean-Francois.Micouleau at dalalu.fr Thu Sep 14 16:22:45 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:26 2003 Subject: Password changing In-Reply-To: <39C0F9CF.BFB6D1C6@grainsystems.com> Message-ID: On Thu, 14 Sep 2000, Kevin Colby wrote: > Yes, but does the use of LDAP allow for expiring passwords > or forced password changes? That is the question. not now as LDAP support in HEAD is broken. I'm planning to it. But I would prefer to have first a generic password expiration layer being usuable by ldap and by the shadow password. J.F. From olpa at sybcom.de Thu Sep 14 16:55:48 2000 From: olpa at sybcom.de (olpa@sybcom.de) Date: Tue Dec 2 02:31:26 2003 Subject: GINA and Samba Message-ID: Hi, is anyone involved into GINA-development for NT4 ? We adapted NISGINA to work with FTP-Authorization (based on Doug Scoular's idea) and wanted to know if there are other GINA-developpers with samba out there... --- a+ oliver --- The nice thing about Windows is - It does not just crash, it displays a dialog box and lets you press 'OK' first. (Arno Schaefer's .sig) --- Oliver Pabst .-------------------------. mailto:olpa@sybcom.de : : phone :+49 681 56600600 : project department : SYBCOM GmbH fax :+49 681 56600660 : : http://www.sybcom.de From jroman6 at ford.com Thu Sep 14 12:58:18 2000 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:31:26 2003 Subject: It used to work! Message-ID: <15DE228D59712-55@WorldSecure__allegro.net_> One possibility would be if they reloaded your workstation, you will need to be removed and re-added to the domain (ala "smbpasswd -x workstationname; smbpasswd -a -m workstationname", then add the WS to the domain from the Network Applet). The reason for this is that each time you load NT WS/Server a new SID (Station ID?) is generated for your WS. (From what I Understand) This SID is used to negotiate communication, and identify all communications from your workstation (part of NT's security structure.) -----Original Message----- From: Jeremiah Bascue [mailto:Jbascue@Communik.com] Sent: Tuesday, September 12, 2000 8:18 PM To: samba-ntdom@us4.samba.org Subject: It used to work! 3 months ago I installed Samaba 2.0.7 on our companies Sparc E250 and everything worked flawlessly. We use NT clients and servers with the exception of a couple of Macs and the Sparc. I was laid off for a week, and when I returned, Samba doesn't work for me anymore but it does for others. What could be happening? I'm at a loss here, but I know it's something easy. Can anyone help? Jeremiah Bascue Web Server Administrator / Coder Communi(k), Inc. 503.431.7836 From kevinc at grainsystems.com Thu Sep 14 17:37:17 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:26 2003 Subject: Password changing References: Message-ID: <39C10CCD.AA12DAB2@grainsystems.com> Jean Francois Micouleau wrote: > On Thu, 14 Sep 2000, Kevin Colby wrote: > > > Yes, but does the use of LDAP allow for expiring passwords > > or forced password changes? That is the question. > > not now as LDAP support in HEAD is broken. I'm planning to it. > > But I would prefer to have first a generic password expiration > layer being usuable by ldap and by the shadow password. I was under the impression that this already exists and is in the current smbd source, but that the smbpasswd file made no provision for it. I thought that the LDAP backend was going to utilize this, but that changing the format of the smbpasswd file was considered too destructive. Does anyone actually know what the status of this is? Did I just make that up? - Kevin Colby kevinc@grainsystems.com From admin at praesi.hercynia.verb.tu-clausthal.de Thu Sep 14 18:10:02 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (admin) Date: Tue Dec 2 02:31:26 2003 Subject: Howto Profiles Message-ID: <003d01c01e77$00e282c0$a5eeae8b@efa.hercynia.verb.tu-clausthal.de> How to get profiles running???? I have an SMB TNG 2.6 PDC running. Created a Profiles share. Now I have to make the Profiles. Is there any way taht WinNt creates the profiles automatically for each user, when he does his firste login???? Also a good HOWTO would be a great help to me. Sascha From pilger at kahana.higp.hawaii.edu Thu Sep 14 18:40:58 2000 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:31:26 2003 Subject: TNG and new unexplained daemons Message-ID: <39C11BBA.CBA23F29@pgd.hawaii.edu> What seems to be holding me up with TNG at the moment are vaious error messages relating to things like lsarpc and svcctld. It would appear that these daemons need to be running. However, nothing in the various FAQs I have found mentions these things. Does TNG really require a handful of new daemons to be started along with smbd and nmbd? Are they supposed to start themselves? Are there some other configurations files that aren't being mentioned? -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From ZolnOtt at t-online.de Thu Sep 14 19:32:50 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:26 2003 Subject: Domain Maps References: <39C0AE61.A003A0BC@ufp.pt> Message-ID: <39C127E2.3AD88EE3@t-online.de> hi paulo. this parameter does not work at samba 2.0.7. you need a tng-version bye michael Paulo Gens Lemos wrote: > > Hi, > I am runing samba 207 PDC and want to map the unix users and groups to > windows users and groups. > I added the following lines to the smb.conf file: > domain group map = /usr/local/samba/lib/domaingroup.map > local group map = /usr/local/samba/lib/localgroup.map > domain user map = /usr/local/samba/lib/domainuser.map > then created the files in /lib > restarted the smbd > The log.smb file reports: > Unknown parameter encoutered: "domain group map" > ( the same for the other two parameters ) > These were the instructions of the Domain NT FAQ in the samba.org web > site. > What is wrong with it? > Thanks > > Paulo Lemos From ZolnOtt at t-online.de Thu Sep 14 19:21:04 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:26 2003 Subject: Me again References: <39BC7BAA.F740EDA9@xavier.sa.edu.au> Message-ID: <39C12520.A9A1AAC9@t-online.de> hi matthew! do you need the grouprid for a domain-login. if you need is for this, it is not important. in my passwd-file i write it like this: $:x:10000:1000:winnt trust account:/dev/null:/bin/false i hope, that i have understand you in the right way. michael Matthew Geddes wrote: > > Hi, > > Does anyone know what the grouprid for a machine account should be? > Does anyone know if the gidnumber for a machine account is actually > used? > > Thanks, > Matt > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA > > ...And by the way, Lars Kneschke's Samba TNG FAQ is at > http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From timothy_d_cole at md.northgrum.com Thu Sep 14 19:32:20 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:26 2003 Subject: TNG and new unexplained daemons Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47157@xcgmd008.md.essd.northgrum.com> You basically need to start everything ending with a 'd' in the bin/ directory. :) [ erm, there really needs to be script(s) shipped with TNG to start/stop everything nicely, taking dependencies into account ... or better, if the daemons can start each other ] > -----Original Message----- > From: Eric Pilger [SMTP:pilger@kahana.higp.hawaii.edu] > Sent: Thursday, September 14, 2000 14:41 > To: samba-ntdom@us4.samba.org > Subject: TNG and new unexplained daemons > > What seems to be holding me up with TNG at the moment are vaious error > messages relating to things like lsarpc and svcctld. It would appear > that these daemons need to be running. However, nothing in the various > FAQs I have found mentions these things. Does TNG really require a > handful of new daemons to be started along with smbd and nmbd? Are they > supposed to start themselves? Are there some other configurations files > that aren't being mentioned? > > -- > Eric J. Pilger > > Systems Administrator > > Hawaii Institute of Geophysics and Planetology/SOEST > > pilger@pgd.hawaii.edu > > (808)956-6321 > > From mg at plum.de Thu Sep 14 20:20:34 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:26 2003 Subject: TNG and new unexplained daemons References: <51FBD4A8EFD9D111BA7300A0C927DADB03F47157@xcgmd008.md.essd.northgrum.com> Message-ID: <00d001c01e89$3e3fdf20$0201010a@prangh> > You basically need to start everything ending with a 'd' in the bin/ > directory. :) > > [ erm, there really needs to be script(s) shipped with TNG to start/stop > everything nicely, taking dependencies into account ... or better, if the > daemons can start each other ] uhm .. there ARE sys-v scripts in the scripts directory .. they work fine ... samba-init.d-sysv for example ... regards, Michael From Jody.Haynes at isunnetworks.com Thu Sep 14 21:02:33 2000 From: Jody.Haynes at isunnetworks.com (Jody Haynes) Date: Tue Dec 2 02:31:27 2003 Subject: Samba-tng PDC- OpenLDAP - UNIX password sync problem Message-ID: <20000914170233.B1302@jody.isunnetworks.com> Samba-tng PDC -- OpenLDAP -- UNIX password sync problem I'm running samba-tng 2.6 on Linux 6.2 with OpenLDAP 1.2.11. I have a samba PDC storing its password information in LDAP. I'm also using the following pam modules: pam_ldap and nss_ldap. The problem is that I really don't know a way to use the password sync parameter and have it sync the UNIX passwords in LDAP. Everything works great if I keep the UNIX passwords in the password/shadow files but when I migrate them into LDAP the password sync is broken. I tried using the password program parameter with a script but that did not work: password program = / %u %o %n I did not use the passwd chat parameter along with it. Does anyone have any suggestions on how to sync my UNIX password along with the samba passwords in LDAP? Thanks, -- Jody Haynes ---------------------------------------- iSun Networks, Inc. Email: Jody.Haynes@isunnetworks.com Website: www.isunnetworks.com ---------------------------------------- From mgeddes at xavier.sa.edu.au Thu Sep 14 23:32:40 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:27 2003 Subject: Samba-tng PDC- OpenLDAP - UNIX password sync problem References: <20000914170233.B1302@jody.isunnetworks.com> Message-ID: <39C16018.93F93881@xavier.sa.edu.au> Jody Haynes wrote: > > Samba-tng PDC -- OpenLDAP -- UNIX password sync problem > > I'm running samba-tng 2.6 on Linux 6.2 with OpenLDAP 1.2.11. I have a samba PDC storing its password information > in LDAP. I'm also using the following pam modules: pam_ldap and nss_ldap. > > The problem is that I really don't know a way to use the password sync parameter and have it sync the UNIX > passwords in LDAP. > > Everything works great if I keep the UNIX passwords in the password/shadow files but when I migrate > them into LDAP the password sync is broken. > > I tried using the password program parameter with a script but that did not work: > > password program = / %u %o %n > > I did not use the passwd chat parameter along with it. > > Does anyone have any suggestions on how to sync my UNIX password along with the samba passwords in LDAP? try using the password chat with password program = ldappasswd. I haven't managed to get this working. Can I have a look at the global section of your smb.conf? Thanks, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From jpyle at Gain.com Thu Sep 14 23:19:19 2000 From: jpyle at Gain.com (Joshua Pyle) Date: Tue Dec 2 02:31:27 2003 Subject: Samba_TNG and swat Message-ID: <41425DF3E7DCD3119B0000A0C9D7C9A4031040@mail.gain.com> I just installed Samba_TNG on a linux box (Redhat 6.2) and swat will not run. Is there something new in TNG that is not in 2.0.6? Joshua T. Pyle From mgeddes at xavier.sa.edu.au Thu Sep 14 23:43:53 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:27 2003 Subject: Samba_TNG and swat References: <41425DF3E7DCD3119B0000A0C9D7C9A4031040@mail.gain.com> Message-ID: <39C162B9.1F142052@xavier.sa.edu.au> Joshua Pyle wrote: > > I just installed Samba_TNG on a linux box (Redhat 6.2) and swat will not > run. Is there something new in TNG that is not in 2.0.6? > > Joshua T. Pyle smb.conf is quite different for samba tng. I'd use a text editor personally, as I'm not sure how well swat copes with the new format.... Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From jbeauchamp7 at mindspring.com Thu Sep 14 23:27:00 2000 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:31:27 2003 Subject: TNG Source Message-ID: <00b301c01ea3$48e8e920$0a01a8c0@easypea.com> Hi there. I am a newbie with compiling source code, but am ready to attempt it to get some of the PDC functionality I have been reading about. I have been staring at CVSWEB for the last hour and cannot figure out where to get TNG 2.6 that everyone seems to be talking about/using. Any kind directions would be appreciated. James From pilger at kahana.higp.hawaii.edu Thu Sep 14 23:37:57 2000 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:31:27 2003 Subject: Samba_TNG and swat References: <41425DF3E7DCD3119B0000A0C9D7C9A4031040@mail.gain.com> Message-ID: <39C16154.6F0D924C@pgd.hawaii.edu> Swat gets moved from bin to sbin in Samba_TNG. You'll need to change this in inetd.conf and then "kill -HUP". Joshua Pyle wrote: > I just installed Samba_TNG on a linux box (Redhat 6.2) and swat will not > run. Is there something new in TNG that is not in 2.0.6? > > Joshua T. Pyle -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From jpyle at Gain.com Thu Sep 14 23:40:22 2000 From: jpyle at Gain.com (Joshua Pyle) Date: Tue Dec 2 02:31:27 2003 Subject: Samba_TNG and swat Message-ID: <41425DF3E7DCD3119B0000A0C9D7C9A4031041@mail.gain.com> I noticed this and did just that, but now I am getting a pipe broken error. >Swat gets moved from bin to sbin in Samba_TNG. You'll need to change this in >inetd.conf and then "kill -HUP". >Joshua Pyle wrote: > I just installed Samba_TNG on a linux box (Redhat 6.2) and swat will not > run. Is there something new in TNG that is not in 2.0.6? > > Joshua T. Pyle >-- >Eric J. Pilger >Systems Administrator >Hawaii Institute of Geophysics and Planetology/SOEST >pilger@pgd.hawaii.edu >(808)956-6321 From jbeauchamp7 at mindspring.com Thu Sep 14 23:35:06 2000 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:31:27 2003 Subject: TNG Source Message-ID: <00c101c01ea4$69fe09a0$0a01a8c0@easypea.com> To reply to my own post.... I found source on the ftp site that is named samba alpha 2.6. Is this a snapshot of CVS? James From mgeddes at xavier.sa.edu.au Fri Sep 15 00:07:19 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:27 2003 Subject: TNG Source References: <00b301c01ea3$48e8e920$0a01a8c0@easypea.com> Message-ID: <39C16837.931E776C@xavier.sa.edu.au> "James W. Beauchamp" wrote: > > Hi there. I am a newbie with compiling source code, but am ready to attempt > it to get some of the PDC functionality I have been reading about. I have > been staring at CVSWEB for the last hour and cannot figure out where to get > TNG 2.6 that everyone seems to be talking about/using. > > Any kind directions would be appreciated. All you need is at Lars Kneschke's TNG FAQ (check my .signature for a link). Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From mogikan at pisem.net Fri Sep 15 06:24:21 2000 From: mogikan at pisem.net (Vadim K) Date: Tue Dec 2 02:31:27 2003 Subject: Changing passwords in passwd and smbpasswd from NT workstation Message-ID: <200009150624.e8F6OLK52562@www1.mailru.com> Help to solve such a problem. I have PDC under samba-2.0.7 and NT Wks. I've set otion: unix password sync = yes and it changes password in unix passwd file but doesn' change in smbpasswd and generates an error on NT password box. When I set it off - all goes well except it doesn't cahges password in passwd file. How do I do such a thing - to change passwords in both accaunts - UNIX and SAMBA. Thanks a lot. /Vadim/ mailto:mogikan@pisem.net From fricke at Team.OWL-Online.DE Fri Sep 15 07:54:08 2000 From: fricke at Team.OWL-Online.DE (fricke@Team.OWL-Online.DE) Date: Tue Dec 2 02:31:27 2003 Subject: Antwort: Howto Profiles Message-ID: If you don?t have a profile created for each user, NT will create a default account for each user on first time he or she logs on. -------------------------------------- Mit freundlichen Gr??en Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51-115 http://team.owl-online.de/ ...keep on headbangin? , that rocks!!! "admin" Gesendet von: samba-ntdom-admin@us4.samba.org 14.09.00 20:10 An: Kopie: Thema: Howto Profiles How to get profiles running???? I have an SMB TNG 2.6 PDC running. Created a Profiles share. Now I have to make the Profiles. Is there any way taht WinNt creates the profiles automatically for each user, when he does his firste login???? Also a good HOWTO would be a great help to me. Sascha From rszczesniak at mis.com.pl Fri Sep 15 07:56:52 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:27 2003 Subject: Howto Profiles Message-ID: "admin" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-14 20:10 Do: DW: Temat: Howto Profiles > How to get profiles running???? > I have an SMB TNG 2.6 PDC running. Created a Profiles share. Now I have to > make the Profiles. Is there any way taht WinNt creates the profiles > automatically for each user, when he does his firste login???? If you created mentioned share properly, just add your NT wks to the domain, and then logon using newly created account (also in domain). After first logout, NT wks will create proper directory (named after account login name) in Profiles share. > Also a good HOWTO would be a great help to me. See Lars FAQ at http://www.kneschke.de/projekte/samba_tng/index.php3 > Sascha Rafa? From rszczesniak at mis.com.pl Fri Sep 15 08:07:13 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:27 2003 Subject: Samba_TNG and swat Message-ID: Joshua Pyle Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-15 01:19 Do: samba-ntdom@us4.samba.org DW: Temat: Samba_TNG and swat > I just installed Samba_TNG on a linux box (Redhat 6.2) and swat will not > run. Is there something new in TNG that is not in 2.0.6? There's a LOT of new things in TNG, that you won't find in 2.0.6. > Joshua T. Pyle From rszczesniak at mis.com.pl Fri Sep 15 08:24:19 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:27 2003 Subject: help, please ! Message-ID: This is asking for help to admin of this list. I subscribed this list long time ago. That time, there was no need (and possibility) to set subscriber's password (as far, as I remember). Recently my email address has changed, so I diverted previous mail account to new one. Unfortunately, I had to subscribe with my new address, to be able to send mail to samba-ntdom@... The problem is, that I receive two copies of each post now, and I my attempts to unsubscribe old address fails (incorrect password) :( So please remove from receivers list this address: rfs@aw.com.pl thank you in advance Rafa? From Christian_Kremer at KirchGruppe.DE Fri Sep 15 09:02:21 2000 From: Christian_Kremer at KirchGruppe.DE (Kremer, Christian) Date: Tue Dec 2 02:31:27 2003 Subject: not SID generated Message-ID: Hi List, I have a problem with my samba 2.0.7 and PDC. I?ve read, that when my clients have their machine accounts created in the smbpasswd then a .sid is created after a smbd reboot. But this is simple not the fact. When I try to enter the domain with my NT-Clients they cannot found the domain. I think that my smb.conf is OK (I?ve checked them with some examples) so what does not function? thanx for ya helps Bye Chris -------------- next part -------------- HTML attachment scrubbed and removed From eridel at kava.be Fri Sep 15 09:15:17 2000 From: eridel at kava.be (Eric Delaet) Date: Tue Dec 2 02:31:27 2003 Subject: Samba as PDC, profiles and scripts Message-ID: Hello, I have a SAMBA server as PDC. I seem to have 2 problems. 1) I tried to use the "logon home" parameter. This works great, but only for Win NT clients. Win 98 clients simply seem to ignore this parameter. That's why I tried to put everything in a logon script with "logon script = logon.bat". The logon.bat contains NET USE H: /HOME. The script gets executed by the 98 clients, but again, the mapping only works for the NT clients. An interesting fact is that when I try to type NET USE H: /HOME in 98, when I'm logged in, the H: DOES get mapped. Any solutions for mapping homedrives at login time with 98 clients? 2) Profiles are "roaming". When I specify the logon path, profiles are copied, ofcourse, to that path. When I uncomment this parameter, profiles are copied to the users home drive. But I don't want roaming profiles, since there are too much users, there's not enough room on the server and especially, not enough bandwith. I was able to disable roaming profiles by adding logon path = in smb.conf, but is this a good idea? Thanks a lot! Eric From johan.ostensson at orebro.lantmen.se Fri Sep 15 09:22:24 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:31:27 2003 Subject: Samba as PDC, profiles and scripts Message-ID: <20000915092257.A586C659834@au2.samba.org> Check this out for great Samba 2.0.x PDC help: http://bioserver.latrobe.edu.au/samba/ Good luck! (that site helped me a lot) /johan > -----Ursprungligt meddelande----- > Fr?n: Eric Delaet [mailto:eridel@kava.be] > Skickat: den 15 september 2000 11:15 > Till: johan.ostensson@orebro.lantmen.se; samba-ntdom@us4.samba.org > ?mne: Samba as PDC, profiles and scripts > > > Hello, > > I have a SAMBA server as PDC. > > I seem to have 2 problems. > > 1) I tried to use the "logon home" parameter. This works > great, but only > for Win NT clients. Win 98 clients simply seem to ignore this > parameter. > That's why I tried to put everything in a logon script with > "logon script > = logon.bat". > The logon.bat contains NET USE H: /HOME. The script gets > executed by the > 98 clients, but again, the mapping only works for the NT clients. > An interesting fact is that when I try to type NET USE H: /HOME in 98, > when I'm logged in, the H: DOES get mapped. > Any solutions for mapping homedrives at login time with 98 clients? > > 2) Profiles are "roaming". When I specify the logon path, profiles are > copied, ofcourse, to that path. When I uncomment this > parameter, profiles > are copied to the users home drive. > But I don't want roaming profiles, since there are too much users, > there's not enough room on the server and especially, not > enough bandwith. > I was able to disable roaming profiles by adding > logon path = > in smb.conf, but is this a good idea? > > Thanks a lot! > > Eric > > From peterl at Update.UU.SE Fri Sep 15 09:56:06 2000 From: peterl at Update.UU.SE (Peter Lundqvist) Date: Tue Dec 2 02:31:27 2003 Subject: not SID generated In-Reply-To: Message-ID: On Fri, 15 Sep 2000, Kremer, Christian wrote: > Hi List, > > I have a problem with my samba 2.0.7 and PDC. > > I?ve read, that when my clients have their machine accounts created in the > smbpasswd then a .sid is created after a smbd reboot. > But this is simple not the fact. When I try to enter the domain with my > NT-Clients they cannot found the domain. I think that my smb.conf is OK > (I?ve checked them with some examples) so what does not function? Hm... I had the very same problem with a CVS-build a few weeks ago. I "solved" it by making a soft link to the workstation sid (for the samba server). I'm not sure if I remember this correctly though.. ........................................................................... Peter Lundqvist web: http://www.update.uu.se/~peterl Studentv. 32:22B e-mail: peterl@update.uu.se 752 34 Uppsala cellular: +46 (0)70 45 66 347 Sweden From barbar at groupcolleges.edu.au Fri Sep 15 11:23:58 2000 From: barbar at groupcolleges.edu.au (barbar@groupcolleges.edu.au) Date: Tue Dec 2 02:31:27 2003 Subject: How to prevent a user from logging on more than once? Message-ID: <3.0.6.32.20000915212358.0079a590@210.10.53.42> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Currently I`m running samba2.0.7 as PDC for about 70 windows NT 4.0 workstations. Anyone know how to prevent a simultanaeus login? Andi Salimun Sys/Net Admin Australian International Colleges -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOcF6J2lWmX4yLiuZEQKXOACaA98daa+ayfoRlX0xrIw3nD65bbYAn0kW 61HtUitzFA7Kos30MQdwM3b7 =JEea -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.5.8 for non-commercial use mQGiBDm9JNYRBADr6SMXGOPaUIggQJh4EidNqyfRFatCH7oBPyHxkdp8KNNcIdbp vs03TUWBia2n3yHQ+/2NvQ/eZpvXx+nSQHOJIOLe6Yhf79IH5dzD68bJOKe4tsd/ n1CNHn0C400cadE3YYk0ChSBcMYS/67fI7Qn4TQbG1to5ZcsUMk/4xVFgQCg/7SX VkSUi6rgm27H2cgaGx4Lxp8EALDf0Wy8RFjIFbROXwQeInK2mkI3niSj318GP7G8 JLN24CAc6DUXFWKFvlLixA6P7gqXgqZIa+aEiHvk6an8bl3GnGbf7LNr586Yju9v AfbgdPSdEV0TiN04siEniZQgkmO6XlqLWYNYZpDPA8ZiwQ5q9e19A4fG37Rss5s+ lYbYA/9S54FlPCzlejS3h8KK6vSMVIPvU5Vpwm8LGzTwkQOJr0AqiMX4aqDScq7G zCa1Pc0s+RH+Q322i+wRddSPqdQkDuwEYjvFgZROyCClulgEb/vjDBwZY7tUul0V eStLSOeoRX2fofylZRC8IRmaNLT9dlgxprcGvFBKlBYWAwVvrrQoQW5kaSBTYWxp bXVuIDxhbmRpc0BzdHVkZW50LnVuc3cuZWR1LmF1PokATgQQEQIADgUCOb0k1gQL AwIBAhkBAAoJEGlWmX4yLiuZRREAoJiJF0vNOEQaRr2nD29nLhKYKWjLAKDukNkp cvYocnIiJBtdi6MYI2P3AbkCDQQ5vSTWEAgA9kJXtwh/CBdyorrWqULzBej5UxE5 T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/c dlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaCl cjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD 8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZ yAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggA uiQO26HCEgBxwuV5PulICOiw8ltuE57KK0kaniMRwSYBkeuTiLmpEOob/5Diw2kX xfKNqOsbKbUJIpYZqI5WV6u9WX5c24JrL7UL5akYb44yGHg3m4e7j+s6+SgtMNv/ /li+vwAGx6/megtbRpwP+Pu376osGoRfZMphOr1aCiJTJPmcPMfOl+PYjd6LjLuN xWuhPd/OUmJsifkontTPpv9Lpb/gr8r48RgkPEkqrWrxUS3zLGUA2h/mPw3K3Hmx tq4UI6RHyAgCIYn04isRENEqK4fmXrVSkc5wfzeQSAMNnbALrvkETmzAR3DYftvs +3xtBKW8t9jBPSDR7tVlG4kARgQYEQIABgUCOb0k1gAKCRBpVpl+Mi4rmQlPAKDR +JlkGe6M+Uo0dyOffbsX4KUQpQCfXmhMUjjjHqf/nNv4DolJfYBSiZ8= =OuiH -----END PGP PUBLIC KEY BLOCK----- From Christian.Iversen at indok.no Fri Sep 15 12:23:06 2000 From: Christian.Iversen at indok.no (Christian Iversen) Date: Tue Dec 2 02:31:27 2003 Subject: The account is not authorized to log in from this station Message-ID: I am running Samba on a Sun Solaris 2.6. Since I so far haven't had any problems with Samba, I am still running v.1.9.17p3. Now my company has installed a Win 2000 Server running Citrix Metaframe. We want to connect \home and \tmp as network disks in the Metaframe environment, but when we try to connect to our Sun Server, the message "The account is not authorized to log in from this station" appears. I have enabled PlainTextPassword, but that doesn't help, I have tried to connect using: net use h: \\"ip-adress"'home and net use h: \\"servername"\home, but none of them works. Does anyone know if there is any solution to our problem ? Regards, Christian Iversen From Christian_Kremer at KirchGruppe.DE Fri Sep 15 12:41:30 2000 From: Christian_Kremer at KirchGruppe.DE (Kremer, Christian) Date: Tue Dec 2 02:31:27 2003 Subject: AW: no SID generated Message-ID: Hi Peter, thanks for your fast response. Do I get you right, that I have to do this for every NT-Client? Or does anothere way exist? Greetings Christian -----Urspr?ngliche Nachricht----- Von: Peter Lundqvist [mailto:peterl@Update.UU.SE] Gesendet: Freitag, 15. September 2000 11:56 An: Kremer, Christian Cc: 'samba-ntdom@us4.samba.org' Betreff: Re: not SID generated On Fri, 15 Sep 2000, Kremer, Christian wrote: > Hi List, > > I have a problem with my samba 2.0.7 and PDC. > > I?ve read, that when my clients have their machine accounts created in the > smbpasswd then a .sid is created after a smbd reboot. > But this is simple not the fact. When I try to enter the domain with my > NT-Clients they cannot found the domain. I think that my smb.conf is OK > (I?ve checked them with some examples) so what does not function? Hm... I had the very same problem with a CVS-build a few weeks ago. I "solved" it by making a soft link to the workstation sid (for the samba server). I'm not sure if I remember this correctly though.. ........................................................................... Peter Lundqvist web: http://www.update.uu.se/~peterl Studentv. 32:22B e-mail: peterl@update.uu.se 752 34 Uppsala cellular: +46 (0)70 45 66 347 Sweden -------------- next part -------------- HTML attachment scrubbed and removed From rszczesniak at mis.com.pl Fri Sep 15 12:43:09 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:27 2003 Subject: Odp: The account is not authorized to log in from this station Message-ID: Problem may be (but don't essentially have to) related to "security" setting in smb.conf. Prior to Samba 2.0.x it was "security = share", by default. Now (Samba 2.0.x), default setting is "security = user" since that's the "native mode" of WinNT and newer, and since that version is designed to act as partially working PDC. Try to use "security = user". Another case is that you should think about upgrading to Samba 2.0.x. It works fine, really :) Rafa? Christian Iversen Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-15 14:23 Do: "'samba-ntdom@lists.samba.org'" DW: Temat: The account is not authorized to log in from this station I am running Samba on a Sun Solaris 2.6. Since I so far haven't had any problems with Samba, I am still running v.1.9.17p3. Now my company has installed a Win 2000 Server running Citrix Metaframe. We want to connect \home and \tmp as network disks in the Metaframe environment, but when we try to connect to our Sun Server, the message "The account is not authorized to log in from this station" appears. I have enabled PlainTextPassword, but that doesn't help, I have tried to connect using: net use h: \\"ip-adress"'home and net use h: \\"servername"\home, but none of them works. Does anyone know if there is any solution to our problem ? Regards, Christian Iversen From johan.ostensson at orebro.lantmen.se Fri Sep 15 12:50:26 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:31:27 2003 Subject: The account is not authorized to log in from this station Message-ID: <20000915125047.151AB659834@au2.samba.org> I think a upgrade to Samba 2.0.7 is needed. Versions prior to 2.0.7 does (as far as I understand from this list, I haven't seen it myself) not support Win2K, not even for filesharing only. /johan > -----Ursprungligt meddelande----- > Fr?n: Christian Iversen [mailto:Christian.Iversen@indok.no] > Skickat: den 15 september 2000 14:23 > Till: johan.ostensson@orebro.lantmen.se; 'samba-ntdom@lists.samba.org' > ?mne: The account is not authorized to log in from this station > > > I am running Samba on a Sun Solaris 2.6. Since I so far > haven't had any > problems with Samba, I am still running v.1.9.17p3. > > Now my company has installed a Win 2000 Server running Citrix > Metaframe. We > want to connect \home and \tmp as network disks in the Metaframe > environment, but when we try to connect to our Sun Server, > the message "The > account is not authorized to log in from this station" appears. I have > enabled PlainTextPassword, but that doesn't help, I have > tried to connect > using: net use h: \\"ip-adress"'home and net use h: > \\"servername"\home, but > none of them works. > > Does anyone know if there is any solution to our problem ? > > Regards, > > Christian Iversen > From DVandereecken at Colt-Telecom.Be Fri Sep 15 14:04:44 2000 From: DVandereecken at Colt-Telecom.Be (Vander Eecken Damien) Date: Tue Dec 2 02:31:27 2003 Subject: Samba File Server in multiple NT domains Message-ID: <7470611BE462D3118C4B00805FA7EFCFA00965@COLTBE001> Hi, Can somebody tell me, if it's possible to configure SAMBA as a single File Server to serve NT clients in multiple domains. If so, how do we go about it? Thanks in advance. Damien From gerrym at futuremetals.com Fri Sep 15 14:22:51 2000 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:31:27 2003 Subject: domain user/group maps Message-ID: <39C230BB.44A558DA@futuremetals.com> Hey, I am using Samba 2.06-9, from RH 6.2, and domain user map and domain group map are not working. Is this 2.06-9 Samba-NT domain complient????? From JRI at mail.nbporto.novabase.pt Fri Sep 15 14:53:14 2000 From: JRI at mail.nbporto.novabase.pt (=?iso-8859-1?Q?Jos=E9_Pedro_Ribeiro?=) Date: Tue Dec 2 02:31:27 2003 Subject: JOINING NT DOMAIN PROBLEMS Message-ID: <089AAD923BA3D311970C00508B5A7A643A0F19@mail.nbporto.pt> Hi! My name's Pedro and i'm from PORTUGAL. I've set up a proxy server, running under RedHat 6.2, using Squid, and it's qorking fine, but i wish to have the log files authenticated by user login. I'm trying to use the smb_auth software and i've followed the steps described to join the NT domain ( The PDC is an NT Server ) and have successfully joined the domain, but i can't get a valid authentication. Here's what i get when i try this: > smb_auth -W NBPORTO -d > cmj cmj2000 Domain name: NBPORTO Pass-through authentication: no Query address options: Domain controller IP address: 192.168.7.253 Domain controler NETBIOS name: ERR There's 2 strange facts, maybe the second is a consequence of the first. The domain controller's ( NT PDC ) IP adress is in fact 192.168.7.203 ( not 253 ) and it always returns an error. In the smb.conf file i've inserted the controller has 192.168.7.203, and i tried creating an account on the PDC for this machine as NT Workstation or server, but it changes to Nt Backup when it detects the machine. Also, if i try usinf nmblookup, i get successful answer for the machine names, but get a warnig message, telling me this: "Unkown parameter encountered: "domain controller" Ignoring Unkown parameter "domain controller" Though i have set this optios to NBPPDC in the smb.conf file i always get this as a response to my test. Can anyone help on this? I'm sure someone must have tried to do this. Thanks in advance. Pedro Ribeiro ---------------------------------------------------------------------------- ------------ Pedro Ribeiro Novabase Servi?os Tel: 351.22.6079260 Rua J?lio Dinis, 204 - Sala 309 Fax: 351.22.6008200 4050 Porto mailto:jri@mail.nbporto.novabase.pt From smerrill at svfc.org Fri Sep 15 17:11:40 2000 From: smerrill at svfc.org (Scott Merrill) Date: Tue Dec 2 02:31:27 2003 Subject: TNG and HEAD merge? Message-ID: <002601c01f38$04322a40$040a0a0a@svfc.org> I've been using Samba 2.0.7 to provide domain logons for Win98 clients for some time. I now have need to add a Windows 2000 member server to my domain, so I obviously need Samba TNG (or portions thereof). I downloaded the samba-tng-alpha.2.6.tar.gz file, and read the /source/README, which indicates that I should use the old (2.0.7) smbd and nmbd daemons if I need to preserve current functionality. The Samba-TNG FAQ also seems to indicate as much. Could someone please provide me fairly detailed instructions on how to go about merging the TNG components that I need with the old smbd and nmbd that work? I tried replacing the TNG daemons with the ones from the Red Hat 6.2 samba RPM, but that did not seem to work. Do I need to actually compile the daemons with the TNG in some way? Please pardon my abysmal ignorance, but I've never used CVS. So all this speak about merging the latest head CVS snapshot with the TNG code is beyond me. I'm not a programmer, and honestly have very little desire to become one. I'm willing to learn as much as I need to get this particular problem solved, but I'm finding it hard to get started. Any and all assistance will be _greatly_ appreciated. From syssys at math.umd.edu Fri Sep 15 17:47:49 2000 From: syssys at math.umd.edu (Tim Strobell - Asst Systems Admin) Date: Tue Dec 2 02:31:27 2003 Subject: NIS authentication and smbpasswd Message-ID: <20000915134749.D7170@laplace.math.umd.edu> Howdy Gents, I've set up 2.0.7 as a PDC for a small lab of NT4 machines. We use NIS (not NIS+) for 'authentication' for our Unix machines. Is there any way to set up a smbpasswd file (or configure samba) so that Samba authenticates against the NIS password instead of the NT hash in the smbpasswd file? In other words, I can't logon unless I (manually) set my smbpasswd to match my Unix passwd. I would like to roll this out as transparently as possible. Has anyone else been in a similar situation? Thanks! Tim -- Tim Strobell - syssys@math.umd.edu - (301) 405-8175 - Fax (301) 314-0827 Assistant Systems Administrator Department of Mathematics, University of Maryland at College Park From boguhn at entelos.com Fri Sep 15 18:24:18 2000 From: boguhn at entelos.com (Brian Boguhn) Date: Tue Dec 2 02:31:27 2003 Subject: The box shows up on a browse list, but I can't access it Message-ID: Hi all, I've installed Samba 2.0.3 onto a box running Solaris 2.6. I created an account for the box in our NT domain using Server Manager, then added the box to the domain using smbpasswd. I configured smb.conf to use domain authentication. I go to Explorer, and I can see the box, listed as a Samba 2.0.3 box, but when I click on it to access it, I get the following: Incorrect or unknown username for \\, and it prompts me for a username and password. I've tried my Unix name on the box, I've tried root, I've re-entered my NT credentials, and this is still what I get. My NT box can browse other Samba boxes without issue. Any ideas on what to try? Thanks. ___________________________________ Brian Boguhn Server Administrator Entelos, Inc. Menlo Park, CA (650) 330-5235 (voice) (650) 330-5201 (fax) http://www.entelos.com ___________________________________ From boguhn at entelos.com Fri Sep 15 21:14:55 2000 From: boguhn at entelos.com (Brian Boguhn) Date: Tue Dec 2 02:31:27 2003 Subject: Problem fixed - FW: The box shows up on a browse list, but I can' t access it Message-ID: The issue is resolved. Going through SWAT, I was able to see where Samba was looking for the smbpasswd file and ..mac file. As this was a precompiled version of Samba, they actually existed in a different spot on my box. Copying them and restarting the system resolved the problem. -----Original Message----- From: Brian Boguhn [mailto:boguhn@entelos.com] Sent: Friday, September 15, 2000 11:24 AM To: 'samba-ntdom@samba.org' Subject: The box shows up on a browse list, but I can't access it Hi all, I've installed Samba 2.0.3 onto a box running Solaris 2.6. I created an account for the box in our NT domain using Server Manager, then added the box to the domain using smbpasswd. I configured smb.conf to use domain authentication. I go to Explorer, and I can see the box, listed as a Samba 2.0.3 box, but when I click on it to access it, I get the following: Incorrect or unknown username for \\, and it prompts me for a username and password. I've tried my Unix name on the box, I've tried root, I've re-entered my NT credentials, and this is still what I get. My NT box can browse other Samba boxes without issue. Any ideas on what to try? Thanks. ___________________________________ Brian Boguhn Server Administrator Entelos, Inc. Menlo Park, CA (650) 330-5235 (voice) (650) 330-5201 (fax) http://www.entelos.com ___________________________________ From ZolnOtt at t-online.de Fri Sep 15 20:03:32 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:27 2003 Subject: domain user/group maps References: <39C230BB.44A558DA@futuremetals.com> Message-ID: <39C28094.929A2EBA@t-online.de> hi gerry domain user map and domain group map work on a tng-version. bye michael Gerry Maddock wrote: > > Hey, I am using Samba 2.06-9, from RH 6.2, and domain user map and > domain group map are not working. Is this 2.06-9 Samba-NT domain > complient????? From ZolnOtt at t-online.de Fri Sep 15 20:19:13 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:27 2003 Subject: Samba as PDC, profiles and scripts References: Message-ID: <39C28441.BD7AABF5@t-online.de> hi eric! i hope, that i can help you at your first question. at the end of my smb.conf i set the following parameter include = /usr/local/samba/lib/%a and i have the two following attaching files bye michael Eric Delaet wrote: > > Hello, > > I have a SAMBA server as PDC. > > I seem to have 2 problems. > > 1) I tried to use the "logon home" parameter. This works great, but only > for Win NT clients. Win 98 clients simply seem to ignore this parameter. > That's why I tried to put everything in a logon script with "logon script > = logon.bat". > The logon.bat contains NET USE H: /HOME. The script gets executed by the > 98 clients, but again, the mapping only works for the NT clients. > An interesting fact is that when I try to type NET USE H: /HOME in 98, > when I'm logged in, the H: DOES get mapped. > Any solutions for mapping homedrives at login time with 98 clients? > > 2) Profiles are "roaming". When I specify the logon path, profiles are > copied, ofcourse, to that path. When I uncomment this parameter, profiles > are copied to the users home drive. > But I don't want roaming profiles, since there are too much users, > there's not enough room on the server and especially, not enough bandwith. > I was able to disable roaming profiles by adding > logon path = > in smb.conf, but is this a good idea? > > Thanks a lot! > > Eric -------------- next part -------------- ; win95.conf: ; 000510 ; Zusatz zu smb.conf ; ; globale Einstellungen logon script = logon_win9x.bat printer driver file = /usr/local/samba/lib/printers.def [netlogon] path = /home/logon writable = no public = no locking = no [epsty800] comment = Epson Stylus 800 printable = yes ;writable = no printer = lp public = no path = /var/spool/samba printer driver location = \\%L\amtek\druckertreiber printer driver = Epson Stylus 800 ESC/P 2 valid users = @zolnott ; ; Ende Win95.conf -------------- next part -------------- echo off echo Starten des Zeitservers net time \\laptop /set /yes echo Verbinden mit Home-Verzeichnis... net use h: \\laptop\homes echo Verbinden mit Download-Verzeichnis... net use i: \\laptop\download echo Verbinden mit CD-ROM... net use r: \\laptop\cd-rom pause From ZolnOtt at t-online.de Fri Sep 15 20:12:13 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:27 2003 Subject: NIS authentication and smbpasswd References: <20000915134749.D7170@laplace.math.umd.edu> Message-ID: <39C2829C.DE6839F6@t-online.de> hi tim! i don not understand your question. what do you want to do? an user on a nt-workstation logon the server by authenticates on passwd, not on smbpasswd. is this right? on my server i have install nis and samba and both have the same passwd. i put my passwd.yp into my smbpasswd. can you tell again, what is your problem (excuse me, but my understanding in english is not very good) bye michael Tim Strobell - Asst Systems Admin wrote: > > Howdy Gents, > > I've set up 2.0.7 as a PDC for a small lab of NT4 machines. > We use NIS (not NIS+) for 'authentication' for our Unix machines. > > Is there any way to set up a smbpasswd file (or configure samba) so that > Samba authenticates against the NIS password instead of the NT hash in the > smbpasswd file? > > In other words, I can't logon unless I (manually) set my smbpasswd to match > my Unix passwd. I would like to roll this out as transparently as possible. > > Has anyone else been in a similar situation? > > Thanks! > > Tim > > -- > Tim Strobell - syssys@math.umd.edu - (301) 405-8175 - Fax (301) 314-0827 > Assistant Systems Administrator > Department of Mathematics, University of Maryland at College Park From c_jasper at yahoo.com Fri Sep 15 21:56:52 2000 From: c_jasper at yahoo.com (Chris Jasper) Date: Tue Dec 2 02:31:28 2003 Subject: Netbios Proxy ? Message-ID: <20000915215652.29487.qmail@web108.yahoomail.com> I have a remote location to our main office connected through a vpn tunnel to our main office. We currently are running a FreeBSD box with Samba 2.0.7. We are currently using Samba to proxy wins service to our wins server in our main office (NT 4 server sp6). How do we proxy Netbios? If I understand correctly (quite possible that I don't), when a user logs into a nt workstation at the remote station the login, password, and domain info gets broadcast to the PDC or BDC through netbios. the users at the remote location are currently not able to log on to a system that they hadn't logged on to before they moved to the new location--getting a message saying the domain "domain" could not be found. Any ideas? thanks ===== Chris Jasperc_jasper@yahoo.comwk:408-830-2087cell:408-499-8275fax:707-667-1260 __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ From pilger at kahana.higp.hawaii.edu Sat Sep 16 00:24:49 2000 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:31:28 2003 Subject: Permission Denied Message-ID: <39C2BDD1.2C1CD10F@pgd.hawaii.edu> I have just switched to pre-3.0.0, and the group permissions have stopped working. It now appears to give you only the permissions that accrue to the user or your primary group. If you are not the owner, would be denied permission as other, but have permission as some secondary group, then you won't get access. It is a problem for both directories and files. I thought it might be a result of my move to Solaris 8, but I ran on a Solaris 7 machine and the problem is still there. The original 2.0.5a does not is still running, and does not have these problems. The log files are little help. Even at high log levels, smbd appears to get as far as opening the offending item with EUID set to the user and EGID set to the primary group, and then returns "Permission Denied" on the open call. Any clues..... -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From peterl at Update.UU.SE Sat Sep 16 00:41:52 2000 From: peterl at Update.UU.SE (Peter Lundqvist) Date: Tue Dec 2 02:31:28 2003 Subject: AW: no SID generated In-Reply-To: Message-ID: On Fri, 15 Sep 2000, Kremer, Christian wrote: > Hi Peter, > > thanks for your fast response. Do I get you right, that I have to do this > for every NT-Client? Or does anothere way exist? Sorry for beeing unclear. I blame trying to quit drinking coffe... *pain* ;-) No, only do ln -s MACHINE.SID WORKGROUP.SID Again, this is something aquard. I don't know why it happens. Could someone shatter some light on this? > On Fri, 15 Sep 2000, Kremer, Christian wrote: > > > Hi List, > > > > I have a problem with my samba 2.0.7 and PDC. > > > > I?ve read, that when my clients have their machine accounts created in the > > smbpasswd then a .sid is created after a smbd reboot. > > But this is simple not the fact. When I try to enter the domain with my > > NT-Clients they cannot found the domain. I think that my smb.conf is OK > > (I?ve checked them with some examples) so what does not function? > > Hm... I had the very same problem with a CVS-build a few weeks ago. > I "solved" it by making a soft link to the workstation sid (for the > samba server). > I'm not sure if I remember this correctly though.. > ........................................................................... > Peter Lundqvist web: http://www.update.uu.se/~peterl > Studentv. 32:22B e-mail: peterl@update.uu.se > 752 34 Uppsala cellular: +46 (0)70 45 66 347 > Sweden > > ........................................................................... Peter Lundqvist web: http://www.update.uu.se/~peterl Studentv. 32:22B e-mail: peterl@update.uu.se 752 34 Uppsala cellular: +46 (0)70 45 66 347 Sweden From lee at uk.freebsd.org Sat Sep 16 12:18:28 2000 From: lee at uk.freebsd.org (Lee Johnston) Date: Tue Dec 2 02:31:28 2003 Subject: NT Admin Logon Message-ID: <20000916131828.A34325@dogma.freebsd-uk.eu.org> Hi, I'm running Samba-2.0.7, and I'm wondering how I can create a user with Domain Admin access under NT4. I've tried the domain admin users option in the smb.conf file, but this doesn't seem to work. Regards, Lee. From k.blin at gmx.net Sat Sep 16 12:33:07 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:28 2003 Subject: Samba TNG as BDC for an NT4.0 PDC? Message-ID: <20000916143307.B27535@molgen-6.iah.medizin.uni-tuebingen.de> Hi folks, This is a FAQ for shure, but since I found different anwers to this question on different sites, I'll ask it again here. Is there a possibility to run Samba TNG as a BDC to an Win NT 4.0 PDC? Thanks in advance. Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology I can't decide whether to commit suicide or go bowling. -- Florence Henderson From tobias.held at web.de Sat Sep 16 16:02:21 2000 From: tobias.held at web.de (Tobias Held) Date: Tue Dec 2 02:31:28 2003 Subject: Creating NT machine accounts automatically Message-ID: <200009161602.SAA00734@mailgate3.cinetic.de> Dear mailing list! For test purposes I use a Samba-TNG 2.6 on a SuSE 6.4 system with some NT clients. For some days I haven't been able to create machine accounts automatically any more. I didn't change anything in my system. The same is at my linux box at home. The NT workstations can only log onto the Samba controlled domain if I create the machine account manually using samedit. Can anyone help me. I've included one of my smb.conf files at the end of my mail. I can also mail the 2nd if necessary. My 2nd question is: I've heard of a registry hack which removes roaming profiles on the NT workstations if the user logs out. Has someone any experience with that? Thank for your help and sorry for my bad English. Regards Tobias Held [global] workgroup = DAHEIM server string = Samba Server domain group map = /opt/samba-tng/private/domaingroup.map load printers = yes print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j printcap name = /etc/printcap log file = /opt/samba-tng/var/log.%m max log size = 50 security = user encrypt passwords = yes socket options = TCP_NODELAY local master = yes domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\%L\Profiles\%U logon home = \\%L\Users\%U logon drive = z: interfaces = 192.168.1.1/24 wins support = yes #============================ Share Definitions ============================== [netlogon] comment = Network Logon Service path = /opt/samba-tng/netlogon read only = yes write list = @adm admin browseable = yes [Profiles] path = /opt/samba-tng/profiles browseable = yes read only = no public = yes [Users] path = /opt/samba-tng/users browseable = yes read only = no public = yes [Transfer] path = /transfer browseable = yes read only = yes public = yes [StarOffice] path = /opt/samba-tng/programme/soffice52 browseable = yes read only = yes write list = admin @adm [SO-Daten] path = /opt/samba-tng/programme/so_daten/%U browseable = yes read only = no public = yes [Encarta-CD] path = /opt/encarta97.img browseable = yes read only = yes [printers] ; comment = All Printers path = /var/spool/lpd browseable = yes read only = yes guest ok = yes printable = yes _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de From laa at ipt.pt Sat Sep 16 21:39:27 2000 From: laa at ipt.pt (Luis) Date: Tue Dec 2 02:31:28 2003 Subject: samba-tng-alpha.2.6.rpm Message-ID: <39C3E88F.3F8AFD8F@ipt.pt> Hi dou you know any samba-tng-alpha.2.6.rpm for redhat6.2? I have compiled ("./configure" and "make all install") samba-tng-alpha.2.6 but programs like smbpasswd to create smbpasswd file do not appears? Samba-tng uses the unix password or do i have to use the same method as on the samba2.0.7 cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd ? Should i wait for samba3.0? when will it get out? Thanks email: laa@ipt.pt From garcian002 at hawaii.rr.com Sun Sep 17 03:41:02 2000 From: garcian002 at hawaii.rr.com (Nelson C. Garcia) Date: Tue Dec 2 02:31:28 2003 Subject: NT Admin Logon In-Reply-To: <20000916131828.A34325@dogma.freebsd-uk.eu.org> Message-ID: Check out David Bannon's well-put-together pages at the following URL: http://bioserve.biochem.latrobe.edu.au/samba/ I'll spoil the suspense and tell you that the smb.conf entry should be: domain admin group = @adm where "adm" is the linux group that NT will recognize as Domain Admin. Aloha, Nelson -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Lee Johnston Sent: Saturday, September 16, 2000 2:18 AM To: samba-ntdom@us4.samba.org Subject: NT Admin Logon Hi, I'm running Samba-2.0.7, and I'm wondering how I can create a user with Domain Admin access under NT4. I've tried the domain admin users option in the smb.conf file, but this doesn't seem to work. Regards, Lee. From i.kolemanov at i-s-m.de Sun Sep 17 13:16:42 2000 From: i.kolemanov at i-s-m.de (ISM Kolemanov, Ivan) Date: Tue Dec 2 02:31:28 2003 Subject: stable nt4 srevice pack for Samba-TNG Message-ID: hi all I have to prepare Samba PDC, with 2.0.7 i have some really strange problems which doesnt seemed to be with tng, but in the moment I can test it only with win2k, which is not really good I have to make PDC for NT4 :( can anybody point me which service pack for nt4 is the most stable with samba tng 2.6 and 2.5.3 ? also which of the tng version is the most stable as PDC? (I know that it is pre alpha and not for production use :) 10x in advance, Ivan Kolemanov From i.kolemanov at i-s-m.de Sun Sep 17 17:25:46 2000 From: i.kolemanov at i-s-m.de (ISM Kolemanov, Ivan) Date: Tue Dec 2 02:31:28 2003 Subject: how to add smbuser with default passwd Message-ID: with the 2.0.x samba I've been able to make a script which automaticaly was adding unix & samba users from a file e.g. username=firstlastname passwd=firstname using useradd, passwd and smbpasswd How can I do such thing with samba-tng I mean automaticaly to create samba user with default passwd I didn't saw the smbpasswd program :( 10x in advance Ivan Kolemanov From mgeddes at xavier.sa.edu.au Mon Sep 18 00:41:03 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:28 2003 Subject: samba-tng-alpha.2.6.rpm References: <39C3E88F.3F8AFD8F@ipt.pt> Message-ID: <39C5649F.8C5CABFA@xavier.sa.edu.au> Luis wrote: > > Hi > > dou you know any samba-tng-alpha.2.6.rpm > for redhat6.2? No. Given the prealpha nature of the code and the number of optional extras, it's probably wise to use the source and have the code compiled and optimised for you own workstation. > but programs like smbpasswd to create smbpasswd file do not appears? This is because smbpasswd is no longer used. User samedit instead. Check out the man pages or Lars Kneschke's FAQ for details. > Should i wait for samba3.0? when will it get out? The Samba team is working on this as we speak. I believe Samba 2.2 will be an intermediate step. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From peter at cadcamlab.org Mon Sep 18 03:20:10 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:28 2003 Subject: plain text password References: <5.0.0.25.0.20000913175315.0234f260@hdinfo.com> Message-ID: <14789.35306.121961.1202@wire.cadcamlab.org> [Devin Gibson ] > Anybody know the plain text password fix for Windows 2000? Is it the > same registry key? If you are running a recent version of Samba -- and you should be, if you expect it to work well with Windows 2000 -- the correct registry hack is in the docs/ directory. Peter From mgeddes at xavier.sa.edu.au Mon Sep 18 06:33:33 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:28 2003 Subject: rpcclient stability Message-ID: <39C5B73C.F33E9651@xavier.sa.edu.au> Hi all, Is anyone using samedit/rpcclient to modify a live NT system? I know it works on a TNG box, but I'd like to edit the SAM on an NT box. Unfortunately, Windows machines are becoming more scarce and I don't have a box to test it on. I'd test it on the server, but I'd rather not kill our production PDC/file server. Thanks in advance, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From michael at laserle.fi Mon Sep 18 06:58:11 2000 From: michael at laserle.fi (Michael Holopainen) Date: Tue Dec 2 02:31:28 2003 Subject: not SID generated References: Message-ID: <39C5BD03.BD11FCA@laserle.fi> Send your smb.conf [global] section and I'll have look at it. Peter Lundqvist wrote: > > On Fri, 15 Sep 2000, Kremer, Christian wrote: > > > Hi List, > > > > I have a problem with my samba 2.0.7 and PDC. > > > > I?ve read, that when my clients have their machine accounts created in the > > smbpasswd then a .sid is created after a smbd reboot. > > But this is simple not the fact. When I try to enter the domain with my > > NT-Clients they cannot found the domain. I think that my smb.conf is OK > > (I?ve checked them with some examples) so what does not function? > > Hm... I had the very same problem with a CVS-build a few weeks ago. > I "solved" it by making a soft link to the workstation sid (for the > samba server). > I'm not sure if I remember this correctly though.. > ........................................................................... > Peter Lundqvist web: http://www.update.uu.se/~peterl > Studentv. 32:22B e-mail: peterl@update.uu.se > 752 34 Uppsala cellular: +46 (0)70 45 66 347 > Sweden -- --"Would you fly on airplane controlled by MS Windows ?"-- -------------------------------------------------------------------- | Michael Holopainen | Valuraudantie 25 | Tel: +358-(0)9-35093825 | | | 00700 Helsinki | Fax : +358-(0)9-35093850 | | Laserle Oy | Finland | email: michael@laserle.fi| -------------------------------------------------------------------- From i.kolemanov at i-s-m.de Mon Sep 18 07:14:12 2000 From: i.kolemanov at i-s-m.de (ISM Kolemanov, Ivan) Date: Tue Dec 2 02:31:28 2003 Subject: how to add smbuser with default passwd Message-ID: when I'm stupid and don't read carefully the help: >How can I ... >... create samba user with default passwd >I didn't saw the smbpasswd program :( answer: samedit -S . -U root -N -c 'createuser namefname -p name' I have also strange problem with Swat I'm not able to log in :( I can use it only with "-a" option which is not really nice P.S. just hope that it isn't so stupid, I'm not really wakeup yet Greetings, Ivan Kolemanov From eridel at kava.be Mon Sep 18 07:22:26 2000 From: eridel at kava.be (Eric Delaet) Date: Tue Dec 2 02:31:28 2003 Subject: Samba as PDC, profiles and scripts In-Reply-To: <39C28441.BD7AABF5@t-online.de> Message-ID: On Fri, 15 Sep 2000, Andrea Zolnhofer & Michael Ott wrote: > hi eric! > > i hope, that i can help you at your first question. > at the end of my smb.conf i set the following parameter > include = /usr/local/samba/lib/%a > and i have the two following attaching files Thanks ! BTW, now I know why my logon scripts weren't working in NT. I created them in Linux instead of in Windows, with the result that they didn't contained a CR+LF, but only CR. Win NT could live with that, but Win 95 couldn't ... Eric. From rszczesniak at mis.com.pl Mon Sep 18 08:24:35 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:28 2003 Subject: Samba File Server in multiple NT domains Message-ID: To be honest I didn't try to join multiple domains (because I didn't need it), but I can try today afternoon (ie. after work). As the first one, I think, Samba HEAD should be tested because of it's better file-serving capabilities. Rafa? Vander Eecken Damien 00-09-15 18:13 Do: "'rszczesniak@mis.com.pl'" DW: Temat: RE: Samba File Server in multiple NT domains Rafal, We still didn't install SAMBA. Before we want to be sure that the Samba server can join more than one domain. So if you can suggest us which Samba version, can join more than one domain, we would be very grateful. Do you have a positive experience about this ? And how can we implement this? Thanks. Damien -----Original Message----- From: rszczesniak@mis.com.pl [mailto:rszczesniak@mis.com.pl] Sent: Friday, September 15, 2000 4:55 PM To: Vander Eecken Damien Subject: Odp: Samba File Server in multiple NT domains First of all, you should try, whether Samba server can join more than one domain. How to do it, depends on version of Samba you are using. Rafal Vander Eecken Damien Wyslane przez: samba-ntdom-admin@us4.samba.org 00-09-15 16:04 Do: "'samba-ntdom@lists.samba.org'" DW: Temat: Samba File Server in multiple NT domains Hi, Can somebody tell me, if it's possible to configure SAMBA as a single File Server to serve NT clients in multiple domains. If so, how do we go about it? Thanks in advance. Damien From impaco at mixmail.com Mon Sep 18 08:27:50 2000 From: impaco at mixmail.com (paco cornejo) Date: Tue Dec 2 02:31:28 2003 Subject: SAMBA-LDAP... PLEAASE HELPP! Message-ID: <20000918102750.HM.600000000005MOj@mixmail.com> Please help me... I was trying to authenticate a WinNt into Solaris 7 as pdc, using Samba 2.1.0 Pre-alpha (Head) and OpenLdap 1.2.9 for storing passwd an usernames. I was following the HowTo by Ignacio Coupeau but it doesnt work for me. My problem is that all goes right until i try to use smbpasswd, then i get an error... I have added all classes and users /etc/passwd and Ldap database, but can´t do it with smbpasswd.... Another question is: How i encrypt the users passwords? And what are Rids, and Sids? Please if you have any experience with this let me Know.. Lots af thanks in advance... Tu correo gratis en MixMail http://www.mixmail.com Inicia tu navegacion en http://www.ya.com From max728 at usa.net Mon Sep 18 10:09:45 2000 From: max728 at usa.net (mathou rene) Date: Tue Dec 2 02:31:29 2003 Subject: help, help, help!!!!! Message-ID: <20000918100945.12162.qmail@nwcst320.netaddress.usa.net> Mandrake7.0 samba2.0.7 as PDC clients win98 winNT4 SP5 clients often can't log on cause of bad password even if the password is true and also often can't access to shares cause of the same problem. my boss tell me that if i can't resolve this problem i'll have to turn back under WinNT server Please help me.... ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 From ericd at kava.be Mon Sep 18 10:23:39 2000 From: ericd at kava.be (Eric Delaet) Date: Tue Dec 2 02:31:29 2003 Subject: help, help, help!!!!! In-Reply-To: <20000918100945.12162.qmail@nwcst320.netaddress.usa.net> Message-ID: Hello there ! My Samba as a PDC seems to work OK as a PDC now. However, the log sometimes says : [2000/09/17 21:28:43, 0] rpc_server/srv_lsa_hnd.c:open_lsa_policy_hnd(107) ERROR: out of Policy Handles! Everything keeps working great, but what does this warning means, and is it severe ? Eric. From rszczesniak at mis.com.pl Mon Sep 18 10:35:25 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:29 2003 Subject: rpcclient stability Message-ID: I successfully created a new user account on NT wks box, but attempt to make a new group failed (don't know why, yet). Also various enumerations (printers, users, services) worked fine. So far, I did not try anything more. After all, I think that more descriptive usage instructions for samedit and rpcclient commands would be very helpful. Many attempts fail probably just because I don't know exact syntax and all params I can pass. Rafa? Matthew Geddes Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-18 08:33 Do: Multiple recipients of list SAMBA-NTDOM DW: Temat: rpcclient stability Hi all, Is anyone using samedit/rpcclient to modify a live NT system? I know it works on a TNG box, but I'd like to edit the SAM on an NT box. Unfortunately, Windows machines are becoming more scarce and I don't have a box to test it on. I'd test it on the server, but I'd rather not kill our production PDC/file server. Thanks in advance, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From i.kolemanov at i-s-m.de Mon Sep 18 11:05:20 2000 From: i.kolemanov at i-s-m.de (ISM Kolemanov, Ivan) Date: Tue Dec 2 02:31:29 2003 Subject: help, help, help!!!!! Message-ID: >Mandrake7.0 >samba2.0.7 as PDC >clients win98 winNT4 SP5 clients often can't log on cause of bad password >even if the password is true and also often can't access to shares cause of >the same problem. my boss tell me that if i can't resolve this problem >i'll have to turn back under WinNT server Please help me.... I had the same problem with Redaht 6.2, samba 2.07 as PDC and winNT4 clients, the machines just did random login samba-tng-2.6 seems ok with winNT4 SP5 and win2k, no idea about win98 Greetings, Ivan Kolemanov From bgmilne at ing.sun.ac.za Mon Sep 18 11:08:34 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:29 2003 Subject: Incomplete domain user list Message-ID: <39C5F7B2.B9BB1460@ing.sun.ac.za> Samba 2.0.7 works fine as a PDC for NT4 machines, and supports all the basic functionality. If you are getting a truncated user list, or if you user list misses some entries from your smbpasswd file, just check that each entry inthe smbpasswd file has a matching entry in your passwd file. I had this problem when I changed a machines name and did not change it's unix account to match. Buchan P.S. sorry Simo, you get this one twice, I was too hasty with the send ... Simo Sorce wrote: > > Christophe Merle wrote: > > > > Hi, > > > > We have a Samba Server 2.0.7 (running on a Solaris 7 system) as PDC for > > NT 4.0 Machines and have the following problem: New added > > Samba Users can log in and use shares from NT-Clients but remaining > > invisible in the "domain user list" of NT. This user list can for > > example be displayed under NT with the dos-command "net user /domain". > > This is a problem when you for example want to give Administrator > > privileges to a user, the NT admin tool displays an incomplete list of > > users in the current domain and it's also impossible to add the desired > > user in the Administrator list. These incomplete user list causes > > several other problems with administration software using this user > > list. > > I have readed that this problem can be caused by inconsistencies in the > > smbpasswd (Also a user that exists in the smbpasswd but not in the > > /etc/passwd). I have wrote a script to check the consistency of each > > user und "thrusted machine" account in my smbpasswd and not found any > > problem. After many days of investigation i have found something very > > interesting: > > I have deleted all "thrusted machine account" from smbpasswd and left > > only the around 400 users in it. Each user can log in and use share from > > NT-Clients, but when I execute the command "net user /domain" the user > > list displayed contains only !! 250 users !!. I first thought the user > > 251 is inconsistent and I have immediatly deleted him from smbpasswd but > > the NT user list still contains 250 users. I think this is the source of > > my problem. Probably this problem is caused by a part of samba that has > > not been yet properly implemented. > > Our samba system work in a production environment so whe have a big > > Problem with it. And the Problem is about to become a disaster when we > > will add soon other 2000 Thousand users on your system. > > Is this limitation a known problem? > > Know somebody this problem and eventually a work around to bypass it? > > > > As said many times and reported on the samba main site and mirrors: > samba 2.0.x series PDC support is unsupported and above all not > complete. > > You cannot add users to groups with NT tools and user listing will not > function properly. > > If you need true PDC functionality you need to try samba TNG but be > aware this is alpha software and you have to test carefully if you want > to use this code in production environment. > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From rszczesniak at mis.com.pl Mon Sep 18 11:44:55 2000 From: rszczesniak at mis.com.pl (rszczesniak@mis.com.pl) Date: Tue Dec 2 02:31:29 2003 Subject: Odp: SAMBA-LDAP... PLEAASE HELPP! Message-ID: "paco cornejo" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-18 11:27 Do: samba-ntdom@us4.samba.org DW: Temat: SAMBA-LDAP... PLEAASE HELPP! Please help me... I was trying to authenticate a WinNt into Solaris 7 as pdc, using Samba 2.1.0 Pre-alpha (Head) and OpenLdap 1.2.9 for storing passwd an usernames. I was following the HowTo by Ignacio Coupeau but it doesnt work for me. My problem is that all goes right until i try to use smbpasswd, then i get an error... I have added all classes and users /etc/passwd and Ldap database, but can?t do it with smbpasswd.... Another question is: How i encrypt the users passwords? It's not you. Samba finds proper fields in samba account object and fills'em up. So, if I remember well, standard password field setting doesn't affect samba authentication process and samba passwords. And what are Rids, and Sids? These are: Relative Identifier (the former) Security Identifier (the latter) SID is the NT style global identifier. Something like UID on the Unix systems. While UID is the 16 bit number, SID is a structure (containing numbers of course). RID is "local scope" identifier. It's related to the current system/domain only. This is quite simplified view, but I think it clarifies the problem a bit. Rest of the samba ntdom list members: Correct me if I'm wrong, not enough precise or forgot something wrong, please ! I'm just a human, not Samba-team member and I learn something new everyday :-) greetings Rafa? Please if you have any experience with this let me Know.. Lots af thanks in advance... Tu correo gratis en MixMail http://www.mixmail.com Inicia tu navegacion en http://www.ya.com From stancel at netlife.de Mon Sep 18 11:55:34 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:29 2003 Subject: authorize a NT stand alone server for Domainaccess Message-ID: <39C602B6.44D91730@netlife.de> Hi all, (firstofall sorry for my bad english) once I authorized a NT Server in the Domain (Samba TNG 2.5) Then we changed the Hardware of this. All Users could login in the domain, but have no access to the PDC with netlogon, profile etc. shares. (An other Fileserver Samba 2.0.6 domainmember works, i.e. domainusers had access to their shares) Then I wonted to authorized this Server once more in the Domain. I have deleted his account and make a new one. But the authorization faild... See the log file: WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED SMB LM/NT Password did not match! Rejecting user 'stancel': authentication failed authorise_login: TODO. split function, it's 6 levels! msrpc_process: client_name: wkssvc my_name: pdc WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode Closing connections msrpc_process: client_name: lsarpc my_name: pdc WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=99, egid=99 _lsa_open_secret failed with 0xc0000022 Closing connections LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED What can I do now ? Thank You, Marek Stancel From i.kolemanov at i-s-m.de Mon Sep 18 12:07:21 2000 From: i.kolemanov at i-s-m.de (ISM Kolemanov, Ivan) Date: Tue Dec 2 02:31:29 2003 Subject: Using Samba with Windows NT domains [indeed OT] Message-ID: >Hi! My name's Pedro and i'm from PORTUGAL. Hi Pedro >I've set up a proxy server, running under RedHat 6.2, using Squid, >and it's qorking fine, but i wish to have the log files authenticated by user login. >I'm trying to use the smb_auth software and i've followed the steps described >to join the NT domain ( The PDC is an NT Server ) and have successfully >joined the domain, but i can't get a valid authentication. ..... The following is the test which worked nice for me: you have to have installed samba - in my case 2.0.7 on OpenBSD 2.07 you don't have to configure anything about samba, the smb_auth module use only the clients programs from samba then you have to compile Squid with the smb_auth module also creating empty file "proxyauth" on the NETLOGON share of the primary domain !!! (for the test it was NT server machine) the squid.conf you can also specify with '-U IPaddress' the ip address of the PDC machine .... authenticate_program /usr/local/bin/smb_auth -W PDC_TEST -B 10.1.1.255 acl domainusers proxy_auth REQUIRED acl authusers proxy_auth ikolemanov acl daytime time 08:00-17:00 acl all src 0/0 http_access allow authusers http_access allow domainusers daytime http_access deny all .... more info on http://www.hacom.nl/~richard/software/smb_auth.html hope it helps Greetings, Ivan Kolemanov From Jody.Haynes at isunnetworks.com Mon Sep 18 12:27:52 2000 From: Jody.Haynes at isunnetworks.com (Jody Haynes) Date: Tue Dec 2 02:31:29 2003 Subject: Odp: SAMBA-LDAP... PLEAASE HELPP! In-Reply-To: ; from rszczesniak@mis.com.pl on Mon, Sep 18, 2000 at 01:44:55PM +0200 References: Message-ID: <20000918082752.H1302@jody.isunnetworks.com> The problem with samba not adding its entries is that the ldap tree structure has not be configure correctly for samba --- most likely. Samba needs these entries in the base of the ldap tree: objectclass=SAMBAACCOUNT objectclass=SAMBACONFIG Now you should be able to add entires. I'm using tng-2.6 branch of the code and it works great.... Also there is some perl migration scripts for migrating users into ldap if you are interested in them: http://www.padl.com/tools.html I'm also using pam_ldap and nss_ldap through stunnel from padl.com and that also works great for my UNIX users. ---Jody rszczesniak@mis.com.pl [rszczesniak@mis.com.pl] wrote: > "paco cornejo" > Wys?ane przez: samba-ntdom-admin@us4.samba.org > 00-09-18 11:27 > > > Do: samba-ntdom@us4.samba.org > DW: > Temat: SAMBA-LDAP... PLEAASE HELPP! > > Please help me... > > I was trying to authenticate a WinNt into Solaris 7 as > pdc, using Samba 2.1.0 Pre-alpha (Head) and OpenLdap > 1.2.9 for storing passwd an usernames. > > I was following the HowTo by Ignacio Coupeau but it > doesnt work for me. > > My problem is that all goes right until i try to use > smbpasswd, then i get an error... > > I have added all classes and users /etc/passwd and > Ldap database, but can?t do it with smbpasswd.... > > Another question is: How i encrypt the users passwords? > It's not you. Samba finds proper fields in samba account > object and fills'em up. So, if I remember well, > standard password field setting doesn't affect > samba authentication process and samba passwords. > > And what are Rids, and Sids? > These are: > Relative Identifier (the former) > Security Identifier (the latter) > > SID is the NT style global identifier. Something like > UID on the Unix systems. While UID is the 16 bit number, > SID is a structure (containing numbers of course). > RID is "local scope" identifier. It's related > to the current system/domain only. > This is quite simplified view, but I think it clarifies > the problem a bit. > > Rest of the samba ntdom list members: Correct me if I'm wrong, > not enough precise or forgot something wrong, please ! > I'm just a human, not Samba-team member and I learn > something new everyday :-) > > greetings > Rafa? > > > Please if you have any experience with this let me > Know.. > > Lots af thanks in advance... > > > > Tu correo gratis en MixMail http://www.mixmail.com > Inicia tu navegacion en http://www.ya.com > From rmotz at incat.com Mon Sep 18 13:21:11 2000 From: rmotz at incat.com (Roger Motz) Date: Tue Dec 2 02:31:29 2003 Subject: changed the uid of a user and now can't auth through PDC Message-ID: <6AFADD3DCF1AD411A842005004D96D261F8078@itg-noviexch1> OK here is what happened. Had samba running just fine authenticating through an NT PDC. Had to change the UID of one of the UNIX users (this user is also an NT user). Changed the UID and then couldn't access anything through samba as that user. I have removed samba and reinstalled, removed the samba server from the NT doamin and added it back on. When I do a smbpasswd -j domain I get the following error: # /usr/local/samba/bin/smbpasswd -j NRD -r NRDFHT01 cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine NRDFHT01. Error was : NT_STATUS_ACCESS_DENIED. 2000/09/18 09:18:20 : change_trust_account_password: Failed to change password for domain NRD. Unable to join domain NRD. I can use all the help I can get. Thanks in advance. roger From lynn at tsunami.cis.usouthal.edu Mon Sep 18 13:31:31 2000 From: lynn at tsunami.cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:31:29 2003 Subject: changed the uid of a user and now can't auth through PDC In-Reply-To: <6AFADD3DCF1AD411A842005004D96D261F8078@itg-noviexch1> Message-ID: I have had this problem a few times. Everything seemed to be okay, but it wouldn't authenticate. The problem turned out to be that the uid on the UNIX server and the uid listed in the smbpasswd weren't the same. As long as you change the one in smbpasswd to the same as on the UNIX server it should work. On Mon, 18 Sep 2000, Roger Motz wrote: > OK here is what happened. Had samba running just fine authenticating > through an NT PDC. Had to change the UID of one of the UNIX users (this > user is also an NT user). Changed the UID and then couldn't access anything > through samba as that user. I have removed samba and reinstalled, removed > the samba server from the NT doamin and added it back on. When I do a > smbpasswd -j domain I get the following error: > > # /usr/local/samba/bin/smbpasswd -j NRD -r NRDFHT01 > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > NRDFHT01. > Error was : NT_STATUS_ACCESS_DENIED. > 2000/09/18 09:18:20 : change_trust_account_password: Failed to change > password for domain NRD. > Unable to join domain NRD. > > I can use all the help I can get. Thanks in advance. > > roger > > From mami at arena.sci.univr.it Mon Sep 18 13:36:07 2000 From: mami at arena.sci.univr.it (Manea Mirko) Date: Tue Dec 2 02:31:29 2003 Subject: Problem compiling samba tng 2.6 Message-ID: <20000918153606.A30123@arena.sci.univr.it> Hi! I've just start playing with samba tng because I'd like to use it with an ldap server, but I got the following error compiling the sources: Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -I./lib -DLOGFILEBASE="/usr/local/samba/var" -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/sbin" -DLOCKDIR="/usr/local/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/samba/bin" -DFORMSFILE="/usr/local/samba/lib/ntforms.def" -DNTDRIVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/local/samba/bin/smbpasswd" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" -DSAM_DIR="/usr/local/samba/sam" -DSMB_PASSGRP_FILE="/usr/local/samba/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/local/samba/private/smbgroup" -DSMB_ALIAS_FILE="/usr/local/samba/private/smbalias" Using LIBS = -lreadline -lcurses -ldl -lcrypt -lpam -lldap -llber -lldap -llber -lldap -llber Linking bin/smbd bin/.libs/libsurs.so: undefined reference to `ldapdb_lookup_by_sid' bin/.libs/libsurs.so: undefined reference to `ldapdb_get_uint32' bin/.libs/libsurs.so: undefined reference to `ldapdb_search' bin/.libs/libsurs.so: undefined reference to `ldapdb_get_sid' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 I issued a ./configure --with-pam --with-ldap --with-nt5ldap --with-syslog --with-quotas --with-utmp on a RH 6.2 using open-ldap 1.2.9-6, pam-0.72-20 and nss_ldap-105-1. Should I upgrade to ldap 2.0.1 ? Thanks in advance for any help. Mirko Manea From Christian_Kremer at KirchGruppe.DE Mon Sep 18 14:11:55 2000 From: Christian_Kremer at KirchGruppe.DE (Kremer, Christian) Date: Tue Dec 2 02:31:29 2003 Subject: no SID generated Message-ID: Hi Peter, thanks for that info! Because I was unable to read your answer on weekend (due some problems with my mail :-(), I?ve tried one or two things and I managed, that my NT-Clients entered the Domain (in fact, I think the problem was following entry "security = domain". I changed it to "security = user"). A .SID isn?t created though. I will try it with the link and tell you what happens. By Chris -----Urspr?ngliche Nachricht----- Von: Peter Lundqvist [mailto:peterl@Update.UU.SE] Gesendet: Samstag, 16. September 2000 02:42 An: Kremer, Christian Cc: Samba-NT4Dom (E-Mail) Betreff: Re: AW: no SID generated On Fri, 15 Sep 2000, Kremer, Christian wrote: > Hi Peter, > > thanks for your fast response. Do I get you right, that I have to do this > for every NT-Client? Or does anothere way exist? Sorry for beeing unclear. I blame trying to quit drinking coffe... *pain* ;-) No, only do ln -s MACHINE.SID WORKGROUP.SID Again, this is something aquard. I don't know why it happens. Could someone shatter some light on this? > On Fri, 15 Sep 2000, Kremer, Christian wrote: > > > Hi List, > > > > I have a problem with my samba 2.0.7 and PDC. > > > > I?ve read, that when my clients have their machine accounts created in the > > smbpasswd then a .sid is created after a smbd reboot. > > But this is simple not the fact. When I try to enter the domain with my > > NT-Clients they cannot found the domain. I think that my smb.conf is OK > > (I?ve checked them with some examples) so what does not function? > > Hm... I had the very same problem with a CVS-build a few weeks ago. > I "solved" it by making a soft link to the workstation sid (for the > samba server). > I'm not sure if I remember this correctly though.. > ........................................................................... > Peter Lundqvist web: http://www.update.uu.se/~peterl > Studentv. 32:22B e-mail: peterl@update.uu.se > 752 34 Uppsala cellular: +46 (0)70 45 66 347 > Sweden > > ........................................................................... Peter Lundqvist web: http://www.update.uu.se/~peterl Studentv. 32:22B e-mail: peterl@update.uu.se 752 34 Uppsala cellular: +46 (0)70 45 66 347 Sweden -------------- next part -------------- HTML attachment scrubbed and removed From Vincent.Morlot at netcourrier.com Mon Sep 18 15:14:29 2000 From: Vincent.Morlot at netcourrier.com (Vincent Morlot) Date: Tue Dec 2 02:31:29 2003 Subject: How to prevent a user from logging on more than once Message-ID: <39C63155.364C6FE1@netcourrier.com> From kevinc at grainsystems.com Mon Sep 18 15:47:59 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:29 2003 Subject: rpcclient stability References: <39C5B73C.F33E9651@xavier.sa.edu.au> Message-ID: <39C6392F.69B76469@grainsystems.com> Matthew Geddes wrote: > > Hi all, > > Is anyone using samedit/rpcclient to modify a live NT system? I know it > works on a TNG box, but I'd like to edit the SAM on an NT box. > Unfortunately, Windows machines are becoming more scarce and I don't > have a box to test it on. I'd test it on the server, but I'd rather not > kill our production PDC/file server. Well, we aren't using it to edit a live NT system, but we are using it in a read-only manner in production. We use rpcclient from TNG to authenticate users against an NT PDC's group list for squid connections internally. It has proven to work well thusfar, although we are only using it on a small group of users right now. - Kevin Colby kevinc@grainsystems.com From dseis at gmx.de Mon Sep 18 17:08:06 2000 From: dseis at gmx.de (desteny) Date: Tue Dec 2 02:31:29 2003 Subject: remote password change + defect profiles Message-ID: <39C64BF5.DAD4FA85@gmx.de> Hi, I'm using suse 6.2 with samba 2.0.7 as a logon and file server server f?r win98 clients. The server and the workstations are configured for roaming profiles. And here are the major problems: 1. when a user tries to change his password remotly from a win98 workstation(with net password or with the gui-pw-changer in the system control panel), win98 always reports that the old Password was wrong; the samb logfile says sth like "passwort doesn't match lanmanager password" but surprisingly after this error the password is really changed!! This only works if the user enters the correct Password of course. Unix Password sync is activated and /bin/passwd set as passwd programm. 2. some user profiles seem to got corruptet, they don't syncronize anymore with the server on logout, so i tried the procedure mentioned in the samba documentation (deleting User.dat, cleaning local profiles etc.). After that failed i completely deleted the profile dir on the server and recreated it empty (and after that also with a template, which was known to work), also i cleaned up the profile caches and the registry on the win98 clients. but this didn't work either... I searched for further entries in the registry matching the user name, but didn't find anything useful. the /profile/username entry contained Badlocal=010000, setting it to 000000 or deleting it didn't have any effect, after the next logon the this entry was recreated _even_ if i delteted all local caches and the profile on the server... i'm really desparate because this also affectet the admin account which is the only one allowed to make changes like screen resolution etc. on the win98 clients. minor problems: 3. i've setup a logon-script which deletes the profile cache an the win98 profiles for privacy reasons (the clients are used by many untrustwothrty individuals: pupils! :) This has the unwanted side effect, that the users are asked everytime they logon whether they want to use their profile from the server (of course they(=I) want:). Is there a way to avoid this? or another way to make windows cleaning up the profile cache? i'm currently doing this with a "deltree c:\windows\profiles". 4. when a user logs on for the first time, windows asks him for a new local windows password, which is redundant because the logon server already authetificates the users. To avoid confusion i include a "del c:\windows\*.pwl" in the logon script. Of course this makes windows ask for a new pw everytime they logon.. still better than one pw for the network and anotherone for each machine, but nevertheless annoying. maybe there is a way to create a empty user.pwl file just before the user logs on (with the logon-script). The only problem is that the logon-script doesn't know the name of the user which is going to logon.. questions: 5. are unix-user groups mapped to lanmager user groups? this is importand because i'm using policy files to hinder the pupils trashing the win98-clients configuration. Currently only the superuser has all privileges.. the others aren't allowed to change anything. Of course a more sophisticated system with groups(for teachers, admins, pupils, me etc.) would be better. 6. is there a way to create shares to which can be written to but not overwritten or deleted (like the store attribute on proftpd) ? ok, that was it :) it would be very nice if you could help me! I'm not very experienced in samba yet but have to administrate our whoole school network.. couse our teachers know nothing about unix/linux or samba.. Thanks in advance & please excuse my bad english :) Danny Seis -- Quod me nutrit, me destruit email: dseis@gmx.de From rob at consus.co.uk Mon Sep 18 17:20:22 2000 From: rob at consus.co.uk (Rob Lyle) Date: Tue Dec 2 02:31:29 2003 Subject: Help with group/user ID's Message-ID: <002701c02194$b9fd1020$1401000a@garf.co.uk> Hello, I'm running the 2.0.6 server, and using Domain Logins and authentication (should I get the CVS latest instead?) My NT WS's can't find any user name info during permission change operations local on the PC. The roaming profiles seem to have their head somewhere awful dark also. I've followed the letter of the law in the O'Reilly book. No go with the User Administrator on an NT client trying to list normal user members of the Domain. I'm missing something? Anyone tell me which FM I should go read? Cheers, --Rob. -- Consus UK Ltd http://www.consus.co.uk rob@consus.co.uk Mobile: +44 (0)7802 536804 Office: +44 (0)20 7485 5548 FAX: +44 (0)20 74855579 Internet communications are not secure and therefore Consus Ltd does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Consus Ltd unless otherwise specifically stated. -------------- next part -------------- HTML attachment scrubbed and removed From gsilver at winstar.com Mon Sep 18 19:02:34 2000 From: gsilver at winstar.com (Geoff Silver) Date: Tue Dec 2 02:31:29 2003 Subject: NT/Samba-NIS Message-ID: Greetings, I've spent several days going though the list archives, online Samba docs, e-mailing LUGs, and searching Google, and I've come to a sticking point. I'm not a member of this list, but this seemed like the perfect place for this question, since no one else has been able to offer much help. If anyone can help and would be kind enough to include my address in any group replies, that would be extremely appreciated. Here's my scenario: I work for a communications company of about 6000 people near Washington, D.C., USA. In order to save money and move the company away from Windows, I'm working on migrating the file and print servers in the company from NT to Linux & Samba. I've already proven that printing can be done (although the help desk isn't thrilled about visiting workstations to install NT workstation print drivers, they have agreed to do it until Samba 2.2 is released in final). The problem we're encountering is with our file servers. While the Linux servers don't need to allow logins, they do need account information so that we can create home directories and set permissions. I'm leaning towards running an NIS domain parallel to the NT domain. Since Samba will do the authentication off the domain controllers, the NIS domain will just be a centralized user/group mechanism. The problem is how to keep them in sync. I've considered using Jeremy's pwdump.exe to dump the user accounts on the PDC, and then scripting the NT 'net group /DOMAIN' command to get all the groups, and the 'net group /DOMAIN' to get all the users in each group. If I wrap the entire mess in a Perl script, I could dump it to a text file, then SMB-mount a share on the NIS master, copy the file over, and unmount the share. If I did this every 15 or so minutes, then I could set a cron job to run every minute, looking for a new file in the share. If the file exists, I could kick off a cron job to add/delete/modify users/groups based on the differences. The major downsides to this are that a) the database could be 15 or 20 minutes out of date, b) this could put a significant load on the PDC, c) the NT admins probably won't like me installing Perl on their production PDC, and d) I'll have to write all sorts of Perl scripts to do this. I've had a couple other ideas, but I'm not sure if they're even possible (or any better). I had considered making the NIS master a Samba BDC to the NT domain. In that case, there might not be a need for a file transfer, since the BDC and NIS master are one-and-the-same. But, how stable is the BDC code, and how does the Samba BDC store all the account information? Is it in a text file that I can easily script Perl to make changes? or is it in a database format that will be difficult to work with? Again, stability on the BDC side is very important, because the future of Linux in our company depends on us producing a stable, cheaper solution than NT. If the Samba BDC code is unstable, and needs to be restarted frequently (or corrupts the database, etc), then its certainly not going to work. Is this evena viable solution? I had also read some stuff in the archives about WinBind, but I'm not sure what state that is in. If I had a plug-in that would talk with the NT domain controllers for user/group names, I wouldn't need to run NIS, since Samba can already authenticate. I'd certainly appreciate any help anyone can offer. Of course, we're trying to integrate this into a production network, so the solution has to be stable and (hopefully) easy to maintain. Running Samba as the PDC (or trying to use /etc/smbpasswd for authentication) isn't an option. Again, please e-mail me seperately, or include my address in any replies. Thanks for your time and assistance! -- Geoff Silver Systems Architect, WinStar Communications gsilver@winstar.com (703) 889-1053 From ak at dkp.com Mon Sep 18 20:36:54 2000 From: ak at dkp.com (Andrew Klaassen) Date: Tue Dec 2 02:31:29 2003 Subject: samba-tng-alpha.2.6.rpm In-Reply-To: <39C5649F.8C5CABFA@xavier.sa.edu.au>; from mgeddes@xavier.sa.edu.au on Mon, Sep 18, 2000 at 10:11:03AM +0930 References: <39C3E88F.3F8AFD8F@ipt.pt> <39C5649F.8C5CABFA@xavier.sa.edu.au> Message-ID: <20000918163654.A2061@key.dkp.com> On Mon, Sep 18, 2000 at 10:11:03AM +0930, Matthew Geddes wrote: > This is because smbpasswd is no longer used. User samedit instead. Check > out the man pages or Lars Kneschke's FAQ for details. Speaking of samedit... Is there a way to have samedit prompt me for the password when creating users, rather than having to type the password plaintext on the console after the "-p" option? Thanks. Andrew Klaassen From i.kolemanov at i-s-m.de Mon Sep 18 20:40:05 2000 From: i.kolemanov at i-s-m.de (ISM Kolemanov, Ivan) Date: Tue Dec 2 02:31:29 2003 Subject: help pls fast - long user names as homes not accessable Message-ID: I have need of long users names, it looks big problem I use the samba-tng 2.6 as PDC the homes share for a user like "teacher1fteacher1" is not accessible the windows NT machine when trying to access this share results in the error with network path not found... but if I'm domain administrator I can access this share Is there a way to get around this? Is the same problem appears in samba-tng 2.5.x, 2.6 is my first try with TNG 10x in advance, Ivan Kolemanov From peterl at Update.UU.SE Mon Sep 18 20:50:31 2000 From: peterl at Update.UU.SE (Peter Lundqvist) Date: Tue Dec 2 02:31:29 2003 Subject: not SID generated In-Reply-To: <39C5BD03.BD11FCA@laserle.fi> Message-ID: On Mon, 18 Sep 2000, Michael Holopainen wrote: I don't have the problem anylonger. It probably was a bad CVS-copy. > Send your smb.conf [global] section and I'll have look at it. > Peter Lundqvist wrote: > > On Fri, 15 Sep 2000, Kremer, Christian wrote: > > > > > Hi List, > > > > > > I have a problem with my samba 2.0.7 and PDC. > > > > > > I?ve read, that when my clients have their machine accounts created in the > > > smbpasswd then a .sid is created after a smbd reboot. > > > But this is simple not the fact. When I try to enter the domain with my > > > NT-Clients they cannot found the domain. I think that my smb.conf is OK > > > (I?ve checked them with some examples) so what does not function? > > > > Hm... I had the very same problem with a CVS-build a few weeks ago. > > I "solved" it by making a soft link to the workstation sid (for the > > samba server). > > I'm not sure if I remember this correctly though.. > > ........................................................................... > > Peter Lundqvist web: http://www.update.uu.se/~peterl > > Studentv. 32:22B e-mail: peterl@update.uu.se > > 752 34 Uppsala cellular: +46 (0)70 45 66 347 > > Sweden > -- > --"Would you fly on airplane controlled by MS Windows ?"-- > -------------------------------------------------------------------- > | Michael Holopainen | Valuraudantie 25 | Tel: +358-(0)9-35093825 | > | | 00700 Helsinki | Fax : +358-(0)9-35093850 | > | Laserle Oy | Finland | email: michael@laserle.fi| > -------------------------------------------------------------------- ........................................................................... Peter Lundqvist web: http://www.update.uu.se/~peterl Studentv. 32:22B e-mail: peterl@update.uu.se 752 34 Uppsala cellular: +46 (0)70 45 66 347 Sweden From mgeddes at xavier.sa.edu.au Mon Sep 18 22:58:13 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:29 2003 Subject: samba-tng-alpha.2.6.rpm References: <39C3E88F.3F8AFD8F@ipt.pt> <39C5649F.8C5CABFA@xavier.sa.edu.au> <20000918163654.A2061@key.dkp.com> Message-ID: <39C69E05.813A7169@xavier.sa.edu.au> Andrew Klaassen wrote: > > On Mon, Sep 18, 2000 at 10:11:03AM +0930, > Matthew Geddes wrote: > > > This is because smbpasswd is no longer used. User samedit instead. Check > > out the man pages or Lars Kneschke's FAQ for details. > > Speaking of samedit... > > Is there a way to have samedit prompt me for the password when > creating users, rather than having to type the password > plaintext on the console after the "-p" option? Not that I know of. You can use the samuserset command, when you type the password, it won't be seen, but it will print it to the screen after. ;-) You could probably change this. Perhaps the Samba team would accept this as a patch? Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From Admin at praesi.hercynia.verb.tu-clausthal.de Mon Sep 18 23:02:34 2000 From: Admin at praesi.hercynia.verb.tu-clausthal.de (Admin Hercynia) Date: Tue Dec 2 02:31:29 2003 Subject: Profile cacihng and other problems Message-ID: <001901c021c4$8ab9e880$a5eeae8b@efa.hercynia.verb.tu-clausthal.de> Hello to everyone, Now thanks for the great people who helped me getting profiles running. Now I have several othe problems. If I logon to the domain with a nt40 wks everytimes the messge appear: found slow network connection ..... How do I get NT4 i a stat wehre it don`t ask me that. The other problem ist that NT4 chaches the profiles for each user locally I know theres a switch in the Registrie wich can fix this. Bye, Sascha From ak at dkp.com Tue Sep 19 01:52:42 2000 From: ak at dkp.com (Andrew Klaassen) Date: Tue Dec 2 02:31:29 2003 Subject: samba-tng-alpha.2.6.rpm In-Reply-To: <39C69E05.813A7169@xavier.sa.edu.au>; from mgeddes@xavier.sa.edu.au on Tue, Sep 19, 2000 at 08:28:13AM +0930 References: <39C3E88F.3F8AFD8F@ipt.pt> <39C5649F.8C5CABFA@xavier.sa.edu.au> <20000918163654.A2061@key.dkp.com> <39C69E05.813A7169@xavier.sa.edu.au> Message-ID: <20000918215242.A3532@key.dkp.com> On Tue, Sep 19, 2000 at 08:28:13AM +0930, Matthew Geddes wrote: > Andrew Klaassen wrote: > > Is there a way to have samedit prompt me for the password > > when creating users, rather than having to type the password > > plaintext on the console after the "-p" option? > Not that I know of. You can use the samuserset command, when > you type the password, it won't be seen, but it will print it > to the screen after. ;-) > You could probably change this. Indeed. I'm no programmer, but a couple of minutes of cutting and pasting in rpcclient/cmd_samr.c seemed to get me what I wanted. > Perhaps the Samba team would accept this as a patch? Hmm. Unfortunately, I've got no idea how to go about submitting the patch, and am not sure I've got the time to learn right now.(?) In any event, I've attached my diff against cmd_samr.c (from a cvs fetch of SAMBA_TNG_2_5_GOOD a couple of weeks ago). It prompts for the password if `*' is supplied as the argument for the `-p' option. (Anyone remember `net user /add'?) I've got no idea what other effects it might have. Andrew Klaassen ------ --- cmd_samr.c.orig Mon Sep 18 20:13:03 2000 +++ cmd_samr.c Mon Sep 18 21:23:37 2000 @@ -1004,6 +1004,10 @@ ****************************************************************************/ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]) { + char *pwd; + fstring new_passwd; + fstring new_passwd2; + fstring domain; fstring acct_name; fstring sec_name; @@ -1207,6 +1211,34 @@ if (use_ascii_pwd) { + if (strequal(ascii_pwd, "*")) + { + do + { + pwd = (char *)getpass("New Password: "); + ZERO_STRUCT(new_passwd); + if (pwd != NULL) + { + fstrcpy(new_passwd, pwd); + } + + pwd = (char *)getpass("retype: "); + ZERO_STRUCT(new_passwd2); + if (pwd != NULL) + { + fstrcpy(new_passwd2, pwd); + } + + if (!strequal(new_passwd, new_passwd2)) + { + report(out_hnd, "Passwords differ. Try again.\n"); + } + } while (!strequal(new_passwd, new_passwd2)); + + safe_strcpy(ascii_pwd, new_passwd, sizeof(new_passwd) - 1); + + } + make_unistr2(&upw, ascii_pwd, strlen(ascii_pwd)); ascii_to_unibuf(upwb, ascii_pwd, strlen(ascii_pwd) * 2); password = upwb; From simo.sorce at polimi.it Tue Sep 19 10:12:06 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:29 2003 Subject: NIS authentication and smbpasswd References: <20000915134749.D7170@laplace.math.umd.edu> Message-ID: <39C73BF6.CDDC3B6E@polimi.it> Tim Strobell - Asst Systems Admin wrote: > > Howdy Gents, > > I've set up 2.0.7 as a PDC for a small lab of NT4 machines. > We use NIS (not NIS+) for 'authentication' for our Unix machines. > > Is there any way to set up a smbpasswd file (or configure samba) so that > Samba authenticates against the NIS password instead of the NT hash in the > smbpasswd file? > > In other words, I can't logon unless I (manually) set my smbpasswd to match > my Unix passwd. I would like to roll this out as transparently as possible. > > Has anyone else been in a similar situation? > There are three ways I've tested. 1. NIS and Samba separated password database. Changing password not permitted by normal utilities, instead the user must use a web page to change their password (the cgi update both the databases) Here's a link to my working solution http://www.geocities.com/SiliconValley/9757/samba.html 2. Use of Registry Key on NT machines to switch from encrypted challenge resonse scheme to clear/text passwords and configure samba to synchronize with unix account (enable NIS support). This prevent the use of domains (even samba or Windows DC refuses clear/text passwords). 3. Use of NISGINA on NT machines to authenticate users against a NIS server (does not require samba for authentication) the problem is that users cannot have roaming profiles as a user is "created" on the local sam database on NT machines. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From burcin at ce.metu.edu.tr Tue Sep 19 12:00:16 2000 From: burcin at ce.metu.edu.tr (Burcin Onur Ozer) Date: Tue Dec 2 02:31:29 2003 Subject: (no subject) Message-ID: Hi,my first email from a student in an university. I want to make a MANDOTARY ROAMING profile on my linux samba redhat6.2 server for 1000 students.This profile will be the default profile for all students.When I want to change the profile , I will change from my pc and all the students will see the new profile easily. Although I did everything , the result is a lot of errors , Mr. Dr-Watson on nt_ws_4.0 . Is there a solution for my SMALL problem thanx everybody burcin onur ozer metu-civil engineering burcin@ce.metu.edu.tr From max728 at usa.net Tue Sep 19 12:12:05 2000 From: max728 at usa.net (mathou rene) Date: Tue Dec 2 02:31:29 2003 Subject: samba-tng cvs update problem Message-ID: <20000919121205.10349.qmail@nwcst333.netaddress.usa.net> while trying to update samba-tng from cvs, the operation blocks at : cvs server: Updating /samba/source/inlcude does someone know why ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 From bgmilne at ing.sun.ac.za Tue Sep 19 12:15:20 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:29 2003 Subject: NT/Samba-NIS References: Message-ID: <39C758D8.8CBC35EF@ing.sun.ac.za> You should be able to join the linux boxes to the NT-controlled domain, which will keep all authentication on the PDC. Account information will be handled by NIS. Make trust accounts for the samba boxes on the PDC, and try "smbpasswd -j " (no guarantees on this one, I have no NT PDC!) Buchan Geoff Silver wrote: > > Greetings, > I've spent several days going though the list archives, online > Samba docs, e-mailing LUGs, and searching Google, and I've come to a > sticking point. I'm not a member of this list, but this seemed like the > perfect place for this question, since no one else has been able to offer > much help. If anyone can help and would be kind enough to include my > address in any group replies, that would be extremely appreciated. Here's > my scenario: > I work for a communications company of about 6000 people near > Washington, D.C., USA. In order to save money and move the company away > from Windows, I'm working on migrating the file and print servers in the > company from NT to Linux & Samba. I've already proven that printing can > be done (although the help desk isn't thrilled about visiting workstations > to install NT workstation print drivers, they have agreed to do it until > Samba 2.2 is released in final). > The problem we're encountering is with our file servers. While > the Linux servers don't need to allow logins, they do need account > information so that we can create home directories and set permissions. > I'm leaning towards running an NIS domain parallel to the NT > domain. Since Samba will do the authentication off the domain > controllers, the NIS domain will just be a centralized user/group > mechanism. The problem is how to keep them in sync. [snip] > I'd certainly appreciate any help anyone can offer. Of course, > we're trying to integrate this into a production network, so the solution > has to be stable and (hopefully) easy to maintain. Running Samba as the > PDC (or trying to use /etc/smbpasswd for authentication) isn't an option. > Again, please e-mail me seperately, or include my address in any > replies. Thanks for your time and assistance! > > -- > Geoff Silver > Systems Architect, WinStar Communications > gsilver@winstar.com > (703) 889-1053 -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From gsilver at winstar.com Tue Sep 19 13:20:51 2000 From: gsilver at winstar.com (Geoff Silver ) Date: Tue Dec 2 02:31:29 2003 Subject: NT/Samba-NIS In-Reply-To: <39C758D8.8CBC35EF@ing.sun.ac.za> Message-ID: > You should be able to join the linux boxes to the NT-controlled domain, > which will keep all authentication on the PDC. Account information will > be handled by NIS. Yes, we do that for our Samba file servers. The problem is that we must create user accounts on every machine. NIS will centralize that, but I need a method to duplicate and sync the NT accounts and groups to NIS. If an NT admin deletes a user, NIS should automatically update. If they create a new NT user account or add a user to a group, that info should also be updated on the NIS master. If Samba could be a stable BDC, I might not have to write Perl scripts to run on NT, but I'll still need them on the NIS master/BDC (if it's even possible). Incidentally, ActiveState's NT Perl binaries SUCK! For instance, $var1='test'; if ($var1 != "") { print "Var 1 is not null"; } else { print "Var 1 is null"; } is sometimes null and sometimes not null. It's absolutely ridiculous - which is why I'd much prefer to do Perl scripting/synchronization strictly under Linux with Samba as a BDC than on the NT PDC. > Make trust accounts for the samba boxes on the PDC, and try "smbpasswd > -j " (no guarantees on this one, I have no NT PDC!) Actually, we use 'smbpasswd -j -r ' (the -r might only be needed on 2.0.5 and earlier), but yes, that does work. But, thanks for the help. > Buchan > > Geoff Silver wrote: > > > > Greetings, > > I've spent several days going though the list archives, online > > Samba docs, e-mailing LUGs, and searching Google, and I've come to a > > sticking point. I'm not a member of this list, but this seemed like the > > perfect place for this question, since no one else has been able to offer > > much help. If anyone can help and would be kind enough to include my > > address in any group replies, that would be extremely appreciated. Here's > > my scenario: > > I work for a communications company of about 6000 people near > > Washington, D.C., USA. In order to save money and move the company away > > from Windows, I'm working on migrating the file and print servers in the > > company from NT to Linux & Samba. I've already proven that printing can > > be done (although the help desk isn't thrilled about visiting workstations > > to install NT workstation print drivers, they have agreed to do it until > > Samba 2.2 is released in final). > > The problem we're encountering is with our file servers. While > > the Linux servers don't need to allow logins, they do need account > > information so that we can create home directories and set permissions. > > I'm leaning towards running an NIS domain parallel to the NT > > domain. Since Samba will do the authentication off the domain > > controllers, the NIS domain will just be a centralized user/group > > mechanism. The problem is how to keep them in sync. > [snip] > > I'd certainly appreciate any help anyone can offer. Of course, > > we're trying to integrate this into a production network, so the solution > > has to be stable and (hopefully) easy to maintain. Running Samba as the > > PDC (or trying to use /etc/smbpasswd for authentication) isn't an option. > > Again, please e-mail me seperately, or include my address in any > > replies. Thanks for your time and assistance! > > > > -- > > Geoff Silver > > Systems Architect, WinStar Communications > > gsilver@winstar.com > > (703) 889-1053 > > -- Geoff Silver Systems Architect, WinStar Communications gsilver@winstar.com (703) 889-1053 From k.blin at gmx.net Tue Sep 19 13:56:38 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:29 2003 Subject: remote password change + defect profiles In-Reply-To: <39C64BF5.DAD4FA85@gmx.de>; from dseis@gmx.de on Mon, Sep 18, 2000 at 07:08:06PM +0200 References: <39C64BF5.DAD4FA85@gmx.de> Message-ID: <20000919155638.A13774@molgen-6.iah.medizin.uni-tuebingen.de> On Mon, Sep 18, 2000 at 07:08:06PM +0200, desteny wrote: > Hi, Hi, what about getting a name?? (I know it's Danny) ;) I'm afraid I won't be able to help you with the whole bunch of problems you've got here. > I'm using suse 6.2 with samba 2.0.7 as a logon and file server server > f?r win98 clients. > The server and the workstations are configured for roaming profiles. > > And here are the major problems: Sorry here :(. > questions: > 5. > are unix-user groups mapped to lanmager user groups? You can do it if you want. map groupname = /path/to/some/map_file whereas the mapfile contains unix_group = NT group > this is importand because i'm using policy files to hinder the pupils > trashing the win98-clients > configuration. Currently only the superuser has all privileges.. the > others aren't allowed to change > anything. > Of course a more sophisticated system with groups(for teachers, admins, > pupils, me etc.) would be better. > > I'm not very experienced in samba yet but have to administrate our > whoole school network.. couse our teachers know > nothing about unix/linux or samba.. Good luck! You'll need it!! :) > > Danny Seis > Kai Blin > Quod me nutrit, me destruit Aliquid melius quam pessimum optimum non est. Latin at school? :) -- Kai Blin, Sysop University of Tuebingen dept. of immunology There are ten or twenty basic truths, and life is the process of discovering them over and over and over. -- David Nichols From Christian_Kremer at KirchGruppe.DE Tue Sep 19 14:09:32 2000 From: Christian_Kremer at KirchGruppe.DE (Kremer, Christian) Date: Tue Dec 2 02:31:29 2003 Subject: Logon script error Message-ID: Hi Folks, when any NT-Client (NT4.0 SP6a) logs on my Samba PDC (V.2.0.7.) he gets a error message while executing his logon script. The error occurs at following entry: net time \\smbserverpdc /set /yes the Client (to be more clearly: the user that logs on) does not have the rights to change time (of course, his only a user). How can I change this without touching the rights of the users Thanks for your help By Christian -------------- next part -------------- HTML attachment scrubbed and removed From fricke at team.owl-online.de Tue Sep 19 14:27:01 2000 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:31:29 2003 Subject: Antwort: Logon script error Message-ID: You have to give everyone the permission to change the time. No other way possible! -------------------------------------- Mit freundlichen Gr??en Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51-115 http://team.owl-online.de/ ...keep on headbangin? , that rocks!!! "Kremer, Christian" Gesendet von: samba-ntdom-admin@us4.samba.org 19.09.00 16:09 An: "Samba-NT4Dom (E-Mail)" Kopie: Thema: Logon script error Hi Folks, when any NT-Client (NT4.0 SP6a) logs on my Samba PDC (V.2.0.7.) he gets a error message while executing his logon script. The error occurs at following entry: net time \\smbserverpdc /set /yes the Client (to be more clearly: the user that logs on) does not have the rights to change time (of course, his only a user). How can I change this without touching the rights of the users Thanks for your help By Christian From skvidal at phy.duke.edu Tue Sep 19 15:03:27 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:31:29 2003 Subject: Logon script error In-Reply-To: Message-ID: > the Client (to be more clearly: the user that logs on) does not have the > rights to change time (of course, his only a user). How can I change this > without touching the rights of the users > the only way I know of doing it is via editing the user privileges. However if someone knows how to do this via rpcclient I would VERY MUCH want to hear about that. -sv From Jody.Haynes at isunnetworks.com Tue Sep 19 16:29:04 2000 From: Jody.Haynes at isunnetworks.com (Jody Haynes) Date: Tue Dec 2 02:31:30 2003 Subject: Samba-tng PDC- OpenLDAP - Password sync Working Message-ID: <20000919122904.B2421@jody.isunnetworks.com> I just wanted to post this to let everyone know that I got the following working: 1) Samba-TNG-2.6 as a PDC for Win2K, WinNT and Win98 clients 2) Password sync with Samba using OpenLDAP 3) Linux clients authenticating off of OpenLDAP using pam_ldap and nss_ldap. 4) pam_ldap/nss_ldap encrypted with the use of stunnel Here is the following configuration information: smb.conf file: ldap suffix = "" ldap bind as = "" ldap port = 389 . . . unix password sync = yes passwd program = /usr/local/samba/bin/ldapsync %u passwd chat = *New*Password* %n\n *modifying* My ldap sync perl script called ldapsync %u: #!/usr/bin/perl -w $user=$ARGV[0]; print "New Password: "; $pass=; chomp $pass; $salt=join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]; $pass=crypt($pass,$salt); $FILE="|ldapmodify -D '' -w "; open FILE or die; print FILE < Hi, I'm using samba TNG 2.5 and encountered a problem with built-in variables. [netlogon] comment = Network Logon Service path= /usr/local/samba/lib/netlogon guest ok = yes writable = no root preexec = echo 'user %u is connected from %m' >>/tmp/log the /tmp/log file always contains : user is connected from linux %u variable has no value. I replaced it %U. no result. I also tried %I and %v . they work. Well what's the problem with %u and %U ? Can you help me ? Thank you ! -------------- next part -------------- HTML attachment scrubbed and removed From eirvine at tpgi.com.au Tue Sep 19 23:41:45 2000 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:31:30 2003 Subject: Mandatory Roaming Profile (was: no subject) References: Message-ID: <39C7F9B9.39F9A571@tpgi.com.au> Burcin Onur Ozer wrote: > > Hi,my first email from a student in an university. Congratulations. > I want to make a MANDOTARY ROAMING profile on my linux samba redhat6.2 > server for 1000 students.This profile will be the default profile for all > students.When I want to change the profile , I will change from my pc and > all the students will see the new profile easily. > > Although I did everything , the result is a lot of errors , Mr. Dr-Watson > on nt_ws_4.0 . You might need to supply a little more info than this. This first thing I'd look at is file permissions on your Samba box. You might also want to look at the samba logs. > Is there a solution for my SMALL problem > > thanx everybody > > burcin onur ozer > metu-civil engineering > burcin@ce.metu.edu.tr From hwimmer at bakerref.com Tue Sep 19 23:17:45 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:31:30 2003 Subject: Samba-tng PDC- OpenLDAP - Password sync Working References: <20000919122904.B2421@jody.isunnetworks.com> Message-ID: <00e401c0228f$d35bcb50$9f01a8c0@zeus> that is awsome...by any chance do you have active directory validating off of ldap too? ----- Original Message ----- From: "Jody Haynes" To: Sent: Tuesday, September 19, 2000 12:29 PM Subject: Samba-tng PDC- OpenLDAP - Password sync Working > > I just wanted to post this to let everyone know that I got the following working: > > 1) Samba-TNG-2.6 as a PDC for Win2K, WinNT and Win98 clients > 2) Password sync with Samba using OpenLDAP > 3) Linux clients authenticating off of OpenLDAP using pam_ldap and nss_ldap. > 4) pam_ldap/nss_ldap encrypted with the use of stunnel > > Here is the following configuration information: > > smb.conf file: > > ldap suffix = "" > ldap bind as = "" > ldap port = 389 > . > . > . > unix password sync = yes > passwd program = /usr/local/samba/bin/ldapsync %u > passwd chat = *New*Password* %n\n *modifying* > > My ldap sync perl script called ldapsync %u: > > #!/usr/bin/perl -w > > $user=$ARGV[0]; > print "New Password: "; > $pass=; > chomp $pass; > > $salt=join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]; > > $pass=crypt($pass,$salt); > > $FILE="|ldapmodify -D '' -w "; > > open FILE or die; > > print FILE < dn: uid=$user, ...ldap suffix... > changetype: modify > replace: userPassword > userPassword: {crypt}$pass > > EOF > close FILE; > > exit 0; > > > The best reference material to go by is the following URL for samba as a PDC and ldap: > > http://www.unav.es/cti/ldap-smb-howto.html > > > > > -- > Jody Haynes > ---------------------------------------- > iSun Networks, Inc. > Email: Jody.Haynes@isunnetworks.com > Website: www.isunnetworks.com > ---------------------------------------- > From hwimmer at bakerref.com Tue Sep 19 23:16:54 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:31:30 2003 Subject: Antwort: Logon script error References: Message-ID: <00dc01c0228f$b333fb90$9f01a8c0@zeus> gotta give him rights...only way i know ----- Original Message ----- From: To: "Kremer, Christian" Cc: Sent: Tuesday, September 19, 2000 10:27 AM Subject: Antwort: Logon script error > You have to give everyone the permission to change the time. > No other way possible! > -------------------------------------- > Mit freundlichen Gr??en > > Cord-H. Fricke > Fon: 0 52 1 / 52 51-133 > Fax: 0 52 1 / 52 51-115 > > http://team.owl-online.de/ > > ...keep on headbangin? , that rocks!!! > > > > > "Kremer, Christian" > Gesendet von: samba-ntdom-admin@us4.samba.org > 19.09.00 16:09 > > > An: "Samba-NT4Dom (E-Mail)" > Kopie: > Thema: Logon script error > Hi Folks, > when any NT-Client (NT4.0 SP6a) logs on my Samba PDC (V.2.0.7.) he gets a > error message while executing his logon script. The error occurs at > following entry: > net time \\smbserverpdc /set /yes > the Client (to be more clearly: the user that logs on) does not have the > rights to change time (of course, his only a user). How can I change this > without touching the rights of the users > Thanks for your help > By Christian > > > > From kellermg at potsdam.edu Wed Sep 20 00:01:42 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:31:30 2003 Subject: [OT] Programmatically converting a UNIX passwd hash to an MD5 hash? Message-ID: <39C7FE66.227DB64E@potsdam.edu> Sorry for the OT thread, but this is the brightest list I'm on. Anyone know how (I know it's possible as RedHat does it in their "upgrade" installers) to convert a standard UNIX hash to an MD5 hash? -- Matthew Keller WebMaster & Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From luke at wwa.net Wed Sep 20 00:19:08 2000 From: luke at wwa.net (Chris Olesch) Date: Tue Dec 2 02:31:30 2003 Subject: Browsing WinNT References: <20000919190104.473F616459@us4.samba.org> Message-ID: <39C8027C.13EA3429@wwa.net> Perhaps someone can asnwer this question: I can attach to my NT server, but I can't see any of the files. I have created a share on NT side and mounted it in tmp on Linux side. Also I am using Mandrake Linux Dist. Thanks Chris From rpizana at correo.mty.itesm.mx Tue Sep 19 22:26:16 2000 From: rpizana at correo.mty.itesm.mx (=?ISO-8859-1?Q?Ren=E9_Piza=F1a_Morones?=) Date: Tue Dec 2 02:31:30 2003 Subject: PDC Message-ID: <39C7E808.12955.154881BA@localhost> Hi I have a linux box with redhat 6.2 (samba 2.07) and i configured it to work like a PDC. I installed NT4Ws on a computer (priamo is its name), and when i want to joint it to my linux box domain, i get this massage: [2000/09/19 20:01:54, 0] smbd/reply.c:session_trust_account(419) session_trust_account: Trust Account PRIAMO$ - password failed I have the same password for the administrator account of my workstation, for an administrator account which I created in the linux box, and for the priamo$ account. If that not work, than which password i have to change? thanks From vincent.bellenger at bretagne.iufm.fr Wed Sep 20 06:38:44 2000 From: vincent.bellenger at bretagne.iufm.fr (Vincent Bellenger) Date: Tue Dec 2 02:31:30 2003 Subject: very slow connexions Message-ID: <040401c022cd$6c6bd460$1697d6c2@bretagne.iufm.fr> someone can say me what i must do in order increase the performences when i connect a printer on a win95 (my samba is in a ntdomaine) thanks. -------------- next part -------------- HTML attachment scrubbed and removed From RSzczesniak at mis.com.pl Wed Sep 20 07:39:52 2000 From: RSzczesniak at mis.com.pl (RSzczesniak@mis.com.pl) Date: Tue Dec 2 02:31:30 2003 Subject: Samba File Server in multiple NT domains Message-ID: Do you need server join multiple domains with the same netbios name, or you just want to have 'physically' same disk shares available for more than one domain (not necessarily with same name of server) ? Rafa? Vander Eecken Damien 00-09-18 10:35 Do: "'rszczesniak@mis.com.pl'" DW: Temat: RE: Samba File Server in multiple NT domains Rafal, This would be great! Our future installation of SAMBA depends on this issue. We really appreciate your help. Keep in touch. Thanks. Damien -----Original Message----- From: rszczesniak@mis.com.pl [mailto:rszczesniak@mis.com.pl] Sent: Monday, September 18, 2000 10:25 AM To: samba-ntdom@us4.samba.org Subject: RE: Samba File Server in multiple NT domains To be honest I didn't try to join multiple domains (because I didn't need it), but I can try today afternoon (ie. after work). As the first one, I think, Samba HEAD should be tested because of it's better file-serving capabilities. Rafal Vander Eecken Damien 00-09-15 18:13 Do: "'rszczesniak@mis.com.pl'" DW: Temat: RE: Samba File Server in multiple NT domains Rafal, We still didn't install SAMBA. Before we want to be sure that the Samba server can join more than one domain. So if you can suggest us which Samba version, can join more than one domain, we would be very grateful. Do you have a positive experience about this ? And how can we implement this? Thanks. Damien -----Original Message----- From: rszczesniak@mis.com.pl [mailto:rszczesniak@mis.com.pl] Sent: Friday, September 15, 2000 4:55 PM To: Vander Eecken Damien Subject: Odp: Samba File Server in multiple NT domains First of all, you should try, whether Samba server can join more than one domain. How to do it, depends on version of Samba you are using. Rafal Vander Eecken Damien Wyslane przez: samba-ntdom-admin@us4.samba.org 00-09-15 16:04 Do: "'samba-ntdom@lists.samba.org'" DW: Temat: Samba File Server in multiple NT domains Hi, Can somebody tell me, if it's possible to configure SAMBA as a single File Server to serve NT clients in multiple domains. If so, how do we go about it? Thanks in advance. Damien From bgmilne at ing.sun.ac.za Wed Sep 20 07:56:35 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:30 2003 Subject: PDC References: <39C7E808.12955.154881BA@localhost> Message-ID: <39C86DB3.D43E6471@ing.sun.ac.za> The machines trust account must be set to a default value. Do this with: "smbpasswd -am " (yes, I know a is for add, but it doesn't work so well unless you use a) Then join the machine to the domain without trying to make an account (this does not work on 2.0.7, which is why you have to set the default password) Buchan Ren? Piza?a Morones wrote: > > Hi > I have a linux box with redhat 6.2 (samba 2.07) and i configured it to work > like a PDC. > I installed NT4Ws on a computer (priamo is its name), and when i want to > joint it to my linux box domain, i get this massage: > > [2000/09/19 20:01:54, 0] smbd/reply.c:session_trust_account(419) > session_trust_account: Trust Account PRIAMO$ - password failed > > I have the same password for the administrator account of my workstation, for > an administrator account which I created in the linux box, and for the priamo$ > account. > > If that not work, than which password i have to change? > > thanks -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From RSzczesniak at mis.com.pl Wed Sep 20 08:24:56 2000 From: RSzczesniak at mis.com.pl (RSzczesniak@mis.com.pl) Date: Tue Dec 2 02:31:30 2003 Subject: Samba-Ldap Message-ID: "paco cornejo" 00-09-19 11:09 Do: rszczesniak@mis.com.pl DW: Temat: Samba-Ldap Thanks a lot for answer so soon..!! I?ll tell you more details about the errors i?m getting. Im I?m using the Head version of Samba 2.1 prealpha, and OpenLdap 1.2.9 for Solaris 7 sparc. I have some questions... -I don?t know how to obtain the Rids, and i dont know how to encrypt the password because "smbpasswd -a user" gives me an error message (see later), the smbpasswd file that stores the users an passwords is not created and i don?t know why.. -Wich is the order to create a user... i first make an account with useradd, then i write an ldif using sambaAccount class defined in slapd.oc.conf defined at ignacio coupeau?s Howto... an everything seems ok but when i do smbpasswd -a user, then i get an error message like this... ---------------------------------------------- # smbpasswd -D 255 -a user1 New SMB password: Retype new SMB password: bind: No such object pwdb_smb_map_names pwdb_smb_map_names lookupsmbpwuid: unix uid 5223 initialising map lookupsmbpwntnam: nt user name user1 name 'user1' split into domain: and nt name:user1' Failed to add entry for user user1. Failed to change password entry for user1 ----------------------------------------------------- It seems, that you have incorrect parameters (related to ldap) in smb.conf. Check whether prefix is correct by adding sample object sambaAccount to the dir tree. Use bind setting you wrote into smb.conf. Perform that test using ldapadd utility. 2.- I don?t know how to encrypt passwords when i write an ldif user.... ----------------------------------------------------- dn: uid=pepe, o=ELMONTE objectclass: sambaAccount uid: pepe lmpassword: pepe <-------------how to ecrypt? ntpassword: pepe pwdlastset: <---------- which value? groupid: 200 pwdmustchange: ffffffff <---- ???? ntuid: pepe accflags: [U ] <--------what is this? gidnumber: 1 <---- the same as gorup in /etc/group uidnumber: 1005 <---the same as /etc/passwd rid: 1f4 <---------How i get the rid? -------------------------------------------- Forget about encrypting passwords by hand ;-) lmpassword and ntpassword are set by smbpasswd (of course when the latter is correctly configured see: ldap params in smb.conf) -Samba won?t use passwd file anymore, so how can i encrypt passwd? What do you mean by "I can encrypt password" ? -When i run : smbclient -U pepe -L pdc01 i get this on the server console running in debug mode... ----------------------------------------------- select activity on 1 descriptors new connection on 5 activity on: listening for connections on 3, activity on: 5r before select active_threads 0 select activity on 1 descriptors activity on: 5r read activity on 5 ber_get_next ber_get_next: tag 0x30 len 36 contents: ber_dump: buf 0xa4820, ptr 0xa4820, end 0xa4844 current len 36, contents: 02 01 01 ` 1f 02 01 02 04 13 u i d = r o o t , 20 o = E L M O N T E 80 05 m o n t e do_bind do_bind: version 2 dn (uid=root, o=ELMONTE) method 128 ==> ldbm_back_bind: dn: UID=ROOT,O=ELMONTE dn2entry_r: dn: "UID=ROOT,O=ELMONTE" => dn2id( "UID=ROOT,O=ELMONTE" ) => ldbm_cache_open ( "/export/home/ldapmonte/dn2id.dbb", 7, 600 ) <= ldbm_cache_open (cache 0) <= dn2id NOID dn2entry_r: dn: "O=ELMONTE" => dn2id( "O=ELMONTE" ) ====> cache_find_entry_dn2id: found dn: O=ELMONTE <= dn2id 1 (in cache) => id2entry_r( 1 ) ====> cache_find_entry_dn2id: found id: 1 rw: 0 entry_rdwr_rtrylock: ID: 1 <= id2entry_r 0xa4e30 (cache) ====> cache_return_entry_r entry_rdwr_runlock: ID: 1 send_ldap_result 32:O=ELMONTE: ber_flush: 23 bytes to sd 5 0 15 02 01 01 a 10 0a 01 20 04 09 O = E L M O N T E 04 00 listening for connections on 3, activity on: 5r before select active_threads 0 select activity on 1 descriptors new connection on 8 activity on: listening for connections on 3, activity on: 5r 8r before select active_threads 0 select activity on 1 descriptors activity on: 8r read activity on 8 ber_get_next ber_get_next: tag 0x30 len 36 contents: ber_dump: buf 0xa4820, ptr 0xa4820, end 0xa4844 current len 36, contents: 02 01 01 ` 1f 02 01 02 04 13 u i d = r o o t , 20 o = E L M O N T E 80 05 m o n t e do_bind do_bind: version 2 dn (uid=root, o=ELMONTE) method 128 ==> ldbm_back_bind: dn: UID=ROOT,O=ELMONTE dn2entry_r: dn: "UID=ROOT,O=ELMONTE" => dn2id( "UID=ROOT,O=ELMONTE" ) => ldbm_cache_open ( "/export/home/ldapmonte/dn2id.dbb", 7, 600 ) <= ldbm_cache_open (cache 0) <= dn2id NOID dn2entry_r: dn: "O=ELMONTE" => dn2id( "O=ELMONTE" ) ====> cache_find_entry_dn2id: found dn: O=ELMONTE <= dn2id 1 (in cache) => id2entry_r( 1 ) ====> cache_find_entry_dn2id: found id: 1 rw: 0 entry_rdwr_rtrylock: ID: 1 <= id2entry_r 0xa4e30 (cache) ====> cache_return_entry_r entry_rdwr_runlock: ID: 1 send_ldap_result 32:O=ELMONTE: ber_flush: 23 bytes to sd 8 0 15 02 01 01 a 10 0a 01 20 04 09 O = E L M O N T E 04 00 listening for connections on 3, activity on: 5r 8r before select active_threads 0 select activity on 2 descriptors activity on: 5r 8r read activity on 5 ber_get_next ber_get_next on fd 5 failed errno 0 (Error 0) *** got 0 of 0 so far read activity on 8 ber_get_next ber_get_next on fd 8 failed errno 0 (Error 0) *** got 0 of 0 so far listening for connections on 3, activity on: before select active_threads 0 -------------------------------------------------- and this on the client console... -------------------------------------------------- # smbclient -U pepe -L pdc01 Added interface ip=172.18.1.23 bcast=172.18.255.255 nmask=255.255.0.0 Password: session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) --------------------------------------------------- Simple, but less possible answer would be: encrypt password = false It would be, but it won't be - You said you have this set to 'true' More complex possible answer: Samba host which you trying to connect from is not member of domain X, as opposed to (NT)host pdc01. -Ldap server runs fine with pam_ldap module for authenticate ftp, telnet and local logins... These don't have to be affiliated, ie. sambaAccount objects may lie in different part of directory tree. -the smb.conf and slapd.conf are well configured as the HowTo.. i send you too. and set password ecrypted=yes. Received neither smb.conf nor slapd.conf. -In the Howto says that i have to create a file called ldappasswd in ../samba/private/ with the root passwd of ldap server... What is the syntax? only the password? That's right. Remember to set permissions to 0600 ! Well i think that?s all ... please see if you can help me... Thanks a lot in advance.. and excuse my poor english.. Mine also isn't perfect :) Tu correo gratis en MixMail http://www.mixmail.com Inicia tu navegacion en http://www.ya.com From rszczesniak at mis.com.pl Wed Sep 20 08:33:04 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:30 2003 Subject: very slow connexions Message-ID: Can you sketch out the problem a bit more descriptive ? What do you mean by increasing performance ? Rafa? "Vincent Bellenger" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-20 08:38 Odpowiedz do "Vincent Bellenger" Do: DW: Temat: very slow connexions someone can say me what i must do in order increase the performences when i connect a printer on a win95 (my samba is in a ntdomaine) thanks. From rszczesniak at mis.com.pl Wed Sep 20 08:42:33 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:30 2003 Subject: Odp: Samba-Ldap Message-ID: And by the way, a little explanation of sambaAccount params ... Rafa? "paco cornejo" 00-09-19 11:09 Do: rszczesniak@mis.com.pl DW: Temat: Samba-Ldap ----------------------------------------------------- dn: uid=pepe, o=ELMONTE objectclass: sambaAccount uid: pepe lmpassword: pepe <-------------how to ecrypt? ntpassword: pepe pwdlastset: <---------- which value? You needn't touch this. Every password change affects this. groupid: 200 pwdmustchange: ffffffff <---- ???? This enforces password changing at first logon. ntuid: pepe accflags: [U ] <--------what is this? It defines ordinary user account. For example: W would be for workstation trust account. gidnumber: 1 <---- the same as gorup in /etc/group uidnumber: 1005 <---the same as /etc/passwd rid: 1f4 <---------How i get the rid? Samba generates this automatically, starting from first available number in current domain. It's NT-specific parameter. -------------------------------------------- From lcastellanos at techtrader.com Wed Sep 20 14:05:09 2000 From: lcastellanos at techtrader.com (Castellanos, Leon) Date: Tue Dec 2 02:31:30 2003 Subject: Samba as member to NT PDC Message-ID: <8B353D2BA52BD311992D00902785F9FE776555@bbking.techtrader.com> I am currently in the process of setting up samba for a EMC clariion storage solution connected to a Sun Ultra 60 running Solaris 8. I want to use of the NT PDC on our network for authentication and want to know which branch is the best suited for this purpose: Samba_2.0 HEAD-Branch SAMBA-TNG or HEAD with TNG Any information would be greatly appreciated. From syssys at math.umd.edu Wed Sep 20 14:42:14 2000 From: syssys at math.umd.edu (Tim Strobell - Asst Systems Admin) Date: Tue Dec 2 02:31:30 2003 Subject: NIS authentication and smbpasswd In-Reply-To: <39C73BF6.CDDC3B6E@polimi.it>; from simo.sorce@polimi.it on Tue, Sep 19, 2000 at 10:12:06AM +0000 References: <20000915134749.D7170@laplace.math.umd.edu> <39C73BF6.CDDC3B6E@polimi.it> Message-ID: <20000920104214.X7170@laplace.math.umd.edu> Hi Simo! Thanks for the reply. [ enabling plaintext passwords ] |>This prevent the use |>of domains (even samba or Windows DC refuses clear/text passwords). Ouch. Since we've got NT4 clients, I don't think this will work out. I tried NISGINA, but it didn't work as well as I'd hoped it would. We'd prefer roaming profiles. I tried to modify it to accept a generic restricted account (authenticate via NIS passwd, but login as a different user) but I couldn't get it to compile. It looks like we'll have to stick with separate password 'domains' for now. Tim -- Tim Strobell - syssys@math.umd.edu - (301) 405-8175 - Fax (301) 314-0827 Assistant Systems Administrator Department of Mathematics, University of Maryland at College Park From Jody.Haynes at isunnetworks.com Wed Sep 20 14:45:37 2000 From: Jody.Haynes at isunnetworks.com (Jody Haynes) Date: Tue Dec 2 02:31:30 2003 Subject: PDC In-Reply-To: <39C7E808.12955.154881BA@localhost>; from rpizana@correo.mty.itesm.mx on Tue, Sep 19, 2000 at 10:26:16PM -0000 References: <39C7E808.12955.154881BA@localhost> Message-ID: <20000920104537.G2421@jody.isunnetworks.com> Rene, Generally, I give me machine accounts as a password there name in lowercase. For example: Hostname is: rene NetBios name is: RENE samba machine name: RENE$ samba machine passwd: rene I hope this helps. -- Jody Ren? Piza?a Morones [rpizana@correo.mty.itesm.mx] wrote: > Hi > I have a linux box with redhat 6.2 (samba 2.07) and i configured it to work > like a PDC. > I installed NT4Ws on a computer (priamo is its name), and when i want to > joint it to my linux box domain, i get this massage: > > [2000/09/19 20:01:54, 0] smbd/reply.c:session_trust_account(419) > session_trust_account: Trust Account PRIAMO$ - password failed > > I have the same password for the administrator account of my workstation, for > an administrator account which I created in the linux box, and for the priamo$ > account. > > If that not work, than which password i have to change? > > thanks -- Jody Haynes ---------------------------------------- iSun Networks, Inc. Email: Jody.Haynes@isunnetworks.com Website: www.isunnetworks.com ---------------------------------------- From Jody.Haynes at isunnetworks.com Wed Sep 20 15:29:14 2000 From: Jody.Haynes at isunnetworks.com (Jody Haynes) Date: Tue Dec 2 02:31:30 2003 Subject: Samba as member to NT PDC In-Reply-To: <8B353D2BA52BD311992D00902785F9FE776555@bbking.techtrader.com>; from lcastellanos@techtrader.com on Wed, Sep 20, 2000 at 10:05:09AM -0400 References: <8B353D2BA52BD311992D00902785F9FE776555@bbking.techtrader.com> Message-ID: <20000920112914.H2421@jody.isunnetworks.com> Leon, You could use samba-tng with the following directives: security = DOMAIN password server = encrypt passwords = Yes --Jody Castellanos, Leon [lcastellanos@techtrader.com] wrote: > I am currently in the process of setting up samba for a EMC clariion > storage solution connected to a Sun Ultra 60 running Solaris 8. > I want to use of the NT PDC on our network for authentication and > want to know which branch is the best suited for this purpose: > > Samba_2.0 > HEAD-Branch > SAMBA-TNG or > HEAD with TNG > > Any information would be greatly appreciated. -- Jody Haynes ---------------------------------------- iSun Networks, Inc. Email: Jody.Haynes@isunnetworks.com Website: www.isunnetworks.com ---------------------------------------- From kkc at uclink4.berkeley.edu Wed Sep 20 15:41:37 2000 From: kkc at uclink4.berkeley.edu (Kevin Chan) Date: Tue Dec 2 02:31:30 2003 Subject: network printing on samba Message-ID: <4.3.2.7.2.20000920083835.00ad2580@uclink4.berkeley.edu> Hi, I just need a bit of help with the printing setup on samba... Right now, my company is in the midst of being relocated for a week and I have been trying to set up a network printer which is in a different subnet from the samba server with little success. I have added an entry in the /etc/printcap file, specifying where the printer is and have modified the smb.conf configurations as well. I was just wondering if I missed anything that anyone can see. The printer is setup correctly and the IP address on it has been verified. Also, the samba server works fine since logging onto it from the remote subnet is also posing no problems. Thanks in advance, Kevin Chan From andychan at makewish.com Wed Sep 20 16:23:31 2000 From: andychan at makewish.com (Andy W. K. Chan) Date: Tue Dec 2 02:31:30 2003 Subject: IPChians and smb_auth Message-ID: <019201c0231f$2115a980$4020fea9@homepc> Can I use smb_auth to allow the NT Groups accessing Internet or not ? -------------- next part -------------- HTML attachment scrubbed and removed From rszczesniak at mis.com.pl Wed Sep 20 16:34:27 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:30 2003 Subject: Samba as member to NT PDC Message-ID: If it's about file serving I'd suggest Samba HEAD. If stability is also very important - Samba 2.0.7, though I didn't notice any problems with Samba HEAD. smb.conf setting as suggested. Jody Haynes Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-20 17:29 Do: "Castellanos, Leon" DW: "'samba-ntdom@lists.samba.org'" Temat: Re: Samba as member to NT PDC Leon, You could use samba-tng with the following directives: security = DOMAIN password server = encrypt passwords = Yes --Jody Castellanos, Leon [lcastellanos@techtrader.com] wrote: > I am currently in the process of setting up samba for a EMC clariion > storage solution connected to a Sun Ultra 60 running Solaris 8. > I want to use of the NT PDC on our network for authentication and > want to know which branch is the best suited for this purpose: > > Samba_2.0 > HEAD-Branch > SAMBA-TNG or > HEAD with TNG > > Any information would be greatly appreciated. -- Jody Haynes ---------------------------------------- iSun Networks, Inc. Email: Jody.Haynes@isunnetworks.com Website: www.isunnetworks.com ---------------------------------------- From vorlon at netexpress.net Wed Sep 20 16:52:55 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:30 2003 Subject: [OT] Programmatically converting a UNIX passwd hash to an MD5 hash? In-Reply-To: <39C7FE66.227DB64E@potsdam.edu> Message-ID: On Tue, 19 Sep 2000, Matthew Keller wrote: > Sorry for the OT thread, but this is the brightest list I'm on. Anyone > know how (I know it's possible as RedHat does it in their "upgrade" > installers) to convert a standard UNIX hash to an MD5 hash? It's not possible to convert a standard crypt() hash to an MD5 hash, any more than it's possible to convert a crypt() hash to an NTLM hash. However, it's easy enough to add a hook to a program so that, after verifying that the user has entered the correct password, the password file is updated with the md5 equivalent. RedHat may leverage this, although I haven't seen it -- AFAIK, the only thing they do is allow you to specify that all *new* passwords set are encrypted with md5. Steve Langasek postmodern programmer From kellermg at potsdam.edu Wed Sep 20 18:26:04 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:31:30 2003 Subject: [OT] Programmatically converting a UNIX passwd hash to an MD5hash? References: Message-ID: <39C9013C.A0574476@potsdam.edu> Steve Langasek wrote: > It's not possible to convert a standard crypt() hash to an MD5 hash, any more > than it's possible to convert a crypt() hash to an NTLM hash. However, it's > easy enough to add a hook to a program so that, after verifying that the user > has entered the correct password, the password file is updated with the md5 > equivalent. RedHat may leverage this, although I haven't seen it -- AFAIK, > the only thing they do is allow you to specify that all *new* passwords set > are encrypted with md5. Thank you all for your replies. After examining pam_pwdb after some poking, I've found that RH doesn't "upgrade" the hashes, it merely traps new password changes and "upgrades" them. -- Matthew Keller WebMaster & Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From lfeldman at applianceware.com Wed Sep 20 19:14:54 2000 From: lfeldman at applianceware.com (Lawrence Feldman) Date: Tue Dec 2 02:31:30 2003 Subject: Obtaining User List from NT Server using Samba 2.0.7 Message-ID: <39C90CAE.5FBA716B@applianceware.com> I am sorry if this has been covered before. Is there a way to get the NTDomain users and groups using samba 2.0.7? -- ->------------------------------------------------------------------------- Lawrence (Lon) Feldman | Applianceware: Applianceware | "The new vision in appliance networking" (510) 580-5131 | lfeldman@applianceware.com -------------- next part -------------- HTML attachment scrubbed and removed From roedelm at letu.edu Wed Sep 20 20:17:29 2000 From: roedelm at letu.edu (Mark Roedel) Date: Tue Dec 2 02:31:30 2003 Subject: probable newbie question - add user script Message-ID: I'm a newish Samba user, and there's a fairly good chance I'm missing something blindingly obvious, but I'm currently stumped so help is appreciated... I've got a new Samba 2.0.7 setup, running on FreeBSD 4-stable and authenticating against our NT domain. That much is working beautifully. Now...the "add user script" global configuration option (assuming I'm understanding the documentation correctly) looks like a godsend for a project that's just been handed off to me. Problem is, I can't seem to get it to work for me. I've got my add.samba.user script written (works great from the commandline), and I've placed a copy of it in my samba bin directory and set the "add user script" option to point to it. Security is set to "domain." I've restarted smbd and nmbd several times since making that setting. But accounts aren't getting created. In fact, the rejection message is the same as if they'd entered an incorrect password, but when I manually add the account in FreeBSD, the user gets right in without even being re-prompted to login. So...is there some blindingly obvious thing that I'm missing? I haven't found anything relevant in my logs...is there a debug level (I'm currently set to "1") that'd let me see whether smbd is even trying to launch the script and if so what the result was? Other things I should be looking at? --- Mark Roedel | "Blessed is he who has learned to laugh Systems Programmer | at himself, for he shall never cease LeTourneau University | to be entertained." Longview, Texas, USA | -- John Powell From aarjona at banistmo.com Wed Sep 20 20:28:57 2000 From: aarjona at banistmo.com (Arjona, Ariel) Date: Tue Dec 2 02:31:30 2003 Subject: Salutation and samba optimization question Message-ID: <9B6B824220DBD311BF5A1000974B43B3211895@EXCH05001> First of all, hello to all in this mailing list. My first time here :) I guess this is an old topic, but here's it anyway: Could someone point e to documents explaining how to optimize samba's performance? I'm looking for long periods of operating time (forever would be fine, thank you :P), not necessarily speed. I'm running SuSE6.4 with no other services than samba, proftpd and inetd (telnet is the only thing I use it for. I plan to use SSH soon). I will connect to an NT Domain and share some folders with info I receive via FTP from the Internet. The connecting clients are almost surely only NT4 and W2K boxes. My version of samba is 2.0.6-48. BTW, Is there any strong reason for me to upgrade to the latest version? Best Regards, Ariel Arjona From laa at orion.ipt.pt Wed Sep 20 22:40:59 2000 From: laa at orion.ipt.pt (Luis Almeida) Date: Tue Dec 2 02:31:30 2003 Subject: joining the domain Message-ID: samba-tng-alpha-2.6 on REDHAT6.2 box as PDC Hi I'm trying to join a win2k to the SAMBAPDC_SERVER i have created an unix account for the win2000A with groupadd machines useradd -g machines -s /bin/false win2000A$ then i created some normal users bin/samedit -S . -U root Enter Password:THE_ROOT_PASSWD_OF_REDHATBOX createuser kd -p test q ------------------------------------------- After that i run samedit again to created a smbpasswd entry for win2000$ bin/samedit -S . -U root Enter Password:THE_ROOT_PASSWD_OF_REDHATBOX use \\\\SAMBAPDC -U root use \\\\SAMBAPDC -U root EnterPassword:THE_ROOT_PASSWD_OF_REDHATBOX Server: \\SAMBAPDC: User: root Domain: Connection: failed session setup cli_net_use_add: connection failed FAILED ------------------------------------------------------------ And i don't know how to pass this step to createuser SAMBAMEM$ -j TNG-TEST Thanks Bye Luis email: laa@ipt.pt or laa@orion.ipt.pt From hugo at fractalgraphics.com.au Thu Sep 21 01:17:41 2000 From: hugo at fractalgraphics.com.au (Hugo Bouckaert) Date: Tue Dec 2 02:31:30 2003 Subject: samba password verification without a domain? Message-ID: <39C961B5.F6B21BDE@fractalgraphics.com.au> Hi I downloaded and installed samba 2.0.7 on an SGI box running Irix 6.5. I was hoping to use the new feature, joining the NT domain, for samba access password verification, so NT passwords can be used to access Unix boxes in the network neighborhood. However, we only have an NT workgroup, not an NT domain. On the information pages regarding joining an NT domain, it states you have to add the samba server to the primary domain controller for the NT domain. Does this mean it is totally impossible to add a samba server to individual NT computers in the workgroup, i.e. do yo have to have an NT domain with a primary domain controller or is there a way to add the samba server to individual NT boxes, so that from those, you can use your NT password to access the samba share? Any information/help will be most appreciated. Thanks Hugo -- Dr Hugo Bouckaert R&D Support Engineer, Fractal Graphics 39 Fairway, Nedlands Western Australia 6009 Tel: 9284 8442 Email:hugo@fractalgraphics.com.au Web: http://www.fractalgraphics.com.au From tavis at mahler.econ.columbia.edu Thu Sep 21 02:17:41 2000 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:31:30 2003 Subject: smbpasswd gives out of memory error Message-ID: I'm sending this message to NTDOM (already posted to Samba list) in case someone here can help. Sorry for the duplication. ------------------------------------------------------------ I'm using the HEAD branch from a year ago (yes I know sorry about the weird version but I don't want to upgrade to TNG if it's going to be reworked, and a lot of the PDC functionality hasn't been integrated into the stable branch yet) on DEC Unix 4.0F. For one user (not root), smbpasswd works fine. For anyone else, it returns immediately with an "out of memory" message. ("Immediately" means right away even with the debug level set to 100). Obviously I've got a permissions problem on my hands but I'm having trouble tracking anything down, it doesn't seem to be anything obvious like who owns the binaries. Perhaps a compile-time problem, I may have compiled Samba as this user. Can anyone tell me what kind of a problem would cause smbpasswd to fail out with this kind of a message? Thanks, Tavis -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509D Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-9076 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From max728 at usa.net Thu Sep 21 08:26:27 2000 From: max728 at usa.net (mathou rene) Date: Tue Dec 2 02:31:30 2003 Subject: error lines in log.smb Message-ID: <20000921082627.22492.qmail@nwcst292.netaddress.usa.net> does someone know what means this following lines in log.smb file: [2000/09/21 12:04:18, 4] locking/shmem_sysv.c:sysv_shm_open(547) Trying sysv shmem open of size 1048576 [2000/09/21 12:04:18, 0] locking/shmem_sysv.c:sysv_shm_open(667) Can't create or use IPC area. Error was Le fichier existe. [2000/09/21 12:04:18, 0] locking/locking.c:locking_init(174) ERROR: Failed to initialise share modes ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 From rszczesniak at mis.com.pl Thu Sep 21 08:44:49 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:30 2003 Subject: error lines in log.smb Message-ID: First of all, make sure you got System V IPC compiled into the kernel. Rafa? mathou rene Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-21 10:26 Do: samba-ntdom@us4.samba.org DW: Temat: error lines in log.smb does someone know what means this following lines in log.smb file: [2000/09/21 12:04:18, 4] locking/shmem_sysv.c:sysv_shm_open(547) Trying sysv shmem open of size 1048576 [2000/09/21 12:04:18, 0] locking/shmem_sysv.c:sysv_shm_open(667) Can't create or use IPC area. Error was Le fichier existe. [2000/09/21 12:04:18, 0] locking/locking.c:locking_init(174) ERROR: Failed to initialise share modes ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 From eridel at kava.be Thu Sep 21 09:27:21 2000 From: eridel at kava.be (Eric Delaet) Date: Tue Dec 2 02:31:30 2003 Subject: Name Resolution In-Reply-To: Message-ID: Hello, I have a problem concerning name resolution. I have a samba PDC, and everything seems to work fine for the clients. However, when I do: nmblookup -B pcname -S \* on the PDC itself, or on another Linux PC, nmblookup doesn't find the PC. Instead, it reports its own IP. Names and IP's of the clients seem to be correct in the WINS.DAT file. I need to get this to work for printing services on some unix machines, since they use smbclient. Here is my global section from smb.conf: [global] security = user workgroup = KAVA server string = Poseidon encrypt passwords = yes domain logons = Yes domain master = Yes hosts allow = 192.168.0. name resolve order = wins bcast host lmhosts oplocks = yes read raw = yes write raw = yes map archive = yes dns proxy = no wins support = yes Thanks! From avi at levi.spb.ru Thu Sep 21 09:42:50 2000 From: avi at levi.spb.ru (Anatoly Ivanov) Date: Tue Dec 2 02:31:30 2003 Subject: TNG-stable Message-ID: <39C9D81A.2EA78E2B@levi.spb.ru> Hello, Is there anybody who knows what's going on with TNG branch? I have TNG-2.6 up and running, but it sill have some bugs (VERY weird bugs sometimes). I'd like to 'cvs co', but I'm not sure that it's a good idea to snapshot the development branch. So, can you please tell me what branch/tag should I use to get latest TNG-STABLE? --- wbr, avi. From rszczesniak at mis.com.pl Thu Sep 21 09:46:13 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:30 2003 Subject: TNG-stable Message-ID: Ther's no official stable TNG, but version marked as 2.5 was known as less problematic ;) It was renamed on cvs to TNG_2_5_GOOD or sth like that ... Rafa? Anatoly Ivanov Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-21 11:42 Do: samba-ntdom@us4.samba.org DW: Temat: TNG-stable Hello, Is there anybody who knows what's going on with TNG branch? I have TNG-2.6 up and running, but it sill have some bugs (VERY weird bugs sometimes). I'd like to 'cvs co', but I'm not sure that it's a good idea to snapshot the development branch. So, can you please tell me what branch/tag should I use to get latest TNG-STABLE? --- wbr, avi. From avi at levi.spb.ru Thu Sep 21 10:01:51 2000 From: avi at levi.spb.ru (Anatoly Ivanov) Date: Tue Dec 2 02:31:30 2003 Subject: TNG-stable References: Message-ID: <39C9DC8F.95B07666@levi.spb.ru> Yes, but I already use TNG-2.6, and I'd better upgrade than downgrade :) --- avi > Ther's no official stable TNG, but version marked as 2.5 > was known as less problematic ;) > It was renamed on cvs to TNG_2_5_GOOD or sth like that ... > > Rafa? > From rszczesniak at mis.com.pl Thu Sep 21 10:56:20 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:31 2003 Subject: TNG-stable Message-ID: You're don't want or you shouldn't test (because of users working on this server) new versions this is good alternative. However, can you describe probems ? So far, I had only compilation problem when I tried to configure using '--with-ldap' flag. greetings :) Rafa? Anatoly Ivanov Wys?ane przez: avi@relay.levi.spb.ru 00-09-21 12:01 Do: Rafa? Szcze?niak , samba-ntdom@samba.org DW: Temat: Re: TNG-stable Yes, but I already use TNG-2.6, and I'd better upgrade than downgrade :) --- avi > Ther's no official stable TNG, but version marked as 2.5 > was known as less problematic ;) > It was renamed on cvs to TNG_2_5_GOOD or sth like that ... > > Rafa? > From rszczesniak at mis.com.pl Thu Sep 21 11:03:42 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:31 2003 Subject: TNG-stable Message-ID: Sorry I made 'syntax error' which made mail difficult to understand. Now, I correct this: If you don't want to test or, if you shouldn't test (because of users working on this server) new versions, this is good alternative. After all, can you describe probems ? So far, I had only compilation problem when I tried to configure using '--with-ldap' flag. greetings :) Rafa? Anatoly Ivanov Wys?ane przez: avi@relay.levi.spb.ru 00-09-21 12:01 Do: Rafa? Szcze?niak , samba-ntdom@samba.org DW: Temat: Re: TNG-stable Yes, but I already use TNG-2.6, and I'd better upgrade than downgrade :) --- avi > Ther's no official stable TNG, but version marked as 2.5 > was known as less problematic ;) > It was renamed on cvs to TNG_2_5_GOOD or sth like that ... > > Rafa? > From PerKjetil.Grotnes at pbe.oslo.kommune.no Thu Sep 21 13:18:00 2000 From: PerKjetil.Grotnes at pbe.oslo.kommune.no (Grotnes Per Kjetil PBE-SIT) Date: Tue Dec 2 02:31:31 2003 Subject: Terminal Server and samba config 2.0.7 Message-ID: <"3619 00/09/21 15:18*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> Greetings. Problem: - Getting samba 2.0.7 to work on a Windows Terminal Server (WTS) with Metaframe. - Works when few are connected to the WTS, but errors occurs when the amount of users increase. - Getting problems saving files to samba-disk. Errors as "Irreversable diskerror saving to disk X:". System: Solaris 2.6 on Sun UltraSparc 4000, 1 G Ram, 4 CPU 250Mhz Samba 2.0.7 (binary installation) 5 Windows Terminal Servers (NT 4.0) in cluster running Metaframe 1.8 (citrix) with load balancing in a Domain. 400 users. We had to upgrade our samba 1.9 to the newest version of samba becuase of poor diskperformance. The problem as far as I can see is that samba in the earlier version made one unix-process pr. user while the new 2.0.7 makes one process pr _client_. As we have only 5 clients (the Windows Terminal Servers) and 70 users on each server the "one process pr. client" is overloaded. With a NT workstation that might work nicely, but with a Terminal server where each user opens 10 samba disks you suddenly have 70*10=700 connections trough one samba-client process (smbd -D type process). Can anyone see any obvious fixes or limitations in the default settings for samba? I cant find any options in smb.conf that seems to fix the problem. Might it be serverlimitations? Some Max limits that are reached? This is a critical problem for our department and I really really needs some help here. Please? Regards Per Kjetil Grotnes --- IT-Seksjonen, Plan- og bygningsetaten, Oslo Kommune Tlf: 22 66 26 61, Fax: 22 66 26 65 From c2z4s9 at hotmail.com Thu Sep 21 13:43:07 2000 From: c2z4s9 at hotmail.com (John Doe) Date: Tue Dec 2 02:31:31 2003 Subject: TimeStamp problem Message-ID: I am running into a problem with timestamps. It would seem that whenever a file is copied from a remote Windows NT or 2000 machine the resulting file on the Samba machine has a current timestamp. It would also seem that if you copy a file from a windows 95/98 machine to the samba file server the timestamp information is preserved from the origional file. Is there a way to preserve timestamp info when copying from a WinNT / 2000 machine to the Samba server? _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From jsm at bardess.com Thu Sep 21 14:11:48 2000 From: jsm at bardess.com (Jeff McKeon) Date: Tue Dec 2 02:31:31 2003 Subject: Bug? Interesting behavior with Win98 clients... Message-ID: <00a101c023d5$e24d0b00$0b01a8c0@bardess_lap2.bardess1> Samba type guys, I've noticed some interesting behavior with my Win98 clients and our RedHat 6.1 fileserver running Samba. Here are the specs..... I have an NT domain with and NT4.0 SP5 PDC. I have a file RedHat 6.1 files server running Samba 2.0.5a The network has a total of 3 shared drives. One on the NT box and two on the Linux Box via Samba. I have a logon script on the NT Box to connect all the network drives when users log on. A simple .bat file that issues "net use" commands for each of the 3 drives. I have notices with the win98se clients that when "File and Print Sharing" is installed and a drive on the local win98 box is shared, the network shared drives on the Linux box do not connect when the logon script is run. If the user does a "Log off" (not a shut down or reboot) and logs back on to the network, or if the user manually runs the logon script again inside of win98 or does a manual drive mapping inside win98, then the drives will connect. If I remove file and print sharing from the Win98 box, then reboot twice, once with the require warm boot (because changes were made to the network settings) and then a second time with a cold boot (actual power down) the drives will connect and map correctly with the logon script. I found no reference to this behavior anywhere on the net or your site. Is this a bug, a known situation or something new? Is there a fix for it or one in the works? below is a section from the client's log file from a test I did for this behavior.... **************************************************************************** *************************** ** @ 9:20 the connections are mapped fine** [2000/09/21 09:20:46, 1] smbd/service.c:make_connection(521) bardess_dev (192.168.1.12) connect to service public as user office (uid=508, gid=100) (pid 6095) [2000/09/21 09:20:46, 1] smbd/service.c:make_connection(521) bardess_dev (192.168.1.12) connect to service home as user office (uid=508, gid=100) (pid 6095) [2000/09/21 09:21:46, 0] smbd/process.c:timeout_processing(868) Reloading services after SIGHUP [2000/09/21 09:21:46, 0] param/loadparm.c:service_ok(1768) No path in service netlogon - using /tmp [2000/09/21 09:22:00, 1] smbd/service.c:close_cnum(557) bardess_dev (192.168.1.12) closed connection to service home [2000/09/21 09:22:00, 1] smbd/service.c:close_cnum(557) bardess_dev (192.168.1.12) closed connection to service public ** file and print shareing installed on win98 box, C: shared, win98 box rebooted** [2000/09/21 09:24:38, 0] lib/util_sock.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe [2000/09/21 09:24:38, 0] lib/util_sock.c:write_socket(596) write_socket: Error writing 4 bytes to socket 7: ERRNO = Broken pipe [2000/09/21 09:24:38, 0] lib/util_sock.c:send_smb(784) Error writing 4 bytes to client. -1. Exiting **************************************************************************** ****** The section below is a cut from the log.smb.1 file that has the same time stamp and is for the same win98 box. **************************************************************************** ****** [2000/09/21 09:20:46, 1] lib/util_sock.c:client_name(1030) Gethostbyaddr failed for 192.168.1.12 [2000/09/21 09:24:38, 1] lib/util_sock.c:client_name(1030) Gethostbyaddr failed for 192.168.1.12 **************************************************************************** Thanks, Jeff McKeon Bardess Group Ltd. Phone: 973-895-3500 Fax: 973-895-1900 Email: jsm@bardess.com From appro at fy.chalmers.se Thu Sep 21 14:13:02 2000 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:31:31 2003 Subject: Terminal Server and samba config 2.0.7 References: <"3619 00/09/21 15:18*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> Message-ID: <39CA176E.1AF69F5F@fy.chalmers.se> > As we have only 5 clients (the Windows Terminal Servers) and 70 users on each > server the "one process pr. client" is overloaded. > > With a NT workstation that might work nicely, but with a Terminal server where each > user opens 10 samba disks you suddenly have 70*10=700 connections trough one > samba-client process (smbd -D type process). The problem is not SAMBA specific. Well, sort of... As Solaris does have rather low default limit of 1024 file descriptors per process and you might be hitting it first (unless you've tuned the rlim_fd_max). In either case http://support.microsoft.com/support/kb/articles/Q190/1/62.ASP is the way to work the problem around. Andy. From chakravarthyb at hotmail.com Wed Sep 20 05:30:18 2000 From: chakravarthyb at hotmail.com (Chakravarthy Balagani) Date: Tue Dec 2 02:31:31 2003 Subject: Please help--ckr Message-ID: My Samba configuration is working right- I tested with testparam. My Linux system joined my Windows Domain. But I can't see any thing in the network nighbourhood regarding linux system .Please help. Chakri -------------- next part -------------- HTML attachment scrubbed and removed From Jody.Haynes at isunnetworks.com Thu Sep 21 14:29:36 2000 From: Jody.Haynes at isunnetworks.com (Jody Haynes) Date: Tue Dec 2 02:31:31 2003 Subject: Please help--ckr In-Reply-To: ; from chakravarthyb@hotmail.com on Wed, Sep 20, 2000 at 11:00:18AM +0530 References: Message-ID: <20000921102936.B5418@jody.isunnetworks.com> When you run smblcient -L hostname -U% Workgroup Master --------- ------- Does the NT Domain match the master browser for your network. It sounds like you have a master browser problem at the moment. To prevent a samba server from becoming a master browser on your NT network add this to your smb.conf file: preferred master = No domain master = No local master = No I hope this helps... -- Jody Chakravarthy Balagani [chakravarthyb@hotmail.com] wrote: > My Samba configuration is working right- I tested with testparam. My Linux system joined my Windows Domain. But I can't see any thing in the network nighbourhood regarding linux system .Please help. > > Chakri -- Jody Haynes ---------------------------------------- iSun Networks, Inc. Email: Jody.Haynes@isunnetworks.com Website: www.isunnetworks.com ---------------------------------------- From PerKjetil.Grotnes at pbe.oslo.kommune.no Thu Sep 21 15:08:18 2000 From: PerKjetil.Grotnes at pbe.oslo.kommune.no (Grotnes Per Kjetil PBE-SIT) Date: Tue Dec 2 02:31:31 2003 Subject: Terminal Server and samba config 2.0.7 Message-ID: <"3632 00/09/21 17:08*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> > The problem is not SAMBA specific. Well, sort of... As Solaris does have > rather low default limit of 1024 file descriptors per process and you > might be hitting it first (unless you've tuned the rlim_fd_max). In >either case > http://support.microsoft.com/support/kb/articles/Q190/1/62.ASP is the > way to work the problem around. Ah, excellent Andy. I have done as suggested in the article. Another fix which is described as the samba-fix is the "nt smb support = no" in the "smb.conf" file. I did both fixes and we'll have to wait until tomorrow to see if this works. (articles on the other fix: http://info.ccone.at/INFO/Mail-Archives/samba/Jul-1999/msg00015.html) Thanks alot for the help. Regards Per Kjetil Grotnes --- IT-Seksjonen, Plan- og bygningsetaten, Oslo Kommune Tlf: 22 66 26 61, Fax: 22 66 26 65 From monster at okb.lv Thu Sep 21 16:16:50 2000 From: monster at okb.lv (Denis J. Cirulis) Date: Tue Dec 2 02:31:31 2003 Subject: Samba and LDAP Message-ID: <20000921191650.A6166@okb.lv> Hello ! Who can explain me about LDAP and Samba. Is there any bonuses to use LDAP with samba ? P.S.: I can't quite get the idea of using LDAP -- My other computer is a 4000 node Beowulf cluster. From philippe.chauvat at exfo.com Thu Sep 21 17:30:54 2000 From: philippe.chauvat at exfo.com (Philippe Chauvat) Date: Tue Dec 2 02:31:31 2003 Subject: [only one computer not view] Message-ID: <39CA45CE.5F9B3CD3@exfo.com> Hello, I've a Linux Mandrake 7.0 installed on a desktop computer and runs samba 2.06. No trouble to run smbclient for a lot of windows machines but one of them reply: connection failed. In gnomba, this computer is seen. any idea, any help would be very appreciate. Philippe From jasonc at dsgtech.com Thu Sep 21 17:31:31 2000 From: jasonc at dsgtech.com (Jason Cook) Date: Tue Dec 2 02:31:31 2003 Subject: IPChians and smb_auth In-Reply-To: <019201c0231f$2115a980$4020fea9@homepc>; from andychan@makewish.com on Thu, Sep 21, 2000 at 12:23:31AM +0800 References: <019201c0231f$2115a980$4020fea9@homepc> Message-ID: <20000921133131.H14830@dsgtech.com> Off the top of my head, no. I don't think there is any way with smb_auth to gather any info about groups. Maybe its possible to grab group membership info from the domain controller via rpcclient. But even that way may not be what you want. You're going to have to grab that info, figure out the user's host name or ip address and enter that into your ipchains rules. Provided you can get the group info, that shouldn't be terribly hard. Another option is to force them to go through a proxy. Squid can use multiple methods for authentication including PAM and flat files. Downside is the squid proxy doesn't know who the user is without them entering their user name and password again. IIRC there is a module for apache out there that knows how to grab the correct credentials from the client, it might be possible to adapt this to squid. On Thu, Sep 21, 2000 at 12:23:31AM +0800, Andy W. K. Chan wrote: > Can I use smb_auth to allow the NT Groups accessing Internet or not ? > -- Jason Cook PGP Fingerprint: D531 F4F4 BDBF 41D1 514D F930 FD03 262E 5120 BEDD PGP Key: http://dayton.net/~dsg/pgp.html Don't hate yourself in the morning - sleep till noon. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000921/9d831950/attachment.bin From rszczesniak at mis.com.pl Thu Sep 21 17:36:59 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:31 2003 Subject: Samba and LDAP Message-ID: Yes, there are some. First of all LDAP is not a flat file - it's hierarchical structure. It means that you can have one directory tree for whole organization. This leads to centralized management of network. Different parts of tree may hold objects/accounts for different users/groups corresponding to organizational strusture. Besides, LDAP objects are more flexible and easier to integrate with existing LDAP authentication/naming schemas like pam_ldap/nss_ldap. LDAP support in Samba will develop - it might be "natural" way to full support of win2k ActiveDir capabilities ... Are these reasons enough ? Rafa? "Denis J. Cirulis" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-21 18:16 Do: Samba-NTDOM Mailinglist DW: Temat: Samba and LDAP Hello ! Who can explain me about LDAP and Samba. Is there any bonuses to use LDAP with samba ? P.S.: I can't quite get the idea of using LDAP -- My other computer is a 4000 node Beowulf cluster. From wilson at sentrisystems.com Thu Sep 21 19:04:12 2000 From: wilson at sentrisystems.com (Brian Wilson) Date: Tue Dec 2 02:31:31 2003 Subject: unix password syncing with latest TNG cvs In-Reply-To: <20000921174310.30C4A52A1B@us4.samba.org> Message-ID: <20000921180412.2811.qmail@homer.sentrisystems.com> I have successfully installed the latest CVS of Samba TNG (dated 9/19/2000). I haven't gotten around to testing everything, but the main stuff I wanted to get working (roaming profiles, getting win2k boxes to join the domain, etc) are working. One thing that I've noticed that isn't working is unix password syncing. Here is my scenario: When I have the following in my smb.conf: passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:* all*authentication*tokens*updated*successfully* unix password sync = Yes I get this in log.samr: load_name_map: Added entry: unixname=root, ntname=SSTEST\Administrator type=User getsmbfilepwent: returning passwd entry for unix user lappytop$, unix uid 10041 getsmbfilepwent: returning passwd entry for unix user homey, unix uid 10042 Password change for user: homey Dochild for user homey (uid=0,gid=0) expect: Input/output error Response 2 incorrect Child failed to change password: homey 000000 samr_io_r_chgpasswd_user And get this error on the win2k side when trying to change the password via ctrl-alt-del/Change Password: "Username or old password is incorrect. Blah, blah...". The funny thing is that the password actually does get changed on the unix side, but not on the samba side. Now, if I take out the "unix password synx" entries in smb.conf and try to change the password again, it works fine, but it only changes the samba password (of course) and didn't sync it to /etc/passwd. I see this as a big problem because I need my nt and unix passwords synced for services like mail, ssh, etc. Does anyone have any ideas on what may be causing this or a workaround. I wouldn't even mind running some script as a cronjob to grab smbpasswd's and sync them into /etc/passwd but I'm not even sure if that is possible. Anyone? Thanks, Brian -- Brian Wilson wilson@sentrisystems.com Systems Administrator 919.239.5517 / 888.481.8986 Sentrisystems.com, Inc. 2626 Glenwood Ave., Suite 265 http://sentrisystems.com Raleigh, North Carolina 27608 From p.mayers at ic.ac.uk Thu Sep 21 18:11:39 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:31:31 2003 Subject: Samba and PAM [ Re: VFS Implementation and user authenticatio n ] Message-ID: You're talking about pluggable non-password (token) authentication modules. Cyrus SASL is one, PAM with binary prompts (see Nico's recent posts on such, on the -technical mailing list). There *is* a good reason to go for this: NTLM authentication is available to any application using the SSPI on Win32. There are other examples - Exchange's IMAP support has an "AUTH=NTLM" option, and IIS and IE5 can do NTLM HTTP authentication. All of these are useful to have in some way. Taking SASL as my hypothetical example - you maintain a secret's database (which the application itself can manage, and soon application such as LDAP servers will be able to "publish" secret to other SASL apps on the system...). The SASL library implements a token-exchange mechanism by calling application callbacks. The backend plugins take care of all of the methods. For example, let's say Apache was patched to support SASL (providing PLAIN and DIGEST-MD5 auth). Someone writes an NTLM authentication plugin, and this is installed on the client and server. All of a sudden, NTLM auth magically becomes available to any client and/or server on the system. If you're implementing a shared secret backend, the (hypothetical) IMAP/SMTP and TELNET servers on the machine also suddenly gain NTLM auth as well. This is obviously very good indeed. SASL lacks the policy support that PAM has, while PAM lacks everything other than plaintext checking (at present). Nico want's to add a client-side portion to the PAM library, and add binary prompt callbacks. The same end could (I suspect) be achieved by either adding policy modules to Cyrus SASL or re-using the PAM ones, calling PAM in the appropriate places with the appropriate values. Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Steve Langasek [mailto:vorlon@netexpress.net] Sent: 21 September 2000 16:22 To: David Lee Cc: samba-technical@samba.org Subject: Re: Samba and PAM [ Re: VFS Implementation and user authentication ] > It still seems to me that it would be useful for Samba to be able to use > PAM to authenticate NT clients. How do you foresee this being useful? There are two main benefits of PAMifying an application, as I understand it: the first is to be able to reuse the authentication code across applications without modification; the second is to be able to administratively reconfigure an application's authentication mechanism without recompiling. But the first is not relevant because a PAM module designed to do NTLM challenge-response would not be useful for any other existing Unix apps, because no other apps use Samba's specialized protocol, and the second is not relevant because NTLM challenge-response is the only real auth option we have in Samba. Of course, there may be other advantages that I'm not seeing, and if so I'd be happy to be enlightened. From stephane.ouellette at tektrend.com Thu Sep 21 18:39:27 2000 From: stephane.ouellette at tektrend.com (Stephane Ouellette) Date: Tue Dec 2 02:31:31 2003 Subject: Unwanted mapped drives under NT 4.0 Message-ID: <01C023D9.BF3FD1C0.stephane.ouellette@tektrend.com> Hi everyone, I have set up a Samba PDC (version pre3.0.0, RedHat 6.2, Intel CPU) but when a user is logged on the domain from a WinNT4 client, unwanted mapped drives appear after a few hours. Here is the contents of the user's logon script: NET USE X: \\MYPDC\PUB NET USE Y: \\MYPDC\PUB-RW Here is a description of what happens... When the user logs on, both drives are successfully mapped. After a few hours, the first share (\\MYPDC\PUB) is mapped on F: G: H: I: until no drive letters are available......... I noticed that only on Win NT4, not Win98. I would like to know if anyone else has seen such a behaviour. Any suggestions would be appreciated... Thanks. Stephane Ouellette From Jonathan.W.Miner at lmco.com Thu Sep 21 19:46:39 2000 From: Jonathan.W.Miner at lmco.com (JONATHAN W MINER) Date: Tue Dec 2 02:31:31 2003 Subject: Unwanted mapped drives under NT 4.0 References: <01C023D9.BF3FD1C0.stephane.ouellette@tektrend.com> Message-ID: <39CA659F.A645DAD3@lmco.com> Yes. I have seen this same behavior, but not a regular event. (NT4.0/SP5, Linux 2.2.16/Samba 2.0.7). I only have one NT workstation, so I can't say if it only the workstation. Stephane Ouellette wrote: > > Hi everyone, > > I have set up a Samba PDC (version pre3.0.0, RedHat 6.2, Intel CPU) but > when a user is logged on the domain from a WinNT4 client, unwanted mapped > drives appear after a few hours. > > Here is the contents of the user's logon script: > > NET USE X: \\MYPDC\PUB > NET USE Y: \\MYPDC\PUB-RW > > Here is a description of what happens... > > When the user logs on, both drives are successfully mapped. After a few > hours, the first share (\\MYPDC\PUB) is mapped on F: G: H: I: until no > drive letters are available......... > > I noticed that only on Win NT4, not Win98. > > I would like to know if anyone else has seen such a behaviour. > > Any suggestions would be appreciated... > Thanks. > > Stephane Ouellette -- Jonathan Miner - Lockheed Martin EIS/SAI LM-Xpress: jonathan.w.miner@lmco.com Phone: 603 885 UNIX - Fax: 603 885 3850 USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 From wolf.bergenheim at adcore.com Thu Sep 21 20:10:41 2000 From: wolf.bergenheim at adcore.com (Wolf Bergenheim) Date: Tue Dec 2 02:31:31 2003 Subject: Unwanted mapped drives under NT 4.0 In-Reply-To: <39CA659F.A645DAD3@lmco.com> Message-ID: Same here. When I had NT 4.0 server SP5 I had the same behavior. It was also irregular. The problem was solved by updating to SP 6a, which works better than SP5. The mapping went even further than just the free letters. when the letters ran out, it still continued... :( On Thu, 21 Sep 2000, JONATHAN W MINER wrote: >Yes. I have seen this same behavior, but not a regular event. >(NT4.0/SP5, Linux 2.2.16/Samba 2.0.7). I only have one NT workstation, >so I can't say if it only the workstation. > >Stephane Ouellette wrote: >> >> Hi everyone, >> >> I have set up a Samba PDC (version pre3.0.0, RedHat 6.2, Intel CPU) but >> when a user is logged on the domain from a WinNT4 client, unwanted mapped >> drives appear after a few hours. >> >> Here is the contents of the user's logon script: >> >> NET USE X: \\MYPDC\PUB >> NET USE Y: \\MYPDC\PUB-RW >> >> Here is a description of what happens... >> >> When the user logs on, both drives are successfully mapped. After a few >> hours, the first share (\\MYPDC\PUB) is mapped on F: G: H: I: until no >> drive letters are available......... >> >> I noticed that only on Win NT4, not Win98. >> >> I would like to know if anyone else has seen such a behaviour. >> >> Any suggestions would be appreciated... >> Thanks. >> >> Stephane Ouellette > >-- >Jonathan Miner - Lockheed Martin EIS/SAI >LM-Xpress: jonathan.w.miner@lmco.com >Phone: 603 885 UNIX - Fax: 603 885 3850 >USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 > -- Systems Specialist Adcore wolf.bergenheim@adcore.com http://www.adcore.com/ phone. +358-9-7420 5580 mobile +358-41-517 6362 From poffredo at club-internet.fr Thu Sep 21 21:42:11 2000 From: poffredo at club-internet.fr (Pascal OFFREDO) Date: Tue Dec 2 02:31:31 2003 Subject: Logoff problem !! Message-ID: <001301c02415$83012f60$0200000a@societe.fr> Hi, I'm using a SAMBA TNG 2.6 pdc and a NT4 SP6 WS. When I logoff from the workstation and use the smbstatus command I can see one or more process from my connection running . They never disappear. The only way to work this problem around was to set "dead time = 1" in smb.conf ! Is it a good idea ? Has anyone met this problem before -------------- next part -------------- HTML attachment scrubbed and removed From acherry at pobox.com Fri Sep 22 03:11:17 2000 From: acherry at pobox.com (acherry@pobox.com) Date: Tue Dec 2 02:31:31 2003 Subject: Terminal Server and samba config 2.0.7 In-Reply-To: <"3632 00/09/21 17:08*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> References: <"3632 00/09/21 17:08*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> Message-ID: <14794.52693.95877.817404@barneybox.bogus.domain> Grotnes Per Kjetil PBE-SIT writes: > > The problem is not SAMBA specific. Well, sort of... As Solaris does have > > rather low default limit of 1024 file descriptors per process and you > > might be hitting it first (unless you've tuned the rlim_fd_max). In > >either case > > http://support.microsoft.com/support/kb/articles/Q190/1/62.ASP is the > > way to work the problem around. > > Ah, excellent Andy. I have done as suggested in the article. Another fix which is > described as the samba-fix is the "nt smb support = no" in the "smb.conf" file. > > I did both fixes and we'll have to wait until tomorrow to see if this works. > > (articles on the other fix: > http://info.ccone.at/INFO/Mail-Archives/samba/Jul-1999/msg00015.html) > > Thanks alot for the help. FYI, we've been running our Windows Terminal Server systems with the registry fix referenced by the KB entry above (MultipleUsersOnConnection = 0) for the past year or so, and it solved the problems associated with all of the users being handled by the same smbd process (i.e. locking issues, reliability problems, etc). We're running with NT SMB support enabled, so there's no need to set "nt smb support = no" as long as you're careful about applying the aforementioned registry poke on all of your WTS systems. (Turning off NT SMBs does work, though... we did that before we found out about the registry setting. But I think you lose NT ACL support when you turn off NT SMB support, among other things). IMHO, it's good practice to turn off multiple users per connection on large WTS installations regardless of whether you're using Samba for your file services. Why someone thought having the muxing as the default behavior was a good thing is a mystery to me... -Andrew (different guy than the Andy mentioned above :-) ) From jacksonm at ssh.com Fri Sep 22 06:17:10 2000 From: jacksonm at ssh.com (Mike Jackson) Date: Tue Dec 2 02:31:31 2003 Subject: Samba and LDAP In-Reply-To: <20000921191650.A6166@okb.lv> References: <20000921191650.A6166@okb.lv> Message-ID: <0009220923110N.16339@herkkusieni.hel.fi.ssh.com> On Thu, 21 Sep 2000, Denis J. Cirulis wrote: > Hello ! > > Who can explain me about LDAP and Samba. Is there any bonuses to use > LDAP with samba ? > > P.S.: I can't quite get the idea of using LDAP > -- > My other computer is a 4000 node Beowulf cluster. Two bonuses: 1. Centralized storage of user accounts and information, one account to create for unix, windows, email, apache password protected intranet pages, etc. One account to disable or delete when someone leaves. 2. Samba will free you from NT Servers, which will thus free you from getting calls in the middle of the night, greatly reduce downtime, and help to protect your professional reputation as an administrator. I would like the specs on how it all runs on your Beowulf cluster :-) That sounds like something I may be interested in... Mike From Mariagrazia.Usai at infores.com Fri Sep 22 07:04:33 2000 From: Mariagrazia.Usai at infores.com (Usai, Mariagrazia) Date: Tue Dec 2 02:31:31 2003 Subject: Problems with samba v. 2.0.6 Message-ID: <398A86D43640D311B45D00AA00ACFD3EC8A852@milan27.infores.it> Hi, can you help me? I configured the samba server v. 2.0.6 on a HP-UX 11.00 system to share a large directory ( 80Gbytes ) in a NT domain with NT 4.0 clients. The security method is 'domain', and the access to the share is granted by a read and write list of unix groups. All the parameters in smb.conf file are set to their default values. After few minutes the server is started, a core is dumped on the /opt/samba/bin directory, and a new core is dumped each 10-15 minutes, even if any user access the share or browse the server. However, the server continue to stay up and running, but if I start from 10 clients a process that access ( read and write ) continuosly and concurrently a great number of large files ( average size: 500Mbytes ) on the share, each client stops the process because a network error ( read error on the share ) occurred. What I can do? Thanks in advance for your help. Maria Grazia Usai. HP-UX System Administrator -------------- next part -------------- HTML attachment scrubbed and removed From rszczesniak at mis.com.pl Fri Sep 22 07:27:20 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:31 2003 Subject: Logoff problem !! Message-ID: Are you sure, that connection is NEVER closed ? Rafa? "Pascal OFFREDO" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-21 23:42 Odpowiedz do "Pascal OFFREDO" Do: DW: Temat: Logoff problem !! Hi, I'm using a SAMBA TNG 2.6 pdc and a NT4 SP6 WS. When I logoff from the workstation and use the smbstatus command I can see one or more process from my connection running . They never disappear. The only way to work this problem around was to set "dead time = 1" in smb.conf ! Is it a good idea ? Has anyone met this problem before From PerKjetil.Grotnes at pbe.oslo.kommune.no Fri Sep 22 07:32:52 2000 From: PerKjetil.Grotnes at pbe.oslo.kommune.no (Grotnes Per Kjetil PBE-SIT) Date: Tue Dec 2 02:31:31 2003 Subject: Terminal Server and samba config 2.0.7 In-Reply-To: <14794.52693.95877.817404@barneybox.bogus.domain> Message-ID: <"3657 00/09/22 09:32*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> Andrew writes: > FYI, we've been running our Windows Terminal Server systems with the > registry fix referenced by the KB entry above > (MultipleUsersOnConnection = 0) for the past year or so, and it solved > the problems associated with all of the users being handled by the > same smbd process (i.e. locking issues, reliability problems, etc). Good to know. We are on our first day testing this fix now. > We're running with NT SMB support enabled, so there's no need to set > "nt smb support = no" as long as you're careful about applying the > aforementioned registry poke on all of your WTS systems. (Turning off > NT SMBs does work, though... we did that before we found out about the > registry setting. But I think you lose NT ACL support when you turn > off NT SMB support, among other things). Well, I am desperate. I would have manually turned the CPU fans if they said that would help. :-) I will remove the "nt smb support = no" later if this works now. But as it is, "do not change a winning team". I will have to check up on what features I will lose by this. Regards Per Kjetil Grotnes --- IT-Seksjonen, Plan- og bygningsetaten, Oslo Kommune Tlf: 22 66 26 61, Fax: 22 66 26 65 From simo.sorce at polimi.it Fri Sep 22 10:06:01 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:31 2003 Subject: Unwanted mapped drives under NT 4.0 References: <01C023D9.BF3FD1C0.stephane.ouellette@tektrend.com> Message-ID: <39CB2F09.2749D8BC@polimi.it> Stephane Ouellette wrote: > > Hi everyone, > > I have set up a Samba PDC (version pre3.0.0, RedHat 6.2, Intel CPU) but > when a user is logged on the domain from a WinNT4 client, unwanted mapped > drives appear after a few hours. > > Here is the contents of the user's logon script: > > NET USE X: \\MYPDC\PUB > NET USE Y: \\MYPDC\PUB-RW > > Here is a description of what happens... > > When the user logs on, both drives are successfully mapped. After a few > hours, the first share (\\MYPDC\PUB) is mapped on F: G: H: I: until no > drive letters are available......... > > I noticed that only on Win NT4, not Win98. > > I would like to know if anyone else has seen such a behaviour. > > Any suggestions would be appreciated... > Thanks. > > Stephane Ouellette I know very well this problem. It's an Windows problem, not a samba one. The problem rely in the "Intelligent" way microsoft use shortcuts. If you install a program on a share the fullnetworkpath is stored in the shortcut as the relative path. ex: \\myserver\myshare\mypath\myprog + Z:\mypath\myprog (Z: maps \\myserver\myshare) When you run a program through a share (also if Z: is still mapped to \\myserver\myshare) the "smart" shortcut resolves the program name through the fullnetworkpath (\\myserver\myshare\mypath\myprog) and allocate a drive lettere on his own (the first available). It uses the (correct) mapped path (Z:...) only if it can't found the shared fullpath. We discovered the problem when try to load balance between two servers dicovering that while we mapped two machine to two servers only the installation used one were actually used. A way to avoid is to set a registry key on NT workstation, unfortunately I can't rember the key, but anyway we saw this method not always worked. Another way is to pass your shortcuts through the "shortcut.exe" executable you find on MS site, the problem is that this software effectively work only on win9x machines (it runs on NT but do not change the shortcut). You need to use the option -s (stupid) to avoid shortcut using the UNC name and force them using the mapped associated path. my 2c, Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From roym at programmer.net Fri Sep 22 13:33:34 2000 From: roym at programmer.net (Roy Marshall) Date: Tue Dec 2 02:31:31 2003 Subject: NT Locks my account. Why? Message-ID: <379631240.969629618296.JavaMail.root@web305-mc.mail.com> Hi I am new to SAMBA. Some help will be most appreciated. My current smb.conf settings: security = server guest user = true guest account = ... deadtime = 15 I can mount my unix drive from windows NT and everything works well, but for some unknown reason, NT locks me out occassionally. (+/- 1 a day) But this config will be for +/- 50 users and therefore i need to resolve this annoying problem of accounts being locked up. Anyone have ideas? Roy (I am using 'guest user' so as to avoid adding 75 user accounts to unix.) ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup From k.blin at gmx.net Fri Sep 22 15:35:18 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:31 2003 Subject: Salutation and samba optimization question In-Reply-To: <9B6B824220DBD311BF5A1000974B43B3211895@EXCH05001>; from aarjona@banistmo.com on Wed, Sep 20, 2000 at 03:28:57PM -0500 References: <9B6B824220DBD311BF5A1000974B43B3211895@EXCH05001> Message-ID: <20000922173518.A17582@molgen-6.iah.medizin.uni-tuebingen.de> On Wed, Sep 20, 2000 at 03:28:57PM -0500, Arjona, Ariel wrote: > First of all, hello to all in this mailing list. My first time here :) Congratulations and welcome :) > Could someone point e to documents explaining how to optimize samba's > performance? I'm looking for long periods of operating time (forever would > be fine, thank you :P), not necessarily speed. You just mean uptime? I have had more than 3 month no problems uptime with samba so far, an that was only terminated by power failure of the whole building :) > I'm running SuSE6.4 with no other services than samba, proftpd and inetd > (telnet is the only thing I use it for. I plan to use SSH soon). You should do that, yes. > I will connect to an NT Domain and share some folders with info I receive > via FTP from the Internet. The connecting clients are almost surely only NT4 > and W2K boxes. > > My version of samba is 2.0.6-48. BTW, Is there any strong reason for me to > upgrade to the latest version? IMHO you'll need samba TNG for Win2k clients. Have a look at the FAQ at: http://www.samba.org/samba/docs/ntdom_faq/page1.html#1-2 (or a mirror near your place) Good luck, Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Isn't air travel wonderful? Breakfast in London, dinner in New York, luggage in Brazil. From k.blin at gmx.net Fri Sep 22 15:44:55 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:31 2003 Subject: samba password verification without a domain? In-Reply-To: <39C961B5.F6B21BDE@fractalgraphics.com.au>; from hugo@fractalgraphics.com.au on Thu, Sep 21, 2000 at 09:17:41AM +0800 References: <39C961B5.F6B21BDE@fractalgraphics.com.au> Message-ID: <20000922174455.B17582@molgen-6.iah.medizin.uni-tuebingen.de> On Thu, Sep 21, 2000 at 09:17:41AM +0800, Hugo Bouckaert wrote: > Hi Hi! > I downloaded and installed samba 2.0.7 on an SGI box running Irix 6.5. I > was hoping to use the new feature, joining the NT domain, for samba > access password verification, so NT passwords can be used to access Unix > boxes in the network neighborhood. > > However, we only have an NT workgroup, not an NT domain. On the > information pages regarding joining an NT domain, it states you have to > add the samba server to the primary domain controller for the NT domain. > > Does this mean it is totally impossible to add a samba server to > individual NT computers in the workgroup, i.e. do yo have to have an NT > domain with a primary domain controller or is there a way to add the > samba server to individual NT boxes, so that from those, you can use > your NT password to access the samba share? > You could set the security to share level and allow only some users in each share section. You'll have to create the users on the irix box too, though. HTH Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Isn't air travel wonderful? Breakfast in London, dinner in New York, luggage in Brazil. From rszczesniak at mis.com.pl Fri Sep 22 15:49:40 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:31 2003 Subject: Salutation and samba optimization question Message-ID: Kai Blin Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-22 17:35 Do: "Samba-Ntdom (E-mail)" DW: Temat: Re: Salutation and samba optimization question On Wed, Sep 20, 2000 at 03:28:57PM -0500, Arjona, Ariel wrote: > First of all, hello to all in this mailing list. My first time here :) Congratulations and welcome :) > Could someone point e to documents explaining how to optimize samba's > performance? I'm looking for long periods of operating time (forever would > be fine, thank you :P), not necessarily speed. You just mean uptime? I have had more than 3 month no problems uptime with samba so far, an that was only terminated by power failure of the whole building :) My best uptime is 10 months,so far. It would be longer, but I had to do system shutdown and replace some hardware. Samba 2.0.7 runs there as file/print server and domain logon server. If nothing change, soon, uptime will reach 1 year ! > I'm running SuSE6.4 with no other services than samba, proftpd and inetd > (telnet is the only thing I use it for. I plan to use SSH soon). You should do that, yes. > I will connect to an NT Domain and share some folders with info I receive > via FTP from the Internet. The connecting clients are almost surely only NT4 > and W2K boxes. > > My version of samba is 2.0.6-48. BTW, Is there any strong reason for me to > upgrade to the latest version? IMHO you'll need samba TNG for Win2k clients. Have a look at the FAQ at: http://www.samba.org/samba/docs/ntdom_faq/page1.html#1-2 (or a mirror near your place) Good luck, Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Isn't air travel wonderful? Breakfast in London, dinner in New York, luggage in Brazil. From stancel at netlife.de Fri Sep 22 16:13:30 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:31 2003 Subject: HELP! Message-ID: <39CB852A.158349BA@netlife.de> Hi all, we are using samba-tng 2.6 as PDC. Since a NT machine crashed on which I was logged in, I can not log in to the domain from any NT machine. The message I become is: "The system can not log you on (C0000078). Please try again or consult your system administrator." What is (C0000078) ??? I have deleted my smb account and make the same one, but it's still the same error. What can I do ? Sorry for my bad english, Marek From rszczesniak at mis.com.pl Fri Sep 22 16:33:50 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:32 2003 Subject: Odp: HELP! Message-ID: Marek Stancel Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-22 18:13 Do: samba DW: Temat: HELP! Hi all, we are using samba-tng 2.6 as PDC. Since a NT machine crashed on which I was logged in, I can not log in to the domain from any NT machine. The message I become is: "The system can not log you on (C0000078). Please try again or consult your system administrator." What is (C0000078) ??? I have deleted my smb account and make the same one, but it's still the same error. What can I do ? Did you also delete profile of the user last logged in ? Especially files ntuser.dat and similiar *.log files from profiles share may be corrupted. Sorry for my bad english, Mine also isn't perfect. The most important is to understand each other correctly. Rafa? Marek From stancel at netlife.de Fri Sep 22 17:26:13 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:32 2003 Subject: Odp: HELP! References: Message-ID: <39CB9635.89F71321@netlife.de> > Did you also delete profile of the user last logged in ? > Especially files ntuser.dat and similiar *.log files > from profiles share may be corrupted. Now I did, but without any success. I've got he same error. Marek From Kevin.Colagio at usa.xerox.com Fri Sep 22 18:13:22 2000 From: Kevin.Colagio at usa.xerox.com (Colagio, Kevin) Date: Tue Dec 2 02:31:32 2003 Subject: Cannot join an NT domain Message-ID: Misc: NT 4.0 with whatever patches is the PDC and BDC Solaris 2.8 with Samba 2.0.7 (fresh compile) Steps followed: 1) Installed Samba on the Solaris box. 2) Added the name of the Samba box (USADURANGO) to the NT domain (USAMCR1). 3) Added the names for the PDC and BDC to the lmhosts file. 4) Added the PDC and BDC to the smb.conf file under "password server" setting. 5) Defined the WINS server 6) Set the NETBIOS name (USADURANGO). 7) Tried to run: smbpasswd -j USAMCR1 8) Received the following: cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine USAMCDC1. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine USAMCDC2. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 2000/09/22 14:00:55 : change_trust_account_password: Failed to change password for domain USAMCR1. Unable to join domain USAMCR1. As per the directions to do this, it should have worked. Besides changing the IP addresses, here is my current smb.conf: # Global parameters [global] workgroup = workgroup netbios name = USADURANGO server string = interfaces = hme0 # security = domain # encrypt passwords = Yes password server = usamcdc1 usamcdc2 os level = 0 local master = No wins server = w.x.y.z [homes] comment = Home Directories path = /u/%u writeable = Yes hosts allow = w.*.*.* Thanks for the help in advance.... Kevin Colagio kevin.colagio@usa.xerox.com System Administrator and Perpetual Student From merkes at t-online.de Fri Sep 22 19:21:53 2000 From: merkes at t-online.de (markus stephany) Date: Tue Dec 2 02:31:32 2003 Subject: Odp: HELP! In-Reply-To: <39CB9635.89F71321@netlife.de> References: <39CB9635.89F71321@netlife.de> Message-ID: <17718494653.20000922212153@merkespages.de> Hello Marek, Friday, September 22, 2000, 7:26:13 PM, you wrote: >> Did you also delete profile of the user last logged in ? >> Especially files ntuser.dat and similiar *.log files >> from profiles share may be corrupted. MS> Now I did, but without any success. MS> I've got he same error. MS> Marek nt's status codes are described in this text: http://www.net3group.com/SMB_NT_Status_Codes.txt C0000078 means STATUS_INVALID_SID maybe the sid of the samba server has been corrupted somehow? -- rgds, markus stephany ==================================== mailto:merkes@merkespages.de http://www.merkespages.de From paxus at onepine.com Fri Sep 22 23:08:03 2000 From: paxus at onepine.com (Paxus) Date: Tue Dec 2 02:31:32 2003 Subject: Where is smbpasswd? Message-ID: <200009222305.TAA23443@ns1.onepine.com> I've seem to run across a problem. I've compiled and installed samba-tng-2.6 several times and every time, it fails to build the smbpasswd executable. Why is that? I've tried this on both Redhat and SuSE running kernels raning from 2.2.16 to 2.4.0-test5. From frankh at mwes.com Fri Sep 22 23:34:02 2000 From: frankh at mwes.com (Frank) Date: Tue Dec 2 02:31:32 2003 Subject: Remote logon cannot see domain Message-ID: Hi, I am having trouble access my local network when I dial in to my Linux firewall using a Windows95 client. I get the Windows network logon panel OK, but after I try to logon I get the 'No domain controller could be found' message and of course then I am unable to access any of the network. (After I acknowledge the error I am successfully logged on to the Linux box.) If I try the same thing on a Windows 2000 client I can logon if I leave the domain field blank. If I fill it in with the real domain name it rejects it with a message about invalid or expired password. I do have the user set up in Samba BTW. While connected I can ping any machine on the LAN by number. I can also successfully ping any machine I make an entry in hosts for. I am running Samba 2.0.7 on SuSE 6.2 Linux 2.2.10. Besides the Linux box my network consists of several Win9x and NT 4.0 workstations, an NT 4.0 Server which acts as the PDC and is also the WINS server. The NT Server is 192.168.1.2 and the Linux is 192.168.1.4. All is well in the office, i.e. the Windows machines can see the Linux files and vice versa when connected via Ethernet TCP/IP. The relevant entries in smb.conf are: workgroup = ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I have a domain name and a workgroup name involved in the various Windows settings. I am assuming the *domain* name is what I put here. Correct? interface = 192.168.1.4/255.255.255.0 security = server encrypt passwords = Yes password server = 192.168.1.2 domain logons = Yes wins server = 192.168.1.2 local master = Yes domain master = No preferred master = No I have also tried to join the domain with smbpasswd -j and I get an error NT_STATUS_INVALID_COMPUTER_NAME Any suggestions? Frank Holt Phone: (414) 327-0000 Project Engineer Fax: (414) 327-8821 Midwest Engineering Systems, Inc e-mail: frankh@mwes.com From sharpe at ns.aus.com Fri Sep 22 13:51:54 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:31:32 2003 Subject: Problems with copying an NT server's users and passwd hashes to Samba Message-ID: <3.0.6.32.20000922225154.00ad1340@203.16.214.248> Hi, I am looking for clarification on the problems surrounding copying an NT server's users to Samba. While it is easy to dump the user accounts using PWDUMP2, I am lead to believe, especially if you have workstations that are members of the domain, there are a couple of additional problems: - The domain SID must match or the workstations will not be able to log onto the domain. - User RIDs may/will be different, so user info, may also be a problem. While it is possible that one could pre-initialize the Samba SID file, it seems that the problems with RIDs may be insurmountable. Can anyone lead me through the problem areas? Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From martin at zamenhof.demon.co.uk Sat Sep 23 11:18:25 2000 From: martin at zamenhof.demon.co.uk (Martin Radford) Date: Tue Dec 2 02:31:32 2003 Subject: Unwanted mapped drives under NT 4.0 In-Reply-To: <39CB2F09.2749D8BC@polimi.it> from "Simo Sorce" at Sep 22, 2000 10:06:01 AM Message-ID: <200009231118.MAA15564@zamenhof.demon.co.uk> > > A way to avoid is to set a registry key on NT workstation, unfortunately > I can't rember the key, but anyway we saw this method not always worked. ----------8<------------------ REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "LinkResolveIgnoreLinkInfo"=dword:00000001 ----------8<------------------ > Another way is to pass your shortcuts through the "shortcut.exe" > executable you find on MS site, the problem is that this software > effectively work only on win9x machines (it runs on NT but do not change > the shortcut). > You need to use the option -s (stupid) to avoid shortcut using the UNC > name and force them using the mapped associated path. There's a free utility from Coffee Computing called "scut" that I use a lot to do this, and it deals with Windows NT and Windows 2000 shortcuts correctly. (It's also supposed to work with Win 95, but I've never tried it.) http://www.coffeecomputing.com/free/index.html Martin -- Martin Radford | "Only wimps use tape backup: _real_ martin@zamenhof.demon.co.uk | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V From gcarter at valinux.com Fri Sep 22 22:53:36 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:32 2003 Subject: TNG-stable References: <39C9D81A.2EA78E2B@levi.spb.ru> Message-ID: <39CBE2F0.5B2DAD41@valinux.com> Anatoly Ivanov wrote: > > Hello, > > Is there anybody who knows what's going on with TNG branch? > I have TNG-2.6 up and running, but it sill have some bugs > (VERY weird bugs sometimes). > > I'd like to 'cvs co', but I'm not sure that it's a good idea to > snapshot the development branch. > > So, can you please tell me what branch/tag should I use to get > latest TNG-STABLE? There is no TNG-STABLE. Luke has quite working on TNG (and Samba) for the current future for other projects. Elrond is merging a few changes from head, but the branch is basically stagnant for now. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ekw540 at hotmail.com Sat Sep 23 21:20:36 2000 From: ekw540 at hotmail.com (Ed Wong) Date: Tue Dec 2 02:31:32 2003 Subject: (no subject) Message-ID: When smbd is started, I get "Binding Error - Socket 0.0.0.0 is already in use" Anyone seen this error before ? Thanks Ed Wong _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From karthik_krish76 at yahoo.com Sat Sep 23 21:37:47 2000 From: karthik_krish76 at yahoo.com (karthik krishnamurthy) Date: Tue Dec 2 02:31:32 2003 Subject: problem with samba tng 2.6 Message-ID: <20000923213747.10895.qmail@web615.mail.yahoo.com> hello all, i am running samba tng 2.6. i had obtained a tar.gz from one of the archives. the timestamp on the the tarball is Aug 7. i am facing the following problem with it. when trying to make map files i get these messages in the logs Unknown parameter encountered: "domain group map" Ignoring unknown parameter: "domain group map" could somebody help me out please __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ From tmanthey at gmx.de Sat Sep 23 23:58:35 2000 From: tmanthey at gmx.de (Tobias Manthey) Date: Tue Dec 2 02:31:32 2003 Subject: Samba TNG-2.6: File permission problem References: <20000923190217.3C1E831175@us4.samba.org> Message-ID: <3802.969753515@www4.gmx.net> Hi all, please anyone correct me when I state there is no other way to integrate W2K Clients into a Samba Domain, than to use Samba-TNG? If so can help me anyone with the following problem. The follwing directory is shared among the clients drwxrwxrwx 8 tobias manager 4096 Sep 24 00:30 public [public] path = /usr/local/samba/shares/public public = no comment = Public Share create mask = 775 directory mask = 775 writable = yes force create mode = 774 My goal is to create directories to which an ordinary user can add files but cannot overwrite the existing ones. So my apporach was the following: create a file below public: -rw-r--r-- 1 tobias manager 0 Sep 24 00:44 test.txt (note that a ordinary user does no belong to the group manager) But I was kinda suprised that every user can delete this file. Even if it belonds to root:root with 700 permissions. Is this a wanted behavior? TIA Tobias -- Sent through GMX FreeMail - http://www.gmx.net From anders at cwd.no Sun Sep 24 07:39:20 2000 From: anders at cwd.no (anders@cwd.no) Date: Tue Dec 2 02:31:32 2003 Subject: Samba TNG-2.6: File permission problem Message-ID: This is not a samba-issue, it's defined behavior under *NIX: Delete access under UNIX requires w(rite) access to the directory which the file is placed in, i.e. your WORLD-writeable directory is the reason for this. From anders at cwd.no Sun Sep 24 07:45:27 2000 From: anders at cwd.no (anders@cwd.no) Date: Tue Dec 2 02:31:32 2003 Subject: Samba TNG-2.6: File permission problem Message-ID: Forgot to add: chmod o+t directoryname should do the trick (pay attention to your /tmp, as this should have this set as well... ) PS: I't in the HOWTO as well. --Anders anders@cwd.no Sent by: samba-ntdom-admin@us4.samba.org 09/24/2000 01:39 AM To: Tobias Manthey cc: samba-ntdom@us4.samba.org Subject: Re: Samba TNG-2.6: File permission problem This is not a samba-issue, it's defined behavior under *NIX: Delete access under UNIX requires w(rite) access to the directory which the file is placed in, i.e. your WORLD-writeable directory is the reason for this. From lkcl at samba.org Sun Sep 24 15:44:37 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:32 2003 Subject: TNG-stable In-Reply-To: Message-ID: > > So, can you please tell me what branch/tag should I use to get > > latest TNG-STABLE? > > There is no TNG-STABLE. Luke has quite working on TNG > (and Samba) for the current future for other projects. > Elrond is merging a few changes from head, but the branch > is basically stagnant for now. it's not stagnant: the project is terminated. From c2z4s9 at hotmail.com Sun Sep 24 22:10:18 2000 From: c2z4s9 at hotmail.com (John Doe) Date: Tue Dec 2 02:31:33 2003 Subject: TimeStamp problem Message-ID: >I am running into a problem with timestamps. It would seem that whenever a >file is copied from a remote Windows NT or 2000 machine the resulting file >on the Samba machine has a current timestamp. It would also seem that if >you copy a file from a windows 95/98 machine to the samba file server the >timestamp information is preserved from the origional file. > >Is there a way to preserve timestamp info when copying from a WinNT / 2000 >machine to the Samba server? > >_________________________________________________________________________ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > >Share information about yourself, create your own public profile at >http://profiles.msn.com. > > _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From marsaro at suse.com Sun Sep 24 23:34:36 2000 From: marsaro at suse.com (Jon Doyle) Date: Tue Dec 2 02:31:33 2003 Subject: TimeStamp problem In-Reply-To: Message-ID: Hi John Doe; What it seems is that you need a way to make all your files, be these on a remote or locale machine in sync. Is there any thoughts to NTP, and having these services available for your systems, using UTC for example? Where are the clients in relation to the services? On Sun, 24 Sep 2000, John Doe wrote: > > > > > >I am running into a problem with timestamps. It would seem that whenever a > >file is copied from a remote Windows NT or 2000 machine the resulting file > >on the Samba machine has a current timestamp. It would also seem that if > >you copy a file from a windows 95/98 machine to the samba file server the > >timestamp information is preserved from the origional file. > > > >Is there a way to preserve timestamp info when copying from a WinNT / 2000 > >machine to the Samba server? > > > >_________________________________________________________________________ > >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > >Share information about yourself, create your own public profile at > >http://profiles.msn.com. > > > > > > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > Share information about yourself, create your own public profile at > http://profiles.msn.com. > > Regards, Jon ______________________ Jon R. Doyle SuSE Linux Inc. Director of Professional Services 580 Second Street, Suite 210 Oakland, Ca. 94607 + 510 - 628 - 3380 ext. 5068 www.suse.com ______________________ **The Network is the People** From hugo at fractalgraphics.com.au Mon Sep 25 01:17:39 2000 From: hugo at fractalgraphics.com.au (Hugo Bouckaert) Date: Tue Dec 2 02:31:33 2003 Subject: samba NT password with workgroup only? References: Message-ID: <39CEA7B3.AFEB3F18@fractalgraphics.com.au> Hi I downloaded and installed samba 2.0.7 on an SGI box running Irix 6.5.8. I was hoping to use the new feature, joining the NT domain, for samba access password verification, so NT passwords can be used to access Unix boxes in the network neighborhood. However, we only have an NT workgroup, not an NT domain. On the information pages regarding joining an NT domain, it states you have to add the samba server to the primary domain controller for the NT domain. Does this mean it is totally impossible to add a samba server to individual NT computers in the workgroup, i.e. do yo have to have an NT domain with a primary domain controller or is there a way to add the samba server to individual NT boxes, so that from those, you can use your NT password to access the samba share? Any information/help will be most appreciated. Thanks Hugo -- Dr Hugo Bouckaert R&D Support Engineer, Fractal Graphics 39 Fairway, Nedlands Western Australia 6009 Tel: 9284 8442 Email:hugo@fractalgraphics.com.au Web: http://www.fractalgraphics.com.au From simona at uchicago.edu Sun Sep 24 21:15:06 2000 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:31:33 2003 Subject: samba NT password with workgroup only? References: <39CEA7B3.AFEB3F18@fractalgraphics.com.au> Message-ID: <39CE6EDA.E6AE31E9@uchicago.edu> Hugo Bouckaert wrote: > > Does this mean it is totally impossible to add a samba server to > individual NT computers in the workgroup, i.e. do yo have to have an NT > domain with a primary domain controller or is there a way to add the > samba server to individual NT boxes, so that from those, you can use > your NT password to access the samba share? You can use a samba server with NT workstations in a workgroup but the question is why would you want to? As you have only peer-to-peer behavior right now, I'd suggest implementing a domain using samba. With only a work group you have the problem of administering user accounts on *each and every* NT box...not pleasant. You now have the opportunity to reduce that administration load considerably. Samba 2.0.7 does a great job of acting as a domain controller for NT machines. I run two servers that give my faculty access to their email, file sharing (samba and appletalk), ftp, ssh all with one login. That's as close to zero admin as I can get here. Samba and netatalk both work quite happily within the NIS scheme I use to keep the unix authentication centralized. Simon -- University of Chicago From stancel at netlife.de Mon Sep 25 06:45:55 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:33 2003 Subject: Odp: HELP! References: <39CB9635.89F71321@netlife.de> <17718494653.20000922212153@merkespages.de> Message-ID: <39CEF4A3.321AFA7E@netlife.de> markus stephany wrote: > > Hello Marek, > > Friday, September 22, 2000, 7:26:13 PM, you wrote: > > >> Did you also delete profile of the user last logged in ? > >> Especially files ntuser.dat and similiar *.log files > >> from profiles share may be corrupted. > > MS> Now I did, but without any success. > MS> I've got he same error. > > MS> Marek > > nt's status codes are described in this text: > http://www.net3group.com/SMB_NT_Status_Codes.txt > > C0000078 means STATUS_INVALID_SID > > maybe the sid of the samba server has been corrupted somehow? ...but I still do not unterstand it. We have ~30 Windows9X/NT User and no one of them have the same problem like me. Am I right, that if the sid of the samba server would be corrupted - any logon's would be decline ? thank you for any help, Marek From stancel at netlife.de Mon Sep 25 06:49:45 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:33 2003 Subject: Where is smbpasswd? References: <200009222305.TAA23443@ns1.onepine.com> Message-ID: <39CEF589.AFD5EAC0@netlife.de> Paxus wrote: > > I've seem to run across a problem. > I've compiled and installed samba-tng-2.6 several times and every time, it > fails to build the smbpasswd executable. Why is that? > I've tried this on both Redhat and SuSE running kernels raning from 2.2.16 > to 2.4.0-test5. The same happens to me with Solaris7 on a sparc machine. On RH 6.1 I 've got smbpasswd... Marek From johan.ostensson at orebro.lantmen.se Mon Sep 25 07:01:59 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:31:33 2003 Subject: exchange server Message-ID: <20000925070301.BC7D8659820@au2.samba.org> Does anyone know if it's possible to have a MS Exchange server in a TNG-controled domain? Since Exchange server authenticate it's users from the PDC... /Johan From avi at levi.spb.ru Mon Sep 25 08:23:56 2000 From: avi at levi.spb.ru (Anatoly Ivanov) Date: Tue Dec 2 02:31:33 2003 Subject: TNG-stable References: Message-ID: <39CF0B9C.1FAEDABF@levi.spb.ru> Hi, What does it mean? Maybe we'll get fine working NTDomain code in HEAD or we'll never get it at all? --- wbr, avi. Luke Kenneth Casson Leighton wrote: > [skip] > it's not stagnant: the project is terminated. From lkcl at samba.org Mon Sep 25 08:39:03 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:33 2003 Subject: TNG-stable In-Reply-To: <39CF0B9C.1FAEDABF@levi.spb.ru> Message-ID: On Mon, 25 Sep 2000, Anatoly Ivanov wrote: > Hi, > > What does it mean? Maybe we'll get fine working NTDomain code > in HEAD or we'll never get it at all? due to what i consider to be incredible arrogance on the part of the primary samba developers, whose opinion of TNG and the people i have been encouraging to help with TNG's development - including yourself, if you use TNG - is, by association, extremely low, you will have to ask that question of them, not of me. From stancel at netlife.de Mon Sep 25 12:00:09 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:33 2003 Subject: The system can not log you on (C0000078) Message-ID: <39CF3E49.91AAD068@netlife.de> Hi all, sorry, but I have to ask you once more for help. >we are using samba-tng 2.6 as PDC. >Since a NT machine crashed on which >I was logged in, I can not log in to >the domain from any NT machine. >The message I become is: >"The system can not log you on (C0000078). >Please try again or consult your system >administrator." ... and this tells me the Logfile: ************************************************************** TODO: verify that the rid exists TODO: verify that the rid exists WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=60001, egid=60001 _lsa_open_secret failed with 0xc0000022 WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=60001, egid=60001 _lsa_open_secret failed with 0xc0000022 WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode TODO: verify that the rid exists WARNING: prs_create initialised a buffer in marshalling-mode prs_grow_data: 32 > 30 WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode ************************************************************** After I heve removed user "stancel" and my profile, I create a new user "stancel" - but I've the same problems. -> removing profile and userid from smbpasswd are the information about the user not 100% removed !? How can I remove all information about the user? Is there any other way to fix this problem ? Thank you for any suggestions, Marek From chebykin at pskov.mts.ru Mon Sep 25 12:07:31 2000 From: chebykin at pskov.mts.ru (Dmitry Chebykin) Date: Tue Dec 2 02:31:33 2003 Subject: Problem with printing from NT Message-ID: <004e01c026e9$2ece95a0$50a9a8c0@pskov.mts.ru> Hello! I have current configuration: SambaTNG, lprng (as spooling software), some HP JetDirect (HP TCP/IP spoolers). From rszczesniak at mis.com.pl Mon Sep 25 12:16:53 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:33 2003 Subject: Odp: Problem with printing from NT Message-ID: Do you want to have HP JetDirect accessed via Samba or directly ? The other problem is that Samba TNG doesn't have full NT-style printing support. Rafa? "Dmitry Chebykin" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-25 14:07 Do: DW: Temat: Problem with printing from NT Hello! I have current configuration: SambaTNG, lprng (as spooling software), some HP JetDirect (HP TCP/IP spoolers). From k.blin at gmx.net Mon Sep 25 12:19:27 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:33 2003 Subject: TNG-stable In-Reply-To: ; from lkcl@samba.org on Mon, Sep 25, 2000 at 06:39:03PM +1000 References: <39CF0B9C.1FAEDABF@levi.spb.ru> Message-ID: <20000925141927.B3342@molgen-6.iah.medizin.uni-tuebingen.de> On Mon, Sep 25, 2000 at 06:39:03PM +1000, Luke Kenneth Casson Leighton wrote: > On Mon, 25 Sep 2000, Anatoly Ivanov wrote: > > > Hi, > > > > What does it mean? Maybe we'll get fine working NTDomain code > > in HEAD or we'll never get it at all? > > due to what i consider to be incredible arrogance on the part of the > primary samba developers, whose opinion of TNG and the people i have been > encouraging to help with TNG's development - including yourself, if you > use TNG - is, by association, extremely low, you will have to ask that > question of them, not of me. Any people you want us to kick ^H^H^H^H politely ask not to discontinue this stuff? NT PDC/BDC compatibility is the most important thing I need with samba right now. Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Now I lay me back to sleep. The speaker's dull; the subject's deep. If he should stop before I wake, Give me a nudge for goodness' sake. -- Anonymous From k.blin at gmx.net Mon Sep 25 12:24:43 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:33 2003 Subject: exchange server In-Reply-To: <20000925070301.BC7D8659820@au2.samba.org>; from johan.ostensson@orebro.lantmen.se on Mon, Sep 25, 2000 at 09:01:59AM +0200 References: <20000925070301.BC7D8659820@au2.samba.org> Message-ID: <20000925142443.C3342@molgen-6.iah.medizin.uni-tuebingen.de> On Mon, Sep 25, 2000 at 09:01:59AM +0200, Johan ?stensson wrote: > Does anyone know if it's possible to have a MS Exchange server in a > TNG-controled domain? Since Exchange server authenticate it's users from the > PDC... Do you _really_ need Exchange? There are quite a bunch of security issues with Exchange. Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Now I lay me back to sleep. The speaker's dull; the subject's deep. If he should stop before I wake, Give me a nudge for goodness' sake. -- Anonymous From ccollingwood at satx.rr.com Mon Sep 25 12:53:17 2000 From: ccollingwood at satx.rr.com (Craig Collingwood) Date: Tue Dec 2 02:31:33 2003 Subject: Samba problems Message-ID: <39CF4ABD.5694A101@satx.rr.com> Am running the SUN Samba version 2.0 on a Ultra 4500 file server. Am using NT DNS server and a NT PDC for the password server. After about a week or 15 smbd's samba starts refusing connections. It gives the error that the PDC is refusing the password. If I check the daemons I find that one is building up massive amount of time and is owned by a single user instead of root. If I kill that process people are able to connect again. Or if I stop and restart the samba daemons people can reconnect. Any ideas on what I could due to eliminate the problem. E4500 - running Solaris 2.6 5/98 with the recommended patch set from April. NT box - running NT4.0 with service pack 6. Using shadowed password on the sun and running with encrypted passwords set to no. HELP!!!!! From TSchroeder at innonics.de Mon Sep 25 13:00:06 2000 From: TSchroeder at innonics.de (=?utf-8?Q?Tom_Schr=C3=B6der?=) Date: Tue Dec 2 02:31:33 2003 Subject: Samba as PDC Message-ID: Hi, I read a lot about using Samba as an PDC. I don't want to setup tons of NT-Servers for our Windows 98 clients. Therefore I'm looking for a solution to provide all these services from a linux box. The authentication should also be at a central point. Could anybody give me some hints which tools I should use (25 users). have fun, bye!tom -- / Tom Schroeder - Network & Systems Operator \ | Innonics GmbH - Am Holzgraben 3 - 30161 Hannover - GERMANY | \ Visit: http://www.innonics.de/ / From k.blin at gmx.net Mon Sep 25 13:58:09 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:33 2003 Subject: Samba as PDC In-Reply-To: ; from TSchroeder@innonics.de on Mon, Sep 25, 2000 at 03:00:06PM +0200 References: Message-ID: <20000925155809.E3342@molgen-6.iah.medizin.uni-tuebingen.de> On Mon, Sep 25, 2000 at 03:00:06PM +0200, Tom Schr?der wrote: > Hi, Hi. > I read a lot about using Samba as an PDC. I don't want to setup tons of NT-Servers for our Windows 98 clients. Therefore I'm looking for a solution to provide all these services from a linux box. The authentication should also be at a central point. Could anybody give me some hints which tools I should use (25 users). (Ever thought 'bout a mail client that can handle line breaking) Certainly you can use samba for this task. important utilities are samba and (as I'd recommend)the "Using Samba" book form O'Reilly's (online or treeware) You should read the other online info, too. HTH Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Now I lay me back to sleep. The speaker's dull; the subject's deep. If he should stop before I wake, Give me a nudge for goodness' sake. -- Anonymous From sharpe at ns.aus.com Mon Sep 25 12:01:01 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:31:33 2003 Subject: Samba as PDC In-Reply-To: Message-ID: <3.0.6.32.20000925210101.0094e870@203.16.214.248> At 03:00 PM 9/25/00 +0200, =?utf-8?Q?Tom_Schr=C3=B6der?= wrote: >Hi, > >I read a lot about using Samba as an PDC. I don't want to setup tons of NT- >Servers for our Windows 98 clients. Therefore I'm looking for a solution to >provide all these services from a linux box. The authentication should also be >at a central point. Could anybody give me some hints which tools I should use >(25 users). Hi, I wrapped the lines for you .... If your clients are exclusively Win98, then you do not need the PDC capabilities of Samba. Please see the book Special Edition, Using Samba (better than the other book with a similar name :-) for copious details on both logging onto Samba from Win9X clients and using Samba as a PDC with WinNT clients ... >have fun, > >bye!tom >-- > / Tom Schroeder - Network & Systems Operator \ >| Innonics GmbH - Am Holzgraben 3 - 30161 Hannover - GERMANY | > \ Visit: http://www.innonics.de/ / > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From ks at ub.uni-mainz.de Mon Sep 25 14:49:59 2000 From: ks at ub.uni-mainz.de (ks@ub.uni-mainz.de) Date: Tue Dec 2 02:31:33 2003 Subject: TNG-stable Message-ID: <200009251449.QAA04433@betty.ub.uni-mainz.de> With all this trouble around samba-tng lately I'm in the process of cleaning my Sun's from the leftovers of samba and samba-tng and use the new version of Sun PC NetLink (1.2) which you can download from http://www.sun.com/interoperability/netlink/download.html for free (after registration etc. and it's really large, around 262MB). Ok, It's not Free Software in the sense of Open Source, I don't have source to muck with. And it's a real pitty that I cannot use it on my NetBSD machines. But: it's a complete PDC/BDC for NT, supports Win98/95 etc and is doing what I need in my environment. YMMV! Don't get me wrong: I really appreciate the work Luke at al. have done on TNG, but if I can see no future for a once really interesting and promising project, I've to look elsewhere for the tools to get my job done. Just my 2 cents... Kurt Schreiner Ps.: My relationship with Sun Microsystems is as a satisfied coustomer, nothing else. =============================================================================== Dipl.-Inform. Kurt Schreiner Tel. : +49 6131 39 25134 Universitaet Mainz/Zentralbibliothek Fax. : +49 6131 39 24159 o. 23976 Jakob Welder Weg 6, 55128 Mainz Mail : ks @ ub.uni-mainz.de =============================================================================== From kkc at uclink4.berkeley.edu Mon Sep 25 16:00:38 2000 From: kkc at uclink4.berkeley.edu (Kevin Chan) Date: Tue Dec 2 02:31:33 2003 Subject: problems finding server on network neighborhood Message-ID: <4.3.2.7.2.20000925084013.00ad5600@uclink4.berkeley.edu> Hi all, I just need someone to point me in the right direction. Here's what is happening. I have two servers running samba, one strictly for file-sharing and the other is for static webpages. Currently, both servers run Samba 2.0.6 (web one is for our web admins, so they can use windows to modify files) and the web server's samba configuration has the security = server option and the password server is the main file server. Now this has been working until recently when we had to move our workstation computers, which were in the same subnet as the servers, to another location with a different subnet. And to make matters more complicated, these computers are behind a DHCP server that we had to set up due to a shortage of IP's at the new location. So after this move, we now cannot access the web server (though we can see it on Network Neighborhood), but the regular server is just fine. What I have noticed is that when someone tries to browse to the web server, it looks like the computer is looking for something within the subnet. So perhaps the web server is just not broadcasting to the subnet, but I am not sure how to fix this problem... Any suggestions would be great. Thanks in advance, Kevin Chan Systems Administrator Administrative Computing From rszczesniak at mis.com.pl Mon Sep 25 16:25:30 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:34 2003 Subject: Odp: RE: Samba as PDC Message-ID: If you've had using Samba as PDC for Win98 and WinNT on your mind, then you should use Samba TNG, but ... Problem is a bit more complicated. Samba TNG filesharing works quite nice with NT but not with Win98. So, you need combination of Samba TNG (Primary Domain Controller) and Samba HEAD (very good file- and printsharing capabilities) to put netlogon, profiles and possible other share on. BTW: Use your patience in configuring Samba TNG as PDC to work with native NT Servers. You'll probably need it :-) Rafa? Tom Schr?der 00-09-25 16:00 Do: Rafa? Szcze?niak DW: Temat: RE: Samba as PDC Hi, thanks for your fast answer. I'm currently testing it with this SAMBA version. But I have 1-2 NT Servers that I can't be assimilated because they have propietary business-software on them... Can I use SAMBA-2.0.7 as a PDC for these Servers?! have fun, bye!tom -- / Tom Schroeder - Network & Systems Operator \ | Innonics GmbH - Am Holzgraben 3 - 30161 Hannover - GERMANY | \ Visit: http://www.innonics.de/ / > -----Original Message----- > From: Rafa? Szcze?niak [mailto:rszczesniak@mis.com.pl] > Sent: Monday, September 25, 2000 3:52 PM > To: Tom Schr?der > Subject: Odp: Samba as PDC > > > If you need PDC for Windows 98 clients ONLY, then > stable Samba 2.0.7 is enough for you. > > > Rafa? > > > > > > Tom Schr?der > Wys?ane przez: samba-ntdom-admin@us4.samba.org > 00-09-25 15:00 > > > Do: > DW: > Temat: Samba as PDC > > Hi, > > I read a lot about using Samba as an PDC. I don't want to setup tons of > NT-Servers for our Windows 98 clients. Therefore I'm looking for a > solution to provide all these services from a linux box. The > authentication should also be at a central point. Could anybody give me > some hints which tools I should use (25 users). > > have fun, > > bye!tom > -- > / Tom Schroeder - Network & Systems Operator \ > | Innonics GmbH - Am Holzgraben 3 - 30161 Hannover - GERMANY | > \ Visit: http://www.innonics.de/ / > > > > > > From rszczesniak at mis.com.pl Mon Sep 25 16:35:06 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:34 2003 Subject: I don't understand something ... Message-ID: Can somebody explain me (or confirm - I'm scared to say that) what exactly does mean: Samba TNG branch has been terminated ? Does it really mean, that TNG won't be developed any longer ???? :((((( What's official stance of Samba Team developers on this problem ? From wilson at sentrisystems.com Mon Sep 25 17:09:35 2000 From: wilson at sentrisystems.com (Brian Wilson) Date: Tue Dec 2 02:31:34 2003 Subject: smbpasswd -> /etc/passwd Message-ID: <006801c02713$61e6a020$07fea8c0@bubbastop> Is there any way (a script, black magic, etc) to convert smbpasswd passwords to either shadowed or md5'd passwords? I know there's a "unix sync password" option, but this doesn't work for me in the latest TNG: getsmbfilepwent: returning passwd entry for unix user homey, unix uid 10042 Password change for user: homey Dochild for user homey (uid=0,gid=0) expect: Input/output error Response 2 incorrect Child failed to change password: homey Thanks, Brian From rszczesniak at mis.com.pl Mon Sep 25 17:15:05 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:34 2003 Subject: smbpasswd -> /etc/passwd Message-ID: There's no script converting smbpasswd into passwd/shadow because smb passwords are encrypted with different algorithm than the unix passwd (both shadow and md5). So, direct converting is almost impossible because it would have to work like brute force attack... The only way is to use samba 'unix sync password' feature. To trace problem, you need more "rich" log files. Rafa? "Brian Wilson" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-25 19:09 Do: DW: Temat: smbpasswd -> /etc/passwd Is there any way (a script, black magic, etc) to convert smbpasswd passwords to either shadowed or md5'd passwords? I know there's a "unix sync password" option, but this doesn't work for me in the latest TNG: getsmbfilepwent: returning passwd entry for unix user homey, unix uid 10042 Password change for user: homey Dochild for user homey (uid=0,gid=0) expect: Input/output error Response 2 incorrect Child failed to change password: homey Thanks, Brian From Jwinn at krauto.com Mon Sep 25 17:29:50 2000 From: Jwinn at krauto.com (Jeremy Winn) Date: Tue Dec 2 02:31:34 2003 Subject: Stupid Question Message-ID: <01c02716$35911c00$d8fea8c0@-jwinn.krauto.com> I am using samba 2.07. In SWAT there are five parameters: domain groups, domain admin groups, domain guest group, domain admin users, and domain guest users. There is no information in SWAT to tell me what these parameters do, or how to use them. Maybe I am going to answer my own question here. Do I create those particular groups In WinNT and then map them through the /etc/smb.conf. Is any one else using these parameters, and if so how do you make them work. I have searched for answers through all the documentation, but all of the docs. tell me to come here. Thanks, JWinn -------------- next part -------------- HTML attachment scrubbed and removed From rszczesniak at mis.com.pl Mon Sep 25 17:38:44 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:34 2003 Subject: Odp: Stupid Question Message-ID: You just place your particular group (eg. admin) on the list 'domain admin groups' and then members of admin groups are automatically members of NT "Domain Administrators" group. Same result for rest of params according to their names. Rafa? "Jeremy Winn" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-25 19:29 Do: DW: Temat: Stupid Question I am using samba 2.07. In SWAT there are five parameters: domain groups, domain admin groups, domain guest group, domain admin users, and domain guest users. There is no information in SWAT to tell me what these parameters do, or how to use them. Maybe I am going to answer my own question here. Do I create those particular groups In WinNT and then map them through the /etc/smb.conf. Is any one else using these parameters, and if so how do you make them work. I have searched for answers through all the documentation, but all of the docs. tell me to come here. Thanks, JWinn From kevinc at grainsystems.com Mon Sep 25 18:06:01 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:34 2003 Subject: I don't understand something ... References: Message-ID: <39CF9409.227CAAD1@grainsystems.com> Rafa? Szcze?niak wrote: > > Can somebody explain me (or confirm - I'm scared to say that) what > exactly does mean: Samba TNG branch has been terminated ? > Does it really mean, that TNG won't be developed any longer ???? :((((( Luke has quit development work on TNG. Whether this means TNG will now die off or be merged into HEAD or continue on its own is unclear. Luke was doing the vast majority of the work there. > What's official stance of Samba Team developers on this problem ? This is not clear. A better issue is generally speaking, what is the Samba Team's stance on Samba's future (or lack thereof) as a domain controller, and what sort of priority is that functionality? I think this is a crucial issue to a growing percentage of Samba's users--an issue which, to my knowledge, the Samba Team has not yet really addressed. Could some official (posted) position be taken on this, please? Thanks. - Kevin Colby kevinc@grainsystems.com From mjwestkamper at weiinc.com Mon Sep 25 18:15:02 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:31:34 2003 Subject: SAMBA Message-ID: <39CF9626.D07E2568@weiinc.com> To the SAMBA Team You have done a remarkable job. With limited support you have done what very large organizations have only attempted. Like so few others the rewards you receive are in the use of the product and the faire praise of just a few. SAMBA works and we have it on a number of networks. It would appear that a lot of folks are using SAMBA and have networks working quite well. There are a number of things it must do to provide full networkability. One is NT domain controlling. It would appear that, in some respects, there is a loss of direction. I certainly hope it is professional disagreements rather than issues of personality that are causing the visible problems in this effort. I will assume that the underlying issues are that there is a lot of ways SAMBA can go and limited resources to get there. If that assumption is valid, are you interested in a discussion with the "user" community? That discussion may well include setting priorities as well as meaningful support from the user community. You have a real opportunity to make a difference. A product that will not just replace the current commercial products, but improve on them. A product that help prevent the subjugation of all networking to just one vendor. I for one hope SAMBA will continue to grow and provide all the services necessary to successfully implement a network albeit small or large. Mike Westkamper From abrooks at css.tayloru.edu Mon Sep 25 18:25:10 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:31:34 2003 Subject: smbpasswd -> /etc/passwd In-Reply-To: <006801c02713$61e6a020$07fea8c0@bubbastop> Message-ID: On Mon, 25 Sep 2000, Brian Wilson wrote: > Is there any way (a script, black magic, etc) to convert smbpasswd > passwords to either shadowed or md5'd passwords? I know there's a > "unix sync password" option, but this doesn't work for me in the [CUT] The ubiquitous "someone" should put this sort of question (and answer) in a FAQ or several FAQs on the samba.org site and mirrors. It seems to get asked a lot. I'd volunteer but I don't know who manages the FAQs. I think it would be appropriate to mention it at least in the SaMBa FAQ and the SaMBa NT Domain FAQ. -Aaron +-------> Aaron D. Brooks, 765 . 998 . 5168, abrooks [SHIFT"2"] css.tayloru.edu Computing Systems Resource Manager, Taylor University, CSS Department PGP public key: http://www.css.tayloru.edu/~abrooks/pgpkey/abrooks.asc PGP key fingerprint = 75 83 D2 9C 44 C7 00 C8 07 A1 6C F0 BD 04 C0 60 From elrond at samba.org Mon Sep 25 18:36:38 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: ; from Rafa? Szcze?niak on Mon, Sep 25, 2000 at 06:35:06PM +0200 References: Message-ID: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi everybody, Yes. It means exactly this. Luke has quit Samba. I've stopped to work on Samba TNG, because it isn't any more fun without Luke. My complete motivation has gone together with him. Sander also hasn't got any motivation. (But he might comment on that himself) So, no one is working any more on TNG. TNG is now something like a "reference implementation", but nothing more. (And if it is used as such, is another question) Elrond On Mon, Sep 25, 2000 at 06:35:06PM +0200, Rafa? Szcze?niak wrote: > Can somebody explain me (or confirm - I'm scared to say that) what > exactly does mean: Samba TNG branch has been terminated ? > > Does it really mean, that TNG won't be developed any longer ???? :((((( > What's official stance of Samba Team developers on this problem ? > From Jonathan.W.Miner at lmco.com Mon Sep 25 18:42:03 2000 From: Jonathan.W.Miner at lmco.com (JONATHAN W MINER) Date: Tue Dec 2 02:31:34 2003 Subject: SAMBA References: <39CF9626.D07E2568@weiinc.com> Message-ID: <39CF9C7B.A3B0BFD3@lmco.com> Mike - You couldn't have said it better. Mike Westkamper wrote: > > To the SAMBA Team -- Jonathan Miner - Lockheed Martin EIS/SAI LM-Xpress: jonathan.w.miner@lmco.com Phone: 603 885 UNIX - Fax: 603 885 3850 USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 From abrock at georgefox.edu Mon Sep 25 18:53:42 2000 From: abrock at georgefox.edu (Anthony Brock) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: Message-ID: <4.2.2.20000925115031.00ad3b80@localhost> At 11:36 AM 9/25/00 -0700, elrond@samba.org wrote: >Yes. It means exactly this. > >So, no one is working any more on TNG. This is of grave concern to me in my current position. I have been following the development of Samba-TNG for a while now (over a year) and have a great need for the PDC/BDC functionality that Samba-TNG represented. For my organization, samba is useless without a completed PDC function, and is currently used in a mixed TNG/Release environment. Tony ****************************************************************************** * Anthony Brock abrock@georgefox.edu * * Director of Network Services George Fox University * ****************************************************************************** From wilson at sentrisystems.com Mon Sep 25 19:10:59 2000 From: wilson at sentrisystems.com (Brian Wilson) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <00ac01c02724$578f2a00$07fea8c0@bubbastop> I think I speak for most everybody on this list when I say "I *really*don't wanna have to run a win2k server". Oh well, I guess we'll have to work with whatever we have. -B ----- Original Message ----- From: "Elrond" To: "Rafa? Szcze?niak" ; Sent: Monday, September 25, 2000 2:36 PM Subject: Future/end of TNG (was Re: I don't understand something ...) > > Hi everybody, > > Yes. It means exactly this. > > Luke has quit Samba. > I've stopped to work on Samba TNG, because it isn't any > more fun without Luke. My complete motivation has gone > together with him. > Sander also hasn't got any motivation. (But he might > comment on that himself) > > So, no one is working any more on TNG. > > TNG is now something like a "reference implementation", but > nothing more. (And if it is used as such, is another > question) > > > Elrond > > > On Mon, Sep 25, 2000 at 06:35:06PM +0200, Rafa? Szcze?niak wrote: > > Can somebody explain me (or confirm - I'm scared to say that) what > > exactly does mean: Samba TNG branch has been terminated ? > > > > Does it really mean, that TNG won't be developed any longer ???? :((((( > > What's official stance of Samba Team developers on this problem ? > > > > From tmanthey at gmx.de Mon Sep 25 19:18:40 2000 From: tmanthey at gmx.de (Tobias Manthey) Date: Tue Dec 2 02:31:34 2003 Subject: Samba TNG-2.6: File permission problem References: Message-ID: <1616.969909520@www5.gmx.net> > This is not a samba-issue, it's defined behavior under *NIX: ****HELL******, this what I call ackward. I am working with different *NIX for years now, but as you can see not on file permission related stuff. Until today I would have bet my ass that you could not delete an other users file even with write permissions to that specific directory. The sticky bit has done its job. Anyone who can borrow me his brown paperbag? ;-)) Sorry guys! -- Sent through GMX FreeMail - http://www.gmx.net -------------- next part -------------- HTML attachment scrubbed and removed From mjwestkamper at weiinc.com Mon Sep 25 19:40:43 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> Message-ID: <39CFAA3B.5F040326@weiinc.com> Please understand the work here is being done by a few dedicated folks who are not financially compensated for there efforts. Perhaps a little help is in order rather than throwing up of hands and doing what Bill wants you to do. Can you help? Brian Wilson wrote: > I think I speak for most everybody on this list when I say "I *really*don't > wanna > have to run a win2k server". Oh well, I guess we'll have to work with > whatever > we have. > > -B > > ----- Original Message ----- > From: "Elrond" > To: "Rafa? Szcze?niak" ; > Sent: Monday, September 25, 2000 2:36 PM > Subject: Future/end of TNG (was Re: I don't understand something ...) > > > > > Hi everybody, > > > > Yes. It means exactly this. > > > > Luke has quit Samba. > > I've stopped to work on Samba TNG, because it isn't any > > more fun without Luke. My complete motivation has gone > > together with him. > > Sander also hasn't got any motivation. (But he might > > comment on that himself) > > > > So, no one is working any more on TNG. > > > > TNG is now something like a "reference implementation", but > > nothing more. (And if it is used as such, is another > > question) > > > > > > Elrond > > > > > > On Mon, Sep 25, 2000 at 06:35:06PM +0200, Rafa? Szcze?niak wrote: > > > Can somebody explain me (or confirm - I'm scared to say that) what > > > exactly does mean: Samba TNG branch has been terminated ? > > > > > > Does it really mean, that TNG won't be developed any longer ???? :((((( > > > What's official stance of Samba Team developers on this problem ? > > > > > > > From calderonf at measurisk.com Mon Sep 25 19:54:28 2000 From: calderonf at measurisk.com (Calderon, Frank) Date: Tue Dec 2 02:31:34 2003 Subject: UNIX MAPPING Message-ID: <751E7A91AD07D311BBC30008C7F3CB0004A29863@smtp.measurisk.com> I have users who can connect to our SUN server but they cannot map to it. They are prompted for a password and even though they enter a valid password, they are denied access to map. They can connect using Exceed. They are NT Workstation users. Any help would be great. Thanks, Frank From karl at Denninger.Net Mon Sep 25 20:31:33 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: <39CFAA3B.5F040326@weiinc.com>; from Mike Westkamper on Mon, Sep 25, 2000 at 03:40:43PM -0400 References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> Message-ID: <20000925153133.A18833@Denninger.net> I understand that Mike. However, the fact remains that for most serious users of Samba, this announcement means that the product is effectively dead. I'll continue to use it, since I don't need PDC functionality. But most serious users do, and the death of any reasonable belief that it will be forthcoming in a reasonable timeframe means that the product dies for them. Being forced to do what Bill wants may not be nice, but it may be a necessary evil. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights On Mon, Sep 25, 2000 at 03:40:43PM -0400, Mike Westkamper wrote: > Please understand the work here is being done by a few dedicated folks who are > not financially compensated for there efforts. Perhaps a little help is in order > rather than throwing up of hands and doing what Bill wants you to do. > > Can you help? > > > > Brian Wilson wrote: > > > I think I speak for most everybody on this list when I say "I *really*don't > > wanna > > have to run a win2k server". Oh well, I guess we'll have to work with > > whatever > > we have. > > > > -B > > > > ----- Original Message ----- > > From: "Elrond" > > To: "Rafa? Szcze?niak" ; > > Sent: Monday, September 25, 2000 2:36 PM > > Subject: Future/end of TNG (was Re: I don't understand something ...) > > > > > > > > Hi everybody, > > > > > > Yes. It means exactly this. > > > > > > Luke has quit Samba. > > > I've stopped to work on Samba TNG, because it isn't any > > > more fun without Luke. My complete motivation has gone > > > together with him. > > > Sander also hasn't got any motivation. (But he might > > > comment on that himself) > > > > > > So, no one is working any more on TNG. > > > > > > TNG is now something like a "reference implementation", but > > > nothing more. (And if it is used as such, is another > > > question) > > > > > > > > > Elrond > > > > > > > > > On Mon, Sep 25, 2000 at 06:35:06PM +0200, Rafa? Szcze?niak wrote: > > > > Can somebody explain me (or confirm - I'm scared to say that) what > > > > exactly does mean: Samba TNG branch has been terminated ? > > > > > > > > Does it really mean, that TNG won't be developed any longer ???? :((((( > > > > What's official stance of Samba Team developers on this problem ? > > > > > > > > > > > > From jeremy at valinux.com Mon Sep 25 20:29:17 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:34 2003 Subject: TNG-stable References: Message-ID: <39CFB59D.ED899E27@valinux.com> Luke Kenneth Casson Leighton wrote: > > due to what i consider to be incredible arrogance on the part of the > primary samba developers, whose opinion of TNG and the people i have been > encouraging to help with TNG's development - including yourself, if you > use TNG - is, by association, extremely low, you will have to ask that > question of them, not of me. Luke, Deciding not to work on Samba is your choice, and everyone is fine with that. What is not good is your continuous criticism of the people who *are* still working on Samba and attempting to forward the project as fast as possible. Please follow the advice my mother gave me when I was very small, "if you can't say anything nice, then don't say anything at all". Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From k.blin at gmx.net Mon Sep 25 20:33:02 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: <39CFAA3B.5F040326@weiinc.com>; from mjwestkamper@weiinc.com on Mon, Sep 25, 2000 at 03:40:43PM -0400 References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> Message-ID: <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de> On Mon, Sep 25, 2000 at 03:40:43PM -0400, Mike Westkamper wrote: > Please understand the work here is being done by a few dedicated folks who are > not financially compensated for there efforts. Perhaps a little help is in order > rather than throwing up of hands and doing what Bill wants you to do. > > Can you help? Actually, that is what I suggested to Luke. I'm currently not in that matter, but since I'm just pupil and working only part time, I have plenty of time to spare :) just joking :) No, honest, I'd like to see the "original" TNG team to go on with this. I'm really sorry they got dismotivated in this matter. But still I think even if I'm not even one tenth as good as theese guys, I think doing a little is better than just sitting back and complaining about life and everything. And since I also don't want to run a Win2k server, and our backup server is also a BDC, I need samba TNG! So, come on, you guys!! There should be _some_ programmers out there!! Let's rescue TNG. > > > Luke has quit Samba. > > > I've stopped to work on Samba TNG, because it isn't any > > > more fun without Luke. My complete motivation has gone > > > together with him. > > > Sander also hasn't got any motivation. (But he might > > > comment on that himself) > > > > > > So, no one is working any more on TNG. We could change this. After all that's the concept behind open source!! > > > TNG is now something like a "reference implementation", but > > > nothing more. (And if it is used as such, is another > > > question) We don't have to use it as this! Don't let me down, folks! Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology A fanatic is one who can't change his mind and won't change the subject. -- Winston Churchill From karl at Denninger.Net Mon Sep 25 20:40:31 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:34 2003 Subject: TNG-stable In-Reply-To: <39CFB59D.ED899E27@valinux.com>; from Jeremy Allison on Mon, Sep 25, 2000 at 01:29:17PM -0700 References: <39CFB59D.ED899E27@valinux.com> Message-ID: <20000925154031.A18865@Denninger.net> On Mon, Sep 25, 2000 at 01:29:17PM -0700, Jeremy Allison wrote: > Luke Kenneth Casson Leighton wrote: > > > > due to what i consider to be incredible arrogance on the part of the > > primary samba developers, whose opinion of TNG and the people i have been > > encouraging to help with TNG's development - including yourself, if you > > use TNG - is, by association, extremely low, you will have to ask that > > question of them, not of me. > > Luke, > > Deciding not to work on Samba is your choice, and > everyone is fine with that. What is not good is your continuous > criticism of the people who *are* still working on Samba > and attempting to forward the project as fast as possible. > > Please follow the advice my mother gave me when I was very > small, "if you can't say anything nice, then don't say > anything at all". > > Regards, > > Jeremy Allison, > Samba Team. I'm sorry, Jeremy, I disagree. Luke is free to express his opinion, particularly when it impacts on his efforts. You are free to ignore them if you wish. Science - and indeed, any study of anything - is not advanced by your pearl of wisdom. In fact, it is advanced by exactly the opposite. If you are unable to stand the public heat of criticism, even heated criticism, get the hell out of the kitchen. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From jeremy at valinux.com Mon Sep 25 20:47:20 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:34 2003 Subject: TNG-stable References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> Message-ID: <39CFB9D8.7AE7B6DD@valinux.com> Karl Denninger wrote: > > I'm sorry, Jeremy, I disagree. > > Luke is free to express his opinion, particularly when it impacts on > his efforts. > > You are free to ignore them if you wish. > > Science - and indeed, any study of anything - is not advanced by your > pearl of wisdom. In fact, it is advanced by exactly the opposite. > > If you are unable to stand the public heat of criticism, even heated > criticism, get the hell out of the kitchen. I'm not going on about criticism. I am happy with criticism, that happens all the time (just look at my code and what people say about it all the time :-) :-). It is statements like this that I object to : "what i consider to be incredible arrogance on the part of the primary samba developers, whose opinion of TNG and the people i have been encouraging to help with TNG's development - including yourself, if you use TNG - is, by association, extremely low" This is not code criticism, it's not even constructive. It's *whining*. It isn't about the code, it's just a complaint, and it achieves nothing other than to upset the people who have been using the TNG code (which is being moved into the HEAD branch as fast as we can do so, btw. ). If luke really wanted to help he would be part of this effort, but that's not what he wants to do. Well that's fine, I have no problems with him deciding to do this, but complainaing about the reasons behind his decisions is just a waste of time. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From mailinglists at linux-administration.de Mon Sep 25 21:10:49 2000 From: mailinglists at linux-administration.de (Sascha Schneider) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de>; from k.blin@gmx.net on Mon, Sep 25, 2000 at 10:33:02PM +0200 References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de> Message-ID: <20000925231049.C1051@Tux.dgb-jugend.du> On Mon, Sep 25, 2000 at 10:33:02PM +0200, Kai Blin wrote: > > Can you help? > > No, honest, I'd like to see the "original" TNG team to go on with this. I'm > really sorry they got dismotivated in this matter. But still I think even if > I'm not even one tenth as good as theese guys, I think doing a little is > better than just sitting back and complaining about life and everything. > And since I also don't want to run a Win2k server, and our backup server is > also a BDC, I need samba TNG! > > So, come on, you guys!! There should be _some_ programmers out there!! Let's > rescue TNG. I would like to help. I'm an student at computer science, but not a very experienced programmer. I did some coding in C, pascal, perl, beta, bash *g*, tcl, php and such but never really got deep with it, because I never had anything I'd like to code. If Samba TNG is about to be given up, this is the point where this definitively is gonna change. I would'nt ever like seeing samba beeing stopped. If you want to do some work on samba, I'm with you. > > > > So, no one is working any more on TNG. > > We could change this. After all that's the concept behind open source!! Right, and quite this was my first thought wen I read that samba is dead. > Don't let me down, folks! > Kai No I won't. Lets get on with this, will ya? Sascha -- Ich unterst?tze Stimm gegen Spam, eine Initiative von c't und Politik-Digital. http://www.politik-digital.de/spam From gcarter at valinux.com Mon Sep 25 21:08:23 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925153133.A18833@Denninger.net> Message-ID: <39CFBEC7.887A5F47@valinux.com> Karl Denninger wrote: > > However, the fact remains that for most serious > users of Samba, this announcement means that the > product is effectively dead. This is not an annoucement. Luke got mad and quit. That's what happened. Does anyone ever listen? We have over and over again said that we are working on PDC support. jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From c2z4s9 at hotmail.com Mon Sep 25 21:14:42 2000 From: c2z4s9 at hotmail.com (John Doe) Date: Tue Dec 2 02:31:34 2003 Subject: UNIX MAPPING Message-ID: Do those users have accounts within the smbpasswd file? >From: "Calderon, Frank" >To: "'samba-ntdom@lists.samba.org'" >Subject: UNIX MAPPING >Date: Mon, 25 Sep 2000 15:54:28 -0400 > >I have users who can connect to our SUN server but they cannot map to it. >They are prompted for a password and even though they enter a valid >password, they are denied access to map. They can connect using Exceed. >They are NT Workstation users. > >Any help would be great. > >Thanks, > >Frank > _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From gcarter at valinux.com Mon Sep 25 21:10:55 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de> Message-ID: <39CFBF5F.717B4230@valinux.com> Kai Blin wrote: > > So, come on, you guys!! There should be _some_ > programmers out there!! Let's rescue TNG. What's there to rescue? TNG is a development branch. Luke forked it, and left. What can we say? We are working on porting code form TNG over to HEAD for domain controlling. Jean-Francois has already been working on porting the necessary codefor Win2k domain logons (no native mode of course). If anyone wants to help, join samba-technical and let's get started. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From k.blin at gmx.net Mon Sep 25 21:11:35 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:34 2003 Subject: TNG-stable In-Reply-To: <20000925154031.A18865@Denninger.net>; from karl@Denninger.Net on Mon, Sep 25, 2000 at 03:40:31PM -0500 References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> Message-ID: <20000925231135.A4060@molgen-6.iah.medizin.uni-tuebingen.de> On Mon, Sep 25, 2000 at 03:40:31PM -0500, Karl Denninger wrote: > On Mon, Sep 25, 2000 at 01:29:17PM -0700, Jeremy Allison wrote: > > Luke Kenneth Casson Leighton wrote: > > > > > > due to what i consider to be incredible arrogance on the part of the > > > primary samba developers, whose opinion of TNG and the people i have been > > > encouraging to help with TNG's development - including yourself, if you > > > use TNG - is, by association, extremely low, you will have to ask that > > > question of them, not of me. > > > > Luke, > > > > Deciding not to work on Samba is your choice, and > > everyone is fine with that. What is not good is your continuous > > criticism of the people who *are* still working on Samba > > and attempting to forward the project as fast as possible. > > > > Please follow the advice my mother gave me when I was very > > small, "if you can't say anything nice, then don't say > > anything at all". > > > > Regards, > > > > Jeremy Allison, > > Samba Team. > > I'm sorry, Jeremy, I disagree. > > Luke is free to express his opinion, particularly when it impacts on > his efforts. > > You are free to ignore them if you wish. > > Science - and indeed, any study of anything - is not advanced by your > pearl of wisdom. In fact, it is advanced by exactly the opposite. > > If you are unable to stand the public heat of criticism, even heated > criticism, get the hell out of the kitchen. Seeing this is leading to a flame war, I'd like to add that this hassle isn't leading anywhere. I think most of us would still like a official statement concerning what will be done about PDC compatibility with samba. If you still like to fight like children... Greetings Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology A fanatic is one who can't change his mind and won't change the subject. -- Winston Churchill From gcarter at valinux.com Mon Sep 25 21:04:52 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:34 2003 Subject: TNG-stable References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> Message-ID: <39CFBDF4.269B51DC@valinux.com> Karl Denninger wrote: > > Luke is free to express his opinion, particularly when > it impacts on his efforts. > > You are free to ignore them if you wish. > > Science - and indeed, any study of anything - is not > advanced by your pearl of wisdom. In fact, it is > advanced by exactly the opposite. Karl, Apparently you have have either not been aware or have ignored the background with this and therefore I will boil it down for you. I promised myself I was not going to be drug back into the again, but here goes. Luke, please listen to what I have to say. You are a very good friend, but I am going to state the obvious. This is my personal official stance. Luke decided he could not work within the boundaries of the main samba code branch. Therefore he was offered a development branch for the sole purpose of continuing his work and that would would be evaluated (as everyone's is) before bringing it back into the HEAD branch code. However, Luke admits to basically forking the code, starting a community, and the dropping it. It you are upset with anyone, talk to Luke. IMO, it was irresponsible to fork the code and the drop it. That's what Luke did. period. Now no one is able to support the community he developed. Is that our fault? No. It was Luke's decision. But perhaps you think I'm being to harsh? Let's look at Luke's position on the pam_ntdom code he released as well. Or maybe other branches that resulted in the same thing Now to the question of whether or not Samba will ever be able to act as a PDC, the answer is yes. We are working on it. If you would like to help, please jump in. We're really not a proud bunch and will gladly accept help. Really. :-) The reason that Luke's comments are innapropriate is that you are only seeing the person who is yelling the loudest. > If you are unable to stand the public heat of criticism, > even heated criticism, get the hell out of the kitchen. I don't know where you got this one from, but if you think that Jeremy can't take and accept constructism criticism, then you have no perspective at all. If you have contructive things to say then, that's fine. But your personal attacks are unnecessary. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jbcurry at hline.localhealth.net Mon Sep 25 20:46:56 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:34 2003 Subject: Help Wanted: Samba Staff Message-ID: <39CFB9C0.EBE308EF@hline.localhealth.net> Those of you expressing diappointment and concern about the future of Samba should consider applying for the following job - WANTED: The world community of computer users is looking for bright, selfless, determined individuals to maintain and enhance a revolutionary server product with a world-wide market appealing to individual users, Fortune 500 companies, and everyone in between. The successful candidate will be committed to the ideals of: a) providing all people free access to the best information technologies for the betterment of the global community, and b) the elimination of unstable, bloated, feature-poor software (and the monopolies that create them) Must be able to work in an unstructured team environment, collaborating with thousands across the world. Lack of interest in office politics (or any other politics, for that matter) a plus. BENEFITS: No pay. No medical coverage. No pension. No holidays. No vacation time. Limited gratitude, amidst much criticism. Occassional free pizza. Many inspirational comments from Mom along the lines of "You could be making a six figure income if you'd just quit tinkering with that Internet thing and really apply yourself." Nothing much except the satisfaction of having participated in the most revolutionary movement toward a free and equal society in the history of humankind: Open Source Applicants need not apply. Simply get involved, and the job is yours. Any takers? From bgmilne at ing.sun.ac.za Mon Sep 25 21:29:37 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:34 2003 Subject: Odp: HELP! References: <39CB9635.89F71321@netlife.de> <17718494653.20000922212153@merkespages.de> <39CEF4A3.321AFA7E@netlife.de> Message-ID: <39CFC3C1.96A98245@ing.sun.ac.za> The clients trust account password may be out of sync. You can solve this by removing the machine from the domain, changing the machine password to it's default (smbpasswd -am ) and rejoining it. THe problem is that file permissions will get messed up (I believe). There may be a more elegant solution. Buchan Marek Stancel wrote: > > markus stephany wrote: > > > > Hello Marek, > > > > Friday, September 22, 2000, 7:26:13 PM, you wrote: > > > > >> Did you also delete profile of the user last logged in ? > > >> Especially files ntuser.dat and similiar *.log files > > >> from profiles share may be corrupted. > > > > MS> Now I did, but without any success. > > MS> I've got he same error. > > > > MS> Marek > > > > nt's status codes are described in this text: > > http://www.net3group.com/SMB_NT_Status_Codes.txt > > > > C0000078 means STATUS_INVALID_SID > > > > maybe the sid of the samba server has been corrupted somehow? > > ...but I still do not unterstand it. > We have ~30 Windows9X/NT User and no one of them have the same > problem like me. Am I right, that if the sid of the samba server > would be corrupted - any logon's would be decline ? > > thank you for any help, > Marek -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From gcarter at valinux.com Mon Sep 25 21:33:23 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de> <20000925231049.C1051@Tux.dgb-jugend.du> Message-ID: <39CFC4A3.A41B24EC@valinux.com> Sascha Schneider wrote: > > Right, and quite this was my first thought wen I > read that samba is dead. ok. This has got to be the last message I am responding to like this. I'm only responding because I giggled when I read it. :-) Samba is not dead. Luke's code fork is dead, because he killed it. The main samba development will continue as it has been (including PDC support). jerry From Jean-Francois.Micouleau at dalalu.fr Mon Sep 25 21:33:06 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: <20000925231049.C1051@Tux.dgb-jugend.du> Message-ID: On Mon, 25 Sep 2000, Sascha Schneider wrote: > I never had anything I'd like to code. > If Samba TNG is about to be given up, this is the point where this > definitively is gonna change. > I would'nt ever like seeing samba beeing stopped. who said that samba is dead ? nobody. Luke has stopped working on samba. And only him and some other person. We are still several working on samba. And for some of us it's even our 9 to 5 job and we are paid to do it. Stop this thread now ! It's getting boring. J.F. Samba Team From bill at sweye.com Mon Sep 25 21:34:01 2000 From: bill at sweye.com (William L. Terry) Date: Tue Dec 2 02:31:34 2003 Subject: Windows me Message-ID: <39CFC4C9.B0B8E040@sweye.com> Ok slightly off topic here, but I figured this was the most amenable crowd for this problem. I am stuck having to integrate a "Windows Me" box into an existing Unix network, specifically printing to an LPD server. In the past this has not been a problem, just add LPD services and point the printer at the server or jet direct box. I can not however find this functionality with "Windows Me". What am I missing here? Thanks in advance. -- William L. Terry (bill@sweye.com) From frlord at webmethods.com Mon Sep 25 21:42:56 2000 From: frlord at webmethods.com (F. Ross Lord) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925153133.A18833@Denninger.net> <39CFBEC7.887A5F47@valinux.com> Message-ID: <39CFC6E0.B2DF024A@webmethods.com> Gerald Carter wrote: > Does anyone ever listen? We have over and over again > said that we are working on PDC support. > > jerry Is there a roadmap/timeframe for PDC/BDC support in the works? All interpersonal politics aside, the one thing you seen in every message from users about this is "I really need this." What kind of priority is it for the current samba team? How can people who need this functionality, both those who can/will write code for it and those who can't/won't write code for it, assist the samba team in bringing the functionality into production? A lot of the people who have been following PDC/BDC have been in an uncomfortable limbo since active TNG development stopped. We don't really know what is going on, aside from "we're working on it" and several of the people who put a lot of work into this functionality quit the project. Perhaps you can take a page out of Jeremy's book and try to keep this polite. -- frl From leymarie_gerard at accor-hotels.com Mon Sep 25 21:50:36 2000 From: leymarie_gerard at accor-hotels.com (LEYMARIE gerard) Date: Tue Dec 2 02:31:34 2003 Subject: exchange server In-Reply-To: <20000925142443.C3342@molgen-6.iah.medizin.uni-tuebingen.de> Message-ID: <006301c0273b$119ab840$127ec839@accorhotels.com> So, which can we use if we want to have full OUTLOOK functionnality (folders sharing, etc...) Thks -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Kai Blin Sent: Monday, September 25, 2000 2:25 PM To: samba-ntdom@samba.org Subject: Re: exchange server On Mon, Sep 25, 2000 at 09:01:59AM +0200, Johan ?stensson wrote: > Does anyone know if it's possible to have a MS Exchange server in a > TNG-controled domain? Since Exchange server authenticate it's users from the > PDC... Do you _really_ need Exchange? There are quite a bunch of security issues with Exchange. Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Now I lay me back to sleep. The speaker's dull; the subject's deep. If he should stop before I wake, Give me a nudge for goodness' sake. -- Anonymous From dariva at digitro.com.br Mon Sep 25 21:58:25 2000 From: dariva at digitro.com.br (Paulo Alex Dariva) Date: Tue Dec 2 02:31:34 2003 Subject: Printing files from win2K to linux Message-ID: <001401c0273b$bb00a7f0$e0a0a8c0@gte2000> Friends... I have been a problem when I try to print a postscrip file from win2000 to samba printer in Linux RedHat 6.2. See /var/log/samba/log.gte2000 file: [2000/09/25 15:42:12, 1] smbd/service.c:make_connection(550) gte2000 (192.168.160.224) connect to service fax as user faxBXS (uid=500, gid=0) (pid 705) [2000/09/25 15:42:12, 0] smbd/nttrans.c:call_nt_transact_ioctl(2516) call_nt_transact_ioctl: Currently not implemented. [2000/09/25 15:42:13, 1] smbd/service.c:close_cnum(583) gte2000 (192.168.160.224) closed connection to service fax Anybody know something about call_nt_transact_ioctl( ) function? What does it do? Thanks a lot PADariva -------------- next part -------------- HTML attachment scrubbed and removed From abrooks at css.tayloru.edu Mon Sep 25 22:03:21 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:31:34 2003 Subject: exchange server [Getting there, but not quite O.T.] In-Reply-To: <006301c0273b$119ab840$127ec839@accorhotels.com> Message-ID: On Mon, 25 Sep 2000, LEYMARIE gerard wrote: > So, which can we use if we want to have full OUTLOOK functionnality (folders > sharing, etc...) > > Thks > > On Mon, Sep 25, 2000 at 09:01:59AM +0200, Johan Östensson wrote: > > > Does anyone know if it's possible to have a MS Exchange server in a > > TNG-controled domain? Since Exchange server authenticate it's users from > the > > PDC... > > Do you _really_ need Exchange? There are quite a bunch of security issues > with Exchange. > > Kai I believe that HP's OpenMail product has already been mentioned on this list but in case not: http://www.ice.hp.com/cyc/om/00/index.html -Aaron +-------> Aaron D. Brooks, 765 . 998 . 5168, abrooks [SHIFT"2"] css.tayloru.edu Computing Systems Resource Manager, Taylor University, CSS Department PGP public key: http://www.css.tayloru.edu/~abrooks/pgpkey/abrooks.asc PGP key fingerprint = 75 83 D2 9C 44 C7 00 C8 07 A1 6C F0 BD 04 C0 60 From bgmilne at ing.sun.ac.za Mon Sep 25 22:09:15 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:34 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de> Message-ID: <39CFCD0B.83B97A72@ing.sun.ac.za> I think the most positive thing that users of TNG with reasonable programming ability (unfortunately that excludes me) is to try and use TNG as a reference implementation and merge these into HEAD. The first prize is a HEAD with all the current TNG functionality. If I had the ability, and more than 1 hour free time per week (which I'm currently using to learn C), I would help. I am sure there are enough o capable people out there to help with this. I am currently only using samba 2.0.7 as a PDC, but am jealous of all the features I am missing, however, I cannot introduce samba into an NT environment with TNG. Buchan Kai Blin wrote: > > On Mon, Sep 25, 2000 at 03:40:43PM -0400, Mike Westkamper wrote: > > Please understand the work here is being done by a few dedicated folks who are > > not financially compensated for there efforts. Perhaps a little help is in order > > rather than throwing up of hands and doing what Bill wants you to do. > > > > Can you help? > > Actually, that is what I suggested to Luke. I'm currently not in that > matter, but since I'm just pupil and working only part time, I have plenty > of time to spare :) just joking :) > No, honest, I'd like to see the "original" TNG team to go on with this. I'm > really sorry they got dismotivated in this matter. But still I think even if > I'm not even one tenth as good as theese guys, I think doing a little is > better than just sitting back and complaining about life and everything. > And since I also don't want to run a Win2k server, and our backup server is > also a BDC, I need samba TNG! > > So, come on, you guys!! There should be _some_ programmers out there!! Let's > rescue TNG. > > > > > Luke has quit Samba. > > > > I've stopped to work on Samba TNG, because it isn't any > > > > more fun without Luke. My complete motivation has gone > > > > together with him. > > > > Sander also hasn't got any motivation. (But he might > > > > comment on that himself) > > > > > > > > So, no one is working any more on TNG. > > We could change this. After all that's the concept behind open source!! > > > > > TNG is now something like a "reference implementation", but > > > > nothing more. (And if it is used as such, is another > > > > question) > > We don't have to use it as this! > > Don't let me down, folks! > > Kai > > -- > Kai Blin, Sysop > University of Tuebingen > dept. of immunology > > A fanatic is one who can't change his mind and won't change the subject. > -- Winston Churchill -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From bgmilne at ing.sun.ac.za Mon Sep 25 22:16:09 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:34 2003 Subject: exchange server References: <006301c0273b$119ab840$127ec839@accorhotels.com> Message-ID: <39CFCEA9.256177C@ing.sun.ac.za> HPs OpenMail claims to support about 80% of Exchange's feature (shared folders etc). Anyone got this working, have a short howto/where-to-find on this, and integrating it with a samba pdc or or domain member? Buchan LEYMARIE gerard wrote: > > So, which can we use if we want to have full OUTLOOK functionnality (folders > sharing, etc...) > > Thks > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Kai Blin > Sent: Monday, September 25, 2000 2:25 PM > To: samba-ntdom@samba.org > Subject: Re: exchange server > > On Mon, Sep 25, 2000 at 09:01:59AM +0200, Johan ?stensson wrote: > > Does anyone know if it's possible to have a MS Exchange server in a > > TNG-controled domain? Since Exchange server authenticate it's users from > the > > PDC... > > Do you _really_ need Exchange? There are quite a bunch of security issues > with Exchange. > > Kai > > -- > Kai Blin, Sysop > University of Tuebingen > dept. of immunology > > Now I lay me back to sleep. > The speaker's dull; the subject's deep. > If he should stop before I wake, > Give me a nudge for goodness' sake. > -- Anonymous -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From jeremy at valinux.com Mon Sep 25 22:45:48 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:34 2003 Subject: TNG-stable References: Message-ID: <39CFD59C.C92C57A3@valinux.com> Greg Dickie wrote: > > I'm sorry Jeremy, I don't agree. Should I not post to the samba mailing list > anymore because of that? Dammit you know I don't mean that :-). Disagreements are always welcome, I'm just trying to keep this on a higher level and cut down on the personal comments. Cheers, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From greg at discreet.com Mon Sep 25 22:40:26 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:31:34 2003 Subject: TNG-stable In-Reply-To: <39CFB59D.ED899E27@valinux.com> Message-ID: I'm sorry Jeremy, I don't agree. Should I not post to the samba mailing list anymore because of that? Greg On 25-Sep-00 Jeremy Allison wrote: > Luke Kenneth Casson Leighton wrote: >> >> due to what i consider to be incredible arrogance on the part of the >> primary samba developers, whose opinion of TNG and the people i have been >> encouraging to help with TNG's development - including yourself, if you >> use TNG - is, by association, extremely low, you will have to ask that >> question of them, not of me. > > Luke, > > Deciding not to work on Samba is your choice, and > everyone is fine with that. What is not good is your continuous > criticism of the people who *are* still working on Samba > and attempting to forward the project as fast as possible. > > Please follow the advice my mother gave me when I was very > small, "if you can't say anything nice, then don't say > anything at all". > > Regards, > > Jeremy Allison, > Samba Team. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From kevinc at grainsystems.com Mon Sep 25 23:01:14 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:35 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de> <39CFBF5F.717B4230@valinux.com> Message-ID: <39CFD93A.345D9B84@grainsystems.com> Gerald Carter wrote: > > We are working on porting code form TNG over to > HEAD for domain controlling. Jean-Francois has already > been working on porting the necessary codefor Win2k domain > logons (no native mode of course). > > If anyone wants to help, join samba-technical and let's > get started. This is terrific! Unfortunately, there are no notices in any public forum that I have seen that indicate this to be the case. I also read -technical (non-digest), and I have to admit I haven't seen much on the matter there either (about DC development in general, that is). I think what users are concerned about is the lack of any commitment to providing this functionality. A timetable would be even better, but right now when people ask about using Samba as a PDC and adding 2000 clients, all anyone can say is that TNG used to do it, but that branch is now dead. Imagine how that sounds to someone who has a Samba PDC in production use and is told that 2000 client support is now a "must-have". Whether or not Samba can be used effectively in the long-term is called into question, and lacking any details, its use simply cannot be defended. The result: All those hard-won NT converts are now being forced back to Redmond for a copy of 2000 Server. I'm not complaining so much about the development as the lack of communication from the Samba Team about where DC is going (and when) in a post-TNG world. - Kevin Colby kevinc@grainsystems.com From mgeddes at xavier.sa.edu.au Mon Sep 25 23:18:09 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:35 2003 Subject: FINAL: Future/end of TNG References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925153133.A18833@Denninger.net> <39CFBEC7.887A5F47@valinux.com> <39CFC6E0.B2DF024A@webmethods.com> Message-ID: <39CFDD31.DDB01473@xavier.sa.edu.au> "F. Ross Lord" wrote: > > Gerald Carter wrote: > > Does anyone ever listen? We have over and over again > > said that we are working on PDC support. > > > > jerry > > Is there a roadmap/timeframe for PDC/BDC support in the works? All > interpersonal politics aside, the one thing you seen in every message > from users about this is "I really need this." What kind of priority is > it for the current samba team? How can people who need this > functionality, both those who can/will write code for it and those who > can't/won't write code for it, assist the samba team in bringing the > functionality into production? > > > A lot of the people who have been following PDC/BDC have been in an > uncomfortable limbo since active TNG development stopped. We don't > really know what is going on, aside from "we're working on it" and > several of the people who put a lot of work into this functionality quit > the project. Perhaps you can take a page out of Jeremy's book and try > to keep this polite. > > I was just going to ignore the rest of this thread, but hey. ;-) The Samba team has (at least on the NT-DOM list) explained time and time again that Samba TNG would never be used by itself (in fact, I believe they weren't even going to allow CVS access to the general public). Samba TNG was for Luke and co to test and hack around, so that what they learnt could be moved to Samba (the HEAD branch). This has always been the case as far as I know. TNG development has stopped, not just because Luke left, but it is getting very close to having served it's purpose. If people had followed the list, or read the list archives (I believe they work now ;-)), there would not have been this confusion. The Samba team have been working flat out for some time now, trying to add features from Samba TNG to Samba. I don't believe that they could possibly put an accurate timeframe on completion, because the set of protocols they are dealing with are known to be undocumented (until Luke documented them) and Microsoft have been pretty keen to change little parts of the protocols to break things like Samba. I think the Samba team has done a great job, and from what they have told us on the mailing lists, they seem to me to be doing the right thing. Please, by all means use you coding skills to help Samba, but make sure you do help Samba, instead of throwing a tantrum. I'm sure the Samba team would greatly appreciate working Samba TNG patches to apply to the latest HEAD CVS. Coding isn't the only way to help either, I personally try to answer as many newbie questions as I can, so that the Samba team have more time coding. Samba documentation is also another area where things could be improved. Speak to you local Samba team member for more details of what needs to be done. My 2 cents, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From mgeddes at xavier.sa.edu.au Mon Sep 25 23:28:47 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:35 2003 Subject: Where is smbpasswd? References: <200009222305.TAA23443@ns1.onepine.com> <39CEF589.AFD5EAC0@netlife.de> Message-ID: <39CFDFAF.6DA8A3C8@xavier.sa.edu.au> Marek Stancel wrote: > > Paxus wrote: > > > > I've seem to run across a problem. > > I've compiled and installed samba-tng-2.6 several times and every time, it > > fails to build the smbpasswd executable. Why is that? > > I've tried this on both Redhat and SuSE running kernels raning from 2.2.16 > > to 2.4.0-test5. > The same happens to me with Solaris7 on a sparc machine. > On RH 6.1 I 've got smbpasswd... > > Marek It doesn't exist in Samba TNG. Use samedit (new and improved). Check my .sig for details. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From karl at Denninger.Net Mon Sep 25 23:11:10 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <39CFBDF4.269B51DC@valinux.com>; from Gerald Carter on Mon, Sep 25, 2000 at 04:04:52PM -0500 References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> Message-ID: <20000925181110.A19097@Denninger.net> On Mon, Sep 25, 2000 at 04:04:52PM -0500, Gerald Carter wrote: > Karl Denninger wrote: > > > > Luke is free to express his opinion, particularly when > > it impacts on his efforts. > > > > You are free to ignore them if you wish. > > > > Science - and indeed, any study of anything - is not > > advanced by your pearl of wisdom. In fact, it is > > advanced by exactly the opposite. > > Karl, > > Apparently you have have either not been aware or > have ignored the background with this and therefore > I will boil it down for you. You're welcome to boil whatever you want, but from my perspective what I see here is a bunch of cats fighting. > > > Luke decided he could not work within the boundaries > of the main samba code branch. Therefore he was offered > a development branch for the sole purpose of continuing > his work and that would would be evaluated (as everyone's > is) before bringing it back into the HEAD branch code. There is no harm in this. Further, he didn't have to be "offered" anything, since Samba is publically CVSable. He could have told you to piss up a rope and done it without you (see the multiple times it was done with *BSD for examples) > However, Luke admits to basically forking the code, > starting a community, and the dropping it. It you > are upset with anyone, talk to Luke. IMO, it was > irresponsible to fork the code and the drop it. That's > what Luke did. period. Now no one is able to support > the community he developed. Is that our fault? No. > It was Luke's decision. So what? I don't care about Luke's branch of the code. It was insufficiently far along for me to car when I last looked at it. Yes, it was interesting, but it didn't do what I needed, so I reverted to the stable operational branch. > But perhaps you think I'm being to harsh? Let's look > at Luke's position on the pam_ntdom code he released as > well. Or maybe other branches that resulted in the > same thing So what? > Now to the question of whether or not Samba will ever > be able to act as a PDC, the answer is yes. We are > working on it. Timeline please. That, by the way, is all the people who are carping here are asking for - and have been now for quite a while (well over a year.) I happen to like Samba. A lot. But what I don't like is the lack of any kind of roadmap that is published - no targets, no knowledge of what's going on internally. > If you would like to help, please jump > in. We're really not a proud bunch and will gladly > accept help. Really. :-) Well, I've been involved with this kind of stuff before, and I'm a hell of a lot more careful than I once was with my time. Personalities kill a lot of good things, and this may be one of the many victims. > The reason that Luke's comments are innapropriate is that > you are only seeing the person who is yelling the loudest. Nope. That doesn't make them inappropriate at all. When the public is ignored in its requests for PDC timelines (and it has been) then this is what you can expect to see in response. > > > > If you are unable to stand the public heat of criticism, > > even heated criticism, get the hell out of the kitchen. > > I don't know where you got this one from, but if you > think that Jeremy can't take and accept constructism > criticism, then you have no perspective at all. > > If you have contructive things to say then, that's fine. > But your personal attacks are unnecessary. I, like Luke, have both the right to an opinion and to express it. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From greg at discreet.com Mon Sep 25 22:56:00 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <39CFD59C.C92C57A3@valinux.com> Message-ID: okayyy fine. but your mother wears army boots ;-) Greg On 25-Sep-00 Jeremy Allison wrote: > Greg Dickie wrote: >> >> I'm sorry Jeremy, I don't agree. Should I not post to the samba mailing list >> anymore because of that? > > Dammit you know I don't mean that :-). > > Disagreements are always welcome, I'm just trying to keep > this on a higher level and cut down on the personal comments. > > Cheers, > > Jeremy. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From jeremy at valinux.com Mon Sep 25 23:24:42 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> Message-ID: <39CFDEBA.81F14BA9@valinux.com> Karl Denninger wrote: > > You're welcome to boil whatever you want, but from my perspective what I > see here is a bunch of cats fighting. This is unhelpful. > There is no harm in this. Further, he didn't have to be "offered" > anything, since Samba is publically CVSable. He could have told you to > piss up a rope and done it without you (see the multiple times it was > done with *BSD for examples) This was not a fork based on the public CVS code tree, this was a fork based on *secure* ssh access to the real CVS repository. Such a fork does require privillaged access to the CVS repository. And don't hold up the *BSD's as an example - they are not a good example for Open Source projects staying together. > > Now to the question of whether or not Samba will ever > > be able to act as a PDC, the answer is yes. We are > > working on it. > > Timeline please. > > That, by the way, is all the people who are carping here are asking for - > and have been now for quite a while (well over a year.) Carping is easy. Writing code is hard. If you want PDC, help code it. No other options are acceptible. And remember it has to be done *professionally*. No memory leaks, no buffer overruns, full I18N support (no ascii only code please). The full NT RPC printing support for 2.2 has taken around 2 person years of effort. This is just *one* of the RPC subsystems. Getting to something that "sort of" works is hard enough. Going the rest of the way so that something like MS Exchange can use a Samba PDC, so the BDC's can replicate with it - that's harder still. > When the public is ignored in its requests for PDC timelines (and it has > been) then this is what you can expect to see in response. PDC will ship when the code is ready and working. That's the only valid timeline possible to commit to. Regards, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From karl at Denninger.Net Mon Sep 25 23:32:35 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <39CFDEBA.81F14BA9@valinux.com>; from Jeremy Allison on Mon, Sep 25, 2000 at 04:24:42PM -0700 References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> <39CFDEBA.81F14BA9@valinux.com> Message-ID: <20000925183235.A19226@Denninger.net> On Mon, Sep 25, 2000 at 04:24:42PM -0700, Jeremy Allison wrote: > Karl Denninger wrote: > > > > You're welcome to boil whatever you want, but from my perspective what I > > see here is a bunch of cats fighting. > > This is unhelpful. The truth is unhelpful? Get over yourselves. > > There is no harm in this. Further, he didn't have to be "offered" > > anything, since Samba is publically CVSable. He could have told you to > > piss up a rope and done it without you (see the multiple times it was > > done with *BSD for examples) > > This was not a fork based on the public CVS code tree, > this was a fork based on *secure* ssh access to the real > CVS repository. Such a fork does require privillaged access > to the CVS repository. Ah, so you're not a truly open-source project. Thanks. You just made CERTAIN that I have no interest in helping you - unless, of course, that policy changes. > And don't hold up the *BSD's as an example - they are not > a good example for Open Source projects staying together. They're not? Gee, they seem to be doing quite well, despite the splits and fights. FreeBSD FS.Denninger.net 4.1-STABLE FreeBSD 4.1-STABLE #0: Wed Sep 20 13:32:02 CDT 2000 karl@FS.Denninger.Net:/usr/obj/usr/src/sys/KARL i386 I personally STRONGLY DISLIKE the FreeBSD CORE members, believing they are a bunch of bombastic assholes. Nonetheless, the software is better IMHO than the alternatives when taken in total, which is why I still run it. > > Timeline please. > > > > That, by the way, is all the people who are carping here are asking for - > > and have been now for quite a while (well over a year.) > > Carping is easy. Writing code is hard. If you want PDC, help > code it. No other options are acceptible. That's unhelpful. If I ask a very reasonable question and get told to write it myself, I just might, but why would I do it under YOUR auspices and with YOU being the "head" of things? Why not do it and tell YOU to go piss up that same rope? What possible incentive do I have to put up with the attitude as well as the technical challenges? This might have had something to do with what drove Luke away...... > The full NT RPC printing support for 2.2 has taken around 2 > person years of effort. This is just *one* of the RPC subsystems. Yep. > Getting to something that "sort of" works is hard enough. Going > the rest of the way so that something like MS Exchange can use > a Samba PDC, so the BDC's can replicate with it - that's harder still. I am fully aware of this. > > When the public is ignored in its requests for PDC timelines (and it has > > been) then this is what you can expect to see in response. > > PDC will ship when the code is ready and working. That's the only valid > timeline possible to commit to. You mean *IF* it is (ever) ready and working. Until you set published targets, the word is IF, not WHEN. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From karl at Denninger.Net Mon Sep 25 23:36:34 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:35 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: <39CFD93A.345D9B84@grainsystems.com>; from Kevin Colby on Mon, Sep 25, 2000 at 06:01:14PM -0500 References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de> <39CFBF5F.717B4230@valinux.com> <39CFD93A.345D9B84@grainsystems.com> Message-ID: <20000925183634.A19256@Denninger.net> On Mon, Sep 25, 2000 at 06:01:14PM -0500, Kevin Colby wrote: > Gerald Carter wrote: > > > > We are working on porting code form TNG over to > > HEAD for domain controlling. Jean-Francois has already > > been working on porting the necessary codefor Win2k domain > > logons (no native mode of course). > > > > If anyone wants to help, join samba-technical and let's > > get started. > > This is terrific! > > Unfortunately, there are no notices in any public forum > that I have seen that indicate this to be the case. > I also read -technical (non-digest), and I have to admit > I haven't seen much on the matter there either > (about DC development in general, that is). > > I think what users are concerned about is the lack of any > commitment to providing this functionality. A timetable > would be even better, but right now when people ask about > using Samba as a PDC and adding 2000 clients, all anyone can > say is that TNG used to do it, but that branch is now dead. > Imagine how that sounds to someone who has a Samba PDC in > production use and is told that 2000 client support is now > a "must-have". Whether or not Samba can be used effectively > in the long-term is called into question, and lacking any > details, its use simply cannot be defended. The result: > All those hard-won NT converts are now being forced back > to Redmond for a copy of 2000 Server. > > I'm not complaining so much about the development as the > lack of communication from the Samba Team about where DC > is going (and when) in a post-TNG world. > > - Kevin Colby > kevinc@grainsystems.com EXACTLY my point. Thank you for saying it AGAIN. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From ircd at michelog.med.uoc.gr Tue Sep 26 02:36:04 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:35 2003 Subject: (no subject) Message-ID: <4.3.0.20000925223402.00a90c20@michelog.med.uoc.gr> Hi. On Samba TNG 2.6 Login scripts and roaming profiles don't work for my windows 98 machines. It downloads the profile but won't upload nor will it start a login script. Also, when I use nexus's user manager ... I can't add users or groups, when I try to modify them it asks for a password, and I seem to always get it wrong ;(. Can someone tell me what this password is and how to fix this login script & profile problem? From ircd at michelog.med.uoc.gr Tue Sep 26 02:37:52 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:35 2003 Subject: Samba TNG PDC problem... Message-ID: <4.3.0.20000925223736.00a94aa0@michelog.med.uoc.gr> Hi. On Samba TNG 2.6 Login scripts and roaming profiles don't work for my windows 98 machines. It downloads the profile but won't upload nor will it start a login script. Also, when I use nexus's user manager ... I can't add users or groups, when I try to modify them it asks for a password, and I seem to always get it wrong ;(. Can someone tell me what this password is and how to fix this login script & profile problem? From awilliam at whitemice.org Mon Sep 25 23:49:22 2000 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:31:35 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: <39CFD93A.345D9B84@grainsystems.com> References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de> <39CFBF5F.717B4230@valinux.com> <39CFD93A.345D9B84@grainsystems.com> Message-ID: <20000925.23492200@estate1.whitemice.org> >>We are working on porting code form TNG over to >>HEAD for domain controlling. Jean-Francois has already >>been working on porting the necessary codefor Win2k domain >>logons (no native mode of course). >>If anyone wants to help, join samba-technical and let's >>get started. >This is terrific! >Unfortunately, there are no notices in any public forum >that I have seen that indicate this to be the case. >I also read -technical (non-digest), and I have to admit >I haven't seen much on the matter there either >(about DC development in general, that is). This is true, and is a general frustration of Open Source in general, but maybe we're not looking in the right place. And I understand that updating web-pages, etc... means that someone is not coding while they do that. >I think what users are concerned about is the lack of any >commitment to providing this functionality. A timetable >would be even better, but right now when people ask about >using Samba as a PDC and adding 2000 clients, all anyone can >say is that TNG used to do it, but that branch is now dead. >Imagine how that sounds to someone who has a Samba PDC in >production use and is told that 2000 client support is now >a "must-have". Whether or not Samba can be used effectively >in the long-term is called into question, and lacking any >details, its use simply cannot be defended. The result: >All those hard-won NT converts are now being forced back >to Redmond for a copy of 2000 Server. I think the Samba team understands this perfectly well, and our (the lowly end user) grousing about it isn't going to help the morale of the project team. Cash or pizza might help. From jeremy at valinux.com Mon Sep 25 23:53:12 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> <39CFDEBA.81F14BA9@valinux.com> <20000925183235.A19226@Denninger.net> Message-ID: <39CFE568.45A721E9@valinux.com> Karl Denninger wrote: > > The truth is unhelpful? > > Get over yourselves. Karl, Saying "a bunch of cats fighting" is a personal opinion, not a truth. > Ah, so you're not a truly open-source project. > > Thanks. > > You just made CERTAIN that I have no interest in helping you - unless, > of course, that policy changes. No serious Open Source projects allow arbitrary *write* access to their code repositories. If you would take a little time to think about the issues involved in Open Source code trust you would realize why this is the case. > If I ask a very reasonable question and get told to write it myself, I just > might, but why would I do it under YOUR auspices and with YOU being the > "head" of things? I'm not the "head" of things. That's Andrew :-). If you want it done faster, help, don't bother to complain. That wastes time for everyone. That's the basic philosophy. > Why not do it and tell YOU to go piss up that same rope? What possible > incentive do I have to put up with the attitude as well as the technical > challenges? > > This might have had something to do with what drove Luke away...... Karl, you know nothing of Luke's personal issues. Regards, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From paulle at Exchange.Microsoft.com Tue Sep 26 00:02:10 2000 From: paulle at Exchange.Microsoft.com (Paul Leach) Date: Tue Dec 2 02:31:35 2003 Subject: MS "breaking" Samba Message-ID: <5B90AD65A9E8934987DB0C8C07626574472F59@DF-BOWWOW.platinum.corp.microsoft.com> > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Monday, September 25, 2000 4:18 PM > To: samba-ntdom@us4.samba.org > Subject: FINAL: Future/end of TNG > > The Samba team have been working flat out for some time now, trying to > add features from Samba TNG to Samba. I don't believe that they could > possibly put an accurate timeframe on completion, because the set of > protocols they are dealing with are known to be undocumented > (until Luke > documented them) and Microsoft have been pretty keen to change little > parts of the protocols to break things like Samba. We have never added any improvements (or non-improvements) to the protocols in order to "break" Samba (or to affect it in any way at all). We tested Win2k against Samba as a file server to make sure that it continued to work as a "down-level" server, along with NT4, OS/2, Windows 9x, and others. Of course, it (just like NT4) would not support the new Windows 2000 features, by which we hope to entice our customers to upgrade by providing new value to them. Just to be clear: we didn't test Win2k against Samba as a DC; we did test against NT4 DCs, however, so if Samba really does emulate all NT4 DC functionality, it should have been OK. Paul -------------- next part -------------- HTML attachment scrubbed and removed From hmontalv at citi.com.mx Tue Sep 26 01:10:00 2000 From: hmontalv at citi.com.mx (=?iso-8859-1?Q?H=E9ctor_Jos=E9_Montalvo_Herrera?=) Date: Tue Dec 2 02:31:35 2003 Subject: How I can unsuscribe? Message-ID: <000601c02756$7ee93fa0$5c7122c8@citi.com.mx> Thanx! ____________________________________________ Ing. Hector Jose Montalvo Herrera Soporte Tecnico | Technical Support Corporacion en Investigacion Tecnologica e Informatica, SA CV Sendero Sur #285-A, Col. Contry, Monterrey, Nuevo Leon, CP 64860 http://www.citi.com.mx Tel. (8) 357 2267 ext. 136 From karl at Denninger.Net Tue Sep 26 00:58:29 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <39CFE568.45A721E9@valinux.com>; from Jeremy Allison on Mon, Sep 25, 2000 at 04:53:12PM -0700 References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> <39CFDEBA.81F14BA9@valinux.com> <20000925183235.A19226@Denninger.net> <39CFE568.45A721E9@valinux.com> Message-ID: <20000925195829.A19425@Denninger.net> On Mon, Sep 25, 2000 at 04:53:12PM -0700, Jeremy Allison wrote: > Karl Denninger wrote: > > > > The truth is unhelpful? > > > > Get over yourselves. > > Karl, > > Saying "a bunch of cats fighting" is a personal opinion, > not a truth. > > > Ah, so you're not a truly open-source project. > > > > Thanks. > > > > You just made CERTAIN that I have no interest in helping you - unless, > > of course, that policy changes. > > No serious Open Source projects allow arbitrary *write* access > to their code repositories. No serious open-source project NEEDS to allow *WRITE* access to the repository on an arbitrary basis. However, READ access to the *REAL* repository should be unrestricted. If its not, or if you "vet" the repository before offering it to the public, then its not open-source, no matter what you call it. > > If I ask a very reasonable question and get told to write it myself, I just > > might, but why would I do it under YOUR auspices and with YOU being the > > "head" of things? > > I'm not the "head" of things. That's Andrew :-). If you want it > done faster, help, don't bother to complain. That wastes time for > everyone. That's the basic philosophy. > > > Why not do it and tell YOU to go piss up that same rope? What possible > > incentive do I have to put up with the attitude as well as the technical > > challenges? > > > > This might have had something to do with what drove Luke away...... > > Karl, you know nothing of Luke's personal issues. You're right. But I don't need to. I see the same kind of issues myself, and I'm not even involved. When they're that visible from this distance, they must loom large when you get closer. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From jeremy at valinux.com Tue Sep 26 01:00:09 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> <39CFDEBA.81F14BA9@valinux.com> <20000925183235.A19226@Denninger.net> <39CFE568.45A721E9@valinux.com> <20000925195829.A19425@Denninger.net> Message-ID: <39CFF519.89D736E4@valinux.com> Karl Denninger wrote: > > No serious open-source project NEEDS to allow *WRITE* access to the > repository on an arbitrary basis. > > However, READ access to the *REAL* repository should be unrestricted. > If its not, or if you "vet" the repository before offering it to the public, > then its not open-source, no matter what you call it. Samba does not "vet" the repository in any way before it goes out the door via anonymous CVS. It is rsync copied from the master to a public staging area before release, but it is copied in total, not filtered in any way. What gave you the idea that the repository was filtered ? Just to clear that up. Regards, Jeremy Allison. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From awilliam at whitemice.org Tue Sep 26 01:15:15 2000 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:31:35 2003 Subject: exchange server In-Reply-To: <39CFCEA9.256177C@ing.sun.ac.za> References: <006301c0273b$119ab840$127ec839@accorhotels.com> <39CFCEA9.256177C@ing.sun.ac.za> Message-ID: <20000926.1151500@estate1.whitemice.org> >HPs OpenMail claims to support about 80% of Exchange's feature (shared >folders etc). Anyone got this working, have a short howto/where-to-find >on this, and integrating it with a samba pdc or or domain member? THis is off topic, so you might want to respond to me privately, but I post here out of frustration. Does anyone know if OpenMail supports Universal/Unified Messaging in the manner of Lotus Notes of M$-Exchange? (Fax/Voice Mail/E-mail can all appear in the inbox). Queries to RedHat and HP have gone unanswered for weeks. From karl at Denninger.Net Tue Sep 26 01:16:45 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <39CFF519.89D736E4@valinux.com>; from Jeremy Allison on Mon, Sep 25, 2000 at 06:00:09PM -0700 References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> <39CFDEBA.81F14BA9@valinux.com> <20000925183235.A19226@Denninger.net> <39CFE568.45A721E9@valinux.com> <20000925195829.A19425@Denninger.net> <39CFF519.89D736E4@valinux.com> Message-ID: <20000925201645.A19453@Denninger.net> On Mon, Sep 25, 2000 at 06:00:09PM -0700, Jeremy Allison wrote: > Karl Denninger wrote: > > > > No serious open-source project NEEDS to allow *WRITE* access to the > > repository on an arbitrary basis. > > > > However, READ access to the *REAL* repository should be unrestricted. > > If its not, or if you "vet" the repository before offering it to the public, > > then its not open-source, no matter what you call it. > > Samba does not "vet" the repository in any way before > it goes out the door via anonymous CVS. Is the door open all the time? > It is rsync copied from the master to a public staging > area before release, but it is copied in total, not > filtered in any way. Not the same thing. With FreeBSD I can get a DAILY update of every change to HEAD. I can run it too, if I dare (and dare is the right word, since it doesn't always even build - say much less install) If Samba's team provides less, then you ARE NOT an open development environment. If I cannot get the changes you check in 5 minutes after you do it (should I poll the CVS server at that point in time) then you're simply not an open project. > What gave you the idea that the repository was filtered ? You did. You appeared to state that there were two repositories - one for "privileged" people, and one for the rest. If that's not what you meant, then I retract the criticism. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From jeremy at valinux.com Tue Sep 26 01:20:56 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> <39CFDEBA.81F14BA9@valinux.com> <20000925183235.A19226@Denninger.net> <39CFE568.45A721E9@valinux.com> <20000925195829.A19425@Denninger.net> <39CFF519.89D736E4@valinux.com> <20000925201645.A19453@Denninger.net> Message-ID: <39CFF9F8.2417CD27@valinux.com> Karl Denninger wrote: > > Not the same thing. > > With FreeBSD I can get a DAILY update of every change to HEAD. I can run > it too, if I dare (and dare is the right word, since it doesn't always even > build - say much less install) > > If Samba's team provides less, then you ARE NOT an open development > environment. If I cannot get the changes you check in 5 minutes after you > do it (should I poll the CVS server at that point in time) then you're > simply not an open project. I don't know what the cron timetable is for the copy process, but it's probably not more that 10 minutes or so. > You did. You appeared to state that there were two repositories - one for > "privileged" people, and one for the rest. > > If that's not what you meant, then I retract the criticism. It was certainly not what I meant and is not true - the public and writable CVS repositories are identical, modulo a few minutes. Regards, Jeremy Allison. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From David.Bear at asu.edu Tue Sep 26 01:27:00 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stability-bitch-list Message-ID: Perhaps a new list is in order... otherwise, this list could get back to supporting what it was inteded for? David Bear Support Systems Analyst, ASU internet: David.Bear@Asu.Edu voice: (602)-965-8257 fax: (602)-965-9189 From mgeddes at xavier.sa.edu.au Tue Sep 26 01:48:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> <39CFDEBA.81F14BA9@valinux.com> <20000925183235.A19226@Denninger.net> <39CFE568.45A721E9@valinux.com> <20000925195829.A19425@Denninger.net> <39CFF519.89D736E4@valinux.com> <20000925201645.A19453@Denninger.net> Message-ID: <39D0008B.BDC29717@xavier.sa.edu.au> Karl Denninger wrote: > Not the same thing. > > With FreeBSD I can get a DAILY update of every change to HEAD. I can run > it too, if I dare (and dare is the right word, since it doesn't always even > build - say much less install) > > If Samba's team provides less, then you ARE NOT an open development > environment. If I cannot get the changes you check in 5 minutes after you > do it (should I poll the CVS server at that point in time) then you're > simply not an open project. > I can vouch for that. I have had patches (only very minor) applied to samba on my behalf and it has been the same day. This is really quite an unproductive "argument" and is not helping anybody. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From jojowil at hvcc.edu Tue Sep 26 01:29:15 2000 From: jojowil at hvcc.edu (William Jojo) Date: Tue Dec 2 02:31:35 2003 Subject: TNG Message-ID: To anybody who wishes to listen... I would personally like to thank: Tridge (if I may be so bold;), Jeremy, Jerry (Gerald), Luke, the one's whose name I cannot remeber right now and everyone else who has contributed countless hours/months/years to the Samba project and those who have contributed detailed bug descriptions and bug fixes.. You have built a wonderfully useful device to bridge gaps that non-unix people might not understand or find useful (sappy music starts:) I know that one day you will have achieved your goal of PDC and Win2K support. You have made my life in educational computing infinitely easier to maintain without the use of NT Server. (end sappy music) Keep up the great work. Bill -- We are young Wandering the face of the earth Wondering what our dreams might be worth Learning that we're only immortal for a limited time.... - N. Peart From valentin at russia.crosswinds.net Tue Sep 26 01:35:44 2000 From: valentin at russia.crosswinds.net (Evpaty) Date: Tue Dec 2 02:31:35 2003 Subject: Samba 2.0.7 + FreeBSD 4.1-STABLE + W2k sp1 Message-ID: <20337579133.20000926123544@russia.crosswinds.net> Hi all! I have a FreeBSD 4.1-STABLE box as a file server. It has two NIC's su-2.04# ifconfig rl0: flags=8843 mtu 1500 inet 10.0.1.102 netmask 0xffffff00 broadcast 10.0.1.255 inet6 fe80::250:baff:fed1:de26%rl0 prefixlen 64 scopeid 0x1 ether 00:50:ba:d1:de:26 media: autoselect (none) status: active supported media: autoselect 100baseTX 100baseTX 10baseT/UT P 10baseT/UTP 100baseTX xl0: flags=8843 mtu 1500 inet 132.124.12.5 netmask 0xffffff00 broadcast 132.124.12.255 inet6 fe80::210:5aff:fe46:db36%xl0 prefixlen 64 scopeid 0x2 ether 00:10:5a:46:db:36 media: 10base2/BNC supported media: 10base2/BNC 10base5/AUI 10baseT/UTP 10bas eT/UTP 10baseT/UTP This is the Samba-2.0.7 config: [global] workgroup = WKG server string = Samba Server hosts allow = 10.0.1. 132. 127. load printers = yes guest account = pcguest log file = /usr/local/samba/var/log.%m max log size = 50 security = share encrypt passwords = yes socket options = TCP_NODELAY interfaces = 10.0.1.102/255.255.255.0 132.124.12.5/255.255.255.0 local master = yes os level = 65 domain master = yes preferred master = yes wins support = yes One of them looks at the coaxial subnet, one - at 100Mbit UTP5 On the 100Mbit side of the router there is a Windows 2000 Box with 3Com 905B card. I have a problem with Samba from this box. Any operation like copying file to or from Samba share is done _extremely_ slow, 60-80 kb per second. This is not a network problem - ftp is 10 times faster. Windows 98 from the coaxial side of the router works much faster. How can i fix it? From karl at Denninger.Net Tue Sep 26 01:37:10 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <39CFF9F8.2417CD27@valinux.com>; from Jeremy Allison on Mon, Sep 25, 2000 at 06:20:56PM -0700 References: <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> <39CFDEBA.81F14BA9@valinux.com> <20000925183235.A19226@Denninger.net> <39CFE568.45A721E9@valinux.com> <20000925195829.A19425@Denninger.net> <39CFF519.89D736E4@valinux.com> <20000925201645.A19453@Denninger.net> <39CFF9F8.2417CD27@valinux.com> Message-ID: <20000925203710.A19697@Denninger.net> On Mon, Sep 25, 2000 at 06:20:56PM -0700, Jeremy Allison wrote: > Karl Denninger wrote: > > > > Not the same thing. > > > > With FreeBSD I can get a DAILY update of every change to HEAD. I can run > > it too, if I dare (and dare is the right word, since it doesn't always even > > build - say much less install) > > > > If Samba's team provides less, then you ARE NOT an open development > > environment. If I cannot get the changes you check in 5 minutes after you > > do it (should I poll the CVS server at that point in time) then you're > > simply not an open project. > > I don't know what the cron timetable is for the copy process, > but it's probably not more that 10 minutes or so. > > > You did. You appeared to state that there were two repositories - one for > > "privileged" people, and one for the rest. > > > > If that's not what you meant, then I retract the criticism. > > It was certainly not what I meant and is not true - the > public and writable CVS repositories are identical, modulo > a few minutes. > > Regards, > > Jeremy Allison. Then I stand corrected. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From k.blin at gmx.net Tue Sep 26 03:53:48 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:35 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: <39CFBF5F.717B4230@valinux.com>; from gcarter@valinux.com on Mon, Sep 25, 2000 at 04:10:55PM -0500 References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925223302.A3992@molgen-6.iah.medizin.uni-tuebingen.de> <39CFBF5F.717B4230@valinux.com> Message-ID: <20000926055348.A4722@molgen-6.iah.medizin.uni-tuebingen.de> On Mon, Sep 25, 2000 at 04:10:55PM -0500, Gerald Carter wrote: > Kai Blin wrote: > > > > So, come on, you guys!! There should be _some_ > > programmers out there!! Let's rescue TNG. > > What's there to rescue? TNG is a development branch. > Luke forked it, and left. What can we say? Ok, I overreacted a bit yesterday. > > We are working on porting code form TNG over to > HEAD for domain controlling. Jean-Francois has already > been working on porting the necessary codefor Win2k domain > logons (no native mode of course). What we heard out here was "Elrond is proting some changes to HEAD" that's it. If you do more than just a bit, keeping the functionality, then that's ok. > If anyone wants to help, join samba-technical and let's > get started. > I still think about that. Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Do what comes naturally. Seethe and fume and throw a tantrum. From lkcl at samba.org Tue Sep 26 04:54:12 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <20000925181110.A19097@Denninger.net> Message-ID: > When the public is ignored in its requests for PDC timelines (and it has > been) then this is what you can expect to see in response. karl, please remember that open source development is done by people who want to do it, and have a personal investment of time and effort in it. they generally own all rights to the code they develop, and develop it for their own benefit, under their own ethics [usually a highly developed sense of responsibility]. to request things of open source developers is not necessarily, therefore, to receive. they have no _contractual_ obligation to fulfil requests, only personal, and maybe self-imposed, obligations. i am not saying that you are, however to imply that a request is linked to a guaranteed response is taking a risk that could, as it has in the past, alienate the people who make such demands, very quickly. the difference between those people and yourself, methinks, is that you're clearly not making a demand, you're simply pointing out a former request and that it has not been fulfilled. please be careful, however. personally, however, i disagree that there is a clear link between the lack of fulfilment of the request in this case [publication of PDC timelines] and your conclusion [what can be expected to see in response]. just thought i'd point those things out :) all the best, lukes From lkcl at samba.org Tue Sep 26 05:08:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <39CFDEBA.81F14BA9@valinux.com> Message-ID: > code it. No other options are acceptible. And remember it has to be done > *professionally*. No memory leaks, no buffer overruns, full > I18N support (no ascii only code please). i was waiting for a comment like this. this is one of the reasons why i will not work with samba any more. the standards are excessively high to be able to do any kind of incremental development. open source projects are all about incremental development. start off small, with something that just about does the job. continue to do improvements, and continue to accept improvements. the expectations of the primary samba developers have gone well beyond the bounds where it is possible for anyone to help except those people and their contributions that they consider to be worthy. i spent three, maybe four years encouraging various people to contribute. that includes comments on APIs, specifications, documentation, bug reports, FAQs, and code. i can recall the following who have made various coding contributions. steffan lauer. elrond. sander striker. luke howard. timothy cole. danny breiss. all of these peoples' efforts, through insatiably high standards, have been rejected. i did not realise that i represent these people, and i am sorry that i let you all down. i actually couldn't care less about any personal problematic attitude towards my development style, but i do care about samba and the efforts o the people who have helped with TNG. i am also seriously concerned about the effect that the current approach may have on samba's future, and also on the people who take such an approach. luke From chebykin at pskov.mts.ru Tue Sep 26 05:09:56 2000 From: chebykin at pskov.mts.ru (Dmitry Chebykin) Date: Tue Dec 2 02:31:35 2003 Subject: Odp: Problem with printing from NT Message-ID: <003401c02778$02cc8310$50a9a8c0@pskov.mts.ru> >Do you want to have HP JetDirect accessed via Samba or directly ? I want to have HP JetDirect via Samba, because I need more flexible security and mqueue configuration. Rafa=B3 -- Dmitry From lkcl at samba.org Tue Sep 26 05:09:25 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:35 2003 Subject: [fm #2899] (broken-links) Broken links within \'pam_ntdom\' record In-Reply-To: <20000925232240.3AD328300A@mail.freshmeat.net> Message-ID: hi, this project is terminated. thanks for hosting a reference to it. On Mon, 25 Sep 2000, scoop via RT wrote: > Our automated link checker detected problems with the following > links associated with 'pam_ntdom': > > - download: http://cb1.com/~lkcl/pam-ntdom/pam_ntdom.tar.gz > > > Please look into this issue and report back as soon as possible. > > Sincerely, > scoop > > > > Note: Please make sure you include the prefix [fm #2899] > in the subject when replying to this email. > > > --- Headers Follow --- > > >From nobody@freshmeat.net Mon Sep 25 19:22:39 2000 > Return-Path: > Delivered-To: broken-links@freshmeat.net > Received: from www4.freshmeat.net (freshmeat.net [64.28.67.35]) > by mail.freshmeat.net (Postfix) with ESMTP id C9D1582FF9 > for ; Mon, 25 Sep 2000 19:22:39 -0400 (EDT) > Received: by www4.freshmeat.net (Postfix, from userid 65534) > id 40658EA40A; Mon, 25 Sep 2000 19:26:49 -0400 (EDT) > To: broken-links@freshmeat.net > Subject: [fm #2899] (broken-links) Broken links within \'pam_ntdom\' record > From: scoop > Message-Id: <20000925232649.40658EA40A@www4.freshmeat.net> > Date: Mon, 25 Sep 2000 19:26:49 -0400 (EDT) > Sender: nobody@freshmeat.net > > -------------------------------------------- Managed by Request Tracker > From lkcl at samba.org Tue Sep 26 05:13:02 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <20000925183235.A19226@Denninger.net> Message-ID: > This might have had something to do with what drove Luke away...... you got _that_ right in one guess. unfortunately, karl, i think that this is more that you are becoming tarred with the same brush. i am sure it's nothing personal. i have successfully managed to psychologically "program" certain people to react, like pavlov's god, in specific negative ways towards me, through various continuing unsuccessful attempts to get around or get to the bottom of various problems. never mind. From lkcl at samba.org Tue Sep 26 05:16:50 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: <20000925201645.A19453@Denninger.net> Message-ID: > > Samba does not "vet" the repository in any way before > > it goes out the door via anonymous CVS. > > Is the door open all the time? yes. > > It is rsync copied from the master to a public staging > > area before release, but it is copied in total, not > > filtered in any way. > > Not the same thing. > > With FreeBSD I can get a DAILY update of every change to HEAD. I can run > it too, if I dare (and dare is the right word, since it doesn't always even > build - say much less install) > > environment. If I cannot get the changes you check in 5 minutes after you it depends on how often the rsync cron job runs, but yes you can get the changes immediately. > > What gave you the idea that the repository was filtered ? > > You did. You appeared to state that there were two repositories - one > for "privileged" people, and one for the rest. two repositories? no, one a read-only copy of the other? yes. this is for security reasons. the public cvs system is run in a chroot jail. it means he doesn't have to read all the cvs sources to ensure there are no back-doors in it! From michiel at brendel.cx Tue Sep 26 07:05:42 2000 From: michiel at brendel.cx (michiel brendel) Date: Tue Dec 2 02:31:35 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) In-Reply-To: <39CFBF5F.717B4230@valinux.com> Message-ID: On 25-Sep-2000 Gerald Carter wrote: > Kai Blin wrote: >> >> So, come on, you guys!! There should be _some_ >> programmers out there!! Let's rescue TNG. > > What's there to rescue? TNG is a development branch. > Luke forked it, and left. What can we say? > > We are working on porting code form TNG over to > HEAD for domain controlling. Jean-Francois has already > been working on porting the necessary codefor Win2k domain > logons (no native mode of course). > > If anyone wants to help, join samba-technical and let's > get started. How difficult is to lear C. If only programmed ( a little bit) a few years ago in pascal? Michiel From shane at nls.net.au Tue Sep 26 07:56:33 2000 From: shane at nls.net.au (Shane Machon) Date: Tue Dec 2 02:31:35 2003 Subject: exchange server In-Reply-To: <006301c0273b$119ab840$127ec839@accorhotels.com> Message-ID: Greetings, You might want to consider HP openmail. http://www.openmail.com Runs well on RH linux and a host of other unixes. It gives you most of the features of M$ Exchange, a full MAPI connector for Outlook 97/98/2k...even has a web and unix client (though I think the unix client leaves a bit to the imagination.) Probably your best alternative to M$ Exchange in a unix server environment. Hope this helps! Regards, Shane. ____________________________________________ Shane Machon Network Technical Consultant Network and Linux Solutions www.nls.net.au Your total IT Solutions Partner -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of LEYMARIE gerard Sent: Tuesday, 26 September 2000 7:51 To: 'Kai Blin'; samba-ntdom@samba.org Subject: RE: exchange server So, which can we use if we want to have full OUTLOOK functionnality (folders sharing, etc...) Thks -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Kai Blin Sent: Monday, September 25, 2000 2:25 PM To: samba-ntdom@samba.org Subject: Re: exchange server On Mon, Sep 25, 2000 at 09:01:59AM +0200, Johan ?stensson wrote: > Does anyone know if it's possible to have a MS Exchange server in a > TNG-controled domain? Since Exchange server authenticate it's users from the > PDC... Do you _really_ need Exchange? There are quite a bunch of security issues with Exchange. Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Now I lay me back to sleep. The speaker's dull; the subject's deep. If he should stop before I wake, Give me a nudge for goodness' sake. -- Anonymous From johan.ostensson at orebro.lantmen.se Tue Sep 26 07:06:25 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:31:35 2003 Subject: exchange server Message-ID: <20000926070747.5AA12659836@au2.samba.org> Thanks for your answer... But my question is still unanswered: ;) Has anyone used TNG (or even 2.0.7?) as a PDC together with Exchange server? OpenMail is really not an option here, since we have more than 50 users we would have to pay for every license, and as far as I know, they are _expensive_. /johan > -----Ursprungligt meddelande----- > Fr?n: Shane Machon [mailto:shane@nls.net.au] > Skickat: den 26 september 2000 09:57 > Till: johan.ostensson@orebro.lantmen.se; samba-ntdom@samba.org > ?mne: RE: exchange server > > > Greetings, > > You might want to consider HP openmail. > http://www.openmail.com > > Runs well on RH linux and a host of other unixes. It gives > you most of the > features of M$ Exchange, a full MAPI connector for Outlook > 97/98/2k...even > has a web and unix client (though I think the unix client > leaves a bit to > the imagination.) > > Probably your best alternative to M$ Exchange in a unix > server environment. > > Hope this helps! > > Regards, > Shane. > > ____________________________________________ > Shane Machon > Network Technical Consultant > Network and Linux Solutions > www.nls.net.au > > Your total IT Solutions Partner > > > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of LEYMARIE gerard > Sent: Tuesday, 26 September 2000 7:51 > To: 'Kai Blin'; samba-ntdom@samba.org > Subject: RE: exchange server > > > So, which can we use if we want to have full OUTLOOK > functionnality (folders > sharing, etc...) > > Thks > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Kai Blin > Sent: Monday, September 25, 2000 2:25 PM > To: samba-ntdom@samba.org > Subject: Re: exchange server > > > On Mon, Sep 25, 2000 at 09:01:59AM +0200, Johan ?stensson wrote: > > Does anyone know if it's possible to have a MS Exchange server in a > > TNG-controled domain? Since Exchange server authenticate > it's users from > the > > PDC... > > Do you _really_ need Exchange? There are quite a bunch of > security issues > with Exchange. > > Kai > > -- > Kai Blin, Sysop > University of Tuebingen > dept. of immunology > > Now I lay me back to sleep. > The speaker's dull; the subject's deep. > If he should stop before I wake, > Give me a nudge for goodness' sake. > -- Anonymous > > > > From anders at cwd.no Tue Sep 26 08:03:05 2000 From: anders at cwd.no (Anders Thorsen) Date: Tue Dec 2 02:31:35 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) Message-ID: C is not too tough to learn, but you'll also need to know ho the different *NIX'es do stuff... A book that comes to my mind is "Advanced Programming in the UNIX Environment" by Stevens .. I got it myself last spring, and it's really a great book... BTW: To many it's THE book :) PS: My recomendations is that samba is not a very good starting project.... --Anders michiel brendel Sent by: samba-ntdom-admin@us4.samba.org 09/26/2000 01:05 AM To: samba-ntdom@us4.samba.org cc: Subject: Re: Future/end of TNG (was Re: I don't understand something ...) On 25-Sep-2000 Gerald Carter wrote: > Kai Blin wrote: >> >> So, come on, you guys!! There should be _some_ >> programmers out there!! Let's rescue TNG. > > What's there to rescue? TNG is a development branch. > Luke forked it, and left. What can we say? > > We are working on porting code form TNG over to > HEAD for domain controlling. Jean-Francois has already > been working on porting the necessary codefor Win2k domain > logons (no native mode of course). > > If anyone wants to help, join samba-technical and let's > get started. How difficult is to lear C. If only programmed ( a little bit) a few years ago in pascal? Michiel -------------- next part -------------- HTML attachment scrubbed and removed From mail at arnoldgymnasium.de Tue Sep 26 07:13:54 2000 From: mail at arnoldgymnasium.de (Arnold-Gymnasium) Date: Tue Dec 2 02:31:35 2003 Subject: samba-ntdom -- confirmation of subscription -- request 394982 Message-ID: <20000926071354.9675.cpmta@c000.muc.cp.net> Diese Nachricht wurde vom Arnold-Gymnasium in Neustadt bei Coburg verschickt. E-Mail: mail@arnoldgymnasium.de Internet: http://www.arnold-gymnasium.de From jeremy at valinux.com Tue Sep 26 07:17:26 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:35 2003 Subject: TNG-stable In-Reply-To: ; from lkcl@samba.org on Tue, Sep 26, 2000 at 03:08:18PM +1000 References: <39CFDEBA.81F14BA9@valinux.com> Message-ID: <20000926001726.A14746@valinux.com> On Tue, Sep 26, 2000 at 03:08:18PM +1000, Luke Kenneth Casson Leighton wrote: > > code it. No other options are acceptible. And remember it has to be done > > *professionally*. No memory leaks, no buffer overruns, full > > I18N support (no ascii only code please). > > i was waiting for a comment like this. > > this is one of the reasons why i will not work with samba any more. > > the standards are excessively high to be able to do any kind of > incremental development. > > open source projects are all about incremental development. > > start off small, with something that just about does the job. continue to > do improvements, and continue to accept improvements. > > the expectations of the primary samba developers have gone well beyond the > bounds where it is possible for anyone to help except those people and > their contributions that they consider to be worthy. > > i spent three, maybe four years encouraging various people to contribute. > that includes comments on APIs, specifications, documentation, bug > reports, FAQs, and code. i can recall the following who have made various > coding contributions. > > steffan lauer. > > elrond. > > sander striker. > > luke howard. > > timothy cole. > > danny breiss. > > > all of these peoples' efforts, through insatiably high standards, have > been rejected. i did not realise that i represent these people, and i am > sorry that i let you all down. > I don't think these peoples efforts have been rejected. The code in TNG is slowly being moved into HEAD, and then into release. I don't think we have excessively high standards. Remeber we are shipping a program that is used on *millions* of servers worldwide. We are a trusted source of server software used by millions of users, we have to have standards for production code. That's why we were never able to say TNG was a production branch, as it hadn't gone through the QA or testing that the release branches do. TNG was meant to be the "test it in a non production environment" area - many useful advances have been made here, but not *all* of the experimental ideas have been adopted. I think that is the core of your complaint with the other members of the Team. Remeber, the core of Open Source is peer review, many of the ideas I and others have get passed by Andrew, JF and others who shout "crap" loudly and they never see the light of day in a production release. Often we open the process to a direct vote if it is a contentious decision. You don't seem to like this process applied to your code. But you have to be able to play well with others to get robust code out there. We've had this argument so many times, with me, with Andrew, with JF, with Gerald...... but the common factor is you always being on the other side. Please think about what this means w.r.t. peer review of your code. We don't have insatiably high standards - we just have standards full stop. And we can't drop them for anyone - not even you, sorry. Regards. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jean_luc.tixier at libertysurf.fr Tue Sep 26 07:47:14 2000 From: jean_luc.tixier at libertysurf.fr (TIXIER Jean Luc) Date: Tue Dec 2 02:31:35 2003 Subject: SAmba on VAX in a NT environnement! Message-ID: <418634874362D4119F920008C73F2EA09C1B@MESS7718401> Hello every body I have a beginner problem. I try to install samba on a Vax and, simply, exchange shares with PC under WNT4 witch is connected to a WNT4 server architecture. I try several configuration but I still having the same problem : When I browse the VAX, it ask me a username and a password. At the end, I try to enter an username in the smbpasswd.dat file but nothing better. Here the result of smbpasswd command : Thanks for the help Jean Luc TIXIER SAMBA> smbpasswd -a jtixier test doing parameter encrypt passwords = yes doing parameter guest account = JTIXIER pm_process() returned Yes vms_stat: st = 0, mode = 100777 size = 132 Added interface ip=10.0.16.60 bcast=10.0.17.255 nmask=255.255.254.0 getpwnam: name = "jtixier" get_uai: for username = "jtixier" Convert to UNIX: $DISK1:[SAMBA] -> /$disk1/samba UNIX path: /$disk1/samba get_uai: $getuai returns UIC = 00010004 priv = FFFFFFFF FFFFFFFF getpwnam: name = "jtixier" startsmbfilepwent: unable to open file /samba_root/private/smbpasswd.dat unable to open smb password database. startsmbfilepwent: unable to open file /samba_root/private/smbpasswd.dat add_smbfilepwd_entry: unable to open file. Failed to add entry for user jtixier. Failed to change password entry for jtixier SAMBA> dir/sec private.dir Directory $DISK1:[SAMBA] PRIVATE.DIR;1 [1,1] (RWE,RWED,,RWED) SAMBA> dir/sec Directory $DISK1:[SAMBA.PRIVATE] SMBPASSWD.DAT;1 [1,1] (RWD,RWD,,) Here my smb.conf : [global] netbios name = TSTSAMBA workgroup = BUT_USERS server string = test de machine SAMBA announce as = NT ;security = domain ;security = user security = share wins server = 10.0.16.134 interfaces = 10.0.16.60/255.255.254.0 create mode = 0777 debug level = 4 encrypt passwords = yes ;password server = tstfax77184 ;password server = PDC77184 BDC77184 guest account = JTIXIER [TEST] path = /$disk1/test comment = test de share browseable = yes read only = no public = yes create mode = 0777 guest ok = yes [homes] comment = test de share SAMBA browseable = yes read only = no public = yes create mode = 0777 guest ok = yes From ericd at kava.be Tue Sep 26 07:52:32 2000 From: ericd at kava.be (Eric Delaet) Date: Tue Dec 2 02:31:36 2003 Subject: (no subject) In-Reply-To: <4.3.0.20000925223402.00a90c20@michelog.med.uoc.gr> Message-ID: On Mon, 25 Sep 2000, greg wrote: > Hi. On Samba TNG 2.6 Login scripts and roaming profiles don't work for my > windows 98 machines. It downloads the profile but won't upload nor will it > start a login script. For the logon script: Make sure you create the batchfile under Dos/Win, or convert the batchfile you created under *nix with unix2dos. Unix uses only linefeeds to seperate lines, Win uses carr. + lf. NT is quite happy with the unix format, but Win9x clients will refuse to execute the batchfile if it is created under *nix Eric From lkcl at samba.org Tue Sep 26 08:13:22 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:36 2003 Subject: TNG-stable In-Reply-To: <20000926001726.A14746@valinux.com> Message-ID: > We've had this argument so many times, with me, with Andrew, > with JF, with Gerald...... but the common factor is you always > being on the other side. Please think about what this means > w.r.t. peer review of your code. > > We don't have insatiably high standards - we just have standards > full stop. And we can't drop them for anyone - not even you, sorry. you really don't get it, do you? i am fully aware of my own limitations - limitations that you use to good effect to justify telling me, in simplistic [and antagonistic] terms, where the fuck to get off. being fully aware of my own limitations, i RELY on the good-will of the open source community to help me overcome them, with the end-result being the high quality software, conforming to your _precious_ standards, just _not by me alone_. to undermine what i instigate [that many _other_ people then have the good sense to realise is important, not necessarily up to scratch but it does a pretty damn good job] just because it does not conform, at once and immediately, to your precious standards, is FUCKING STUPID. when are you ever going to get it????? YES i expect you to drop your fucking stupid standards - not for a release, but for sufficient time to allow incremental development and work TOWARDS your standards - one cvs commit at a time. now stay out of my way before you make me REALLY mad. From ed at schernau.com Tue Sep 26 08:29:58 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:31:36 2003 Subject: TNG-stable References: Message-ID: <39D05E86.ECBDBACC@schernau.com> Luke Kenneth Casson Leighton wrote: > YES i expect you to drop your fucking stupid standards - not for a > release, but for sufficient time to allow incremental development and work > TOWARDS your standards - one cvs commit at a time. > > now stay out of my way before you make me REALLY mad. Me, or is it time to either a) take this to a private telephone call, or b) unsubscribe Luke? -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From simo.sorce at polimi.it Tue Sep 26 10:40:56 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:36 2003 Subject: Windows me References: <39CFC4C9.B0B8E040@sweye.com> Message-ID: <39D07D38.2F83C9B4@polimi.it> "William L. Terry" wrote: > > Ok slightly off topic here, but I figured this was the most > amenable crowd for this problem. > > I am stuck having to integrate a "Windows Me" box into an > existing Unix network, specifically printing to an LPD > server. > > In the past this has not been a problem, just add LPD services > and point the printer at the server or jet direct box. I can > not however find this functionality with "Windows Me". What > am I missing here? > > Thanks in advance. I think this is a Samba list for NT Domain related questions. Samba-ntdom list members are kind and some may also have the response you earch, but this is not an M$ support center and this question is totally OT. Please refer to a more appropriate list. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From fred at icatt.nl Tue Sep 26 09:18:09 2000 From: fred at icatt.nl (fred van mourik) Date: Tue Dec 2 02:31:36 2003 Subject: connecting nt4 to amiga4000 Message-ID: <20000926091051.11513CF35@us4.samba.org> i am looking for a programmer who can help setting up a simple network from my nt4 machine to an amiga 4000 (i have a demoversion of samba software and an ariadne ethernet card) i have poor knowledge of amiga os and so are looking for a programmer (near amsterdam) From simo.sorce at polimi.it Tue Sep 26 11:13:08 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:36 2003 Subject: MS "breaking" Samba References: <5B90AD65A9E8934987DB0C8C07626574472F59@DF-BOWWOW.platinum.corp.microsoft.com> Message-ID: <39D084C4.7A9F374A@polimi.it> > Paul Leach wrote: > > > -----Original Message----- > > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > > Sent: Monday, September 25, 2000 4:18 PM > > To: samba-ntdom@us4.samba.org > > Subject: FINAL: Future/end of TNG > > > > The Samba team have been working flat out for some time now, trying > to > > add features from Samba TNG to Samba. I don't believe that they > could > > possibly put an accurate timeframe on completion, because the set of > > > protocols they are dealing with are known to be undocumented > > (until Luke > > documented them) and Microsoft have been pretty keen to change > little > > parts of the protocols to break things like Samba. > > We have never added any improvements (or non-improvements) to the > protocols in order to "break" Samba (or to affect it in any way at > all). We tested Win2k against Samba as a file server to make sure > that it continued to work as a "down-level" server, along with NT4, > OS/2, Windows 9x, and others. Of course, it (just like NT4) would not > support the new Windows 2000 features, by which we hope to entice our > customers to upgrade by providing new value to them. > > Just to be clear: we didn't test Win2k against Samba as a DC; we did > test against NT4 DCs, however, so if Samba really does emulate all NT4 > DC functionality, it should have been OK. > > Paul I'm not a Samba team member, but as I remember Samba needed to upgrade from 2.0.6 to 2.0.7 just to serve files to Win2k machines, so your claim that you tested Win 2000 against Samba to ensure compatibility as file server must be false! DC functionality was not supported so testing against it was obviously not required, anyway win2k does not function with samba 2.0.x in NT4 compatibility mode(how much compatible is then??) I hate to see this kind of statements from employee of a company that is proven to have made unfair practices, I think taht if you care your personal reputation you should check twice and prove your statements before speaking. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From RSzczesniak at mis.com.pl Tue Sep 26 09:24:40 2000 From: RSzczesniak at mis.com.pl (RSzczesniak@mis.com.pl) Date: Tue Dec 2 02:31:36 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) Message-ID: "F. Ross Lord" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-25 23:42 Do: Gerald Carter DW: Karl Denninger , Mike Westkamper , Brian Wilson , samba-ntdom@us4.samba.org Temat: Re: Future/end of TNG (was Re: I don't understand something ...) Gerald Carter wrote: > Does anyone ever listen? We have over and over again > said that we are working on PDC support. > > jerry I listened (almost since begin of Samba lists) and I know that Samba team is working hard on Samba HEAD functionality (to mention at least about rewritten oplocking code and nt-printing support). Therefore, I know that Samba, in general, is not dead and I REALLY appreciate work of samba team on Samba HEAD. One thing I wonder, is whether Samba TNG code will be used to develop PDC code on SambaHEAD ? Also, another problem makes me (a little) sad. Another bright mind has quit ... (recently Alan Cox also stopped his work on Linux kernel) Well, we're not prisoners. Everyone can do what he/she wants to do. Life goes on ... Samba HEAD and Samba TNG user and administrator Rafa? PS. Do you know that amount of email posted since yesterday is probably the highest on this list. I've come to work today and I've been reading emails for 1.5 hour. Still haven't finished ! From greg at discreet.com Tue Sep 26 10:42:38 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:31:36 2003 Subject: TNG-stable In-Reply-To: <20000925201645.A19453@Denninger.net> Message-ID: Karl, You are incorrect here I'm afraid. AFAIK all branches of samba are always available via anonymous cvs when everything is working as it should. Until recently I had a cronjob which grabbed a copy of TNG and HEAD every night and did a build. Greg On 26-Sep-00 Karl Denninger wrote: > On Mon, Sep 25, 2000 at 06:00:09PM -0700, Jeremy Allison wrote: >> Karl Denninger wrote: >> > >> > No serious open-source project NEEDS to allow *WRITE* access to the >> > repository on an arbitrary basis. >> > >> > However, READ access to the *REAL* repository should be unrestricted. >> > If its not, or if you "vet" the repository before offering it to the >> > public, >> > then its not open-source, no matter what you call it. >> >> Samba does not "vet" the repository in any way before >> it goes out the door via anonymous CVS. > > Is the door open all the time? > >> It is rsync copied from the master to a public staging >> area before release, but it is copied in total, not >> filtered in any way. > > Not the same thing. > > With FreeBSD I can get a DAILY update of every change to HEAD. I can run > it too, if I dare (and dare is the right word, since it doesn't always even > build - say much less install) > > If Samba's team provides less, then you ARE NOT an open development > environment. If I cannot get the changes you check in 5 minutes after you > do it (should I poll the CVS server at that point in time) then you're > simply not an open project. > >> What gave you the idea that the repository was filtered ? > > You did. You appeared to state that there were two repositories - one for > "privileged" people, and one for the rest. > > If that's not what you meant, then I retract the criticism. > > -- > -- > Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights > Activist > http://www.denninger.net Cost-effective Consulting Solutions > http://childrens-justice.org Working to protect children's rights --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From k.blin at gmx.net Tue Sep 26 12:12:08 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:36 2003 Subject: OT: C programming (was Re: Future/end of TNG) In-Reply-To: ; from michiel@brendel.cx on Tue, Sep 26, 2000 at 09:05:42AM +0200 References: <39CFBF5F.717B4230@valinux.com> Message-ID: <20000926141208.A5420@molgen-6.iah.medizin.uni-tuebingen.de> On Tue, Sep 26, 2000 at 09:05:42AM +0200, michiel brendel wrote: This is running a bit OT, so I'd recommend private answers from now :) > > > > If anyone wants to help, join samba-technical and let's > > get started. > > How difficult is to lear C. If only programmed ( a little bit) a few > years ago in pascal? > > Michiel It's more difficult than pascal, because it'd got more features. Learning C basics isn't that hard, if you already got the idea of what programming is (e.g. used a programming language, not delphi or VB). Learning C to be fit to contribute to samba (which this was all about :) ) is another story though. But don't get scared if you want to and have the time. Greets, Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology Never drink from your finger bowl -- it contains only water. From gcarter at valinux.com Tue Sep 26 12:25:27 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:36 2003 Subject: connecting nt4 to amiga4000 References: <20000926091051.11513CF35@us4.samba.org> Message-ID: <39D095B7.C6C2FD9@valinux.com> fred van mourik wrote: > > i am looking for a programmer who can help setting up > a simple network from my nt4 machine to an amiga 4000 > (i have a demoversion of samba software and an ariadne > ethernet card) > i have poor knowledge of amiga os and so are looking for > a programmer (near amsterdam). Chris, Didn't know if you were subscribed to samba-ntdom. Can you help with some information? Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From michael at laserle.fi Tue Sep 26 12:44:03 2000 From: michael at laserle.fi (Michael Holopainen) Date: Tue Dec 2 02:31:36 2003 Subject: oplocks ERROR References: <5B90AD65A9E8934987DB0C8C07626574472F59@DF-BOWWOW.platinum.corp.microsoft.com> <39D084C4.7A9F374A@polimi.it> Message-ID: <39D09A13.3388FB40@laserle.fi> Does anyone know what this means or is it serious, I found it in smb log ? [2000/09/25 07:34:55, 0] smbd/oplock.c:process_local_message(590) process_local_message: unknown UDP message command code (65ea) - ignoring. -michael (A) Simo Sorce wrote: > > > Paul Leach wrote: > > > > > -----Original Message----- > > > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > > > Sent: Monday, September 25, 2000 4:18 PM > > > To: samba-ntdom@us4.samba.org > > > Subject: FINAL: Future/end of TNG > > > > > > The Samba team have been working flat out for some time now, trying > > to > > > add features from Samba TNG to Samba. I don't believe that they > > could > > > possibly put an accurate timeframe on completion, because the set of > > > > > protocols they are dealing with are known to be undocumented > > > (until Luke > > > documented them) and Microsoft have been pretty keen to change > > little > > > parts of the protocols to break things like Samba. > > > > We have never added any improvements (or non-improvements) to the > > protocols in order to "break" Samba (or to affect it in any way at > > all). We tested Win2k against Samba as a file server to make sure > > that it continued to work as a "down-level" server, along with NT4, > > OS/2, Windows 9x, and others. Of course, it (just like NT4) would not > > support the new Windows 2000 features, by which we hope to entice our > > customers to upgrade by providing new value to them. > > > > Just to be clear: we didn't test Win2k against Samba as a DC; we did > > test against NT4 DCs, however, so if Samba really does emulate all NT4 > > DC functionality, it should have been OK. > > > > Paul > > I'm not a Samba team member, but as I remember Samba needed to upgrade > from 2.0.6 to 2.0.7 just to serve files to Win2k machines, so your claim > that you tested Win 2000 against Samba to ensure compatibility as file > server must be false! > > DC functionality was not supported so testing against it was obviously > not required, anyway win2k does not function with samba 2.0.x in NT4 > compatibility mode(how much compatible is then??) > > I hate to see this kind of statements from employee of a company that is > proven to have made unfair practices, I think taht if you care your > personal reputation you should check twice and prove your statements > before speaking. > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! -- --"Would you fly on airplane controlled by MS Windows ?"-- -------------------------------------------------------------------- | Michael Holopainen | Valuraudantie 25 | Tel: +358-(0)9-35093825 | | | 00700 Helsinki | Fax : +358-(0)9-35093850 | | Laserle Oy | Finland | email: michael@laserle.fi| -------------------------------------------------------------------- From gcarter at valinux.com Tue Sep 26 13:08:14 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:36 2003 Subject: MS "breaking" Samba References: <5B90AD65A9E8934987DB0C8C07626574472F59@DF-BOWWOW.platinum.corp.microsoft.com> <39D084C4.7A9F374A@polimi.it> Message-ID: <39D09FBE.4DD8240D@valinux.com> Long message notice..... Simo Sorce wrote: > > > Paul Leach wrote: > > > > We have never added any improvements (or > > non-improvements) to the protocols in order to > > "break" Samba (or to affect it in any way at > > all). We tested Win2k against Samba as a file > > server to make sure that it continued to work > > as a "down-level" server, along with NT4, > > OS/2, Windows 9x, and others. Of course, it (just > > like NT4) would not support the new Windows > > 2000 features, by which we hope to entice our > > customers to upgrade by providing new value to them. > > > > Just to be clear: we didn't test Win2k against Samba as > > a DC; we did test against NT4 DCs, however, so if > > Samba really does emulate all NT4 DC functionality, > > it should have been OK. > > > > Paul Hi Paul. Haven't head a peep from you in a while. Hope things are well. Just though I would inject that first. > I'm not a Samba team member, but as I remember Samba > needed to upgrade from 2.0.6 to 2.0.7 just to serve files > to Win2k machines, so your claim that you tested Win > 2000 against Samba to ensure compatibility as file > server must be false! > > DC functionality was not supported so testing against it > was obviously not required, anyway win2k does not > function with samba 2.0.x in NT4 compatibility mode(how > much compatible is then??) > > I hate to see this kind of statements from employee of > a company that is proven to have made unfair practices, I > think that if you care your personal reputation you > should check twice and prove your statements before speaking. Simo, Antagonism doesn't help. :-) MS did clean up many things in Win2k. Perhaps the complaint is that all the changes were not documented. (hey paul ;) ) So i will make another plea. (quoting from a previous request by Luke). Any (or all) of the information would be a good thing. i will move this off list after the initial request in case you would like to discuss this further .....begin plea......................... > - What exactly is the information you would > need (i.e. interface UUIDs etc.) IDL files: samr.idl, spoolss.idl, netlogon.idl, lsarpc.idl, srvsvc.idl, wkssvc.idl, browsess.idl, winsmgr.idl, winreg.idl, svcctl.idl, eventlog.idl at least. basically, anything that makes samba an NT4 PDC and/or NT 4 wksta domain member, which pretty much has all the bare-bones of these already [except winsmgr], _that_ much more stable and less likely to trash nt domain systems it interoperates with [cf. samba prealpha 1.9 which is causing massive headaches for ISS Scanner Product: it causes it to crash]. Encryption / Authentication components: - NTLMSSP, particularly NTLMSSP over DCE/RPC. - NTLMv1 _and_ NTLMv2, *particularly* NTLMv2 and how it is used in NTLMSSP. there are 4 sing/seal/client/server 16-bit "magic constants" that are critical to getting NTLMv2-enabled NTLMSSP to work, and i really cannot - do not wish - to spend another two to three weeks trying to work these out, it gives me a headache :) - the NETLOGOON "Schannel" , which i _know_ is not the right word, but there is no other description available. basically, it's what is activated when the NETLOGON "Sign" and "Seal" is negotiated. paul leach will know what i am referring to. it's used to encrypt \PIPE\NETLOGON. it is _very_ similar in format to draft-brezak-krb5-rc4hmac-00.txt, but not _quite_ the same. NetrAuthenticate2's neg_flags argument must have the bit 0x40000000 set for the sign/seal to be activated. [side-note:it would be _nice_ to have the details of the nt5 "schannel" systems, which can be negotiated with something like 0x7fff01ff or thereabouts by an nt workstation when joined to an nt5 domain in back-compat mode. this presumably negotiates and activates such schemes as sha-1, crc-des-cbc and others that are related to the current use of kerberos and the encryption schemes that kerberos uses, again presumably because the NETLOGON pipe can be used by an nt5 wksta to obtain user-profile info.] - LsaSetSecret's use of the "user session key" - SamrSetUserinfo and SamrGetUserInfo's use of the "user session key". - details of any mechanisms that have replace this because i know it's very insecure. some of these are not new to me, it's just that i don't know _all_ of them, or the "finer details" - e.g i do not know how 128-bit NTLMSSP works, only 40-bit. i documented as many as i could in my book: "DCE/RPC over SMB: Samba and Windows NT Domain Internals", it can be found on amazon.com. NT5 Encryption / Authentication - the PAC (application specific field) in the krb5 ticket which contains the user profile info, the user session key and some unidentified, but probably kerberos5-encryption-ms-specific-info. - the additions to the \PIPE\NETLOGON to obtain a user profile or other info, which i have only heard rumor of - how passwords are encrypted in the Active Directory [my guess is that they use SYSKEY, but i have no idea how, and my guess is also that the NT password has is stored _and_ the Unicode plain text is stored, again using some SYSKEY related algorithm] - probably also needed for "interop" purposes: the replication mechanism between AD forests. this to allow NT _and_ unix to play a part: it allows for people to upgrade then migrate from unix krb5 to NT, but equally it allows them to migrate the other way, i know, so it's a double-edged sword, always, where "may be the best company win" :) Cheers and the best, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From s.striker at striker.nl Tue Sep 26 13:34:50 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:31:36 2003 Subject: MS "breaking" Samba In-Reply-To: <39D084C4.7A9F374A@polimi.it> Message-ID: I think Paul Leach doesn't have to worry about his personal reputation... Also, MS tries to be backward compatible with its own software, so if we did it right, samba should work with newer windows versions, ie. w2k. Samba has to keep up with new features and implement those to work with newer versions of windows, when they come by, in non-backward compatibiluty mode. Sander From gcarter at valinux.com Tue Sep 26 13:17:38 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:36 2003 Subject: oplocks ERROR References: <5B90AD65A9E8934987DB0C8C07626574472F59@DF-BOWWOW.platinum.corp.microsoft.com> <39D084C4.7A9F374A@polimi.it> <39D09A13.3388FB40@laserle.fi> Message-ID: <39D0A1F2.AF0DBA52@valinux.com> Michael Holopainen wrote: > > Does anyone know what this means or is it serious, I found > it in smb log ? > > [2000/09/25 07:34:55, 0] smbd/oplock.c:process_local_message(590) > process_local_message: unknown UDP message command code (65ea) - > ignoring. What code are you using? Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From simona at uchicago.edu Tue Sep 26 14:23:04 2000 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:31:36 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) References: Message-ID: <39D0B148.1DC74113@uchicago.edu> RSzczesniak@mis.com.pl wrote: > Also, another problem makes me (a little) sad. Another bright > mind has quit ... (recently Alan Cox also stopped his > work on Linux kernel).... That's just not true. Read this: http://www.linux.org.uk/diary/ Simon -- Simon Allaway | "It's not a firewall, University of Chicago | it's a leather pouch." 5-4390 Haskell Hall | - Anon. From rszczesniak at mis.com.pl Tue Sep 26 14:28:20 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:36 2003 Subject: Future/end of TNG (was Re: I don't understand something ...) Message-ID: I've just written similiar response: I've read this in certain Linux magazine. If it's surely mistake, I will write to that magazine with request of correction this news. Rafa? Simon Allaway 00-09-26 16:23 Do: RSzczesniak@mis.com.pl, Samba NT Domain DW: Temat: Re: Future/end of TNG (was Re: I don't understand something ...) RSzczesniak@mis.com.pl wrote: > Also, another problem makes me (a little) sad. Another bright > mind has quit ... (recently Alan Cox also stopped his > work on Linux kernel).... That's just not true. Read this: http://www.linux.org.uk/diary/ Simon -- Simon Allaway | "It's not a firewall, University of Chicago | it's a leather pouch." 5-4390 Haskell Hall | - Anon. From simo.sorce at polimi.it Tue Sep 26 16:39:00 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:36 2003 Subject: MS "breaking" Samba References: <5B90AD65A9E8934987DB0C8C07626574472F59@DF-BOWWOW.platinum.corp.microsoft.com> <39D084C4.7A9F374A@polimi.it> <39D09FBE.4DD8240D@valinux.com> Message-ID: <39D0D124.4EA7B24E@polimi.it> Gerald Carter wrote: > > Long message notice..... > > Simo Sorce wrote: > > > > > Paul Leach wrote: > > > > > > We have never added any improvements (or > > > non-improvements) to the protocols in order to > > > "break" Samba (or to affect it in any way at > > > all). We tested Win2k against Samba as a file > > > server to make sure that it continued to work > > > as a "down-level" server, along with NT4, > > > OS/2, Windows 9x, and others. Of course, it (just > > > like NT4) would not support the new Windows > > > 2000 features, by which we hope to entice our > > > customers to upgrade by providing new value to them. > > > > > > Just to be clear: we didn't test Win2k against Samba as > > > a DC; we did test against NT4 DCs, however, so if > > > Samba really does emulate all NT4 DC functionality, > > > it should have been OK. > > > > > > Paul > > Hi Paul. Haven't head a peep from you in a while. Hope > things are well. Just though I would inject that first. > > > I'm not a Samba team member, but as I remember Samba > > needed to upgrade from 2.0.6 to 2.0.7 just to serve files > > to Win2k machines, so your claim that you tested Win > > 2000 against Samba to ensure compatibility as file > > server must be false! > > > > DC functionality was not supported so testing against it > > was obviously not required, anyway win2k does not > > function with samba 2.0.x in NT4 compatibility mode(how > > much compatible is then??) > > > > I hate to see this kind of statements from employee of > > a company that is proven to have made unfair practices, I > > think that if you care your personal reputation you > > should check twice and prove your statements before speaking. > > Simo, Antagonism doesn't help. :-) MS did clean > up many things in Win2k. Perhaps the complaint is that > all the changes were not documented. (hey paul ;) ) > > So i will make another plea. (quoting from a previous > request by Luke). Any (or all) of the information > would be a good thing. > > i will move this off list after the > initial request in case you would like > to discuss this further > > .....begin plea......................... I've not said they have broken things or they have not cleened up the code, I said they cannot claim to have tested win2k against samba for compatibility as as far I remember (am I correct) samba < 2.0.7 will not be able to serve file to win2k and 2.0.7 come out after win2k also to resolve this problem. Am I wrong? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From aarjona at banistmo.com Tue Sep 26 14:53:00 2000 From: aarjona at banistmo.com (Arjona, Ariel) Date: Tue Dec 2 02:31:36 2003 Subject: MS "breaking" Samba Message-ID: <9B6B824220DBD311BF5A1000974B43B32235FD@EXCH05001> I've been running SAMBA 2.0.6-48 on SuSE6.4, and didn't have any problems seeing the shares with my w2k workstation. What are the problems people have with SAMBA < 2.0.7? -- Ariel Arjona Webmaster aarjona@banistmo.com http://www.banistmo.com -----Original Message----- From: Simo Sorce [SMTP:simo.sorce@polimi.it] Sent: Tuesday, September 26, 2000 11:39 AM To: Gerald Carter Cc: Paul Leach; samba-ntdom@samba.org Subject: Re: MS "breaking" Samba Gerald Carter wrote: > > Long message notice..... > > Simo Sorce wrote: > > > > > Paul Leach wrote: > > > > > > We have never added any improvements (or > > > non-improvements) to the protocols in order to > > > "break" Samba (or to affect it in any way at > > > all). We tested Win2k against Samba as a file > > > server to make sure that it continued to work > > > as a "down-level" server, along with NT4, > > > OS/2, Windows 9x, and others. Of course, it (just > > > like NT4) would not support the new Windows > > > 2000 features, by which we hope to entice our > > > customers to upgrade by providing new value to them. > > > > > > Just to be clear: we didn't test Win2k against Samba as > > > a DC; we did test against NT4 DCs, however, so if > > > Samba really does emulate all NT4 DC functionality, > > > it should have been OK. > > > > > > Paul > > Hi Paul. Haven't head a peep from you in a while. Hope > things are well. Just though I would inject that first. > > > I'm not a Samba team member, but as I remember Samba > > needed to upgrade from 2.0.6 to 2.0.7 just to serve files > > to Win2k machines, so your claim that you tested Win > > 2000 against Samba to ensure compatibility as file > > server must be false! > > > > DC functionality was not supported so testing against it > > was obviously not required, anyway win2k does not > > function with samba 2.0.x in NT4 compatibility mode(how > > much compatible is then??) > > > > I hate to see this kind of statements from employee of > > a company that is proven to have made unfair practices, I > > think that if you care your personal reputation you > > should check twice and prove your statements before speaking. > > Simo, Antagonism doesn't help. :-) MS did clean > up many things in Win2k. Perhaps the complaint is that > all the changes were not documented. (hey paul ;) ) > > So i will make another plea. (quoting from a previous > request by Luke). Any (or all) of the information > would be a good thing. > > i will move this off list after the > initial request in case you would like > to discuss this further > > .....begin plea......................... I've not said they have broken things or they have not cleened up the code, I said they cannot claim to have tested win2k against samba for compatibility as as far I remember (am I correct) samba < 2.0.7 will not be able to serve file to win2k and 2.0.7 come out after win2k also to resolve this problem. Am I wrong? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From aarjona at banistmo.com Tue Sep 26 14:56:41 2000 From: aarjona at banistmo.com (Arjona, Ariel) Date: Tue Dec 2 02:31:36 2003 Subject: Question about the samba mailing lists Message-ID: <9B6B824220DBD311BF5A1000974B43B3223603@EXCH05001> One question: Why do I receive multiple copies of the messages? -- Ariel Arjona Webmaster aarjona@banistmo.com http://www.banistmo.com From jschneider at swa.de Tue Sep 26 14:55:49 2000 From: jschneider at swa.de (jschneider) Date: Tue Dec 2 02:31:36 2003 Subject: jens.schneider@a-vip.com Message-ID: <005201c027c9$dbe06580$c830b9c3@unclejoe.swa.de> jens.schneider@a-vip.com From simona at uchicago.edu Tue Sep 26 15:00:18 2000 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:31:36 2003 Subject: MS "breaking" Samba References: <5B90AD65A9E8934987DB0C8C07626574472F59@DF-BOWWOW.platinum.corp.microsoft.com> <39D084C4.7A9F374A@polimi.it> <39D09FBE.4DD8240D@valinux.com> <39D0D124.4EA7B24E@polimi.it> Message-ID: <39D0BA02.4B26DA71@uchicago.edu> Simo Sorce wrote: > ... as far I remember (am I correct) samba < 2.0.7 will not > be able to serve file to win2k and 2.0.7 come out after win2k also to > resolve this problem. > Am I wrong? Kind of. 2.0.7 can serve shares to Win2k clients. I am composing this on a win2k server that relies on this behaviour. Win2k however refues to join a 2.0.7 domain. I use 2.0.7 each and everyday to run machines in my department here at the university. It runs my domain beautifully. For code that's not supposed to be supported I think it's incredible. Simon -- Simon Allaway | "It's not a firewall, University of Chicago | it's a leather pouch." 5-4390 Haskell Hall | - Anon. From rszczesniak at mis.com.pl Tue Sep 26 15:01:58 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:36 2003 Subject: Odp: Question about the samba mailing lists Message-ID: "Arjona, Ariel" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-26 16:56 Do: "Samba-Ntdom (E-mail)" DW: Temat: Question about the samba mailing lists One question: Why do I receive multiple copies of the messages? so do I - 2 copies of each ... Rafa? -- Ariel Arjona Webmaster aarjona@banistmo.com http://www.banistmo.com From simona at uchicago.edu Tue Sep 26 15:10:35 2000 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:31:36 2003 Subject: Odp: Question about the samba mailing lists References: Message-ID: <39D0BC6B.AFCDDDB@uchicago.edu> It might be that when folks reply to your posts they hit reply-all. So it goes ot you AND the list. I am sending this to only the list, so if you get this one twice then it might mean you are subscribed twice. Rafa? Szcze?niak wrote: > > One question: > Why do I receive multiple copies of the messages? > > so do I - 2 copies of each ... -- Simon Allaway | "It's not a firewall, University of Chicago | it's a leather pouch." 5-4390 Haskell Hall | - Anon. From mjwestkamper at weiinc.com Tue Sep 26 15:07:16 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:31:36 2003 Subject: Odp: Question about the samba mailing lists References: Message-ID: <39D0BBA4.D14132B9@weiinc.com> I get two only when the person is responding to something I sent. They have decided to "Reply All" instead of just to the list. All others I get one copy. Rafa? Szcze?niak wrote: > "Arjona, Ariel" > Wys?ane przez: samba-ntdom-admin@us4.samba.org > 00-09-26 16:56 > > > Do: "Samba-Ntdom (E-mail)" > DW: > Temat: Question about the samba mailing lists > > One question: > Why do I receive multiple copies of the messages? > > so do I - 2 copies of each ... > > Rafa? > > -- > Ariel Arjona > Webmaster > aarjona@banistmo.com > http://www.banistmo.com From aarjona at banistmo.com Tue Sep 26 15:27:57 2000 From: aarjona at banistmo.com (Arjona, Ariel) Date: Tue Dec 2 02:31:37 2003 Subject: Odp: Question about the samba mailing lists Message-ID: <9B6B824220DBD311BF5A1000974B43B322363B@EXCH05001> Well I get 2 copies of the messages when the person hits Reply All, but it seems to happen all the time, even when I'm not ionvolved in the discussion in any way. When people write or reply just to the list, I just receive one copy. Regards, -- Ariel Arjona Webmaster aarjona@banistmo.com http://www.banistmo.com -----Original Message----- From: Mike Westkamper [SMTP:mjwestkamper@weiinc.com] Sent: Tuesday, September 26, 2000 10:07 AM To: Rafa? Szcze?niak Cc: samba-ntdom@us4.samba.org Subject: Re: Odp: Question about the samba mailing lists I get two only when the person is responding to something I sent. They have decided to "Reply All" instead of just to the list. All others I get one copy. Rafa? Szcze?niak wrote: > "Arjona, Ariel" > Wys?ane przez: samba-ntdom-admin@us4.samba.org > 00-09-26 16:56 > > > Do: "Samba-Ntdom (E-mail)" > DW: > Temat: Question about the samba mailing lists > > One question: > Why do I receive multiple copies of the messages? > > so do I - 2 copies of each ... > > Rafa? > > -- > Ariel Arjona > Webmaster > aarjona@banistmo.com > http://www.banistmo.com From rszczesniak at mis.com.pl Tue Sep 26 15:28:58 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:37 2003 Subject: Odp: Odp: Question about the samba mailing lists Message-ID: Sorry, mistake - I receive 1 copy of each message. With original, it gives 2 messages. "Arjona, Ariel" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-26 16:56 Do: "Samba-Ntdom (E-mail)" DW: Temat: Question about the samba mailing lists One question: Why do I receive multiple copies of the messages? so do I - 2 copies of each ... Rafa? -- Ariel Arjona Webmaster aarjona@banistmo.com http://www.banistmo.com From ink at inconnu.isu.edu Tue Sep 26 15:32:35 2000 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable In-Reply-To: <20000925201645.A19453@Denninger.net> Message-ID: On Mon, 25 Sep 2000, Karl Denninger wrote: > With FreeBSD I can get a DAILY update of every change to HEAD. I can run > it too, if I dare (and dare is the right word, since it doesn't always even > build - say much less install) > > If Samba's team provides less, then you ARE NOT an open development > environment. If I cannot get the changes you check in 5 minutes after you > do it (should I poll the CVS server at that point in time) then you're > simply not an open project. Give it a rest. Different projects have different policies and people. To uphold FreeBSD as the epitome of development is naive, and does nothing to help Samba. You've made your point already -- dragging this out into a debate serves no purpose. > > What gave you the idea that the repository was filtered ? > > You did. You appeared to state that there were two repositories - one for > "privileged" people, and one for the rest. > > If that's not what you meant, then I retract the criticism. Every project has a privileged branch; it's all a matter of time as to when the keystrokes convert into a distribution. Even the FreeBSD people have to use editors and save files locally; I imagine that many may even work on some functionallity over a long period of time without committing. -- The wheel is turning but the hamster is dead. Craig Kelley -- kellcrai@isu.edu http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block From karl at Denninger.Net Tue Sep 26 15:33:28 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable In-Reply-To: ; from Luke Kenneth Casson Leighton on Tue, Sep 26, 2000 at 02:54:12PM +1000 References: <20000925181110.A19097@Denninger.net> Message-ID: <20000926103328.A21638@Denninger.net> On Tue, Sep 26, 2000 at 02:54:12PM +1000, Luke Kenneth Casson Leighton wrote: > > When the public is ignored in its requests for PDC timelines (and it has > > been) then this is what you can expect to see in response. > > karl, please remember that open source development is done by people who > want to do it, and have a personal investment of time and effort in it. > they generally own all rights to the code they develop, and develop it for > their own benefit, under their own ethics [usually a highly developed > sense of responsibility]. > > to request things of open source developers is not necessarily, therefore, > to receive. they have no _contractual_ obligation to fulfil requests, > only personal, and maybe self-imposed, obligations. Correct. > i am not saying that you are, however to imply that a request is linked to > a guaranteed response is taking a risk that could, as it has in the past, > alienate the people who make such demands, very quickly. > > the difference between those people and yourself, methinks, is that you're > clearly not making a demand, you're simply pointing out a former request > and that it has not been fulfilled. please be careful, however. > > personally, however, i disagree that there is a clear link between the > lack of fulfilment of the request in this case [publication of PDC > timelines] and your conclusion [what can be expected to see in response]. > > just thought i'd point those things out :) Well... The problem here is two-fold: 1. "Selling" something (and "sell" does not mean taking money, folks) as being a fit replacement for a given thing, and playing all the hype that comes with it (granting magazine and trade rag interviews, etc) when you have no intention or ability to support that thing as a true functional equivalent. 2. Then, when people have that EXPECTATION, which *YOU* built, you then fall back on the "heh, its free and open source" line. That's a bullshit approach. Either you ARE something or you ARE NOT. The problem here is that people have come to EXPECT that you can plug Samba in as a replacement for Win2k for file and print service. That is simply NOT TRUE if the machines on your network are not Win95/98 clients, or if you use things that require Exchange! Unfortunately, this myth persists. It persists because the DEVELOPERS want it to persist. This whole hullaballo could be reduced to zero by simply saying, in plain english and with no ballyho at all: Samba provides SOME functionality for file and print service. It is NOT a Win2k replacement, it DOES NOT provide anywhere close to a full set of MSRPC services, and we HAVE NO IDEA IF OR WHEN IT EVER WILL. Specifically by inclusion but not limitation: It is not capable of being a PDC or BDC as defined by the reference implementation, Microsoft Win2k. It cannot host Exchange. Win2k machines cannot join a Samba domain AT ALL. MS administration tools DO NOT WORK. AT ALL. We MAKE NO REPRESENTATION if, or when ANY of that functionality will be provided. It MIGHT show up some time, and there is effort being made to make it happen, but it ALSO might NOT. You should NOT rely on future support for these things, as we categorically refuse to make any such commitment or even set a target date for such capabilities. If you need any of these capabilities either now or in any time frame of the future bounded by finite dates, Samba WILL NOT suit your needs. That'd do it. Why the Samba team just doesn't come out and SAY this, in plain english on their web pages, and here on these lists, is left as an exercise for the reader. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From jbeauchamp at gesinc.com Tue Sep 26 18:38:07 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:31:37 2003 Subject: Domain Printing Question Message-ID: <014701c027e8$edd614a0$1d01a8c0@internal.net> I have Samba 2.07 currently running under RH Linux 6.2 with mostly NTWS connecting. Samba provides all application and data shares. I would like to enable domain logons but am confused about how printing works. I have read the domain printing text file and just need to know do I have to setup a printcap file for all printers served by the domain? If so, does anyone know of a source for printcap files for HP printers. I am a linux/unix newbie and don't think I know enough to build one.... yet :)) I don't seem to have problems with my HP 4 and 5's, but I have an odd ball HP ColorproCAD that doesn't seem to work at all (all have jetdirect cards) I know that part of the question is off topic, but this list is loaded with people already doing this. Any help would be appreciated. James 'If you ain't the lead dog, the scenery never changes' Unknown From karl at Denninger.Net Tue Sep 26 15:36:32 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable In-Reply-To: ; from Luke Kenneth Casson Leighton on Tue, Sep 26, 2000 at 03:13:02PM +1000 References: <20000925183235.A19226@Denninger.net> Message-ID: <20000926103632.B21638@Denninger.net> On Tue, Sep 26, 2000 at 03:13:02PM +1000, Luke Kenneth Casson Leighton wrote: > > This might have had something to do with what drove Luke away...... > > you got _that_ right in one guess. > > unfortunately, karl, i think that this is more that you are becoming > tarred with the same brush. i am sure it's nothing personal. I don't care. I have no horse in this race. I do, however, strongly dislike these "projects" projecting an image of being something they are not, and not conspicuously and prominently displaying the limitations of what you can and cannot expect from them, then "trading on" the heightened (and unrealistic) expectations they have engendered for themselves. Its not about money in the case of open source; it has to be about personal ego gratification, since there's no money changing hands and that's about all that's left. The same thing goes on in commercial software development - but there the demon is easily identified, since cash is changing hands in return for those promises. I get pretty snippy about this stuff wherever I find it. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From scrappy at hub.org Tue Sep 26 15:46:25 2000 From: scrappy at hub.org (The Hermit Hacker) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable In-Reply-To: Message-ID: Two things - Luke, I agree completely with your comments on how open source works ... after spending 4 years co-ordinating and developing with the PostgreSQL crew, the concept of "put something in, let it break and fix it to be stronger" *still* is encouraged to a large extent. Second, a heartfelt thanks for the years you've put into this .. and am sad to see you leave :( On Tue, 26 Sep 2000, Luke Kenneth Casson Leighton wrote: > > code it. No other options are acceptible. And remember it has to be done > > *professionally*. No memory leaks, no buffer overruns, full > > I18N support (no ascii only code please). > > i was waiting for a comment like this. > > this is one of the reasons why i will not work with samba any more. > > the standards are excessively high to be able to do any kind of > incremental development. > > open source projects are all about incremental development. > > start off small, with something that just about does the job. continue to > do improvements, and continue to accept improvements. > > the expectations of the primary samba developers have gone well beyond the > bounds where it is possible for anyone to help except those people and > their contributions that they consider to be worthy. > > i spent three, maybe four years encouraging various people to contribute. > that includes comments on APIs, specifications, documentation, bug > reports, FAQs, and code. i can recall the following who have made various > coding contributions. > > steffan lauer. > > elrond. > > sander striker. > > luke howard. > > timothy cole. > > danny breiss. > > > all of these peoples' efforts, through insatiably high standards, have > been rejected. i did not realise that i represent these people, and i am > sorry that i let you all down. > > i actually couldn't care less about any personal problematic attitude > towards my development style, but i do care about samba and the efforts o > the people who have helped with TNG. > > i am also seriously concerned about the effect that the current approach > may have on samba's future, and also on the people who take such an > approach. > > luke > > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org From fred at icatt.nl Tue Sep 26 16:19:15 2000 From: fred at icatt.nl (fred van mourik) Date: Tue Dec 2 02:31:37 2003 Subject: network NT4 to amiga 4000 Message-ID: <20000926161152.1135470B8A@us4.samba.org> i am looking for a programmer who can help setting up a simple network from my nt4 machine to an amiga 4000 (i have a demoversion of samba software and an ariadne ethernet card for the amiga) i have poor knowledge of amiga os and so are looking for a programmer (near amsterdam). fvm From thomas at amxstudios.com Tue Sep 26 16:37:03 2000 From: thomas at amxstudios.com (Thom May) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable In-Reply-To: <20000926103328.A21638@Denninger.net>; from karl@Denninger.Net on Tue, Sep 26, 2000 at 10:33:28AM -0500 References: <20000925181110.A19097@Denninger.net> <20000926103328.A21638@Denninger.net> Message-ID: <20000926173703.C11864@amxstudios.com> Ok. I've been very carefully avoiding this thread. there seems *ABSOLUTELY NO FUCKING POINT TO IT* except to irritate people, and allow a certain person to whom I'm now replying to to scatter his own (mis|pre)conceptions around without reading any of the input from any one else apart from where it may possibly if he twists it enough enhance his point. This is an open source project. As everyone else has said. This means that mostly, people work in their spare time. they do this because they want to. I'm now going to say exactly what everyone else has said, and hope that, because I've now sunk to the same level of rudeness as you, you might listen... At some point around Tue, Sep 26, 2000 at 10:33:28AM -0500, Karl Denninger said: > On Tue, Sep 26, 2000 at 02:54:12PM +1000, Luke Kenneth Casson Leighton wrote: > > > When the public is ignored in its requests for PDC timelines (and it has > > > been) then this is what you can expect to see in response. > > > > karl, please remember that open source development is done by people who > > want to do it, and have a personal investment of time and effort in it. > > they generally own all rights to the code they develop, and develop it for > > their own benefit, under their own ethics [usually a highly developed > > sense of responsibility]. > > > > to request things of open source developers is not necessarily, therefore, > > to receive. they have no _contractual_ obligation to fulfil requests, > > only personal, and maybe self-imposed, obligations. > > Correct. > > > i am not saying that you are, however to imply that a request is linked to > > a guaranteed response is taking a risk that could, as it has in the past, > > alienate the people who make such demands, very quickly. > > > > the difference between those people and yourself, methinks, is that you're > > clearly not making a demand, you're simply pointing out a former request > > and that it has not been fulfilled. please be careful, however. > > > > personally, however, i disagree that there is a clear link between the > > lack of fulfilment of the request in this case [publication of PDC > > timelines] and your conclusion [what can be expected to see in response]. > > > > just thought i'd point those things out :) > > Well... > > The problem here is two-fold: > > 1. "Selling" something (and "sell" does not mean taking money, folks) > as being a fit replacement for a given thing, and playing all the > hype that comes with it (granting magazine and trade rag interviews, > etc) when you have no intention or ability to support that thing as > a true functional equivalent. So the guys on Samba, by your own definition, haven't done anything wrong. They haven't misrepresented their "product" > 2. Then, when people have that EXPECTATION, which *YOU* built, you > then fall back on the "heh, its free and open source" line. > > The problem here is that people have come to EXPECT that you can plug Samba > in as a replacement for Win2k for file and print service. rightly and justifiably. > That is simply > NOT TRUE if the machines on your network are not Win95/98 clients, or if > you use things that require Exchange! And that is simply bullshit. We have a very happy system built on a Samba 2.0.7 server using NT,2K, and 9x. It works fine, within the limitations that the documentation states. It works entirely as advertised. > > Unfortunately, this myth persists. It persists because the DEVELOPERS > want it to persist. It persists because it is *NOT* a myth. > This whole hullaballo could be reduced to zero by simply saying, in plain > english and with no ballyho at all: > > Samba provides SOME functionality for file and print service. It > is NOT a Win2k replacement, it DOES NOT provide anywhere close > to a full set of MSRPC services, and we HAVE NO IDEA IF OR WHEN > IT EVER WILL. Ask Microsoft when the *scheduled* release date for Win2k was. Ask them when the release date for Exchange 2k *is*. Which would you prefer... An honest - we're working on it as fast as we can - everything is undocumented, there is no reference implementation because "reference" implies that you are able to use that implentation in your own - but if people will stop throwing their egos around on a list about *one* branch of the project whose documentation quite clearly states "This is a branch of the project to allow certain of our developers to investigate the best way of implementing RPC etc. Useful code resulting from this branch will be merged back in to the "full" implementation."(yes, I'm paraphrasing) - response, or unworkable/unmeatable deadlines? And I'd be willing to put money down that you would say the latter. And then come tearing up back onto the list at one second past the deadline, without pausing for breath, to bitch about the lack of product. From Jean-Francois.Micouleau at dalalu.fr Tue Sep 26 16:51:54 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable In-Reply-To: <20000926103328.A21638@Denninger.net> Message-ID: On Tue, 26 Sep 2000, Karl Denninger wrote: > The problem here is two-fold: > > 1. "Selling" something (and "sell" does not mean taking money, folks) > as being a fit replacement for a given thing, and playing all the > hype that comes with it (granting magazine and trade rag interviews, > etc) when you have no intention or ability to support that thing as > a true functional equivalent. > > 2. Then, when people have that EXPECTATION, which *YOU* built, you > then fall back on the "heh, its free and open source" line. > > That's a bullshit approach. > > Either you ARE something or you ARE NOT. Karl, Until you write a single line of code for Samba, you ARE NOT something. If you were as good for bringing to samba the missing functionnalities as you are for complaining and whinning, Samba would be a complete replacement for W2K by now. As of today, I have read thousand of mails from people asking for features. I have received ONLY A SINGLE mail from someone asking what to do to help. I have NEVER received a single mail which included some code to improve the RPC code of Samba. So as someone else said on another list unrelated to samba: "Show me the code or go away." J.F. From wilsong at sergievsky.cpmc.columbia.edu Tue Sep 26 16:54:37 2000 From: wilsong at sergievsky.cpmc.columbia.edu (Gary Wilson) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable References: <20000925181110.A19097@Denninger.net> <20000926103328.A21638@Denninger.net> <20000926173703.C11864@amxstudios.com> Message-ID: <010701c027da$7449eed0$7d266f9c@cpmc.columbia.edu> > > I hope this is gonna be the last comment to the list. Karl, if > you're gonna reply, just reply to me. > Thanks for saying that. It was well put. Nothing of substance is being said. And it is sure wasting a lot of time and bandwidth. For anyone who wants to just mouth off, there's places for that ... just not here. I'm hoping that everyone can now get back to the business at hand. Gary From paulle at Exchange.Microsoft.com Tue Sep 26 16:57:38 2000 From: paulle at Exchange.Microsoft.com (Paul Leach) Date: Tue Dec 2 02:31:37 2003 Subject: MS "breaking" Samba Message-ID: <5B90AD65A9E8934987DB0C8C0762657446D18D@DF-BOWWOW.platinum.corp.microsoft.com> > -----Original Message----- > From: Simo Sorce [mailto:simo.sorce@polimi.it] > Sent: Tuesday, September 26, 2000 4:13 AM > To: Paul Leach; samba-ntdom@samba.org > Subject: Re: MS "breaking" Samba > > > I'm not a Samba team member, but as I remember Samba needed to upgrade > from 2.0.6 to 2.0.7 just to serve files to Win2k machines, so > your claim > that you tested Win 2000 against Samba to ensure compatibility as file > server must be false! That just proves that the testing wasn't thorough enough to catch whatever incompatibility was found. Given the number of dialects of the SMB protocol, the variety of ways in which clients use it, and so on, the test matrix is quite large, but still no where near as large as the actual possibilities. Most of our subtle errors are caught during what we call "dogfood" testing -- when just about everyone in the whole company, and dozens of outside comapanies, deploy pre-release versions of the software and use it in their daily work. We did not do this level of testing against Samba. Paul -------------- next part -------------- HTML attachment scrubbed and removed From karl at Denninger.Net Tue Sep 26 16:58:00 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable In-Reply-To: <20000926173703.C11864@amxstudios.com>; from Thom May on Tue, Sep 26, 2000 at 05:37:03PM +0100 References: <20000925181110.A19097@Denninger.net> <20000926103328.A21638@Denninger.net> <20000926173703.C11864@amxstudios.com> Message-ID: <20000926115800.A21906@Denninger.net> On Tue, Sep 26, 2000 at 05:37:03PM +0100, Thom May wrote: > > That is simply > > NOT TRUE if the machines on your network are not Win95/98 clients, or if > > you use things that require Exchange! > > And that is simply bullshit. We have a very happy > system built on a Samba 2.0.7 server using NT,2K, and 9x. It works fine, > within the limitations that the documentation states. It works > entirely as advertised. Oh please. Look, I run 2.0.7 right now. And I run Win2k. It CANNOT join a Samba domain. It COULD join a TNG domain, but TNG was too unstable to seriously consider for production use (and was CORRECTLY LABELLED as such) > > Unfortunately, this myth persists. It persists because the DEVELOPERS > > want it to persist. > It persists because it is *NOT* a myth. Yes it is. > > This whole hullaballo could be reduced to zero by simply saying, in plain > > english and with no ballyho at all: > > > > Samba provides SOME functionality for file and print service. It > > is NOT a Win2k replacement, it DOES NOT provide anywhere close > > to a full set of MSRPC services, and we HAVE NO IDEA IF OR WHEN > > IT EVER WILL. > Ask Microsoft when the *scheduled* release date for Win2k was. Ask them when > the release date for Exchange 2k *is*. So what? Look, TARGETS are TARGETS. They can (and frequently are, in the software world) MISSED. But AT LEAST THERE ARE TARGETS! > And I'd be willing to put money down that you would say the > latter. And then come tearing up back onto the list at one > second past the deadline, without pausing for breath, to bitch > about the lack of product. Wrong. I'm a software and network engineer (yes, I do both coding and network stuff) by trade. I've been in this business for close to TWENTY YEARS. I have managed LARGE projects for national roll-outs in which REAL products and services depended on hitting targets. I know the difference between a TARGET and a PROMISED RELEASE DATE. I have had to explain those differences to Directors and Corporate Boards before, in V.E.R.Y. S.L.O.W. L.A.N.G.U.A.G.E. to insure that they UNDERSTOOD when they were grilling me about it EXACTLY what I was promising and EXACTLY what I was *NOT* promising. But unlike many people who were FIRED while I was not, I did not CONFUSE people by allowing them to BELIEVE that I could deliver something in a timeframe when I could not. If it took me an hour of explaining all of this, and all of the uncertainties involved, and why I had the word TARGET in my presentation instead of RELEASE DATE, I took the time and was very, very careful to make SURE they understood. The problem here, and in many "open source" projects, is that the lack of outside pressure (and thus accountability) leads you to do one of two things: 1. Promise the moon, either IMPLICITLY (by silence while people talk it up) or EXPLICITLY (by putting up release schedules you know damn well can't be met), and then fail to deliver. 2. Promise NOTHING, then bitch when people say "but we need and you're a scumbag for not delivering it 'on time'!" BOTH approaches suck. The essence of project management, no matter if you're being paid or not, is to set REALISTIC expectations. You should set them a bit BELOW what you think you can deliver, and adjust them regularly so that they REMAIN a bit below what you believe you can deliver at that point in time. If you HONESTLY believe that you can't deliver Win2k PDC functionality for another 18 months, SAY you won't have it for 24 months. Explain EXACTLY what that lack means, and what it prevents. Allow people to make INTELLIGENT decisions about whether this impacts their use of your product or not. > From my point of view as a systems administrator, and not a > conslutant, I know which product I prefer day in day out. And > I'm learning C in the hopes that one day I cna contribute to > this and other products, with the idea of giving something back > to the community. I am a very capable network and "C" programmer, having both done some of the actual coding and project management for some really big (several million lines of code) projects. I've also done a large number of smaller projects single-handed, and my experience with this stuff goes back to the days of Z-80 macro assembler! However, I refuse to put my time (which is limited, as is everyone's) into a project that lacks the kind of formal definition and structure that I believe ANY large project MUST HAVE - to be successful in the long term. > > Specifically by inclusion but not limitation: > > It is not capable of being a PDC or BDC as defined by > > the reference implementation, Microsoft Win2k. > See above for comments on "reference" Bullpocky. If you're shooting at an undocumented target, then SAY SO and NAME NAMES. Nobody puts up with this crap when you do it ex-post-facto. There have been allegations made here that Microsoft has INTENTIONALLY broken Samba interoperability. I don't know enough to know if that's true or false, but what I DO know is that allegations like that had better be factually backed up and should be brought out in the light of day where they can be examined, because that kind of conduct weighs VERY heavily on corporate IS departments - or at least, it should. > > It cannot host Exchange. > Find anywhere on the samba.org website that mentions Exchange in > anyway. I can't. > > Win2k machines cannot join a Samba domain AT ALL. > Which is a breakage on MS' part, not Samba's. Is it? What published specification did they violate? Show me. > > MS administration tools DO NOT WORK. AT ALL. > But SAMBA admin tools do. Not relavent. > Basically, the idea that you seemed to have missed is that this > is not actually helping anyone. The way to help is to turn off > your mail client, and start a decent text editor and a copy of > GCC, learn C and contribute. Or write documentation. Or keep the > website updated. Or *whatever*. but don't just bitch. > > I hope this is gonna be the last comment to the list. Karl, if > you're gonna reply, just reply to me. > > -Thom I'm free to bitch if I want. Others are free to listen or not as they deem fit. -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective Consulting Solutions http://childrens-justice.org Working to protect children's rights From jeremy at valinux.com Tue Sep 26 17:00:21 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable References: Message-ID: <39D0D625.EC246A7B@valinux.com> Luke Kenneth Casson Leighton wrote: > > YES i expect you to drop your fucking stupid standards - not for a > release, but for sufficient time to allow incremental development and work > TOWARDS your standards - one cvs commit at a time. That's what the TNG branch is. Why did you stop working on it ? > now stay out of my way before you make me REALLY mad. Luke, you need to get off line some, and chill out. You are taking this far too personally. Regards, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Jwinn at krauto.com Tue Sep 26 17:05:16 2000 From: Jwinn at krauto.com (Jeremy Winn) Date: Tue Dec 2 02:31:37 2003 Subject: Let's get on with it Message-ID: <01c027db$f1880c00$d8fea8c0@-jwinn.krauto.com> To whom it may concern, I am not part of the "Samba Team" just a person who appreciates what open source is about, and what Samba is able to do. I have been following this thread since it has started. Now it has deteriorated to being unproductive, vulgar and boring. I think that most of the people who subscribe to this mailing list would rather get on with there perspective exchanges of information rather to have to receive e-mails every five minutes. I understand that this is a very important project for alot of people, it is important to me! But I also think that there is a level of professionalism that we should strive to uphold. JWinn -------------- next part -------------- HTML attachment scrubbed and removed From m.brodbelt at acu.ac.uk Tue Sep 26 17:05:30 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:37 2003 Subject: TNG-stable References: <20000925181110.A19097@Denninger.net> <20000926103328.A21638@Denninger.net> Message-ID: <39D0D75A.7BCF1DA3@acu.ac.uk> Karl Denninger wrote: > > On Tue, Sep 26, 2000 at 02:54:12PM +1000, Luke Kenneth Casson Leighton wrote: > > personally, however, i disagree that there is a clear link between the > > lack of fulfilment of the request in this case [publication of PDC > > timelines] and your conclusion [what can be expected to see in response]. > > > > just thought i'd point those things out :) > > Well... > > The problem here is two-fold: > > 1. "Selling" something (and "sell" does not mean taking money, folks) > as being a fit replacement for a given thing, and playing all the > hype that comes with it (granting magazine and trade rag interviews, > etc) when you have no intention or ability to support that thing as > a true functional equivalent. If it's sold as anything, Samba is 'sold' as a fit replacement for NT4 as a file and print server. This is a claim which I for one feel the Samba team have every right to make - I'm one of the many who use it daily as such, and I rely on it to work. > 2. Then, when people have that EXPECTATION, which *YOU* built, you > then fall back on the "heh, its free and open source" line. I've had nothing but help and support when I've needed it. Yes, there are some unsupported features, but there has never been any pretence about the provision of services which are not (yet) supported. > Either you ARE something or you ARE NOT. Yes indeed. And Samba *IS* a functional NT replacement for a very large number of users. > The problem here is that people have come to EXPECT that you can plug Samba > in as a replacement for Win2k for file and print service. Then people are idiots. No such claim with regard to Win2k has ever been mentioned. Samba 2.0.7 fixed up several Win2k bugs, but it is widely known that Samba 2.0.7 will not interoperate with active directory, and several other 2k services. It is only reasonable to expect a plug/play replacement for Win2k file and print services in certain limited configurations of Win2k. Anyone who pays any attention to the mailing lists should realize this. > NOT TRUE if the machines on your network are not Win95/98 clients, or if My machines are NT clients. I have no problems with Samba due to this. > you use things that require Exchange! If you need Exchange, run it on an NT server. You can't run Exchange on Un*x anyway, so what's the problem here? > > Samba provides SOME functionality for file and print service. It > is NOT a Win2k replacement, it DOES NOT provide anywhere close > to a full set of MSRPC services, and we HAVE NO IDEA IF OR WHEN > IT EVER WILL. Samba 2.0.7 is advertised more or less as you say above. It provides almost complete file/print functionality, partial domain control, and incomplete MSRPC services. Discussion of other versions is irrelevant, as they are not supposed to be for production use. There has, to my eyes, been no false advertising. > You should NOT rely on future support for these things, as we And reliance on future support in software should always be tinged with caution, even from large and well funded corporate interests. MS, have, in their time killed many technologies that no longer suited their purpose. Those who relied on them were in a far worse position, as they didn't even have the code. > Why the Samba team just doesn't come out and SAY this, in plain english on > their web pages, and here on these lists, is left as an exercise for the > reader. Anyone who has been reading the mailing lists should have no trouble understanding where things stand. Anyone who downloads the software has all this explained should they bother to read the documentation. These days, there is even an entire book provided in the docs. What more is needed? Those who don't read it have no cause for complaint when they fall upon their own false assumptions. Those who use pre-alpha software like TNG have no right to expect production level support for it from the developers, who have better things to do than hand hold. My 2p worth, Mike. From fischer at wytech.de Tue Sep 26 16:15:27 2000 From: fischer at wytech.de (Timo Fischer) Date: Tue Dec 2 02:31:37 2003 Subject: NT4 WS cannot log on to my samba pdc Message-ID: <00092618275702.06052@server> Hi, I configured my samba pdc (samba tng 2.6 ) and switched my test workstation ( NT4 WS ) from its old domain to my new samba controlled domain. I got the message: welcome to domain xyz. After the reboot, i could not login anymore. The NT Workstation showed a message: cannot log on. the account for this machine does not exist on the pdc or the password is wrong. I do not find any errors in my logs and the account for the NT WS exists in my smbpasswd as well as in my /etc/passwd. Thanks for your help, Timo -- ----------------------------------------------------------------------- Timo Fischer mailto:timo@wytech.de wytech GbR http://wytech.de/ Peter-Bauer-Str.17 http://leopart.org/ 67549 Worms http://abi.biz-worms.de/ From Jwinn at krauto.com Tue Sep 26 17:16:08 2000 From: Jwinn at krauto.com (Jeremy Winn) Date: Tue Dec 2 02:31:37 2003 Subject: Lets get on with it Message-ID: <01c027dd$75a46e60$d8fea8c0@-jwinn.krauto.com> To whom it may concern, I am not part of the "Samba Team" just a person who appreciates what open source is about, and what Samba is able to do. I have been following this thread since it has started. Now it has deteriorated to being unproductive, vulgar and boring. I think that most of the people who subscribe to this mailing list would rather get on with there perspective exchanges of information rather to have to receive e-mails every five minutes. I understand that this is a very important project for alot of people, it is important to me! But I also think that there is a level of professionalism that we should strive to uphold. JWinn -------------- next part -------------- HTML attachment scrubbed and removed From frankh at mwes.com Tue Sep 26 17:19:47 2000 From: frankh at mwes.com (Frank) Date: Tue Dec 2 02:31:37 2003 Subject: Do these messages indicate a problem? Message-ID: I have been trying to figure out why my WIn95 client cannot successfully log on to my NT domain via my Linux (2.2.10) server running Samba 2.0.7. The trouble is when I try to login during the connect process I get the "No domain controller was available to validate your password" message. I have noticed the following messages in log.nmb, but I don't have enough experience with Samba to know if these are related to my problem or just normal. My NT domain name is MWES, the PDC (SERVER) is NT 4.0 at 192.168.1.2 and the Linux box (Firewall) is 192.168.1.4. My Win95 client should become a member of WORKGROUP and is at 192.168.1.151. [2000/09/26 11:45:22, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet 192.168.1.4: netmask= 255.255.255.0: MWES(1) current master browser = SERVER FIREWALL 40009b0b (Samba 2.0.7) SERVER 4004160b () [2000/09/26 11:45:22, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.1.2: MWES(1) current master browser = UNKNOWN FIREWALL 40009a03 (Samba 2.0.7) [2000/09/26 11:45:22, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for MWES on subnet UNICAST_SUBNET: found. [2000/09/26 11:45:22, 4] nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1630) retransmit_or_expire_response_records: timeout for packet id 20063 to IP 192.168.1.2 on subnet UNICAST_SUBNET [2000/09/26 11:45:24, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for MWES on subnet UNICAST_SUBNET: found. [2000/09/26 11:45:25, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for MWES on subnet 192.168.1.4: found. [2000/09/26 11:45:25, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for MWES on subnet UNICAST_SUBNET: found. [2000/09/26 11:45:25, 4] nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1630) retransmit_or_expire_response_records: timeout for packet id 20063 to IP 192.168.1.2 on subnet UNICAST_SUBNET [2000/09/26 11:45:25, 4] nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1630) retransmit_or_expire_response_records: timeout for packet id 20064 to IP 192.168.1.2 on subnet UNICAST_SUBNET [2000/09/26 11:45:25, 4] nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1630) retransmit_or_expire_response_records: timeout for packet id 20065 to IP 192.168.1.2 on subnet UNICAST_SUBNET [2000/09/26 11:45:25, 4] nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1630) retransmit_or_expire_response_records: timeout for packet id 20066 to IP 192.168.1.2 on subnet UNICAST_SUBNET [2000/09/26 11:45:25, 4] nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1630) retransmit_or_expire_response_records: timeout for packet id 20067 to IP 192.168.1.2 on subnet UNICAST_SUBNET [2000/09/26 11:45:25, 4] nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1630) retransmit_or_expire_response_records: timeout for packet id 20070 to IP 192.168.1.2 on subnet UNICAST_SUBNET [2000/09/26 11:45:25, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for MWES on subnet UNICAST_SUBNET: found. Any and help is greatly appreciated. Thanks in advance, Frank Frank Holt Phone: (414) 327-0000 Project Engineer Fax: (414) 327-8821 Midwest Engineering Systems, Inc e-mail: frankh@mwes.com From jeremy at valinux.com Tue Sep 26 17:25:34 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:38 2003 Subject: TNG-stable References: <20000925181110.A19097@Denninger.net> <20000926103328.A21638@Denninger.net> <20000926173703.C11864@amxstudios.com> <20000926115800.A21906@Denninger.net> Message-ID: <39D0DC0E.D58D5C37@valinux.com> Karl Denninger wrote: > > I'm free to bitch if I want. And this I feel is becoming your whole point. Karl, you are spamming this list. Please stop. Regards, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From J.L.Gilmour at exeter.ac.uk Tue Sep 26 17:36:04 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:31:38 2003 Subject: TNG suitablity for production systems ? Message-ID: <70737.200009261736@olib> Following the recent bickering about TNG, can I ask this of the assembled masses... How many of us are using TNG in live systems? We're running a combination of Samba 2.x and 3.x to run a network of 50 or so NT boxes, 300 or so users. Office politics lead to the demise of a 'real' NT server, and Samba 3 / TNG was *tested* and found to be reliable for authentication and file sharing. It had a few bugs which stopped printing from working, hence the Samba 2.x servers for print sharing. It seems stable, but with recent claims I'm now wondering whether we're going to run in to BIG problems sometime soon, if the PDC goes, we have problems... Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter "Why is line printer paper strongest at the perforations?" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From mjwestkamper at weiinc.com Tue Sep 26 17:35:12 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:31:38 2003 Subject: Misc Message-ID: <39D0DE50.5596DBED@weiinc.com> Dear Luke, Whence we first discussed this I agreed you had a bit of a beef. I also looked into the "situation" a bit and have come to learn that this has gone from professional disagreement to a fist fight. The objectives here, the team, mine, yours and the user community are not well served by the smacking going on. You are obviously passionate about your causes as well as the work you do and have done. This is admirable and I for one, laude your efforts. I would ask that we try to get this back on track and focus our passions on making a network system that is the best there is. And to the keepers of the flag, A definitive statement of objectives would seem to be in order. Certainly this effort worked for a long time and we cannot sacrifice the good we all agree will come from this for the sake of misplaced management and the departure of a team member. Mike Westkamper From osabmt00 at fht-esslingen.de Tue Sep 26 18:38:16 2000 From: osabmt00 at fht-esslingen.de (Osama Abu-Aish) Date: Tue Dec 2 02:31:38 2003 Subject: TNG-stable In-Reply-To: <20000926115800.A21906@Denninger.net> References: <20000926173703.C11864@amxstudios.com>; from Thom May on Tue, Sep 26, 2000 at 05:37:03PM +0100 Message-ID: <39D0FB28.13226.30BE0F@localhost> Am 26 Sep 2000, um 11:58 Uhr schrieb Karl Denninger zum Thema Re: TNG-stable: Dazu meine Meinung: Karl, IMHO this list is named samba-ntdom, not samba-flame-war, samba-personal-statements-on-whatever, samba-whining, etc. So would You please stop this thread now so that we can return back to the helpful and technical discussions? In the meantime it has become a huge waste of bandwidth and I can't stand reading this any longer. Btw.: Why do You have to YELL all the time - this is no good style. Thank You for thinking about all the people not being interested in Your personal opinion about software in general. Yours, Osama --- Fachhochschule f?r Technik Esslingen Au?enstelle Goeppingen From jbeauchamp at gesinc.com Tue Sep 26 20:40:17 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:31:38 2003 Subject: NT4 WS cannot log on to my samba pdc References: <00092618275702.06052@server> Message-ID: <01a101c027fa$007133e0$1d01a8c0@internal.net> Timo: Try resetting your smb machine password (smbpasswd machinename -m). This works for me in my 2.0.7, but I can't say whether it will work for you. ----- Original Message ----- From: "Timo Fischer" To: Sent: Tuesday, September 26, 2000 9:15 AM Subject: NT4 WS cannot log on to my samba pdc > Hi, > > I configured my samba pdc (samba tng 2.6 ) and switched my test > workstation ( NT4 WS ) from its old domain to my new samba > controlled domain. I got the message: welcome to domain xyz. > > After the reboot, i could not login anymore. The NT Workstation > showed a message: cannot log on. the account for this machine > does not exist on the pdc or the password is wrong. > > I do not find any errors in my logs and the account for the > NT WS exists in my smbpasswd as well as in my /etc/passwd. > > > Thanks for your help, > Timo > > -- > ----------------------------------------------------------------------- > Timo Fischer mailto:timo@wytech.de > wytech GbR http://wytech.de/ > Peter-Bauer-Str.17 http://leopart.org/ > 67549 Worms http://abi.biz-worms.de/ > > From J.L.Gilmour at exeter.ac.uk Tue Sep 26 17:43:26 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:31:38 2003 Subject: NT4 WS cannot log on to my samba pdc In-Reply-To: <00092618275702.06052@server> from "Timo Fischer" at Sep 26, 2000 06:15:27 pm Message-ID: <71040.200009261743@olib> > I configured my samba pdc (samba tng 2.6 ) and switched my test > workstation ( NT4 WS ) from its old domain to my new samba > controlled domain. I got the message: welcome to domain xyz. We had something similar. In the end we changed the NT workstation to be only in a workgroup 'X', rebooted twice, reset the trust account on the PDC for that machine, then rejoined the domain. It worked after that, but for no obvious reason. We've had lots of problems with NT as we've changed 50 or so machine from one domain to another. In all cases, rebooting NT enough times fixed it. Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter "Why is line printer paper strongest at the perforations?" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From Adam.Propeck at fallon.com Tue Sep 26 17:53:40 2000 From: Adam.Propeck at fallon.com (Adam.Propeck@fallon.com) Date: Tue Dec 2 02:31:38 2003 Subject: Having problems with new SAMBA 2.0.7 server Message-ID: I am running SAMBA 2.0.7 on a Solaris 2.7 Box, and want to continue to have an NT4 PDC. I am having difficulty with password sync from NT to the Solaris side of things. I would like to have users on Win98/NT workstations be able to change their passwords on the NT side through CTRL-ALT-DEL, Change Password, and then get SAMBA and our /etc/passwd to sync to the new password. How can I go about doing this? Thanks, Adam Propeck Systems Administrator-Fallon adam.propeck@fallon.com 612-282-3458 ---------------------------------------------------------------- Below is an edited copy of my conf file. ---------------------------------------------------------------- # Samba config file created using SWAT # from host.com (xxx.xxx.xxx.xxx) # Date: 2000/09/26 11:59:36 # Global parameters [global] workgroup = FM netbios name = FMSAMBA server string = SAMBA SERVER security = DOMAIN encrypt passwords = Yes update encrypted = Yes min password length = 4 password server = NTPDC <---- Actual name of PDC is here passwd program = /bin/passwd %u passwd chat debug = Yes username map = /etc/user.map unix password sync = Yes debug hires timestamp = Yes debug pid = Yes debug uid = Yes logon home = os level = 0 local master = No wins server = xxx.xxx.xxx.xxx hide files = /Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/ [Creative] path = /data/fmsamba/ [homes] comment = Home Directory path = /data/homes/%u writeable = Yes browseable = No From jhgraber at execpc.com Tue Sep 26 17:58:59 2000 From: jhgraber at execpc.com (John H. Graber) Date: Tue Dec 2 02:31:38 2003 Subject: This is amazing. . . In-Reply-To: <20000926164504.8F6D570DAB@us4.samba.org> Message-ID: <004a01c027e3$85ecc500$960000c1@wds.com> I'm new to this list. I'm NOT new to the Internet or Windows NT. I am new to Samba. That said, this list reminds me of flame wars I used to see in the martial-arts newsgroup on Usenet! I don't care for your opinions on open source, the Samba project methodology, etc. What I DO care about is getting information, support, etc. from other sys admin types out there for what I find to be a fantastic tool, Samba. To Thom May: Amen, brother. To the Samba team: Many, many thanks. To the bruised egos: For cryin' out loud, take it OFF-LINE. PLEASE! So Samba has shortcomings. . . WHO CARES! They're working on it! As we all know, so does Micro$oft for at least the first three releases of any of its products. 8) Can we get back to working with what we've got? P.S. Thank God I signed up for this list in digest format! ;) --------------------------------------------------------------------------- -- | John Graber, MCP | "There are few problems that cannot be solved | | MIS/Telecom Manager | with the proper application of high explosives." | | Wisconsin Drapery Supply | | | badger@wi.rr.com | - U.S. Navy Explosive Ordnance Disposal Motto | --------------------------------------------------------------------------- -- From jeremy at valinux.com Tue Sep 26 18:08:18 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:38 2003 Subject: TNG suitablity for production systems ? References: <70737.200009261736@olib> Message-ID: <39D0E612.FB34766E@valinux.com> J.L.Gilmour@exeter.ac.uk wrote: > > Following the recent bickering about TNG, can I ask this of the > assembled masses... > > How many of us are using TNG in live systems? > > We're running a combination of Samba 2.x and 3.x to run a > network of 50 or so NT boxes, 300 or so users. Office politics > lead to the demise > of a 'real' NT server, and Samba 3 / TNG was *tested* and found to > be reliable for authentication and file sharing. It had a few bugs > which stopped printing from working, hence the Samba 2.x servers > for print sharing. > > It seems stable, but with recent claims I'm now wondering whether > we're going to run in to BIG problems sometime soon, if the PDC > goes, we have problems... If it works for you for what you need, then it's fine. We just don't want to officially support that code branch until the functionality is migrated into the "production" branch - that way many more developers will get familiar with it. Cheers, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From elrond at samba.org Tue Sep 26 18:10:53 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:38 2003 Subject: TNG-stable In-Reply-To: <39CFDEBA.81F14BA9@valinux.com>; from Jeremy Allison on Mon, Sep 25, 2000 at 04:24:42PM -0700 References: <39CFB59D.ED899E27@valinux.com> <20000925154031.A18865@Denninger.net> <39CFBDF4.269B51DC@valinux.com> <20000925181110.A19097@Denninger.net> <39CFDEBA.81F14BA9@valinux.com> Message-ID: <20000926201052.A20670@baerbel.mug.maschinenbau.tu-darmstadt.de> On Mon, Sep 25, 2000 at 04:24:42PM -0700, Jeremy Allison wrote: > Karl Denninger wrote: [...] > > There is no harm in this. Further, he didn't have to be "offered" > > anything, since Samba is publically CVSable. He could have told you to > > piss up a rope and done it without you (see the multiple times it was > > done with *BSD for examples) > > This was not a fork based on the public CVS code tree, > this was a fork based on *secure* ssh access to the real > CVS repository. Such a fork does require privillaged access > to the CVS repository. [...] What Karl meant was: Luke could have just used _read_ access to the current cvs tree via anoncvs and check that tree into another cvs-server and call it tng and work there. He used "*secure* ssh access", because he put the "fork" on the same cvs-server. Elrond From kevinc at grainsystems.com Tue Sep 26 18:12:19 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:38 2003 Subject: TNG suitablity for production systems ? References: <70737.200009261736@olib> Message-ID: <39D0E703.FC0A3D62@grainsystems.com> We are not using a TNG server in production, but we do use rpcclient as an integral part of our squid authentication mechanism. Only TNG's rpcclient could offer what we needed. For now, I'm sure you will have to continue using TNG as is. Hopefully, soon you and I can begin using Samba's main tree for these things, but, as other threads have noted, it is not currently known when or if the main tree will be able to provide such functionality. As far as I can tell from the recent debate on the matter, it may be next month, next year, next decade, or it may never happen at all. All that is known is that it is currently "in development". I really wish there was an answer to that question. (even if it were revised n times) - Kevin Colby kevinc@grainsystems.com J.L.Gilmour@exeter.ac.uk wrote: > > Following the recent bickering about TNG, can I ask this of the > assembled masses... > > How many of us are using TNG in live systems? > > We're running a combination of Samba 2.x and 3.x to run a > network of 50 or so NT boxes, 300 or so users. Office politics > lead to the demise > of a 'real' NT server, and Samba 3 / TNG was *tested* and found to > be reliable for authentication and file sharing. It had a few bugs > which stopped printing from working, hence the Samba 2.x servers > for print sharing. > > It seems stable, but with recent claims I'm now wondering whether > we're going to run in to BIG problems sometime soon, if the PDC > goes, we have problems... > > Jayne. > > -- > +----+----+----+----+----+----+----+----+----+----+----+----+----+ > Jayne Gilmour, BSc. MSc. Unix & Network Administrator > Department of Computer Science, University of Exeter > > "Why is line printer paper strongest at the perforations?" > +----+----+----+----+----+----+----+----+----+----+----+----+----+ From jeremy at valinux.com Tue Sep 26 18:25:18 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:38 2003 Subject: Misc References: <39D0DE50.5596DBED@weiinc.com> Message-ID: <39D0EA0E.551D089B@valinux.com> Mike Westkamper wrote: > And to the keepers of the flag, A definitive statement of objectives > would seem to be in order. Ok - here is an "official" statement, paraphrased from Gerald's excellent posts. Luke decided he could not work within the boundaries of the main samba code branch. Therefore he was offered a development branch for the sole purpose of continuing his work and that would would be evaluated before bringing it back into the HEAD branch code. Luke feels this work is not progressing in the way he would wish and has decided not to participate further in it. This of course is his decision and we should all respect it. This work is still going on of course, and the benefits of it will be released in a future version of Samba. Now to the question of whether or not Samba will ever be able to act as a PDC, the answer is YES ! We are working on it. If you would like to help, please jump in. We're really not a proud bunch and will gladly accept help. Really. :-) Thanks Gerald, Hope this clears things up, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jeremy at valinux.com Tue Sep 26 18:31:03 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:38 2003 Subject: TNG suitablity for production systems ? References: <70737.200009261736@olib> <39D0E703.FC0A3D62@grainsystems.com> Message-ID: <39D0EB67.DC207357@valinux.com> Kevin Colby wrote: > > For now, I'm sure you will have to continue using TNG as is. > Hopefully, soon you and I can begin using Samba's main tree > for these things, but, as other threads have noted, it is not > currently known when or if the main tree will be able to > provide such functionality. As far as I can tell from the > recent debate on the matter, it may be next month, next year, > next decade, or it may never happen at all. All that is known > is that it is currently "in development". > > I really wish there was an answer to that question. > (even if it were revised n times) Don't get too hung up on this (when) issue. The reason we don't give dates is that it is very hard to do so when we're working with undocumented subsystems. There is remarkable progress being made "behind the scenes" (mainly in Australia) - it will be released when it is nearer test quality. It *IS* going to happen, it's not a "may never happen at all" issue. We just don't want to promise a date, for obvious reasons. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From s.striker at striker.nl Tue Sep 26 18:38:52 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:31:38 2003 Subject: TNG suitablity for production systems ? In-Reply-To: <39D0E703.FC0A3D62@grainsystems.com> Message-ID: I believe Jerry brought it in to sync in HEAD. Sander >-----Original Message----- >From: samba-ntdom-admin@us4.samba.org >[mailto:samba-ntdom-admin@us4.samba.org]On Behalf Of Kevin Colby >Sent: Tuesday, September 26, 2000 8:12 PM >To: samba-ntdom@samba.org >Subject: Re: TNG suitablity for production systems ? > > > >We are not using a TNG server in production, but we do use >rpcclient as an integral part of our squid authentication >mechanism. Only TNG's rpcclient could offer what we needed. > >For now, I'm sure you will have to continue using TNG as is. >Hopefully, soon you and I can begin using Samba's main tree >for these things, but, as other threads have noted, it is not >currently known when or if the main tree will be able to >provide such functionality. As far as I can tell from the >recent debate on the matter, it may be next month, next year, >next decade, or it may never happen at all. All that is known >is that it is currently "in development". > >I really wish there was an answer to that question. >(even if it were revised n times) > > - Kevin Colby > kevinc@grainsystems.com > > > >J.L.Gilmour@exeter.ac.uk wrote: >> >> Following the recent bickering about TNG, can I ask this of the >> assembled masses... >> >> How many of us are using TNG in live systems? >> >> We're running a combination of Samba 2.x and 3.x to run a >> network of 50 or so NT boxes, 300 or so users. Office politics >> lead to the demise >> of a 'real' NT server, and Samba 3 / TNG was *tested* and found to >> be reliable for authentication and file sharing. It had a few bugs >> which stopped printing from working, hence the Samba 2.x servers >> for print sharing. >> >> It seems stable, but with recent claims I'm now wondering whether >> we're going to run in to BIG problems sometime soon, if the PDC >> goes, we have problems... >> >> Jayne. >> >> -- >> +----+----+----+----+----+----+----+----+----+----+----+----+----+ >> Jayne Gilmour, BSc. MSc. Unix & Network Administrator >> Department of Computer Science, University of Exeter >> >> "Why is line printer paper strongest at the perforations?" >> +----+----+----+----+----+----+----+----+----+----+----+----+----+ > > From smerrill at svfc.org Tue Sep 26 18:37:23 2000 From: smerrill at svfc.org (Scott Merrill) Date: Tue Dec 2 02:31:38 2003 Subject: TNG / Development / Helping Out Message-ID: <000a01c027e8$d034efc0$040a0a0a@svfc.org> Hello everyone. I've only recently subscribed to the NTDOM list, and it's been quite an eye-opening experience to watch the developments of the last few days. > Basically, the idea that you seemed to have missed is that this > is not actually helping anyone. The way to help is to turn off > your mail client, and start a decent text editor and a copy of > GCC, learn C and contribute. Or write documentation. Or keep the > website updated. Or *whatever*. but don't just bitch. I'd love to help. But there seems to be a real lack of definition of exactly how I, a non-programmer, can lend a hand. The Samba web pages don't indicate any sort of defined project manager, and the samba-docs archives I've skimmed don't say much in the way of "We need this, specifically, and that, specifically". *IS* there a defined project manager? Someone to act as full-time liason between the core developers and the population at large? Someone to regularly supply updates to the web pages about progress, and current needs? Someone to supply information for those people who use the product but don't have any inclination to help develop it, or even subscribe to the list? Indeed, the traffic in NT-DOM over the last few days has been pretty high, with more noise than signal. If I didn't have need for the functionality of the TNG branch's functionality in the forseeable future, I'd unsubscribe. BUGTRAQ and my local LUG mailing list fill my Inbox enough, thank you very much. I can't code a lick. Should I be put off by the ubiquitous "Show me the code or go away?" Should I really go away? =) I'm ready and willing to lend a hand. I just need to know who to approach. Cheers, Scott From ircd at michelog.med.uoc.gr Tue Sep 26 22:40:03 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:38 2003 Subject: Samba TNG PDC problems (please help!) Message-ID: <4.3.0.20000926183938.00a91850@michelog.med.uoc.gr> Hi. On Samba TNG 2.6 Login scripts and roaming profiles don't work for my windows 98 machines. It downloads the profile but won't upload nor will it start a login script. Also, when I use nexus's user manager ... I can't add users or groups, when I try to modify them it asks for a password, and I seem to always get it wrong ;(. Can someone tell me what this password is and how to fix this login script & profile problem? From mg at plum.de Tue Sep 26 20:32:52 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:38 2003 Subject: TNG suitablity for production systems ? References: <70737.200009261736@olib> Message-ID: <004e01c027f8$f2bfc280$0201010a@prangh> > Following the recent bickering about TNG, can I ask this of the > assembled masses... > > How many of us are using TNG in live systems? > > We're running a combination of Samba 2.x and 3.x to run a > network of 50 or so NT boxes, 300 or so users. Office politics > lead to the demise > of a 'real' NT server, and Samba 3 / TNG was *tested* and found to > be reliable for authentication and file sharing. It had a few bugs > which stopped printing from working, hence the Samba 2.x servers > for print sharing. > > It seems stable, but with recent claims I'm now wondering whether > we're going to run in to BIG problems sometime soon, if the PDC > goes, we have problems... I did a survery about this some time ago on my website ... you can see the results at: http://www.sambahq.de/poll/result.php3/1/ (its in german, but I guess you'll get the idea .... ;) regards, Michael From mg at plum.de Tue Sep 26 20:37:02 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:38 2003 Subject: Samba TNG PDC problems (please help!) References: <4.3.0.20000926183938.00a91850@michelog.med.uoc.gr> Message-ID: <007801c027f9$87de32c0$0201010a@prangh> > Hi. On Samba TNG 2.6 Login scripts and roaming profiles don't work for my > windows 98 machines. It downloads the profile but won't upload nor will it > start a login script. Also, when I use nexus's user manager ... I can't > add users or groups, when I try to modify them it asks for a password, and > I seem to always get it wrong ;(. Can someone tell me what this password > is and how to fix this login script & profile problem? the nexus thing probably won't work .. As for the profiles: - do the directories have the correct permission ? (check against the user logged with smbstatus) - what did you set in the 4 "profile" vars in the smb.conf ? regards, Michael From Jwinn at krauto.com Tue Sep 26 21:10:40 2000 From: Jwinn at krauto.com (Jeremy Winn) Date: Tue Dec 2 02:31:38 2003 Subject: Any Ideas? Message-ID: <01c027fe$393bca10$d8fea8c0@-jwinn.krauto.com> I am having a problem joining my NT domain. I enter smbpasswd -j "NT Domain". Then I get an error message. "Machine "Linux Box" is one of our addresses. Cannot add to ourselves. change_trust_account_password: Failed to change password for domain "NT domain". Unable to join domain "NT domain" " On my NT Machine I added my linux box as a trusted domain (even though it does not show in the list, I tried to add it again and I got a message machine account already exists for this domain) Also on my NT machine in server manager for domains if I try to see the services of the "Samba Server/Windows NT Backup" Dr.Watson is activated and I get an application error (Exception access violation (0xc0000005), Address 0x7781f3d8. When I try to see the shared directories I get a RPC error. Also when I try to synchronize with the PDC I get a RPC error. I am running samba 2.06. I would like to try out samba head for its BDC support but, I do not know where to download it or how to compile it. If someone could give me a few new Ideas I would certainly appreciate it. I am glad that the bickering is over, or at least off this list. I did not know if my e-mail server or I could take much more :))) JWinn -------------- next part -------------- HTML attachment scrubbed and removed From bob at meeker.csuohio.edu Tue Sep 26 22:08:16 2000 From: bob at meeker.csuohio.edu (Robert M. Martel) Date: Tue Dec 2 02:31:38 2003 Subject: Problems creating users in TNG Message-ID: <200009262208.SAA09934@meeker.csuohio.edu> New to TNG, new to the list. I looked in the archive for similar problems, but if it has been asked I missed it. I built TNG alpha 2.6 on my linux test machine (redhat 6.2) without any problem. I've been unable to add users using samedit -> createuser. When I turn some debugging on I see: SAMR Open Domain... ... policy(pnum=3): setting name to SAM_DOMAIN SAMR create domain user. Name:bob Found Policy hnd[3] SAMR_R_CREATE_USER: NT_STATUS_ACCESS_DENIED ... Create Domain user failed. I've been using "Special Edition Using Samba" and the TNG website as guides in this. I did see an earlier posting about smbpasswd not compiling on some machines. When I looked on mine I found that mine had not been built as well - what is up with that? Is that my problem? Anyone able to point me in the right direction? Thanks! Bob Martel ****************************************************************************** Bob Martel - System Administrator | I met someone who looks a lot like you Levin College of Urban Affairs | She does the things you do Cleveland State University | But she is an IBM (216) 687-2214 | bob@meeker.csuohio.edu | -Jeff Lynne ****************************************************************************** From barbar at groupcolleges.edu.au Wed Sep 27 01:03:12 2000 From: barbar at groupcolleges.edu.au (barbar@groupcolleges.edu.au) Date: Tue Dec 2 02:31:38 2003 Subject: TimeStamp problem Message-ID: <3.0.6.32.20000927110312.007a6cd0@210.10.53.42> I think samba provides time server service. And write a login script to syn with the samba server. Andi Salimun -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.5.8 for non-commercial use mQGiBDm9JNYRBADr6SMXGOPaUIggQJh4EidNqyfRFatCH7oBPyHxkdp8KNNcIdbp vs03TUWBia2n3yHQ+/2NvQ/eZpvXx+nSQHOJIOLe6Yhf79IH5dzD68bJOKe4tsd/ n1CNHn0C400cadE3YYk0ChSBcMYS/67fI7Qn4TQbG1to5ZcsUMk/4xVFgQCg/7SX VkSUi6rgm27H2cgaGx4Lxp8EALDf0Wy8RFjIFbROXwQeInK2mkI3niSj318GP7G8 JLN24CAc6DUXFWKFvlLixA6P7gqXgqZIa+aEiHvk6an8bl3GnGbf7LNr586Yju9v AfbgdPSdEV0TiN04siEniZQgkmO6XlqLWYNYZpDPA8ZiwQ5q9e19A4fG37Rss5s+ lYbYA/9S54FlPCzlejS3h8KK6vSMVIPvU5Vpwm8LGzTwkQOJr0AqiMX4aqDScq7G zCa1Pc0s+RH+Q322i+wRddSPqdQkDuwEYjvFgZROyCClulgEb/vjDBwZY7tUul0V eStLSOeoRX2fofylZRC8IRmaNLT9dlgxprcGvFBKlBYWAwVvrrQoQW5kaSBTYWxp bXVuIDxhbmRpc0BzdHVkZW50LnVuc3cuZWR1LmF1PokATgQQEQIADgUCOb0k1gQL AwIBAhkBAAoJEGlWmX4yLiuZRREAoJiJF0vNOEQaRr2nD29nLhKYKWjLAKDukNkp cvYocnIiJBtdi6MYI2P3AbkCDQQ5vSTWEAgA9kJXtwh/CBdyorrWqULzBej5UxE5 T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/c dlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaCl cjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD 8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZ yAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggA uiQO26HCEgBxwuV5PulICOiw8ltuE57KK0kaniMRwSYBkeuTiLmpEOob/5Diw2kX xfKNqOsbKbUJIpYZqI5WV6u9WX5c24JrL7UL5akYb44yGHg3m4e7j+s6+SgtMNv/ /li+vwAGx6/megtbRpwP+Pu376osGoRfZMphOr1aCiJTJPmcPMfOl+PYjd6LjLuN xWuhPd/OUmJsifkontTPpv9Lpb/gr8r48RgkPEkqrWrxUS3zLGUA2h/mPw3K3Hmx tq4UI6RHyAgCIYn04isRENEqK4fmXrVSkc5wfzeQSAMNnbALrvkETmzAR3DYftvs +3xtBKW8t9jBPSDR7tVlG4kARgQYEQIABgUCOb0k1gAKCRBpVpl+Mi4rmQlPAKDR +JlkGe6M+Uo0dyOffbsX4KUQpQCfXmhMUjjjHqf/nNv4DolJfYBSiZ8= =OuiH -----END PGP PUBLIC KEY BLOCK----- From jbeauchamp7 at mindspring.com Wed Sep 27 00:09:01 2000 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:31:38 2003 Subject: Problems creating users in TNG References: <200009262208.SAA09934@meeker.csuohio.edu> Message-ID: <001a01c02817$25666400$0a01a8c0@easypea.com> Robert: As I think you have seen, TNG does not use smbpasswd but samedit instead. I have not played with TNG myself but check out these links. They are the best source for TNG HOWTO... James http://www.kneschke.de/projekte/samba_tng see attached html doc. - I can't remember where I got this link from...:) Hope this helps... ----- Original Message ----- From: "Robert M. Martel" To: Sent: Tuesday, September 26, 2000 6:08 PM Subject: Problems creating users in TNG > New to TNG, new to the list. I looked in the archive for > similar problems, but if it has been asked I missed it. > > I built TNG alpha 2.6 on my linux test machine (redhat 6.2) > without any problem. > > I've been unable to add users using samedit -> createuser. When I > turn some debugging on I see: > > SAMR Open Domain... > ... > policy(pnum=3): setting name to SAM_DOMAIN > SAMR create domain user. Name:bob > Found Policy hnd[3] > SAMR_R_CREATE_USER: NT_STATUS_ACCESS_DENIED > ... > Create Domain user failed. > > > I've been using "Special Edition Using Samba" and the TNG website > as guides in this. > > I did see an earlier posting about smbpasswd not compiling on > some machines. When I looked on mine I found that mine had not > been built as well - what is up with that? Is that my problem? > > Anyone able to point me in the right direction? > Thanks! > Bob Martel > **************************************************************************** ** > Bob Martel - System Administrator | I met someone who looks a lot like you > Levin College of Urban Affairs | She does the things you do > Cleveland State University | But she is an IBM > (216) 687-2214 | > bob@meeker.csuohio.edu | -Jeff Lynne > **************************************************************************** ** > > > -------------- next part -------------- HTML attachment scrubbed and removed From rtanner at linfield.edu Wed Sep 27 00:41:16 2000 From: rtanner at linfield.edu (Rob Tanner) Date: Tue Dec 2 02:31:38 2003 Subject: smbpasswd -j -r won't work for me! Message-ID: <19160000.970015276@cheshire.onlinemac.com> I've been using SAMBA for a while, but this my first effort running it on LINUX, and I'm not sure if that has anything to do with my problem or not. This is what I typed and the response I got: [root@uranus]# smbpasswd -j EUROPA -r SATURN doing parameter syslog = 10 doing parameter log file = /usr/local/samba/var/log.%m doing parameter announce as = NT Workstation doing parameter deadtime = 15 doing parameter lpq cache time = 30 doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY doing parameter local master = No doing parameter wins server = 10.219.255.244 doing parameter admin users = rtanner doing parameter hosts allow = 10. doing parameter hosts deny = 0.0.0.0/0.0.0.0 pm_process() returned Yes added interface ip=10.219.255.245 bcast=10.219.255.255 nmask=255.255.0.0 resolve_lmhosts: Attempting lmhosts lookup for name SATURN<0x20> resolve_hosts: Attempting host lookup for name SATURN<0x20> Connecting to 10.219.255.240 at port 139 cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine SATURN. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 2000/09/26 14:17:43 : change_trust_account_password: Failed to change password for domain EUROPA. Unable to join domain EUROPA. I'm afraid my NT guy can't tell me any more than it's complaining that there's no trust account for my machine, but that's what I'm supposedly trying to set up. The pertinent numbers are NT4 service pack 6 on the Microsoft side, and rh 6.2 and Samba 2.0.7 on the LINUX side. I have gone through DOMAIN_MEMBER.txt to make sure everything is set up correctly. There is a /usr/local/samba/private directory. The samba.conf file is configured almost identically to another samba box running on solaris 7 that is a full participant in the domain I'm trying to get the LINUX box into. And all the daemons are stopped. Unfortunately, DOMAIN_MEMBER.txt doesn't provide any trouble-shooting tips, so here I am. Can anybody tell me what is actually happening and what the problem might be? Thanks, Rob _ _ _ _ _ _ _ _ _ _ /\_\_\_\_\ /\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_/ /\/_/ /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner UNIX and Networks Manager Linfield College, McMinnville OR (503) 434-2558 From mgeddes at xavier.sa.edu.au Wed Sep 27 01:14:03 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:38 2003 Subject: smbpasswd -j -r won't work for me! References: <19160000.970015276@cheshire.onlinemac.com> Message-ID: <39D149DB.1D16BA11@xavier.sa.edu.au> Rob Tanner wrote: > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > SATURN. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 2000/09/26 14:17:43 : change_trust_account_password: Failed to change > password for domain EUROPA. > Unable to join domain EUROPA. > Can anybody tell me what is actually happening and what the problem > might be? > > Thanks, > Rob Did you use Server Manager on the NT PDC to create a workstation account for the Linux box? This is necessary. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From valentin at russia.crosswinds.net Tue Sep 26 01:35:44 2000 From: valentin at russia.crosswinds.net (Evpaty) Date: Tue Dec 2 02:31:38 2003 Subject: Samba 2.0.7 + FreeBSD 4.1-STABLE + W2k sp1 Message-ID: <20337579133.20000926123544@russia.crosswinds.net> Hi all! I have a FreeBSD 4.1-STABLE box as a file server. It has two NIC's su-2.04# ifconfig rl0: flags=8843 mtu 1500 inet 10.0.1.102 netmask 0xffffff00 broadcast 10.0.1.255 inet6 fe80::250:baff:fed1:de26%rl0 prefixlen 64 scopeid 0x1 ether 00:50:ba:d1:de:26 media: autoselect (none) status: active supported media: autoselect 100baseTX 100baseTX 10baseT/UT P 10baseT/UTP 100baseTX xl0: flags=8843 mtu 1500 inet 132.124.12.5 netmask 0xffffff00 broadcast 132.124.12.255 inet6 fe80::210:5aff:fe46:db36%xl0 prefixlen 64 scopeid 0x2 ether 00:10:5a:46:db:36 media: 10base2/BNC supported media: 10base2/BNC 10base5/AUI 10baseT/UTP 10bas eT/UTP 10baseT/UTP This is the Samba-2.0.7 config: [global] workgroup = WKG server string = Samba Server hosts allow = 10.0.1. 132. 127. load printers = yes guest account = pcguest log file = /usr/local/samba/var/log.%m max log size = 50 security = share encrypt passwords = yes socket options = TCP_NODELAY interfaces = 10.0.1.102/255.255.255.0 132.124.12.5/255.255.255.0 local master = yes os level = 65 domain master = yes preferred master = yes wins support = yes One of them looks at the coaxial subnet, one - at 100Mbit UTP5 On the 100Mbit side of the router there is a Windows 2000 Box with 3Com 905B card. I have a problem with Samba from this box. Any operation like copying file to or from Samba share is done _extremely_ slow, 60-80 kb per second. This is not a network problem - ftp is 10 times faster. Windows 98 from the coaxial side of the router works much faster. How can i fix it? From lkcl at samba.org Wed Sep 27 01:09:32 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:39 2003 Subject: TNG-stable In-Reply-To: Message-ID: > As of today, I have read thousand of mails from people asking for > features. I have received ONLY A SINGLE mail from someone asking what to > do to help. I have NEVER received a single mail which included some code > to improve the RPC code of Samba. jf, i receive about one offer of assistance per... two or three months. the samba code is complex, and it takes time to encourage people to get involved, up-to-speed, to identify possibly psychologically intimidating barriers with a project of this size etc. you, matty, elrond and sander are some of the successes i have had, with some needing less encouragement and more opportunity: i think you and matty just _got_ it, from the word go :) one of the goals of the daemon architecture is [was] to reduce the perceived size of the entire project into smaller, self-contained sub-projects that other people could be encouraged to develop, enjoy and maintain with pride [hey, look, i wrote my own samrd and it's really beefily cool and integrates with...] the direction i have been taking is not necessarily all based on technical prowess and merit, but in consideration of the future and the scope - scale - of the project: 320,000 lines, and climbing. all the best, lukes From ircd at michelog.med.uoc.gr Wed Sep 27 04:02:13 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:39 2003 Subject: Samba TNG PDC (help!) Message-ID: <4.3.0.20000927000116.00a829d0@michelog.med.uoc.gr> I have samba tng 2.6. I use nexus's user manager & server manager. Server manager seems to work quite well. User manager on the other hand cannot add users (it closes down.) and when I try to modify the user... it goes into the user properties... but then when I click ok it doesn't modify anything. I was told that you can modify users in usrmgr with samba tng. From lkcl at samba.org Wed Sep 27 01:18:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:39 2003 Subject: TNG-stable In-Reply-To: <39D0D625.EC246A7B@valinux.com> Message-ID: On Tue, 26 Sep 2000, Jeremy Allison wrote: > > release, but for sufficient time to allow incremental development and work > > TOWARDS your standards - one cvs commit at a time. > > That's what the TNG branch is. Why did you stop working > on it ? a number of reasons. primarily the lack of support for code merging in areas that have zero or negligable code difference. i spent two weeks back in april using dirdiff to merge about 80,000 lines of smbd and nmbd code into TNG. i thought that once this was done, i would not have to do it again, as people would simultaneous-update. within two days, andrew did some work on cvs main, without updating TNG. the work took him one hour. i had to redo the merge process, examining over 100 files, and it took me six hours. secondarily, a lack of respect for my incremental coding approach, and the fact that what i miss, others realise that it is too important to let me get away with, and encourage me to do better. overall, i have tried numerous approaches to achieve the goals i set out to achieve. once all the means were exhausted, and it became less than fun to continue finding alternatives or pressing existing ones, i took that as a signal to stop. > Luke, you need to get off line some, and chill out. that's why i'm not on any of the samba lists, any more. > You are taking this far too personally. yes, i am, i am afraid. From lkcl at samba.org Wed Sep 27 01:22:32 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:39 2003 Subject: Misc In-Reply-To: <39D0DE50.5596DBED@weiinc.com> Message-ID: > You are obviously passionate about your causes as well as the work you > do and have done. This is admirable and I for one, laude your efforts. I > would ask that we try to get this back on track and focus our passions > on making a network system that is the best there is. sorry, mike, on two accounts. once for distracting time and energy from development, and twice for having to say that under the current conditions, which the ultimate aim of my messages have been to shake out even if i do not continue, i will not be involved. all best, lukes. From gcarter at valinux.com Wed Sep 27 05:42:21 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:39 2003 Subject: TNG / Development / Helping Out References: <000a01c027e8$d034efc0$040a0a0a@svfc.org> Message-ID: <39D188BD.FEF70B49@valinux.com> Scott Merrill wrote: > > I'd love to help. But there seems to be a real lack of > definition of exactly how I, a non-programmer, can lend > a hand. The Samba web pages don't indicate any sort > of defined project manager, and the samba-docs archives > I've skimmed don't say much in the way of "We need this, > specifically, and that, specifically". If you will corrdinate with me, I'll put you to work :-) Just tell me what you are interested in... > *IS* there a defined project manager? Someone to act > as full-time liason between the core developers and > the population at large? Someone to regularly supply > updates to the web pages about progress, and current needs? No. and I will apologize for this. No excuses. We all work in a somewhat isolated workspace. Jeremy is in charge of being the release manage for 2.2. Andrew in in charge of HEAD. We corrdinate together which can make it make to pinpoint a set of things that need to be outside of our head. Talk to me (anyone) and we'll get something going. Coding, documenting, testing, etc.... > I can't code a lick. Should I be put off by the > ubiquitous "Show me the code or go away?" Should I > really go away? =) I'm ready and willing to > lend a hand. I just need to know who to approach. code == documentation == testing feedback == useful input :-) No, don't go away. If you are interested in helping, let me know. -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From fischer at wytech.de Wed Sep 27 05:24:20 2000 From: fischer at wytech.de (Timo Fischer) Date: Tue Dec 2 02:31:39 2003 Subject: NT4 WS cannot log on to my samba pdc In-Reply-To: <71040.200009261743@olib> References: <71040.200009261743@olib> Message-ID: <00092707272300.00413@server> it works. i only needed to reboot one time. ;-) thanks > We had something similar. In the end we changed the NT workstation > to be only in a workgroup 'X', rebooted twice, reset the trust account > on the PDC for that machine, then rejoined the domain. It worked > after that, but for no obvious reason. > -- ----------------------------------------------------------------------- Timo Fischer mailto:timo@wytech.de wytech GbR http://wytech.de/ Peter-Bauer-Str.17 http://leopart.org/ 67549 Worms http://abi.biz-worms.de/ From gcarter at valinux.com Wed Sep 27 05:49:40 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:39 2003 Subject: TNG suitablity for production systems ? References: Message-ID: <39D18A74.2D1865F0@valinux.com> Sander Striker wrote: > > I believe Jerry brought it in to sync in HEAD. > Just some of the printing client side API's I haven;t finished the other client sode code yet. Just fyi... Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Adam.Propeck at fallon.com Wed Sep 27 06:29:17 2000 From: Adam.Propeck at fallon.com (Adam.Propeck@fallon.com) Date: Tue Dec 2 02:31:39 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! Message-ID: I submitted this problem before but haven't received a response. There were promises made as to performance of the SAMBA server, and my team is hard pressed to meet our deadlines. I really need some help here guys (and gals). Please let me know ASAP as I am currently working on our 2 production servers now and can't wait! THANKS in advance, ADAM PROPECK ----------------------------------------------------------------------------------------------------------- *************Previous Message***************** ----------------------------------------------------------------------------------------------------------- I am running SAMBA 2.0.7 on a Solaris 2.7 Box, and want to continue to have an NT4 PDC. I am having difficulty with password sync from NT to the Solaris side of things. I would like to have users on Win98/NT workstations be able to change their passwords on the NT side through CTRL-ALT-DEL, Change Password, and then get SAMBA and our /etc/passwd to sync to the new password. How can I go about doing this? Thanks, Adam Propeck Systems Administrator-Fallon adam.propeck@fallon.com 612-282-3458 ---------------------------------------------------------------- Below is an edited copy of my conf file. ---------------------------------------------------------------- # Samba config file created using SWAT # from host.com (xxx.xxx.xxx.xxx) # Date: 2000/09/26 11:59:36 # Global parameters [global] workgroup = FM netbios name = FMSAMBA server string = SAMBA SERVER security = DOMAIN encrypt passwords = Yes update encrypted = Yes min password length = 4 password server = NTPDC <---- Actual name of PDC is here passwd program = /bin/passwd %u passwd chat debug = Yes username map = /etc/user.map unix password sync = Yes debug hires timestamp = Yes debug pid = Yes debug uid = Yes logon home = os level = 0 local master = No wins server = xxx.xxx.xxx.xxx hide files = /Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/ [Creative] path = /data/fmsamba/ [homes] comment = Home Directory path = /data/homes/%u writeable = Yes browseable = No From Jean-Francois.Micouleau at dalalu.fr Wed Sep 27 11:17:17 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:39 2003 Subject: TNG-stable In-Reply-To: Message-ID: On Wed, 27 Sep 2000, Luke Kenneth Casson Leighton wrote: > the samba code is complex, and it takes time to encourage people to get > involved, up-to-speed, to identify possibly psychologically intimidating > barriers with a project of this size etc. I disagree Luke, the code is not so complex. It's even clearer and clearer. I've been involved in project where the code is much more complex to understand. > you, matty, elrond and sander are some of the successes i have had, with > some needing less encouragement and more opportunity: i think you and > matty just _got_ it, from the word go :) > > one of the goals of the daemon architecture is [was] to reduce the > perceived size of the entire project into smaller, self-contained > sub-projects that other people could be encouraged to develop, enjoy and > maintain with pride [hey, look, i wrote my own samrd and it's really > beefily cool and integrates with...] Luke even before day 1 you coded the daemon architecture, you have been told the way you wanted to do it was wrong. Remember, we spent a whole afternoon drafting that part at CB1 2 years ago. Andrew, Jeremy and I told you we don't want the daemon architecture like you've done it because it doesn't scale. At least stop spreading that we left you working alone on TNG and that we refused everything from you. We adviced you while you were prototyping code to ease the integration in HEAD, I've asked you numerous times to send us by-fonctionnality diffs of the code to integrate in HEAD. I have never received anything. Even when I asked you what you did in TNG to support W2K, you simply reply "some change on netlogon and lsa". Well, I'm currently respending as much of my time as you spend yours to know exactly what we are missing in HEAD. We all have made mistake in this story including YOU. Period. End of this thread. J.F. From bgmilne at ing.sun.ac.za Wed Sep 27 13:09:27 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:39 2003 Subject: MS "breaking" Samba References: <9B6B824220DBD311BF5A1000974B43B32235FD@EXCH05001> Message-ID: <39D1F187.8A13D6E5@ing.sun.ac.za> File permissions for done don't show the file owner/group, instead something that looks like an SID. Buchan "Arjona, Ariel" wrote: > > I've been running SAMBA 2.0.6-48 on SuSE6.4, and didn't have any problems > seeing the shares with my w2k workstation. > What are the problems people have with SAMBA < 2.0.7? > > -- > Ariel Arjona > Webmaster > aarjona@banistmo.com > http://www.banistmo.com > > -----Original Message----- > From: Simo Sorce [SMTP:simo.sorce@polimi.it] > Sent: Tuesday, September 26, 2000 11:39 AM > To: Gerald Carter > Cc: Paul Leach; samba-ntdom@samba.org > Subject: Re: MS "breaking" Samba > > Gerald Carter wrote: > > > > Long message notice..... > > > > Simo Sorce wrote: > > > > > > > Paul Leach wrote: > > > > > > > > We have never added any improvements (or > > > > non-improvements) to the protocols in order to > > > > "break" Samba (or to affect it in any way at > > > > all). We tested Win2k against Samba as a file > > > > server to make sure that it continued to work > > > > as a "down-level" server, along with NT4, > > > > OS/2, Windows 9x, and others. Of course, it (just > > > > like NT4) would not support the new Windows > > > > 2000 features, by which we hope to entice our > > > > customers to upgrade by providing new value to them. > > > > > > > > Just to be clear: we didn't test Win2k against Samba as > > > > a DC; we did test against NT4 DCs, however, so if > > > > Samba really does emulate all NT4 DC functionality, > > > > it should have been OK. > > > > > > > > Paul > > > > Hi Paul. Haven't head a peep from you in a while. Hope > > things are well. Just though I would inject that first. > > > > > I'm not a Samba team member, but as I remember Samba > > > needed to upgrade from 2.0.6 to 2.0.7 just to serve files > > > to Win2k machines, so your claim that you tested Win > > > 2000 against Samba to ensure compatibility as file > > > server must be false! > > > > > > DC functionality was not supported so testing against it > > > was obviously not required, anyway win2k does not > > > function with samba 2.0.x in NT4 compatibility mode(how > > > much compatible is then??) > > > > > > I hate to see this kind of statements from employee of > > > a company that is proven to have made unfair practices, I > > > think that if you care your personal reputation you > > > should check twice and prove your statements before speaking. > > > > Simo, Antagonism doesn't help. :-) MS did clean > > up many things in Win2k. Perhaps the complaint is that > > all the changes were not documented. (hey paul ;) ) > > > > So i will make another plea. (quoting from a previous > > request by Luke). Any (or all) of the information > > would be a good thing. > > > > i will move this off list after the > > initial request in case you would like > > to discuss this further > > > > .....begin plea......................... > > I've not said they have broken things or they have not cleened up > the > code, I said they cannot claim to have tested win2k against samba > for > compatibility as as far I remember (am I correct) samba < 2.0.7 will > not > be able to serve file to win2k and 2.0.7 come out after win2k also > to > resolve this problem. > Am I wrong? > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di > Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From k.blin at gmx.net Wed Sep 27 13:15:05 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:39 2003 Subject: TNG / Development / Helping Out In-Reply-To: <39D188BD.FEF70B49@valinux.com>; from gcarter@valinux.com on Wed, Sep 27, 2000 at 12:42:21AM -0500 References: <000a01c027e8$d034efc0$040a0a0a@svfc.org> <39D188BD.FEF70B49@valinux.com> Message-ID: <20000927151505.D5420@molgen-6.iah.medizin.uni-tuebingen.de> On Wed, Sep 27, 2000 at 12:42:21AM -0500, Gerald Carter wrote: [snip] > If you will corrdinate with me, I'll put you to work :-) > Just tell me what you are interested in... I can do some Web page stuff (nothing tricky though). I would also like to do some documentation stuff. (I'm already doing a newbie guide to mutt (the mail program that sucks less ;)) So I'm in SGML/Docbook. would that help you. Testing is (so far) a bit tricky, (having only one P166 to play (test) with, but that'll change soon, too. (I hope :) [snip] > Talk to me (anyone) and we'll get something going. Coding, > documenting, testing, etc.... I did this right now, didn't I? :) > > I can't code a lick. [snip] I'm learning C, but I'm far away from being good at it. It's interesting, though. > code == documentation == testing feedback == useful input :-) > No, don't go away. If you are interested in helping, let > me know. Here you go. Greets KAi -- Kai Blin, Sysop University of Tuebingen dept. of immunology Freedom is slavery. Ignorance is strength. War is peace. -- George Orwell From rszczesniak at mis.com.pl Wed Sep 27 13:18:53 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:39 2003 Subject: TNG suitablity for production systems ? Message-ID: I use combination of Samba TNG and Samba HEAD in my private two computer network, and have no problems. In one office I installed Samba 2.0.7 (no problems also), but I'm going to implement one or two TNG/HEAD server(s) carefully. Of course, all the time "keeping care" of whole system. greetings Rafa? Jeremy Allison Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-26 20:08 Do: J.L.Gilmour@exeter.ac.uk DW: samba-ntdom@us4.samba.org Temat: Re: TNG suitablity for production systems ? J.L.Gilmour@exeter.ac.uk wrote: > > Following the recent bickering about TNG, can I ask this of the > assembled masses... > > How many of us are using TNG in live systems? > > We're running a combination of Samba 2.x and 3.x to run a > network of 50 or so NT boxes, 300 or so users. Office politics > lead to the demise > of a 'real' NT server, and Samba 3 / TNG was *tested* and found to > be reliable for authentication and file sharing. It had a few bugs > which stopped printing from working, hence the Samba 2.x servers > for print sharing. > > It seems stable, but with recent claims I'm now wondering whether > we're going to run in to BIG problems sometime soon, if the PDC > goes, we have problems... If it works for you for what you need, then it's fine. We just don't want to officially support that code branch until the functionality is migrated into the "production" branch - that way many more developers will get familiar with it. Cheers, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jbeauchamp at gesinc.com Wed Sep 27 16:29:05 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:31:39 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! References: Message-ID: <002301c028a0$14f2aaa0$1d01a8c0@internal.net> Adam: I am not currently doing this, but have you configured the password sync and password chat section in smb.conf? james ----- Original Message ----- From: To: ; Sent: Tuesday, September 26, 2000 11:29 PM Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! > > I submitted this problem before but haven't received a response. There > were promises made as to performance of the SAMBA server, and my team is > hard pressed to meet our deadlines. I really need some help here guys (and > gals). Please let me know ASAP as I am currently working on our 2 > production servers now and can't wait! THANKS in advance, ADAM PROPECK > -------------------------------------------------------------------------- --------------------------------- > *************Previous Message***************** > -------------------------------------------------------------------------- --------------------------------- > I am running SAMBA 2.0.7 on a Solaris 2.7 Box, and want to continue to have > an NT4 PDC. I am having difficulty with password sync from NT to the > Solaris side of things. I would like to have users on Win98/NT > workstations be able to change their passwords on the NT side through > CTRL-ALT-DEL, Change Password, and then get SAMBA and our /etc/passwd to > sync to the new password. How can I go about doing this? > > Thanks, > Adam Propeck > Systems Administrator-Fallon > adam.propeck@fallon.com > 612-282-3458 > > ---------------------------------------------------------------- > Below is an edited copy of my conf file. > ---------------------------------------------------------------- > > # Samba config file created using SWAT > # from host.com (xxx.xxx.xxx.xxx) > # Date: 2000/09/26 11:59:36 > > # Global parameters > [global] > workgroup = FM > netbios name = FMSAMBA > server string = SAMBA SERVER > security = DOMAIN > encrypt passwords = Yes > update encrypted = Yes > min password length = 4 > password server = NTPDC <---- Actual name of PDC is here > passwd program = /bin/passwd %u > passwd chat debug = Yes > username map = /etc/user.map > unix password sync = Yes > debug hires timestamp = Yes > debug pid = Yes > debug uid = Yes > logon home = > os level = 0 > local master = No > wins server = xxx.xxx.xxx.xxx > hide files = /Network Trash > Folder/TheFindByContentFolder/TheVolumeSettingsFolder/ > > [Creative] > path = /data/fmsamba/ > > [homes] > comment = Home Directory > path = /data/homes/%u > writeable = Yes > browseable = No > > > > From bgmilne at ing.sun.ac.za Wed Sep 27 13:44:47 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:39 2003 Subject: Domain Printing Question References: <014701c027e8$edd614a0$1d01a8c0@internal.net> Message-ID: <39D1F9CF.AFF231A7@ing.sun.ac.za> Any printer you connect to a linux box directly needs an entry in the printcap file. Any "local" (mapped woudl be the windows term) network printers also do. The best tool for this on Redhat is redhat's "printtool". Unfortunately you need X to run this (unlike Mandrake's "printerdrake"), but if you have a Redhat box with X on, you could probably set one up from there. Buchan "James W. Beauchamp" wrote: > > I have Samba 2.07 currently running under RH Linux 6.2 with mostly NTWS > connecting. Samba provides all application and data shares. I would like > to enable domain logons but am confused about how printing works. I have > read the domain printing text file and just need to know do I have to setup > a printcap file for all printers served by the domain? If so, does anyone > know of a source for printcap files for HP printers. I am a linux/unix > newbie and don't think I know enough to build one.... yet :)) I don't seem > to have problems with my HP 4 and 5's, but I have an odd ball HP ColorproCAD > that doesn't seem to work at all (all have jetdirect cards) I know that part > of the question is off topic, but this list is loaded with people already > doing this. > > Any help would be appreciated. > > James > > 'If you ain't the lead dog, the scenery never changes' > Unknown -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From k.blin at gmx.net Wed Sep 27 13:45:53 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:39 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! In-Reply-To: ; from Adam.Propeck@fallon.com on Wed, Sep 27, 2000 at 01:29:17AM -0500 References: Message-ID: <20000927154553.A7301@molgen-6.iah.medizin.uni-tuebingen.de> On Wed, Sep 27, 2000 at 01:29:17AM -0500, Adam.Propeck@fallon.com wrote: > > I submitted this problem before but haven't received a response. Sorry, perhaps you noticed the traffic here :) I'm afraid you got drowned out. > I really need some help here guys (and > gals). Please let me know ASAP as I am currently working on our 2 > production servers now and can't wait! THANKS in advance, ADAM PROPECK Let's get back to serious work then. :) > I am running SAMBA 2.0.7 on a Solaris 2.7 Box, and want to continue to have > an NT4 PDC. I'm not into Solaris, but it should be similar to Debian Linux in this case (I hope) :) > I am having difficulty with password sync from NT to the > Solaris side of things. I would like to have users on Win98/NT > workstations be able to change their passwords on the NT side through > CTRL-ALT-DEL, Change Password, and then get SAMBA and our /etc/passwd to > sync to the new password. How can I go about doing this? Let's see what you have here. > passwd program = /bin/passwd %u > passwd chat debug = Yes > username map = /etc/user.map > unix password sync = Yes Hm, I think it is connected with the %u (username). I'm not shure whether this is the SMB or the Unix username. Might any of you guys who work with this on a regular basis reply? passwd chat debug will only help you for the "passwd chat" option and a log level of 100. Ever tried this, by the way? Have a look at the online version of the Using Samba book. it's explained in chapter 6.4. Check this and then please write again. Hope I could help Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology It's better to burn out than it is to rust. From bgmilne at ing.sun.ac.za Wed Sep 27 13:49:06 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:39 2003 Subject: smbpasswd -j -r won't work for me! References: <19160000.970015276@cheshire.onlinemac.com> Message-ID: <39D1FAD2.C1DBFC01@ing.sun.ac.za> Samba 2.0.7 does not allow you to make a trust account from samba. This mus be done on the PDC. Buchan Rob Tanner wrote: > > I've been using SAMBA for a while, but this my first effort running it > on LINUX, and I'm not sure if that has anything to do with my problem > or not. > > This is what I typed and the response I got: > > [root@uranus]# smbpasswd -j EUROPA -r SATURN > doing parameter syslog = 10 > doing parameter log file = /usr/local/samba/var/log.%m > doing parameter announce as = NT Workstation > doing parameter deadtime = 15 > doing parameter lpq cache time = 30 > doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY > doing parameter local master = No > doing parameter wins server = 10.219.255.244 > doing parameter admin users = rtanner > doing parameter hosts allow = 10. > doing parameter hosts deny = 0.0.0.0/0.0.0.0 > pm_process() returned Yes > added interface ip=10.219.255.245 bcast=10.219.255.255 nmask=255.255.0.0 > resolve_lmhosts: Attempting lmhosts lookup for name SATURN<0x20> > resolve_hosts: Attempting host lookup for name SATURN<0x20> > Connecting to 10.219.255.240 at port 139 > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > SATURN. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 2000/09/26 14:17:43 : change_trust_account_password: Failed to change > password for domain EUROPA. > Unable to join domain EUROPA. > > I'm afraid my NT guy can't tell me any more than it's complaining that > there's no trust account for my machine, but that's what I'm supposedly > trying to set up. > > The pertinent numbers are NT4 service pack 6 on the Microsoft side, and > rh 6.2 and Samba 2.0.7 on the LINUX side. > > I have gone through DOMAIN_MEMBER.txt to make sure everything is set up > correctly. There is a /usr/local/samba/private directory. The > samba.conf file is configured almost identically to another samba box > running on solaris 7 that is a full participant in the domain I'm > trying to get the LINUX box into. And all the daemons are stopped. > Unfortunately, DOMAIN_MEMBER.txt doesn't provide any trouble-shooting > tips, so here I am. > > Can anybody tell me what is actually happening and what the problem > might be? > > Thanks, > Rob > > _ _ _ _ _ _ _ _ _ _ > /\_\_\_\_\ /\_\ /\_\_\_\_\_\ > /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, > /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR > /\/_/_/_/_/ /\_\ /\/_/ /\/_/ > /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin > \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) > > Rob Tanner > UNIX and Networks Manager > Linfield College, McMinnville OR > (503) 434-2558 -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From bgmilne at ing.sun.ac.za Wed Sep 27 13:57:26 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:39 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! References: Message-ID: <39D1FCC6.8FA25BCB@ing.sun.ac.za> Check your password program entry. The examples in "man smb.conf" show either "/bin/passwd" or "/sbin/passwd %u". Also, have you looked at the "passwd chat" option ? Sorry I can't help you more, we don't sync unix and samba, and we only run linux (we're poor!) Buchan Adam.Propeck@fallon.com wrote: > > I submitted this problem before but haven't received a response. There > were promises made as to performance of the SAMBA server, and my team is > hard pressed to meet our deadlines. I really need some help here guys (and > gals). Please let me know ASAP as I am currently working on our 2 > production servers now and can't wait! THANKS in advance, ADAM PROPECK > ----------------------------------------------------------------------------------------------------------- > *************Previous Message***************** > ----------------------------------------------------------------------------------------------------------- > I am running SAMBA 2.0.7 on a Solaris 2.7 Box, and want to continue to have > an NT4 PDC. I am having difficulty with password sync from NT to the > Solaris side of things. I would like to have users on Win98/NT > workstations be able to change their passwords on the NT side through > CTRL-ALT-DEL, Change Password, and then get SAMBA and our /etc/passwd to > sync to the new password. How can I go about doing this? > > Thanks, > Adam Propeck > Systems Administrator-Fallon > adam.propeck@fallon.com > 612-282-3458 > > ---------------------------------------------------------------- > Below is an edited copy of my conf file. > ---------------------------------------------------------------- > > # Samba config file created using SWAT > # from host.com (xxx.xxx.xxx.xxx) > # Date: 2000/09/26 11:59:36 > > # Global parameters > [global] > workgroup = FM > netbios name = FMSAMBA > server string = SAMBA SERVER > security = DOMAIN > encrypt passwords = Yes > update encrypted = Yes > min password length = 4 > password server = NTPDC <---- Actual name of PDC is here > passwd program = /bin/passwd %u > passwd chat debug = Yes > username map = /etc/user.map > unix password sync = Yes > debug hires timestamp = Yes > debug pid = Yes > debug uid = Yes > logon home = > os level = 0 > local master = No > wins server = xxx.xxx.xxx.xxx > hide files = /Network Trash > Folder/TheFindByContentFolder/TheVolumeSettingsFolder/ > > [Creative] > path = /data/fmsamba/ > > [homes] > comment = Home Directory > path = /data/homes/%u > writeable = Yes > browseable = No -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From alexandre.hoflack at grgate.geomath.fr Wed Sep 27 14:00:00 2000 From: alexandre.hoflack at grgate.geomath.fr (Alexandre Hoflack) Date: Tue Dec 2 02:31:39 2003 Subject: How to make Plain text password on W2000 server? Message-ID: <39D1FD60.5AC64310@geomath.fr> Dear, as NT4 OS, I would like to "EnablePlainTextPassword" on Windows2000 server, Could you tell me which KEY in Registry (W2000) to do it Thx, alex -- --------------------------------- - alexandre.hoflack@geomath.fr - - Administrateur Systeme - --------------------------------- From lfeldman at applianceware.com Wed Sep 27 14:13:01 2000 From: lfeldman at applianceware.com (Lawrence Feldman) Date: Tue Dec 2 02:31:39 2003 Subject: smbpasswd -j -r won't work for me! References: <19160000.970015276@cheshire.onlinemac.com> <39D1FAD2.C1DBFC01@ing.sun.ac.za> Message-ID: <39D2006D.B897E5A@applianceware.com> Have you added the Server Account on the NT PDC from Server Manager first? Then you can join the domain: smbpasswd -j NTDOM -r NTPDC -U admiistrator%pasword Buchan Milne wrote: > Samba 2.0.7 does not allow you to make a trust account from samba. This > mus be done on the PDC. > > Buchan > > Rob Tanner wrote: > > > > I've been using SAMBA for a while, but this my first effort running it > > on LINUX, and I'm not sure if that has anything to do with my problem > > or not. > > > > This is what I typed and the response I got: > > > > [root@uranus]# smbpasswd -j EUROPA -r SATURN > > doing parameter syslog = 10 > > doing parameter log file = /usr/local/samba/var/log.%m > > doing parameter announce as = NT Workstation > > doing parameter deadtime = 15 > > doing parameter lpq cache time = 30 > > doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY > > doing parameter local master = No > > doing parameter wins server = 10.219.255.244 > > doing parameter admin users = rtanner > > doing parameter hosts allow = 10. > > doing parameter hosts deny = 0.0.0.0/0.0.0.0 > > pm_process() returned Yes > > added interface ip=10.219.255.245 bcast=10.219.255.255 nmask=255.255.0.0 > > resolve_lmhosts: Attempting lmhosts lookup for name SATURN<0x20> > > resolve_hosts: Attempting host lookup for name SATURN<0x20> > > Connecting to 10.219.255.240 at port 139 > > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > > cli_nt_setup_creds: auth2 challenge failed > > modify_trust_password: unable to setup the PDC credentials to machine > > SATURN. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > > 2000/09/26 14:17:43 : change_trust_account_password: Failed to change > > password for domain EUROPA. > > Unable to join domain EUROPA. > > > > I'm afraid my NT guy can't tell me any more than it's complaining that > > there's no trust account for my machine, but that's what I'm supposedly > > trying to set up. > > > > The pertinent numbers are NT4 service pack 6 on the Microsoft side, and > > rh 6.2 and Samba 2.0.7 on the LINUX side. > > > > I have gone through DOMAIN_MEMBER.txt to make sure everything is set up > > correctly. There is a /usr/local/samba/private directory. The > > samba.conf file is configured almost identically to another samba box > > running on solaris 7 that is a full participant in the domain I'm > > trying to get the LINUX box into. And all the daemons are stopped. > > Unfortunately, DOMAIN_MEMBER.txt doesn't provide any trouble-shooting > > tips, so here I am. > > > > Can anybody tell me what is actually happening and what the problem > > might be? > > > > Thanks, > > Rob > > > > _ _ _ _ _ _ _ _ _ _ > > /\_\_\_\_\ /\_\ /\_\_\_\_\_\ > > /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, > > /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR > > /\/_/_/_/_/ /\_\ /\/_/ /\/_/ > > /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin > > \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) > > > > Rob Tanner > > UNIX and Networks Manager > > Linfield College, McMinnville OR > > (503) 434-2558 > > -- > |--------------------------------------------------------------| > Buchan Milne Mechanical Engineer, Network Manager > Cellphone +27824722231 > email mailto:bgmilne@ing.sun.ac.za > Centre for Automotive Engineering http://www.sun.ac.za/cae > South Africas first satellite: http://sunsat.ee.sun.ac.za > Control Models http://www.control.co.za > |----------------Registered Linux User #182071-----------------| -- ->------------------------------------------------------------------------- Lawrence (Lon) Feldman | Applianceware: Applianceware | "The new vision in appliance networking" (510) 580-5131 | lfeldman@applianceware.com -------------- next part -------------- HTML attachment scrubbed and removed From rszczesniak at mis.com.pl Wed Sep 27 14:19:04 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:39 2003 Subject: TNG / Development / Helping Out Message-ID: Is there any short developer's documentation of Samba. This is complex piece of code, so without any main ideas/ architecural concepts/coding standards it's very hard to read (with understanding) sources. I know that complete developer's documentation means couple of months of full-time work. I'm just asking about general guidelines. regards, serious interested in helping Rafa? Gerald Carter Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-27 07:42 Do: Scott Merrill DW: samba-ntdom@us4.samba.org Temat: Re: TNG / Development / Helping Out Scott Merrill wrote: > > I'd love to help. But there seems to be a real lack of > definition of exactly how I, a non-programmer, can lend > a hand. The Samba web pages don't indicate any sort > of defined project manager, and the samba-docs archives > I've skimmed don't say much in the way of "We need this, > specifically, and that, specifically". If you will corrdinate with me, I'll put you to work :-) Just tell me what you are interested in... > *IS* there a defined project manager? Someone to act > as full-time liason between the core developers and > the population at large? Someone to regularly supply > updates to the web pages about progress, and current needs? No. and I will apologize for this. No excuses. We all work in a somewhat isolated workspace. Jeremy is in charge of being the release manage for 2.2. Andrew in in charge of HEAD. We corrdinate together which can make it make to pinpoint a set of things that need to be outside of our head. Talk to me (anyone) and we'll get something going. Coding, documenting, testing, etc.... > I can't code a lick. Should I be put off by the > ubiquitous "Show me the code or go away?" Should I > really go away? =) I'm ready and willing to > lend a hand. I just need to know who to approach. code == documentation == testing feedback == useful input :-) No, don't go away. If you are interested in helping, let me know. -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From rszczesniak at mis.com.pl Wed Sep 27 14:23:09 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:39 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! Message-ID: Does your /bin/passwd has any builtin filter checking password "quality" ? Also, sample password chat debug log could be helpful... Rafa? Adam.Propeck@fallon.com Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-27 08:29 Do: samba-ntdom@us4.samba.org, samba-ntdom-admin@us4.samba.org DW: Temat: REALLY NEED SOME QUICK HELP! -PLEASE!! I submitted this problem before but haven't received a response. There were promises made as to performance of the SAMBA server, and my team is hard pressed to meet our deadlines. I really need some help here guys (and gals). Please let me know ASAP as I am currently working on our 2 production servers now and can't wait! THANKS in advance, ADAM PROPECK ----------------------------------------------------------------------------------------------------------- *************Previous Message***************** ----------------------------------------------------------------------------------------------------------- I am running SAMBA 2.0.7 on a Solaris 2.7 Box, and want to continue to have an NT4 PDC. I am having difficulty with password sync from NT to the Solaris side of things. I would like to have users on Win98/NT workstations be able to change their passwords on the NT side through CTRL-ALT-DEL, Change Password, and then get SAMBA and our /etc/passwd to sync to the new password. How can I go about doing this? Thanks, Adam Propeck Systems Administrator-Fallon adam.propeck@fallon.com 612-282-3458 ---------------------------------------------------------------- Below is an edited copy of my conf file. ---------------------------------------------------------------- # Samba config file created using SWAT # from host.com (xxx.xxx.xxx.xxx) # Date: 2000/09/26 11:59:36 # Global parameters [global] workgroup = FM netbios name = FMSAMBA server string = SAMBA SERVER security = DOMAIN encrypt passwords = Yes update encrypted = Yes min password length = 4 password server = NTPDC <---- Actual name of PDC is here passwd program = /bin/passwd %u passwd chat debug = Yes username map = /etc/user.map unix password sync = Yes debug hires timestamp = Yes debug pid = Yes debug uid = Yes logon home = os level = 0 local master = No wins server = xxx.xxx.xxx.xxx hide files = /Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/ [Creative] path = /data/fmsamba/ [homes] comment = Home Directory path = /data/homes/%u writeable = Yes browseable = No From roym at programmer.net Wed Sep 27 14:28:05 2000 From: roym at programmer.net (Roy Marshall) Date: Tue Dec 2 02:31:39 2003 Subject: My NT Account gets locked out. Please Help Message-ID: <383952551.970064885689.JavaMail.root@web443-mc.mail.com> Hi there A very quick question. I have mounted my unix drive to an NT workstation using security = server. All works 100% except for the fact that i get locked out of my NT account occassionally. Is it Samba or NT. Can anyone help me. Thanks Roy ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup From wilson at sentrisystems.com Wed Sep 27 14:32:14 2000 From: wilson at sentrisystems.com (Brian Wilson) Date: Tue Dec 2 02:31:39 2003 Subject: How to make Plain text password on W2000 server? References: <39D1FD60.5AC64310@geomath.fr> Message-ID: <007101c0288f$bb45c4c0$07fea8c0@bubbastop> ----- Original Message ----- From: "Alexandre Hoflack" To: Sent: Wednesday, September 27, 2000 10:00 AM Subject: How to make Plain text password on W2000 server? > Dear, > > as NT4 OS, I would like to "EnablePlainTextPassword" on Windows2000 > server, > Could you tell me which KEY in Registry (W2000) to do it > > Thx, alex > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation \Parameters] "EnablePlainTextPassword"=dword:00000001 -- Brian Wilson wilson@sentrisystems.com Systems Administrator 919.239.5517 Sentrisystems.com, Inc. 2626 Glenwood Ave., Suite 265 http://sentrisystems.com Raleigh, North Carolina 27608 From smerrill at svfc.org Wed Sep 27 14:33:42 2000 From: smerrill at svfc.org (Scott Merrill) Date: Tue Dec 2 02:31:39 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! In-Reply-To: Message-ID: <000401c0288f$f00ea5a0$040a0a0a@svfc.org> I've never used solaris, so I don't know what happens when you execute /bin/passwd on that platform. In order to sync the smbpasswd and the /etc/passwd you need to use the "passwd chat" parameter in your smb.conf. This tells samba how to talk to the passwd program to change the password for the user. You supply the text that Samba should watch for, and how it should answer. On my Red Hat 6.2 server, my entry looks like this: ---begin--- # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd :*all*authentication*tokens*updated*successfully* ---end--- So the "passwd chat" means 'watch for any string containing "New", "UNIX" and "password" with anything in between those words, and supply the user's new password when you see it, followed by a newline. Then watch for the next set of words and re-supply the password and new line again. Finally, make sure it all worked properly by watching for that final string." You'll need to examine what the prompts are for Solaris' passwd program and modify the "passwd chat" appropriately. From simo.sorce at polimi.it Wed Sep 27 16:41:11 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:39 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! References: Message-ID: <39D22327.A37FEB22@polimi.it> Rafa? Szcze?niak wrote: > > Does your /bin/passwd has any builtin filter checking > password "quality" ? > > Also, sample password chat debug log could be helpful... > > Rafa? > > Adam.Propeck@fallon.com > Wys?ane przez: samba-ntdom-admin@us4.samba.org > 00-09-27 08:29 > > > Do: samba-ntdom@us4.samba.org, samba-ntdom-admin@us4.samba.org > DW: > Temat: REALLY NEED SOME QUICK HELP! -PLEASE!! > > I submitted this problem before but haven't received a response. There > were promises made as to performance of the SAMBA server, and my team is > hard pressed to meet our deadlines. I really need some help here guys > (and > gals). Please let me know ASAP as I am currently working on our 2 > production servers now and can't wait! THANKS in advance, ADAM PROPECK > ----------------------------------------------------------------------------------------------------------- > *************Previous Message***************** > ----------------------------------------------------------------------------------------------------------- > I am running SAMBA 2.0.7 on a Solaris 2.7 Box, and want to continue to > have > an NT4 PDC. I am having difficulty with password sync from NT to the > Solaris side of things. I would like to have users on Win98/NT > workstations be able to change their passwords on the NT side through > CTRL-ALT-DEL, Change Password, and then get SAMBA and our /etc/passwd to > sync to the new password. How can I go about doing this? > > Thanks, > Adam Propeck > Systems Administrator-Fallon > adam.propeck@fallon.com > 612-282-3458 > > ---------------------------------------------------------------- > Below is an edited copy of my conf file. > ---------------------------------------------------------------- > > # Samba config file created using SWAT > # from host.com (xxx.xxx.xxx.xxx) > # Date: 2000/09/26 11:59:36 > > # Global parameters > [global] > workgroup = FM > netbios name = FMSAMBA > server string = SAMBA SERVER > security = DOMAIN > encrypt passwords = Yes > update encrypted = Yes > min password length = 4 > password server = NTPDC <---- Actual name of PDC is here > passwd program = /bin/passwd %u > passwd chat debug = Yes > username map = /etc/user.map > unix password sync = Yes > debug hires timestamp = Yes > debug pid = Yes > debug uid = Yes > logon home = > os level = 0 > local master = No > wins server = xxx.xxx.xxx.xxx > hide files = /Network Trash > Folder/TheFindByContentFolder/TheVolumeSettingsFolder/ > > [Creative] > path = /data/fmsamba/ > > [homes] > comment = Home Directory > path = /data/homes/%u > writeable = Yes > browseable = No Men you can't use Password sync with encrypted passwords cause NT will not send the password in clear but only a one way encoded equivalent hash. So samba can't update passwd because there's not any way to convert a NTLM hash into a crypt or MD5 entry!! The only way is to set a windows regietry(check archives for it) to set clear/text passwords, but this will not work in a domain! -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From khalil-ur.rahman at ants.co.uk Wed Sep 27 14:49:53 2000 From: khalil-ur.rahman at ants.co.uk (Rahman, Khalil-ur (ANTS)) Date: Tue Dec 2 02:31:40 2003 Subject: My NT Account gets locked out. Please Help Message-ID: <29897BB9AE72D411A89B0008C773175E500616@BHISHMA> Sounds like an NT issue. Your Samba drive will be be authenticated on the unix server, therefore this should not be related to your samba, unless you are being authenticated by an NT Server for both. -----Original Message----- From: Roy Marshall [mailto:roym@programmer.net] Sent: 27 September 2000 15:28 To: samba-ntdom@us4.samba.org Subject: My NT Account gets locked out. Please Help Hi there A very quick question. I have mounted my unix drive to an NT workstation using security = server. All works 100% except for the fact that i get locked out of my NT account occassionally. Is it Samba or NT. Can anyone help me. Thanks Roy ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup *************************************************************************** This email message contains confidential information for the above addressee only. If you are not the intended addressee you must not disclose or use the information in any manner whatsoever. Any opinion or views contained in this email message are those of the sender, do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail. Abbey National Treasury Services plc. Registered in England. Registered Office: Abbey House, Baker Street, London NW1 6XL. Company Registration No: 2338548. Regulated by the SFA *************************************************************************** From markus at softwarerun.com Wed Sep 27 15:08:13 2000 From: markus at softwarerun.com (Markus Reimer) Date: Tue Dec 2 02:31:40 2003 Subject: How should I get the W2k support in a production environment? Message-ID: Hi! I hope I don't fuel any unproductive discussions right now, but I have the following problem that I would like to discuss with you... I have a setup with a samba 2.0.7 as PDC and fileservers on separate machines (or really HACMP clusters on AIX) The client's are Windows NT4.0 Terminals Server Edition. In my environment I have both unix and NT client's. The users are primarily managed in a SQL table from wich I generate both NIS and smbpasswd files. The profile is stored in the users homedir (~/.nt) which is mounted on the PDC. The users homedirs are exported 50/50 from the both file-servers using the following scheme: (Every users home-dir is in a sub-dir named by the last digit in their user-id for load-balancing purposes, eg. user 1001 and 1011 homedir's is in /nethome/1/ and 1002 & 1012 is in /nethome/2/ etc.) user-id's ending on even numbers: \\samba0\nethome0\fs000\m\%username% ... \\samba0\nethome0\fs008\m\%username% and user-id's ending on odd numbers: \\samba1\nethome1\fs001\m\%username% ... \\samba1\nethome1\fs009\m\%username% These are mounted as: m: \\samba0\nethome0\ n: \\samba1\nethome1\ And the logonscript subst h: to the right path using the following string: FOR /D %i IN (m:\fs*,n:\fs*) DO FOR %a IN (%i\m\%username%) DO IF EXIST %a subst h: %a On the unix-system's the homedrives are NFS-mounted and mapped using the usual NIS features... This all works great and I can make lots of features on this setup that I cant make with a regular NT setup... My main problem is now that I have to implement windows 2000 servers in this setup... Should I try to port samba-tng to aix (wich now doesn't compile) and use it in a production environment? Should I try to port part's of samba-tng into samba-head? Should I convert the userdatabase to ldap using NDS and have W2k servers as PDC/BDC/ActiveDirectory servers? Should I use NT4 servers as PDC/BDC's accessing the NIS database using some sort of NIS client? Or are there some completely separate solution for me?? The timeframe for this is that I will have to implement the correct solution during october... I think somebody must have had this problem before, and have made some mistakes that I can avoid :) Kind Regards //Markus Reimer CTO, SoftwareRun AB --- markus@softwarerun.com www.softwarerun.com Office:+46-(0)155-256 440 Fax: +46-(0)155-256 441 Cell: +46-(0)70-7106991 -------------- next part -------------- A non-text attachment was scrubbed... Name: Markus Reimer.vcf Type: text/x-vcard Size: 404 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000927/6d376984/MarkusReimer.vcf From osabmt00 at fht-esslingen.de Wed Sep 27 16:01:56 2000 From: osabmt00 at fht-esslingen.de (Osama Abu-Aish) Date: Tue Dec 2 02:31:40 2003 Subject: My NT Account gets locked out. Please Help In-Reply-To: <383952551.970064885689.JavaMail.root@web443-mc.mail.com> Message-ID: <39D22804.10854.B2C84F@localhost> Am 27 Sep 2000, um 10:28 Uhr schrieb Roy Marshall zum Thema My NT Account gets locked out. Please Help: Dazu meine Meinung: > A very quick question. I have mounted my unix drive to an NT workstation > using security = server. All works 100% except for the fact that i get > locked out of my NT account occassionally. Is it Samba or NT. Can anyone > help me. We had the same problem and it was caused by samba trying the user-password in different manners (password, Password, PASSWORD, etc.) Since the PDC refused the first three attempts and our policy is to lock any account after three bad logon-attempts, accounts were locked sometimes. I can't remember exactly how we solved the problem but the shade of a "password level" parameter in smb.conf is in my mind. Hope this helps, Osama --- Fachhochschule f?r Technik Esslingen Au?enstelle Goeppingen From Jean-Francois.Micouleau at dalalu.fr Wed Sep 27 15:09:14 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:40 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! In-Reply-To: <39D22327.A37FEB22@polimi.it> Message-ID: On Wed, 27 Sep 2000, Simo Sorce wrote: > Men you can't use Password sync with encrypted passwords cause NT will > not send the password in clear but only a one way encoded equivalent > hash. Totally wrong. NT send the new password encoded on the wire but this password can be decoded. How do you think passfilter.dll works on a PDC ??? > So samba can't update passwd because there's not any way to convert a > NTLM hash into a crypt or MD5 entry!! > The only way is to set a windows regietry(check archives for it) to set > clear/text passwords, but this will not work in a domain! J.F. From i.dobbie at icrf.icnet.uk Wed Sep 27 15:22:17 2000 From: i.dobbie at icrf.icnet.uk (Ian Dobbie) Date: Tue Dec 2 02:31:40 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! In-Reply-To: Adam.Propeck@fallon.com's message of "Wed, 27 Sep 2000 01:29:17 -0500" References: Message-ID: <4w4s317tcm.fsf@cello2.lif.icnet.uk> Adam.Propeck@fallon.com writes: > I am running SAMBA 2.0.7 on a Solaris 2.7 Box, and want to continue to have > an NT4 PDC. I am having difficulty with password sync from NT to the > Solaris side of things. I would like to have users on Win98/NT > workstations be able to change their passwords on the NT side through > CTRL-ALT-DEL, Change Password, and then get SAMBA and our /etc/passwd to > sync to the new password. How can I go about doing this? > As far as I understand things this just plain isnt possible. > encrypt passwords = Yes This line is the problem. You are using encrypted passwords over the net. The passwords are encrypted in NT style and the unix box cannot unencrypt them to use the password plaintext to sync them against the unix /etc/passwd. The only method to get this type of functionality is to use pam and authenticate your unix users against a smb password server (eg your NT PDC). I have considered this but havent actually got as far as trying to do it. An alternative is to not use the windows password change stuff but have a custom interface to do password updates (eg a web page). This can then use the plaintext password to reset the password on the unix box and the NT PDC. Ian From roym at programmer.net Wed Sep 27 16:06:06 2000 From: roym at programmer.net (Roy Marshall) Date: Tue Dec 2 02:31:40 2003 Subject: My NT Account gets locked out. Thanks Osama Message-ID: <385103677.970070803727.JavaMail.root@web305-mc.mail.com> Osama Thanks very much for your help. I have set the password level to 4 and will now sit back and see what happens. Hopefully my head-ache will now go away. Thanks, Roy ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup From grahamj at virtue.cx Wed Sep 27 12:04:08 2000 From: grahamj at virtue.cx (Jonathan Graham) Date: Tue Dec 2 02:31:40 2003 Subject: TNG / Development / Helping Out In-Reply-To: <39D188BD.FEF70B49@valinux.com> Message-ID: > If you will corrdinate with me, I'll put you to work :-) > Just tell me what you are interested in... > > > *IS* there a defined project manager? Someone to act > > as full-time liason between the core developers and > > the population at large? Someone to regularly supply > > updates to the web pages about progress, and current needs? > > No. and I will apologize for this. No excuses. We all > work in a somewhat isolated workspace. Jeremy is in charge > of being the release manage for 2.2. Andrew in in charge of > HEAD. We corrdinate together which can make it make to pinpoint > a set of things that need to be outside of our head. Is this "project leader" something you're looking for? I'm a technical lead at my company, so although I still code (and I'm a dem fine coder too. :) ) I also am the PL for my team. I've been wanting to get involved in the SAMBA project for a while now (Luke had me working on smbtorture for a little bit) but I knowing very little about the CIFS RPC system was a bit of a problem. So although I didn't think I had the time to grapple with the RPC learning curve it's likely that I can help as a co-ordinator. If you think this would be helpful. Let me know. Samba has been a great help in maintaining my network at home. I'd be happy to put something back into the community. Jonathan. From Jwinn at krauto.com Wed Sep 27 16:13:23 2000 From: Jwinn at krauto.com (Jeremy Winn) Date: Tue Dec 2 02:31:40 2003 Subject: smbpasswd -j .. -r..-U ... What now???? Message-ID: <01c0289d$dc707d30$d8fea8c0@-jwinn.krauto.com> I tried smbpasswd -j "NT Domain" -r "NT PDC" -U administrator%password Then I got the ERROR message NT_STATUS_NO_TRUST_SAM_ACCOUNT. What do I need to do to join the domain does my NT PDC also need to be a server account (I have two test computers, one NT one Linux running Samba) Thanks to everyone for all your help, JWinn -------------- next part -------------- HTML attachment scrubbed and removed From kevinc at grainsystems.com Wed Sep 27 16:20:46 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:40 2003 Subject: smbpasswd -j .. -r..-U ... What now???? References: <01c0289d$dc707d30$d8fea8c0@-jwinn.krauto.com> Message-ID: <39D21E5E.F482FA1B@grainsystems.com> Did you add an account for this machine to your NT PDC via server manager? "smbpasswd -j" really just tries to change the account password, not create an account. ("Join" is perhaps a little misleading of a term.) - Kevin Colby kevinc@grainsystems.com > Jeremy Winn wrote: > > I tried smbpasswd -j "NT Domain" -r "NT PDC" -U administrator%password > Then I got the ERROR message NT_STATUS_NO_TRUST_SAM_ACCOUNT. > > What do I need to do to join the domain does my NT PDC also need to be > a server account (I have two test computers, one NT one Linux running > Samba) > > > Thanks to everyone for all your help, > JWinn From business at ours.com Wed Sep 27 16:28:22 2000 From: business at ours.com (Diran Afarian) Date: Tue Dec 2 02:31:40 2003 Subject: I will pay for getting SAMBA going Message-ID: <5.0.0.25.0.20000927092456.028e6010@207.158.208.167> I will pay if someone can get samba going where I can see our (Linux/Apache) Cobalt server's Hard Drive and access it from our NT on the same network. Now I can see the hard Drive in my NetworkNeighborhood but I cannot log in. If anyone can help me get that going I will gladly pay for the service. Thank you, Diran Afarian (626)796-3100 From e.flachaire at lse.ac.uk Wed Sep 27 16:36:53 2000 From: e.flachaire at lse.ac.uk (Emmanuel Flachaire) Date: Tue Dec 2 02:31:40 2003 Subject: smbclient -> amount of free disk space incorrect Message-ID: <14802.8741.580400.14245@waf.lse.ac.uk> I am lost: On my Debian/Linux computer, I try to use samba to access a printer on a Windows/NT network. When I'm diagnosing my samba server, the connection to the printer seems to be OK because the command 'smbclient //SERVER/printer1' returns 'smb: \>'. But the amount of free disk space shown isn't correct when I type "dir": an access denied appeared. What does it means and what can I do? Thank's a lot for your answers, Emmanuel Linux: ~ > smbclient //SERVER/printer1 added interface ip=198.149.153.40 bcast=198.149.159.255 nmask=255.255.248.0 Got a positive name query response from 198.149.199.221 ( 198.149.153.51 ) Domain=[TOTO] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] smb: \> dir ERRDOS - ERRnoaccess (Access denied.) listing \* 0 blocks of size 0. 0 blocks available smb: \> From rszczesniak at mis.com.pl Wed Sep 27 16:46:07 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:40 2003 Subject: I will pay for getting SAMBA going Message-ID: 1. Is that Samba the PDC for your NT workstation ? 2. "Now I can see the hard Drive in my NetworkNeighborhood but I cannot log in." - you mean you can browse Cobalt's shares, but you can't connect to them ? Rafa? Diran Afarian Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-27 18:28 Do: samba-ntdom@samba.org DW: Temat: I will pay for getting SAMBA going I will pay if someone can get samba going where I can see our (Linux/Apache) Cobalt server's Hard Drive and access it from our NT on the same network. Now I can see the hard Drive in my NetworkNeighborhood but I cannot log in. If anyone can help me get that going I will gladly pay for the service. Thank you, Diran Afarian (626)796-3100 From rszczesniak at mis.com.pl Wed Sep 27 16:47:57 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:40 2003 Subject: Odp: smbclient -> amount of free disk space incorrect Message-ID: What do you expect to achieve, by typing such command in printer share ? Rafa? Emmanuel Flachaire Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-27 18:36 Do: samba-ntdom@us4.samba.org DW: Temat: smbclient -> amount of free disk space incorrect I am lost: On my Debian/Linux computer, I try to use samba to access a printer on a Windows/NT network. When I'm diagnosing my samba server, the connection to the printer seems to be OK because the command 'smbclient //SERVER/printer1' returns 'smb: \>'. But the amount of free disk space shown isn't correct when I type "dir": an access denied appeared. What does it means and what can I do? Thank's a lot for your answers, Emmanuel Linux: ~ > smbclient //SERVER/printer1 added interface ip=198.149.153.40 bcast=198.149.159.255 nmask=255.255.248.0 Got a positive name query response from 198.149.199.221 ( 198.149.153.51 ) Domain=[TOTO] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] smb: \> dir ERRDOS - ERRnoaccess (Access denied.) listing \* 0 blocks of size 0. 0 blocks available smb: \> From rtanner at linfield.edu Wed Sep 27 16:50:15 2000 From: rtanner at linfield.edu (Rob Tanner) Date: Tue Dec 2 02:31:40 2003 Subject: REALLY NEED SOME QUICK HELP! -PLEASE!! In-Reply-To: <39D1FCC6.8FA25BCB@ing.sun.ac.za> Message-ID: <98820000.970073415@uranus.linfield.edu> Just a thought, and this is off base, but have you considered setting a machine account on the NT4 PDC and using security = DOMAIN. I have a SAMBA server (2.0.6) running on Solaris 7 that is a participant in an NT domain. All the users in the domain also have UNIX accounts on the Solaris box for email, etc, but access to home directory space and such via SAMBA is authenticated at the NT only -- NT passwords are not recorded locally at all. -- Rob --On 09/27/00 03:57:26 PM +0200 Buchan Milne wrote: > Check your password program entry. The examples in "man smb.conf" show > either "/bin/passwd" or "/sbin/passwd %u". Also, have you looked at > the "passwd chat" option ? > > Sorry I can't help you more, we don't sync unix and samba, and we only > run linux (we're poor!) > > Buchan > > Adam.Propeck@fallon.com wrote: >> >> I submitted this problem before but haven't received a response. >> There were promises made as to performance of the SAMBA server, and >> my team is hard pressed to meet our deadlines. I really need some >> help here guys (and gals). Please let me know ASAP as I am >> currently working on our 2 production servers now and can't wait! >> THANKS in advance, ADAM PROPECK >> -------------------------------------------------------------------- >> --------------------------------------- *************Previous >> Message***************** >> -------------------------------------------------------------------- >> --------------------------------------- I am running SAMBA 2.0.7 on >> a Solaris 2.7 Box, and want to continue to have an NT4 PDC. I am >> having difficulty with password sync from NT to the Solaris side of >> things. I would like to have users on Win98/NT workstations be able >> to change their passwords on the NT side through CTRL-ALT-DEL, >> Change Password, and then get SAMBA and our /etc/passwd to sync to >> the new password. How can I go about doing this? >> >> Thanks, >> Adam Propeck >> Systems Administrator-Fallon >> adam.propeck@fallon.com >> 612-282-3458 >> >> ---------------------------------------------------------------- >> Below is an edited copy of my conf file. >> ---------------------------------------------------------------- >> >> # Samba config file created using SWAT >> # from host.com (xxx.xxx.xxx.xxx) >> # Date: 2000/09/26 11:59:36 >> >> # Global parameters >> [global] >> workgroup = FM >> netbios name = FMSAMBA >> server string = SAMBA SERVER >> security = DOMAIN >> encrypt passwords = Yes >> update encrypted = Yes >> min password length = 4 >> password server = NTPDC <---- Actual name of PDC is >> here passwd program = /bin/passwd %u >> passwd chat debug = Yes >> username map = /etc/user.map >> unix password sync = Yes >> debug hires timestamp = Yes >> debug pid = Yes >> debug uid = Yes >> logon home = >> os level = 0 >> local master = No >> wins server = xxx.xxx.xxx.xxx >> hide files = /Network Trash >> Folder/TheFindByContentFolder/TheVolumeSettingsFolder/ >> >> [Creative] >> path = /data/fmsamba/ >> >> [homes] >> comment = Home Directory >> path = /data/homes/%u >> writeable = Yes >> browseable = No > > -- > |--------------------------------------------------------------| > Buchan Milne Mechanical Engineer, Network Manager > Cellphone +27824722231 > email mailto:bgmilne@ing.sun.ac.za > Centre for Automotive Engineering http://www.sun.ac.za/cae > South Africas first satellite: http://sunsat.ee.sun.ac.za > Control Models http://www.control.co.za > |----------------Registered Linux User #182071-----------------| > _ _ _ _ _ _ _ _ _ _ /\_\_\_\_\ /\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_/ /\/_/ /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner UNIX and Networks Manager Linfield College, McMinnville OR (503) 434-2558 From Kevin.Colagio at usa.xerox.com Wed Sep 27 16:53:58 2000 From: Kevin.Colagio at usa.xerox.com (Colagio, Kevin) Date: Tue Dec 2 02:31:40 2003 Subject: Cannot join an NT domain...suggestions please? Message-ID: Misc: NT 4.0 with whatever patches is the PDC and BDC Solaris 2.8 with Samba 2.0.7 (fresh compile) Steps followed: 1) Installed Samba on the Solaris box. 2) Added the name of the Samba box (USADURANGO) to the NT domain (USAMCR1). 3) Added the names for the PDC and BDC to the lmhosts file. 4) Added the PDC and BDC to the smb.conf file under "password server" setting. 5) Defined the WINS server 6) Set the NETBIOS name (USADURANGO). 7) Tried to run: smbpasswd -j USAMCR1 8) Received the following: cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine USAMCDC1. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine USAMCDC2. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 2000/09/22 14:00:55 : change_trust_account_password: Failed to change password for domain USAMCR1. Unable to join domain USAMCR1. As per the directions to do this, it should have worked. Besides changing the IP addresses, here is my current smb.conf: # Global parameters [global] workgroup = workgroup netbios name = USADURANGO server string = interfaces = hme0 # security = domain # encrypt passwords = Yes password server = usamcdc1 usamcdc2 os level = 0 local master = No wins server = w.x.y.z [homes] comment = Home Directories path = /u/%u writeable = Yes hosts allow = w.*.*.* Thanks for the help in advance.... Kevin Colagio kevin.colagio@usa.xerox.com System Administrator and Perpetual Student From mg at plum.de Wed Sep 27 17:08:58 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:40 2003 Subject: I will pay for getting SAMBA going References: <5.0.0.25.0.20000927092456.028e6010@207.158.208.167> Message-ID: <004501c028a5$a08a31a0$0201010a@prangh> > > I will pay if someone can get samba going where I can see our > (Linux/Apache) Cobalt server's Hard Drive and access it from our NT on the > same network. Now I can see the hard Drive in my NetworkNeighborhood but I > cannot log in. > > If anyone can help me get that going I will gladly pay for the service. have a look at: http://de.samba.org/samba/support/ regards, Michael From e.flachaire at lse.ac.uk Wed Sep 27 17:14:39 2000 From: e.flachaire at lse.ac.uk (Emmanuel Flachaire) Date: Tue Dec 2 02:31:40 2003 Subject: Odp: smbclient -> amount of free disk space incorrect In-Reply-To: References: Message-ID: <14802.11007.556320.746147@waf.lse.ac.uk> >>Linux: ~ > smbclient //SERVER/printer1 >>added interface ip=198.149.153.40 bcast=198.149.159.255 nmask=255.255.248.0 >>Got a positive name query response from 198.149.199.221 ( 198.149.153.51 ) >>Domain=[TOTO] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] >>smb: \> dir >>ERRDOS - ERRnoaccess (Access denied.) listing \* >> >> 0 blocks of size 0. 0 blocks available >>smb: \> > What do you expect to achieve, by typing such command in printer share? > Rafa I cannot print. So, I am diagnosing my samba server with the list of tests proposed by Andrew Tridgell and detailed in the documentation of samba on my Debian/Linux computer (file /usr/doc/samba/DIAGNOSIS.txt.gz). In this documentation, Test 7 recommends to run the command smbclient //BIGSERVER/TMP and says : <), you should especially check that the amount of free disk space shown is correct when you type "dir">>. That is what I do. Emmanuel From abrooks at css.tayloru.edu Wed Sep 27 17:32:48 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:31:40 2003 Subject: I will pay for getting SAMBA going In-Reply-To: <5.0.0.25.0.20000927092456.028e6010@207.158.208.167> Message-ID: On Wed, 27 Sep 2000, Diran Afarian wrote: > I will pay if someone can get samba going where I can see our > (Linux/Apache) Cobalt server's Hard Drive and access it from our NT on the > same network. Now I can see the hard Drive in my NetworkNeighborhood but I > cannot log in. > > If anyone can help me get that going I will gladly pay for the service. > > Thank you, > Diran Afarian > (626)796-3100 If you have trouble finding someone to work on this or need to coordinate a larger project from this, I would recommend submitting a request on http://www.cosource.com or http://www.sourcexchange.com . I believe that there are other OpenSource projects-for-hire sites like these out there. I just can't think of them at the moment. These are the largest of this type of site. SourceXchange seems to be targeted to larger, longer term, coporate projects. CoSource projects are closer, IMO, to what you are looking for. -Aaron P.S. http://www.osdn.com may also be of interest. +-------> Aaron D. Brooks, 765 . 998 . 5168, abrooks [SHIFT"2"] css.tayloru.edu Computing Systems Resource Manager, Taylor University, CSS Department PGP public key: http://www.css.tayloru.edu/~abrooks/pgpkey/abrooks.asc PGP key fingerprint = 75 83 D2 9C 44 C7 00 C8 07 A1 6C F0 BD 04 C0 60 From jeremy at valinux.com Wed Sep 27 17:14:10 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:40 2003 Subject: Cannot join an NT domain...suggestions please? References: Message-ID: <39D22AE2.DA690B34@valinux.com> "Colagio, Kevin" wrote: > > Misc: NT 4.0 with whatever patches is the PDC and BDC > Solaris 2.8 with Samba 2.0.7 (fresh compile) > > Steps followed: > 1) Installed Samba on the Solaris box. > 2) Added the name of the Samba box (USADURANGO) to the NT domain (USAMCR1). > 3) Added the names for the PDC and BDC to the lmhosts file. > 4) Added the PDC and BDC to the smb.conf file under "password server" > setting. > 5) Defined the WINS server > 6) Set the NETBIOS name (USADURANGO). > 7) Tried to run: smbpasswd -j USAMCR1 > 8) Received the following: > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > USAMCDC1. > Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > USAMCDC2. > Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 2000/09/22 14:00:55 : change_trust_account_password: Failed to change > password for domain USAMCR1. > Unable to join domain USAMCR1. > > As per the directions to do this, it should have worked. Besides changing > the IP addresses, here is my current smb.conf: > # Global parameters > [global] > workgroup = workgroup Try changing this to : workgroup = USAMCR1 and try again. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jbeauchamp at gesinc.com Wed Sep 27 20:34:04 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:31:40 2003 Subject: smbclient -> amount of free disk space incorrect References: <14802.11007.556320.746147@waf.lse.ac.uk> Message-ID: <00ae01c028c2$4aa270a0$1d01a8c0@internal.net> Emmanuel: I don't think that command makes any sense for a printer share, only for a proper disk share. I'm not sure what the printer configuration tool is under Debian (I use RedHat). It is printtool under RedHat which requires X. I would think there is a similar tool for Debian. Invoke this tool and configure your printer as a remote SMB printer. Hope this helps ;) James From ircd at michelog.med.uoc.gr Wed Sep 27 21:51:44 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:40 2003 Subject: Samba TNG PDC stuff (please help!) Message-ID: <4.3.0.20000927175002.00a98460@michelog.med.uoc.gr> Hi. I am running samba 2.6 TNG on my linux server. I use Windows 98 workstations. I have nexus which includes windows NT administrative tools. When I try to go in user manager, It loads the user list and I can double click on a user and get their properties, but I cannot edit/add/del a user. Please help me fix this, if it is possible. Thanks -- Greg From rsanborn at ew.edwards.af.mil Wed Sep 27 19:15:05 2000 From: rsanborn at ew.edwards.af.mil (Rod Sanborn) Date: Tue Dec 2 02:31:40 2003 Subject: Mapping NT groups to Unix groups Message-ID: <004d01c028b7$41953e80$3e34c681@EW400> Hello, I am trying to map NT groups to Unix groups via the username map file so that I can grant access to Samba shares simply by adding users to an group on the NT side. On the Unix side, the group has permissions to the directory, but the user has not been added to the actual Unix group. I am having trouble getting this to work and the documentation seems to be giving me conflicting information. I first looked in the O'Reilly book "Using Samba" that came with the distribution. In section 6.2.3.1 "username map" it says: "You can also map NT groups to one or more specific Unix groups using the @ sign." In the HTML documentation, it says something completely different. In the section on "username map" it says: The list of usernames on the right may contain names of the form @group in which case they will match any UNIX username in that group". Further down it continues: "Or to map anyone in the UNIX group "system" to the UNIX name "sys" you would use: sys = @system Has anybody else gotten this to work or is there somebody savy enough with the internals to know which documentation is correct? I would really appreciate any help. I am using an SGI (Irix 6.5.5) with Samba 2.0.7. My NT clients are on an NT domain, so I am using domain security. Rod Sanborn rsanborn@ew.edwards.af.mil -------------- next part -------------- HTML attachment scrubbed and removed From elrond at samba.org Wed Sep 27 19:28:29 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:40 2003 Subject: TNG-stable In-Reply-To: ; from Jean Francois Micouleau on Wed, Sep 27, 2000 at 01:17:17PM +0200 References: Message-ID: <20000927212829.A18148@baerbel.mug.maschinenbau.tu-darmstadt.de> [jf asked to stop this thread... But I simply have to write something] Hi J.F. ! On Wed, Sep 27, 2000 at 01:17:17PM +0200, Jean Francois Micouleau wrote: > > > On Wed, 27 Sep 2000, Luke Kenneth Casson Leighton wrote: > > > the samba code is complex, and it takes time to encourage people to get > > involved, up-to-speed, to identify possibly psychologically intimidating > > barriers with a project of this size etc. > > I disagree Luke, the code is not so complex. It's even clearer and > clearer. I've been involved in project where the code is much more complex > to understand. When I started to work on samba, it was quite confusing. I used the standard techniques in this case... - use grep to navigate around, - ignore everything, that is not _closely_ related to the current problem And there's still a lot of code, that isn't clear enough. And I still have to use grep to navigate the source. In TNG I've always tried to make some stuff clearer... One of the easy things is to make functions, that are not used in another modules static. Another is using const. But of course, there are other things to make code clearer. > > you, matty, elrond and sander are some of the successes i have had, with > > some needing less encouragement and more opportunity: i think you and > > matty just _got_ it, from the word go :) > > > > one of the goals of the daemon architecture is [was] to reduce the > > perceived size of the entire project into smaller, self-contained The split wasn't realy, what made me "join the TNG-project". The overall size wasn't also, what stopped me earlier. I didn't start coding earlier, because "it worked for me", and I didn't have much interest in SMB. Size isn't anything, that stops me... I've debugged gimp... Okay... size is sometimes a problem. I wont compile mozilla, because I don't have a fitting box. But _if_ I get such a box and a reason to debug it, I would. > > sub-projects that other people could be encouraged to develop, enjoy and > > maintain with pride [hey, look, i wrote my own samrd and it's really > > beefily cool and integrates with...] Yep. On the other hand, I felt (when TNG lived) a little responsible for lsarpcd. [...] > J.F. Elrond From wolf.bergenheim at adcore.com Wed Sep 27 20:04:07 2000 From: wolf.bergenheim at adcore.com (Wolf Bergenheim) Date: Tue Dec 2 02:31:40 2003 Subject: Mapping NT groups to Unix groups In-Reply-To: <004d01c028b7$41953e80$3e34c681@EW400> Message-ID: On Wed, 27 Sep 2000, Rod Sanborn wrote: >Hello, > > I am trying to map NT groups to Unix groups via the username map file so that I can grant access to Samba shares simply by adding users to an group on the NT side. On the Unix side, the group has permissions to the directory, but the user has not been added to the actual Unix group. > > I am having trouble getting this to work and the documentation seems to be giving me conflicting information. I first looked in the O'Reilly book "Using Samba" that came with the distribution. In section 6.2.3.1 "username map" it says: "You can also map NT groups to one or more specific Unix groups using the @ sign." In the HTML documentation, it says something completely different. In the section on "username map" it says: The list of usernames on the right may contain names of the form @group in which case they will match any UNIX username in that group". Further down it continues: "Or to map anyone in the UNIX group "system" to the UNIX name "sys" you would use: > > sys = @system > > Has anybody else gotten this to work or is there somebody savy enough with the internals to know which documentation is correct? I would really appreciate any help. > > I am using an SGI (Irix 6.5.5) with Samba 2.0.7. My NT clients are on an NT domain, so I am using domain security. > We have samba a Linux (Debian) with samba 2.0.7. Our username.map simply looks like: group = NTGROUP We also have security = DOMAIN, so I think this will work for you. regards, Wolf Bergenheim -- Systems Specialist Adcore wolf.bergenheim@adcore.com http://www.adcore.com/ From jbeauchamp at gesinc.com Wed Sep 27 23:07:36 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:31:40 2003 Subject: Weird Log entries Message-ID: <001f01c028d7$be3b2240$1d01a8c0@internal.net> Hi all: I have RH Linux 6.2 running samba 2.0.7 and acting as a domain controller for winnt and MS95/98 users (10 total). I have noticed that when my console sits inactive at the login prompt for awhile (I don't know how long - I haven't tried to time it) I get the following messages sort of written over top of the login prompt: smb_get_length: recv error=5 smb_request: result -5, setting invalid smb_retry: new PID=process number here, generation=5 In trying to find out what this is I have the following things repeated in my log.smb and log.nmb Gethostbyaddr failed for x.x.x.x (this repeats for all ip's assigned) in log.nmb process_logon_packet: Logon from x.x.x.x code=0x7 where x.x.x.x is an NT4 workstation, but it appears for all ip's. If it helps, all ip's are assigned by DHCP In spite of this, all seems to work o.k. Any ideas what this could be? I know it can't be right, but I am stumped. TIA James "If you ain't the lead dog, the scenery never changes" From steve.parker at usdata1.com Wed Sep 27 20:42:39 2000 From: steve.parker at usdata1.com (Steve Parker) Date: Tue Dec 2 02:31:40 2003 Subject: The specified network password is not correct Message-ID: I keep getting this error message when attempting to connect to the Sun Server (Solaris 7) running SAMBA (version 2.0.5): "The specified network password is not correct" I have a firewall. The Sun server is on the DMZ network (192.168.1.x). I have a web server also on the DMZ that cannot see the Sun server. The PDC is on the Protected Network (192.168.3.x).I also have a another server on the Protected network that cannot access the Sun server. I have changed everything that I can think of in the SAMBA config. I changed the security from user, to share, to domain, to password server. Nothing worked. I changed the password server to the NetBios names of the PDC, web server, BDC. I added all of the servers, then I had just each one by itself, then I even tried nothing in that section. Nothing worked. Any suggestions? I'd really appreciate it. Thanks. Steve Parker From gcarter at valinux.com Wed Sep 27 15:54:34 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:40 2003 Subject: PDC support [was Re: Future/end of TNG] References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925153133.A18833@Denninger.net> <39CFBEC7.887A5F47@valinux.com> <39CFC6E0.B2DF024A@webmethods.com> Message-ID: <39D2183A.90C55850@valinux.com> "F. Ross Lord" wrote: > > Is there a roadmap/timeframe for PDC/BDC support in the > works? All interpersonal politics aside, the one thing > you seen in every message from users about this is "I > really need this." What kind of priority is it for > the current samba team? We know it is important. The complexity of it makes it slow going. I cannot say a time (as Jeremy has mentioned), but rest assured it is not an "if it happens" kind of thing. Right now, PDC support is slated for 3.0. Andrew somewhat optimisticly is planning for a Q12001 release of 3.0. Given the complexity of the 2.2.0 release and how long that took, who knows? I do know that the work which was needed for the 2.2.0 release in regards to NT printing support is helping to make a good foundation on which we can build further RPC support. > How can people who need this functionality, both > those who can/will write code for it and those > who can't/won't write code for it, assist the > samba team in bringing the functionality into production? I'm working on a TODO list know. I have about 3-4 people who have volunteer (some code, some document, some test). Most of the coordination will take place on samba-technical, but I will cross post updates here periodically, ok? Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Wed Sep 27 16:03:10 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:40 2003 Subject: statement of objectives Message-ID: <39D21A3D.81815499@valinux.com> Folks, This is just a quick note to fill everyone in. I am working on a TODO list for volunteers. I have seen this work well with the OpenLDAP project and think that a periodic posting will help to encourage those who wish to donate time and effort. It will take me some time to pull this together. I will hopefully have something posted by Friday. However, I will coordinate this on samba-technical. I will post an initial list here as well as some periodic updates. I have no idea if this system will work, but am going to try it. If it doesn't, then we'll try something else. :-) Stay tunned. Cheers, jerry SAMBA Team ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jbeauchamp at gesinc.com Thu Sep 28 00:56:29 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:31:40 2003 Subject: Weird Log entries References: <001f01c028d7$be3b2240$1d01a8c0@internal.net> <39D264C1.53B133E0@lmco.com> Message-ID: <006b01c028e6$f362c720$1d01a8c0@internal.net> Jonathan: I looked and /var/log/messages is there as well as log.nmb and log.smb. James ----- Original Message ----- From: "JONATHAN W MINER" To: "James W. Beauchamp" Sent: Wednesday, September 27, 2000 2:21 PM Subject: Re: Weird Log entries > James - > > My first guess would be that you don't have one of the log files > defined, and the default is to log to the console... > > "James W. Beauchamp" wrote: > > > > Hi all: > > I have RH Linux 6.2 running samba 2.0.7 and acting as a domain controller > > for winnt and MS95/98 users (10 total). > > > > I have noticed that when my console sits inactive at the login prompt for > > awhile (I don't know how long - I haven't tried to time it) I get the > > following messages sort of written over top of the login prompt: > > > > smb_get_length: recv error=5 > > smb_request: result -5, setting invalid > > smb_retry: new PID=process number here, generation=5 > > > > In trying to find out what this is I have the following things repeated in > > my log.smb and log.nmb > > > > Gethostbyaddr failed for x.x.x.x (this repeats for all ip's assigned) > > > > in log.nmb > > process_logon_packet: Logon from x.x.x.x code=0x7 > > where x.x.x.x is an NT4 workstation, but it appears for all ip's. > > > > If it helps, all ip's are assigned by DHCP > > > > In spite of this, all seems to work o.k. Any ideas what this could be? I > > know it can't be right, but I am stumped. > > > > TIA > > > > James > > > > "If you ain't the lead dog, the scenery never changes" > > -- > Jonathan Miner - Lockheed Martin EIS/SAI > LM-Xpress: jonathan.w.miner@lmco.com > Phone: 603 885 UNIX - Fax: 603 885 3850 > USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 > From sharpe at ns.aus.com Wed Sep 27 13:28:57 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:31:40 2003 Subject: I will pay for getting SAMBA going In-Reply-To: Message-ID: <3.0.6.32.20000927222857.00ad5880@203.16.214.248> At 06:46 PM 9/27/00 +0200, =?iso-8859-2?q?Rafa=B3_Szcze=B6niak?= wrote: >1. Is that Samba the PDC for your NT workstation ? > >2. "Now I can see the hard Drive in my NetworkNeighborhood but I >cannot log in." - you mean you can browse Cobalt's shares, but >you can't connect to them ? This seems unlikely, because to browse a share from Windows requires that you actually connect to them, while simply browsing the server to see the shares does not require a connection to the individual shares, only the hidden IPC$ share. (Samba treats that share specially!) >Rafa? > > > > > >Diran Afarian >Wys?ane przez: samba-ntdom-admin@us4.samba.org >00-09-27 18:28 > > > Do: samba-ntdom@samba.org > DW: > Temat: I will pay for getting SAMBA going > > > > > >I will pay if someone can get samba going where I can see our >(Linux/Apache) Cobalt server's Hard Drive and access it from our NT on the > >same network. Now I can see the hard Drive in my NetworkNeighborhood but I > >cannot log in. > >If anyone can help me get that going I will gladly pay for the service. > >Thank you, >Diran Afarian >(626)796-3100 > > > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From mgeddes at xavier.sa.edu.au Wed Sep 27 23:26:47 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:40 2003 Subject: Samba TNG PDC stuff (please help!) References: <4.3.0.20000927175002.00a98460@michelog.med.uoc.gr> Message-ID: <39D28237.150EC6AD@xavier.sa.edu.au> greg wrote: > > Hi. I am running samba 2.6 TNG on my linux server. I use Windows 98 > workstations. I have nexus which includes windows NT administrative > tools. When I try to go in user manager, It loads the user list and I can > double click on a user and get their properties, but I cannot edit/add/del > a user. Please help me fix this, if it is possible. > Thanks -- Greg This is not really supported. It was working ages ago in a not-fit-for-human-consumption release. If you get it working, congratulations. ;-) Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From ircd at michelog.med.uoc.gr Thu Sep 28 02:27:18 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:40 2003 Subject: Suggestions & stuff Message-ID: <4.3.0.20000927222405.00a82320@michelog.med.uoc.gr> For future NT Domain releases (3.0 or whatever) you should really support nt administrative tools (event viewer, server manager, user mananger etc... Hopefully you can get it to work with nexus also. Another suggestion: Possibly make a samba program to logout windows user after a certain amount of time.. I once saw this winnt program/win98 program that would log a user out like saying " You have 5 minutes left before you are logged out of the system." Basically more windows administrative support would be awesome. Samba is a great project keep going ;-)) From fmartins at tj.rs.gov.br Tue Sep 26 17:42:58 2000 From: fmartins at tj.rs.gov.br (Fabiano Martins) Date: Tue Dec 2 02:31:40 2003 Subject: Reusing SID Message-ID: <39D0E022.C4920BBA@tj.rs.gov.br> I have a machine with dual boot: - WinNT 4, SP 6 - FreeBSD 4.1, SAMBA 2.0.7 My NT installation works on a WinNT domain "DOMAIN", with the name "NAME" and some shared resources (files and printer). I?d like to use the same identification on the FreeBSD boot, so i don't need to change configurations on the others that access this machine. I saw a lot of documentation about adding a SAMBA machine on a NT Domain, but I need reuse the SID of my NT installation... I got the NT SID on registry and put it on MACHINE.SID, but it didn?t work... Thanks in advance []?s Fabiano Martins fmartins@tj.rs.gov.br From kellermg at potsdam.edu Thu Sep 28 00:26:13 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:31:40 2003 Subject: statement of objectives References: <39D21A3D.81815499@valinux.com> Message-ID: <39D29025.37D3B049@potsdam.edu> Gerald Carter wrote: > > Folks, > > This is just a quick note to fill everyone in. I am working > on a TODO list for volunteers. I have seen this work well > with the OpenLDAP project and think that a periodic posting > will help to encourage those who wish to donate time and effort. > > It will take me some time to pull this together. I will > hopefully have something posted by Friday. However, I will > coordinate this on samba-technical. I will post an initial list > here as well as some periodic updates. > > I have no idea if this system will work, but am going to > try it. If it doesn't, then we'll try something else. :-) Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! THANK YOU! Yes! Yes! Yes! Yes!Yes! Yes! Yes! Yes!Yes! Yes! Yes! Yes! -- Matthew Keller WebMaster & Lead Programmer/Analyst Distributed Computing/Telemedia Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ Webcam: http://webcam.mattwork.potsdam.edu:85/ From anders at cwd.no Thu Sep 28 01:25:21 2000 From: anders at cwd.no (Anders Thorsen) Date: Tue Dec 2 02:31:41 2003 Subject: Reusing SID Message-ID: There is three things which identifies a machine in an WinNT Domain: - Machine Name - Machine SID - Password The last one makes it IMPOSSIBLE to do what you want to, i.e. if you managed to give your samba-workstation the password, so that it could log in, the NT machine would eventually change it so that it could no longer log in. Or vice verce. The easiest way to go about this is naming the machine / OS: TEST-NT TEST-BSD TEST-LINUX -----Anders Fabiano Martins Sent by: samba-ntdom-admin@us4.samba.org 09/26/2000 12:12 PM To: samba-ntdom@us4.samba.org cc: Subject: Reusing SID I have a machine with dual boot: - WinNT 4, SP 6 - FreeBSD 4.1, SAMBA 2.0.7 My NT installation works on a WinNT domain "DOMAIN", with the name "NAME" and some shared resources (files and printer). I?d like to use the same identification on the FreeBSD boot, so i don't need to change configurations on the others that access this machine. I saw a lot of documentation about adding a SAMBA machine on a NT Domain, but I need reuse the SID of my NT installation... I got the NT SID on registry and put it on MACHINE.SID, but it didn?t work... Thanks in advance []?s Fabiano Martins fmartins@tj.rs.gov.br -------------- next part -------------- HTML attachment scrubbed and removed From gcarter at valinux.com Thu Sep 28 03:13:42 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:41 2003 Subject: How should I get the W2k support in a production environment? References: Message-ID: <39D2B766.2407A990@valinux.com> Markus Reimer wrote: > > Should I try to port samba-tng to aix (wich now > doesn't compile) and use it in a > production environment? No. Help get the necessary code in the HEAD branch. > Should I try to port part's of samba-tng into samba-head? Yes. See above. > Should I convert the userdatabase to ldap using > NDS and have W2k servers as PDC/BDC/ActiveDirectory > servers? NDS is very expenseive (at least the quotes for Solaris version). > Should I use NT4 servers as PDC/BDC's accessing > the NIS database using some sort of NIS client? Not aware of any versions of this. Not for adding an LSA at least. Do you know of one. > The timeframe for this is that I will have to > implement the correct solution during october... Eww...ummm...porting the code to HEAD would be my choice. But then that's pretty obvious. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From rtanner at linfield.edu Thu Sep 28 04:38:33 2000 From: rtanner at linfield.edu (Rob Tanner) Date: Tue Dec 2 02:31:41 2003 Subject: Question of printing from Linux to an NT share Message-ID: <74100000.970115913@cheshire.onlinemac.com> First, thanks to all who helped me through problems establishing a machine account for the Samba server on the NT PDC -- works now! In our public access student labs we have put in place a printing chargeback to both get control of paper and toner costs and discourage heavy abusers. Just so you know were not meanies, after collecting some of our own stats and also querying like colleges doing the same thing, we've come up with a high enough free allottment that most students will never cross into the nickel a page zone. Anyway, that leads me to a different problem I'm hoping Samba can help me solve. Computer Science is finally making more use of Linux than NT in their programming classes. The machines are all dual-boot because the rest of the time the labs are general purpose labs. The chargeback mechanism is an NT utility called Pcounter that tracks printer use and counts pages (actually queries the printer for page counts -- which means it's pretty acurate). But how do I get the Linux machines to print through that mechanism? I've looked at both smbspool and smbclient as options, but in order to use either tool I need access to the plaintext version of the users password. I could keep a file of plaintext passwords, but even with root protection, that's a VERY bad practice. What would be perfect is to have the user log into the NT network when he logs into Linux just as he/she would do when logging into an NT. Are there any packages that do that? Or does anybody have other suuggestions? I'm rather new at getting things to move from Linux/Unix to NT so I'm stumped? Thanks, Rob _ _ _ _ _ _ _ _ _ _ /\_\_\_\_\ /\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_/ /\/_/ /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner UNIX and Networks Manager Linfield College, McMinnville OR (503) 434-2558 From gcarter at valinux.com Thu Sep 28 04:14:16 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:41 2003 Subject: TNG / Development / Helping Out References: Message-ID: <39D2C598.EEBAB669@valinux.com> Jonathan Graham wrote: > > Is this "project leader" something you're looking > for? I'm a technical lead at my company, so although > I still code (and I'm a dem fine coder too. :) ) I also > am the PL for my team. I've been wanting to get involved > in the SAMBA project for a while now (Luke had me > working on smbtorture for a little bit) but I > knowing very little about the CIFS RPC system was > a bit of a problem. So although I didn't think I had > the time to grapple with the RPC learning curve > it's likely that I can help as a co-ordinator. > > If you think this would be helpful. Let me know. Samba > has been a great help in maintaining my network at > home. I'd be happy to put something back into the community. Thanks Jonathan. I'll keep that in mind. Right now, my gut feeling is that TODO list coordinator will need to be tied very closely with the day to day development work in order to be aware of what needs to be done. I could be wrong of course (that would be nice). I think I need to get the ball rolling before I decide. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Thu Sep 28 04:51:35 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:41 2003 Subject: HOWTO: get familar with the Samba source code Message-ID: <39D2CE57.C42D855@valinux.com> FYI.... for anyone interested in getting up to speed with SMB/CIFS, NetBIOS, MS-RPC, etc... Here's some links to help out. I will add this to the FAQ. * Which branch should I be looking at? Look at TNG for specific RPC implementations. However, enhancements should be coded for HEAD. For more information on getting Samba source code via CVS, see http://us4.samba.org/cvs.html * How can I learn more about CIFS, MS-RPC, Samba internals, etc... o get a copy of MS network monitor (legally). Even the one with the NT server is ok. We can convert tcpdump format to CAP format). This is the best network sniffer for decoding SMB/MS-RPC. Ethereal (www.zing.org) has some code for parsing SMB/NetBIOS and I think Andrew and Tim are adding some MS-RPC support in it. o See the docs at ftp://ftp.microsoft.com/developr/drg/CIFS/ http://www.cb1.com/~lkcl/ntdom/ o get a copy of Luke's book with New Riders Publishing "DCE/RPC over SMB: Samba and Windows NT Domain Internals" or something like that. o get a symbolic debugger (gdb, ddd, ups, etc...) and step through the smbd source code as it is running in response to a SMB call (or RPC) that you are interested in. o The MSDN site (msdn.microsoft.com) is pretty good as well if you know what you are looking for My personal preference is for a debugger alongside the protocol specs and a netmon session. :-) * Which editor should I use? As far as what editor to use, it is your preference. Obviously is needs to be one that doesn't much up formatting automatically (just to help you out). :-) I use RedHat's Source Navigator which does generate **huge** cross reference databases but let's you get around in the code fairly well. See http://sources.redhat.com/sourcenav/ for a download link. Of course, vi and grep will get you there too. :-) Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From sharpe at ns.aus.com Wed Sep 27 16:47:59 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:31:41 2003 Subject: HOWTO: get familar with the Samba source code In-Reply-To: <39D2CE57.C42D855@valinux.com> Message-ID: <3.0.6.32.20000928014759.00a64950@203.16.214.248> At 11:51 PM 9/27/00 -0500, Gerald Carter wrote: > o get a copy of MS network monitor (legally). Even the > one with the NT server is ok. We can convert > tcpdump format to CAP format). This is the best > network sniffer for decoding SMB/MS-RPC. > Ethereal (www.zing.org) has some code for > parsing SMB/NetBIOS and I think Andrew and Tim > are adding some MS-RPC support in it. Hmmm, in what ways is NetMon better than Ethereal? I want to make Ethereal the best available :-) The version of NetMon I have does not do MSRPC ... Which version does? Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From tpot at linuxcare.com.au Thu Sep 28 06:29:52 2000 From: tpot at linuxcare.com.au (Tim Potter) Date: Tue Dec 2 02:31:41 2003 Subject: HOWTO: get familar with the Samba source code In-Reply-To: <3.0.6.32.20000928014759.00a64950@203.16.214.248> References: <39D2CE57.C42D855@valinux.com> <3.0.6.32.20000928014759.00a64950@203.16.214.248> Message-ID: <14802.58720.437039.221104@gargle.gargle.HOWL> Richard Sharpe writes: > At 11:51 PM 9/27/00 -0500, Gerald Carter wrote: > > o get a copy of MS network monitor (legally). Even the > > one with the NT server is ok. We can convert > > tcpdump format to CAP format). This is the best > > network sniffer for decoding SMB/MS-RPC. > > Ethereal (www.zing.org) has some code for > > parsing SMB/NetBIOS and I think Andrew and Tim > > are adding some MS-RPC support in it. > > Hmmm, in what ways is NetMon better than Ethereal? I want to make Ethereal > the best available :-) > > The version of NetMon I have does not do MSRPC ... Which version does? The netmon that comes with NT4 decodes some parts of some pipes - the \lsarpc pipe seems to be the most fully implemented one. Luke managed to obtain a copy of netmon that decodes a bit more but it is still far from complete. Tim. From jacksonm at ssh.com Thu Sep 28 07:07:42 2000 From: jacksonm at ssh.com (Mike Jackson) Date: Tue Dec 2 02:31:41 2003 Subject: Is there a Samba LDAP mailing list? In-Reply-To: <39D0E703.FC0A3D62@grainsystems.com> References: <70737.200009261736@olib> <39D0E703.FC0A3D62@grainsystems.com> Message-ID: <0009281010470E.32671@herkkusieni.hel.fi.ssh.com> Hello, I am curious as to whether there is a mailing list specifically dealing with Samba LDAP? If not, are there enough interested people to start one? This LDAP integration is VERY important IMHO. It is the last step in implementing a single account creation system in a mixed environment of unix,windows,apache,squid servers and workstations. Thanks, Mike From sasha at acmep.ustu.ru Thu Sep 28 07:39:47 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:41 2003 Subject: Mapping NT groups to Unix groups References: <20000928003404.CF8F69F0BA@us4.samba.org> Message-ID: <39D2F59B.7B629DF7@acmep.ustu.ru> Hello, Rod! 2.0.7 doesn't support NT Domain. Use TNG-2.6 - this the best thing I've seen. In TNG mapping works fine. -- Alexander Pazdnikov From rszczesniak at mis.com.pl Thu Sep 28 10:17:42 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:41 2003 Subject: Odp: smbclient -> amount of free disk space incorrect Message-ID: Emmanuel Flachaire 00-09-27 19:14 Do: "Rafa? Szcze?niak" DW: samba-ntdom@us4.samba.org Temat: Odp: smbclient -> amount of free disk space incorrect >>Linux: ~ > smbclient //SERVER/printer1 >>added interface ip=198.149.153.40 bcast=198.149.159.255 nmask=255.255.248.0 >>Got a positive name query response from 198.149.199.221 ( 198.149.153.51 ) >>Domain=[TOTO] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] >>smb: \> dir >>ERRDOS - ERRnoaccess (Access denied.) listing \* >> >> 0 blocks of size 0. 0 blocks available >>smb: \> > What do you expect to achieve, by typing such command in printer share? > Rafa I cannot print. So, I am diagnosing my samba server with the list of tests proposed by Andrew Tridgell and detailed in the documentation of samba on my Debian/Linux computer (file /usr/doc/samba/DIAGNOSIS.txt.gz). In this documentation, Test 7 recommends to run the command smbclient //BIGSERVER/TMP and says : <), you should especially check that the amount of free disk space shown is correct when you type "dir">>. That is what I do. Emmanuel Yes, but this make sense in disk share, as opposed to printer. I would suggest to replace lpr/lpq/lprm params in smb.conf with commands like this: echo "Attempt to use lpr command to do a new print job" or echo "Attempt to use lpr command to do a new print job" >> logfile and then watch your console/logfile. If printing at smb-level works you'll notice some messages. Rafa? From rszczesniak at mis.com.pl Thu Sep 28 10:28:42 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:41 2003 Subject: Odp: Mapping NT groups to Unix groups Message-ID: In Samba 2.0.7 map files are not implemented. These only works in Samba HEAD or Samba TNG Rafa? "Rod Sanborn" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-27 21:15 Do: DW: Temat: Mapping NT groups to Unix groups Hello, I am trying to map NT groups to Unix groups via the username map file so that I can grant access to Samba shares simply by adding users to an group on the NT side. On the Unix side, the group has permissions to the directory, but the user has not been added to the actual Unix group. I am having trouble getting this to work and the documentation seems to be giving me conflicting information. I first looked in the O'Reilly book "Using Samba" that came with the distribution. In section 6.2.3.1 "username map" it says: "You can also map NT groups to one or more specific Unix groups using the @ sign." In the HTML documentation, it says something completely different. In the section on "username map" it says: The list of usernames on the right may contain names of the form @group in which case they will match any UNIX username in that group". Further down it continues: "Or to map anyone in the UNIX group "system" to the UNIX name "sys" you would use: sys = @system Has anybody else gotten this to work or is there somebody savy enough with the internals to know which documentation is correct? I would really appreciate any help. I am using an SGI (Irix 6.5.5) with Samba 2.0.7. My NT clients are on an NT domain, so I am using domain security. Rod Sanborn rsanborn@ew.edwards.af.mil From rszczesniak at mis.com.pl Thu Sep 28 10:40:35 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:41 2003 Subject: Odp: Re: I will pay for getting SAMBA going Message-ID: Richard Sharpe 00-09-27 15:28 Do: Rafa? Szcze?niak , Diran Afarian DW: samba-ntdom@us4.samba.org Temat: Re: I will pay for getting SAMBA going At 06:46 PM 9/27/00 +0200, =?iso-8859-2?q?Rafa=B3_Szcze=B6niak?= wrote: >1. Is that Samba the PDC for your NT workstation ? > >2. "Now I can see the hard Drive in my NetworkNeighborhood but I >cannot log in." - you mean you can browse Cobalt's shares, but >you can't connect to them ? This seems unlikely, because to browse a share from Windows requires that you actually connect to them, while simply browsing the server to see the shares does not require a connection to the individual shares, only the hidden IPC$ share. (Samba treats that share specially!) That's exactly what I mean in my question. Sorry, I've described this incorrectly. >Rafa? > > > > > >Diran Afarian >Wys?ane przez: samba-ntdom-admin@us4.samba.org >00-09-27 18:28 > > > Do: samba-ntdom@samba.org > DW: > Temat: I will pay for getting SAMBA going > > > > > >I will pay if someone can get samba going where I can see our >(Linux/Apache) Cobalt server's Hard Drive and access it from our NT on the > >same network. Now I can see the hard Drive in my NetworkNeighborhood but I > >cannot log in. > >If anyone can help me get that going I will gladly pay for the service. > >Thank you, >Diran Afarian >(626)796-3100 > > > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From rszczesniak at mis.com.pl Thu Sep 28 10:24:43 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:41 2003 Subject: Odp: Re: smbclient -> amount of free disk space incorrect Message-ID: "James W. Beauchamp" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-27 22:34 Do: "Emmanuel Flachaire" , DW: Temat: Re: smbclient -> amount of free disk space incorrect Emmanuel: I don't think that command makes any sense for a printer share, only for a proper disk share. I'm not sure what the printer configuration tool is under Debian (I use RedHat). It is printtool under RedHat which requires X. I would think there is a similar tool for Debian. Yes, it is. Invoke this tool and configure your printer as a remote SMB printer. Hope this helps ;) James From rszczesniak at mis.com.pl Thu Sep 28 10:51:19 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:41 2003 Subject: Odp: Is there a Samba LDAP mailing list? Message-ID: Mike Jackson Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-28 09:07 Do: samba-ntdom@samba.org DW: Temat: Is there a Samba LDAP mailing list? Hello, I am curious as to whether there is a mailing list specifically dealing with Samba LDAP? If not, are there enough interested people to start one? Yes, I think there are many (including me), but I don't know if there's need to start another list. Rafa? This LDAP integration is VERY important IMHO. It is the last step in implementing a single account creation system in a mixed environment of unix,windows,apache,squid servers and workstations. Thanks, Mike From seyad at jet.es Thu Sep 28 11:23:00 2000 From: seyad at jet.es (Elsa Nwanry) Date: Tue Dec 2 02:31:41 2003 Subject: Unable to download TNG branch via CVS web Message-ID: <003501c0293e$76b294a0$0100a8c0@lagranada.es> I need help since I'm unable to recognice the source code (an branch) using CVS web pages I must say that my Unix box isn't conected to Internet so I can't use rsync. Thanks! Elsa Nwanry From ralvare0 at rosario.gov.ar Thu Sep 28 11:50:18 2000 From: ralvare0 at rosario.gov.ar (ralvare0@rosario.gov.ar) Date: Tue Dec 2 02:31:41 2003 Subject: NT/Samba-NIS Message-ID: <0325695E.006F8A9E.00@ln01.rosario.gov.ar> I?m receiving lot of messages from that group and I?m not a samba user. I don?t know how my e-mail address was join to this group, but is not the kind of information that I need in my job. So I ask to the manager of the group, please explain me the way of getting of my adress from the group because I?m receiving more than eighty mais a day and is difficult to select that one I really nead. This a good oportunity to say you Thanks. Ra?l Alvarez Argentina. ---------------------- Remitido por Raul Alvarez con fecha 18/09/2000 05:14 PM --------------------------- Geoff Silver con fecha 18/09/2000 05:02:34 PM Destinatarios: samba-ntdom@us4.samba.org CC: (cci: Raul Alvarez) Asunto: NT/Samba-NIS -------------- next part -------------- Greetings, I've spent several days going though the list archives, online Samba docs, e-mailing LUGs, and searching Google, and I've come to a sticking point. I'm not a member of this list, but this seemed like the perfect place for this question, since no one else has been able to offer much help. If anyone can help and would be kind enough to include my address in any group replies, that would be extremely appreciated. Here's my scenario: I work for a communications company of about 6000 people near Washington, D.C., USA. In order to save money and move the company away from Windows, I'm working on migrating the file and print servers in the company from NT to Linux & Samba. I've already proven that printing can be done (although the help desk isn't thrilled about visiting workstations to install NT workstation print drivers, they have agreed to do it until Samba 2.2 is released in final). The problem we're encountering is with our file servers. While the Linux servers don't need to allow logins, they do need account information so that we can create home directories and set permissions. I'm leaning towards running an NIS domain parallel to the NT domain. Since Samba will do the authentication off the domain controllers, the NIS domain will just be a centralized user/group mechanism. The problem is how to keep them in sync. I've considered using Jeremy's pwdump.exe to dump the user accounts on the PDC, and then scripting the NT 'net group /DOMAIN' command to get all the groups, and the 'net group /DOMAIN' to get all the users in each group. If I wrap the entire mess in a Perl script, I could dump it to a text file, then SMB-mount a share on the NIS master, copy the file over, and unmount the share. If I did this every 15 or so minutes, then I could set a cron job to run every minute, looking for a new file in the share. If the file exists, I could kick off a cron job to add/delete/modify users/groups based on the differences. The major downsides to this are that a) the database could be 15 or 20 minutes out of date, b) this could put a significant load on the PDC, c) the NT admins probably won't like me installing Perl on their production PDC, and d) I'll have to write all sorts of Perl scripts to do this. I've had a couple other ideas, but I'm not sure if they're even possible (or any better). I had considered making the NIS master a Samba BDC to the NT domain. In that case, there might not be a need for a file transfer, since the BDC and NIS master are one-and-the-same. But, how stable is the BDC code, and how does the Samba BDC store all the account information? Is it in a text file that I can easily script Perl to make changes? or is it in a database format that will be difficult to work with? Again, stability on the BDC side is very important, because the future of Linux in our company depends on us producing a stable, cheaper solution than NT. If the Samba BDC code is unstable, and needs to be restarted frequently (or corrupts the database, etc), then its certainly not going to work. Is this evena viable solution? I had also read some stuff in the archives about WinBind, but I'm not sure what state that is in. If I had a plug-in that would talk with the NT domain controllers for user/group names, I wouldn't need to run NIS, since Samba can already authenticate. I'd certainly appreciate any help anyone can offer. Of course, we're trying to integrate this into a production network, so the solution has to be stable and (hopefully) easy to maintain. Running Samba as the PDC (or trying to use /etc/smbpasswd for authentication) isn't an option. Again, please e-mail me seperately, or include my address in any replies. Thanks for your time and assistance! -- Geoff Silver Systems Architect, WinStar Communications gsilver@winstar.com (703) 889-1053 From Robert.Wieczorek at Telelogic.de Thu Sep 28 12:20:53 2000 From: Robert.Wieczorek at Telelogic.de (Robert Wieczorek) Date: Tue Dec 2 02:31:41 2003 Subject: win2000 + unix Message-ID: hi, at winnt 4.0 i have to make an entry in the registry to connect server at the unix-site. should i have anything in the same way at win2000? robert -------------- next part -------------- HTML attachment scrubbed and removed From rszczesniak at mis.com.pl Thu Sep 28 12:46:46 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:41 2003 Subject: Odp: win2000 + unix Message-ID: What registry entry ? Rafa? Robert Wieczorek Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-28 14:20 Do: "'samba-ntdom@lists.samba.org'" DW: Temat: win2000 + unix hi, at winnt 4.0 i have to make an entry in the registry to connect server at the unix-site. should i have anything in the same way at win2000? robert From Jonathan.W.Miner at lmco.com Thu Sep 28 12:55:18 2000 From: Jonathan.W.Miner at lmco.com (JONATHAN W MINER) Date: Tue Dec 2 02:31:41 2003 Subject: Weird Log entries References: <001f01c028d7$be3b2240$1d01a8c0@internal.net> <39D264C1.53B133E0@lmco.com> <006b01c028e6$f362c720$1d01a8c0@internal.net> Message-ID: <39D33FB6.8034D34@lmco.com> Are the messages that you are seeing on the console being logged in any of the other log file? You may want to look at the syslog.conf file to determine what classes of messages are being logged to the console. Another possibility is that these messages are being printed to the standard output or standard error of the "smbd" process. You might try starting smbd is this manner: sh# smbd -D > /tmp/smbd.stout.log 2> /tmp/smbd.stderr.log Hopefully someone else on the list will recognize these errors and suggest a way to fix the problem that is causing the messages. :-) "James W. Beauchamp" wrote: > > Jonathan: > I looked and /var/log/messages is there as well as log.nmb and log.smb. > > James > > ----- Original Message ----- > From: "JONATHAN W MINER" > To: "James W. Beauchamp" > Sent: Wednesday, September 27, 2000 2:21 PM > Subject: Re: Weird Log entries > > > James - > > > > My first guess would be that you don't have one of the log files > > defined, and the default is to log to the console... > > > > "James W. Beauchamp" wrote: > > > > > > Hi all: > > > I have RH Linux 6.2 running samba 2.0.7 and acting as a domain > controller > > > for winnt and MS95/98 users (10 total). > > > > > > I have noticed that when my console sits inactive at the login prompt > for > > > awhile (I don't know how long - I haven't tried to time it) I get the > > > following messages sort of written over top of the login prompt: > > > > > > smb_get_length: recv error=5 > > > smb_request: result -5, setting invalid > > > smb_retry: new PID=process number here, generation=5 > > > > > > In trying to find out what this is I have the following things repeated > in > > > my log.smb and log.nmb > > > > > > Gethostbyaddr failed for x.x.x.x (this repeats for all ip's assigned) > > > > > > in log.nmb > > > process_logon_packet: Logon from x.x.x.x code=0x7 > > > where x.x.x.x is an NT4 workstation, but it appears for all ip's. > > > > > > If it helps, all ip's are assigned by DHCP > > > > > > In spite of this, all seems to work o.k. Any ideas what this could be? > I > > > know it can't be right, but I am stumped. > > > > > > TIA > > > > > > James > > > > > > "If you ain't the lead dog, the scenery never changes" > > > > -- > > Jonathan Miner - Lockheed Martin EIS/SAI > > LM-Xpress: jonathan.w.miner@lmco.com > > Phone: 603 885 UNIX - Fax: 603 885 3850 > > USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 > > -- Jonathan Miner - Lockheed Martin EIS/SAI LM-Xpress: jonathan.w.miner@lmco.com Phone: 603 885 UNIX - Fax: 603 885 3850 USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 From aarjona at banistmo.com Thu Sep 28 13:34:53 2000 From: aarjona at banistmo.com (Arjona, Ariel) Date: Tue Dec 2 02:31:41 2003 Subject: win2000 + unix Message-ID: <9B6B824220DBD311BF5A1000974B43B3223C6B@EXCH05001> Perhaps you're talking about making nt use plaintext passwords. A registry edit must take place to do that. However SAMBA can use encrypted passwords. You have to set encrypt passwords = yes in /etc/smb.conf. I guess you have to do the same if you're connecting with w2k clients. Also if you're using w2k maybe you should upgrade to 2.0.7 -- Ariel Arjona Webmaster aarjona@banistmo.com http://www.banistmo.com -----Original Message----- From: Robert Wieczorek [SMTP:Robert.Wieczorek@Telelogic.de] Sent: Thursday, September 28, 2000 7:21 AM To: 'samba-ntdom@lists.samba.org' Subject: win2000 + unix hi, at winnt 4.0 i have to make an entry in the registry to connect server at the unix-site. should i have anything in the same way at win2000? robert From Jim at Morris.net Thu Sep 28 13:36:12 2000 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:31:42 2003 Subject: Is there a Samba LDAP mailing list? In-Reply-To: <0009281010470E.32671@herkkusieni.hel.fi.ssh.com> References: <70737.200009261736@olib> <39D0E703.FC0A3D62@grainsystems.com> <0009281010470E.32671@herkkusieni.hel.fi.ssh.com> Message-ID: <13082263082.20000928083612@Morris.net> Hello Mike, Thursday, September 28, 2000, 2:07:42 AM, you wrote: MJ> I am curious as to whether there is a mailing list specifically dealing with MJ> Samba LDAP? If not, are there enough interested people to start one? This LDAP MJ> integration is VERY important IMHO. It is the last step in implementing a MJ> single account creation system in a mixed environment of MJ> unix,windows,apache,squid servers and workstations. There is not currently a mailing list devoted to Samba's LDAP integration capabilities. Most discussion of LDAP that I've seen in the past has happened on this (NTDOM) mailing list, for lack of a better forum. Do you have Samba working with an LDAP directory service? If so, what version of Samba are you currently running? Just curious... I've not had a version of Samba that worked with LDAP properly since the 1999/10/15 "MAIN" version that you can only get via CVS. I've not messed with it much since earlier in the year though... Best regards, Jim Morris mailto:Jim@Morris.net From wilson at sentrisystems.com Thu Sep 28 13:45:01 2000 From: wilson at sentrisystems.com (Brian Wilson) Date: Tue Dec 2 02:31:42 2003 Subject: How should I get the W2k support in a production environment? References: <39D2B766.2407A990@valinux.com> Message-ID: <003d01c02952$4cfd4e20$07fea8c0@SENTRIKEY.COM> > > > Should I use NT4 servers as PDC/BDC's accessing > > the NIS database using some sort of NIS client? > > Not aware of any versions of this. Not for adding > an LSA at least. Do you know of one. > You could try Microsoft's Windows Services for Unix. http://www.microsoft.com/windows2000/sfu/ It includes NIS->active directory, NFS, 2-way password syncing utils. I haven't used it yet, its on my todo list though. > > The timeframe for this is that I will have to > > implement the correct solution during october... > Since I need a win2k solutions right now, this looks to be one of my only choices. -- Brian Wilson wilson@sentrisystems.com Systems Administrator 919.239.5517 Sentrisystems.com, Inc. 2626 Glenwood Ave., Suite 265 http://sentrisystems.com Raleigh, North Carolina 27608 From jvonau at home.com Thu Sep 28 13:52:55 2000 From: jvonau at home.com (Jerry Vonau) Date: Tue Dec 2 02:31:42 2003 Subject: How to make Plain text password on W2000 server? References: <39D1FD60.5AC64310@geomath.fr> Message-ID: <39D34D37.3A238D0D@home.com> Open up Local Security Settings, then Securty Options, about 3/4 of the way down there is a setting for plain text passwords to 3rd party SMB servers, change it to enabled. I'm not sure if this enables plain text to be recieved. Jerry Vonau Alexandre Hoflack wrote: > Dear, > > as NT4 OS, I would like to "EnablePlainTextPassword" on Windows2000 > server, > Could you tell me which KEY in Registry (W2000) to do it > > Thx, alex > > -- > --------------------------------- > - alexandre.hoflack@geomath.fr - > - Administrateur Systeme - > --------------------------------- From aarjona at banistmo.com Thu Sep 28 13:54:24 2000 From: aarjona at banistmo.com (Arjona, Ariel) Date: Tue Dec 2 02:31:42 2003 Subject: Win2000Pro resources sought Message-ID: <9B6B824220DBD311BF5A1000974B43B3223C95@EXCH05001> I think the idea is excelent. -- Ariel Arjona Webmaster aarjona@banistmo.com http://www.banistmo.com -----Original Message----- From: Chip Mefford [SMTP:cmefford@avwashington.com] Sent: Thursday, September 28, 2000 6:08 AM To: samba@us4.samba.org Subject: Win2000Pro resources sought Good morning list; I was wondering if anyone has put up a page, or faq or some resource or another dealing with samba specifics related to Windows 2000 and Windows 2000 Pro. I know there are bits and pieces throughout the archives of this mailing list, but I was hoping they were getting compiled into the faq, but that doesn't seem to be the case, I thought perhaps there were getting archived somewhere else with that end in mind. Thanks in advance. chipper A witty saying proves nothing. -- Voltaire From jbeauchamp at gesinc.com Thu Sep 28 16:17:06 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:31:42 2003 Subject: Weird Log entries References: <001f01c028d7$be3b2240$1d01a8c0@internal.net> <39D264C1.53B133E0@lmco.com> <006b01c028e6$f362c720$1d01a8c0@internal.net> <39D33FB6.8034D34@lmco.com> Message-ID: <005801c02967$8fa501e0$1d01a8c0@internal.net> Jonathan: I did a search of /var/log/messages and was able to find the messages that appeared on the console in that location as well. I am still baffled by these things.... Thanks for your response.... I hope someone else can shed some light on this... James ----- Original Message ----- From: "JONATHAN W MINER" To: "James W. Beauchamp" Cc: Sent: Thursday, September 28, 2000 5:55 AM Subject: Re: Weird Log entries > Are the messages that you are seeing on the console being logged in any > of the other log file? You may want to look at the syslog.conf file to > determine what classes of messages are being logged to the console. > > Another possibility is that these messages are being printed to the > standard output or standard error of the "smbd" process. You might try > starting smbd is this manner: > > sh# smbd -D > /tmp/smbd.stout.log 2> /tmp/smbd.stderr.log > > Hopefully someone else on the list will recognize these errors and > suggest a way to fix the problem that is causing the messages. :-) > > "James W. Beauchamp" wrote: > > > > Jonathan: > > I looked and /var/log/messages is there as well as log.nmb and log.smb. > > > > James > > > > ----- Original Message ----- > > From: "JONATHAN W MINER" > > To: "James W. Beauchamp" > > Sent: Wednesday, September 27, 2000 2:21 PM > > Subject: Re: Weird Log entries > > > > > James - > > > > > > My first guess would be that you don't have one of the log files > > > defined, and the default is to log to the console... > > > > > > "James W. Beauchamp" wrote: > > > > > > > > Hi all: > > > > I have RH Linux 6.2 running samba 2.0.7 and acting as a domain > > controller > > > > for winnt and MS95/98 users (10 total). > > > > > > > > I have noticed that when my console sits inactive at the login prompt > > for > > > > awhile (I don't know how long - I haven't tried to time it) I get the > > > > following messages sort of written over top of the login prompt: > > > > > > > > smb_get_length: recv error=5 > > > > smb_request: result -5, setting invalid > > > > smb_retry: new PID=process number here, generation=5 > > > > > > > > In trying to find out what this is I have the following things repeated > > in > > > > my log.smb and log.nmb > > > > > > > > Gethostbyaddr failed for x.x.x.x (this repeats for all ip's assigned) > > > > > > > > in log.nmb > > > > process_logon_packet: Logon from x.x.x.x code=0x7 > > > > where x.x.x.x is an NT4 workstation, but it appears for all ip's. > > > > > > > > If it helps, all ip's are assigned by DHCP > > > > > > > > In spite of this, all seems to work o.k. Any ideas what this could be? > > I > > > > know it can't be right, but I am stumped. > > > > > > > > TIA > > > > > > > > James > > > > > > > > "If you ain't the lead dog, the scenery never changes" > > > > > > -- > > > Jonathan Miner - Lockheed Martin EIS/SAI > > > LM-Xpress: jonathan.w.miner@lmco.com > > > Phone: 603 885 UNIX - Fax: 603 885 3850 > > > USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 > > > > > -- > Jonathan Miner - Lockheed Martin EIS/SAI > LM-Xpress: jonathan.w.miner@lmco.com > Phone: 603 885 UNIX - Fax: 603 885 3850 > USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 > > From rszczesniak at mis.com.pl Thu Sep 28 14:02:08 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: AW: win2000 + unix Message-ID: Why don't you use encrypted passwords ??? It's much, much safer. But, if you essentially want to, here's what you probly asked for: REGEDIT4 ;Contributor: Herb Lewis (herb@sgi.com) ;Updated: 16 July 1999 ;Status: Current ; ;Subject: Registry file to enable plain text passwords in Windows 2000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters] "EnablePlainTextPassword"=dword:00000001 regards, Rafa? Robert Wieczorek 00-09-28 14:51 Do: "'Rafal Szczesniak'" DW: Temat: AW: win2000 + unix EnablePlainTextPassword (1) in HKey_Local_Maschine / System / CurrentCobtrollSet / Services / Rdr /Parameters thank you for this fast answer! Robert -----Urspr?ngliche Nachricht----- Von: Rafal Szczesniak [mailto:rszczesniak@mis.com.pl] Gesendet: Donnerstag, 28. September 2000 14:47 An: Robert Wieczorek Cc: samba-ntdom@us4.samba.org Betreff: Odp: win2000 + unix What registry entry ? Rafa? Robert Wieczorek Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-28 14:20 Do: "'samba-ntdom@lists.samba.org'" DW: Temat: win2000 + unix hi, at winnt 4.0 i have to make an entry in the registry to connect server at the unix-site. should i have anything in the same way at win2000? robert From davis at ooi.net Thu Sep 28 13:30:58 2000 From: davis at ooi.net (Eric Davis) Date: Tue Dec 2 02:31:42 2003 Subject: Changing Password from NT4 Workstation to Samba Message-ID: <39D34812.53D87DC0@ooi.net> I have an Origin200 running Samba 2.0.7 for Irix 6.5.7 and about 15 Windows NT Workstation's. I have about 20 users who need to be able to change their passwords on the samba server, but do not have access to the unix server directly. My problem is that the docs I have followed have not really helped me with the correct setup of samba to allow the NT Workstations to allow the users to change their passwords from the NT side. Any help would be greatly appreciated in figuring out. Thank you very much. -- Eric Davis System/Network Analyst Ohio Online Inc. 1621 Euclid Ave Suite424 Cleveland, OH 44115 http://www.ohioonline.net email: davis@ooi.net Phone: 800-403-0017, 216-522-1818 Pager: 216-388-1502 From timothy_d_cole at md.northgrum.com Thu Sep 28 14:47:49 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:42 2003 Subject: TNG-stable Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47161@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Tuesday, September 26, 2000 1:08 > To: Samba NT Domains Mailing List > Subject: Re: TNG-stable > > timothy cole. > > all of these peoples' efforts, through insatiably high standards, have > been rejected. i did not realise that i represent these people, and i am > sorry that i let you all down. > Well, no, actually my ACL stuff is still floating out there; I really didn't have time to continue work on it. Marc Jacobson picked it up for me, and he and Jeremy are currently massaging it for inclusion. My patch for fixing the silliness with the mode masks affecting changing permissions did go in, albeit with some changes that in retrospect I really dislike. As for the other small patch ... eh, I'm not really quite sure what happened with that. From rszczesniak at mis.com.pl Thu Sep 28 15:22:45 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: RE: Win2000Pro resources sought Message-ID: To be honest, I don't know how many of us connect win2k to Samba server, and how many winnt ? Rafa? "Arjona, Ariel" Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-28 15:54 Do: "Samba-Ntdom (E-mail)" DW: Temat: RE: Win2000Pro resources sought I think the idea is excelent. -- Ariel Arjona Webmaster aarjona@banistmo.com http://www.banistmo.com -----Original Message----- From: Chip Mefford [SMTP:cmefford@avwashington.com] Sent: Thursday, September 28, 2000 6:08 AM To: samba@us4.samba.org Subject: Win2000Pro resources sought Good morning list; I was wondering if anyone has put up a page, or faq or some resource or another dealing with samba specifics related to Windows 2000 and Windows 2000 Pro. I know there are bits and pieces throughout the archives of this mailing list, but I was hoping they were getting compiled into the faq, but that doesn't seem to be the case, I thought perhaps there were getting archived somewhere else with that end in mind. Thanks in advance. chipper A witty saying proves nothing. -- Voltaire From rszczesniak at mis.com.pl Thu Sep 28 15:25:23 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: RE: TNG-stable Message-ID: "Cole, Timothy D." Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-28 16:47 Do: "'Luke Kenneth Casson Leighton'" , Samba NT Domains Mailing List DW: Temat: RE: TNG-stable > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Tuesday, September 26, 2000 1:08 > To: Samba NT Domains Mailing List > Subject: Re: TNG-stable > > timothy cole. > > all of these peoples' efforts, through insatiably high standards, have > been rejected. i did not realise that i represent these people, and i am > sorry that i let you all down. > Well, no, actually my ACL stuff is still floating out there; I really didn't have time to continue work on it. Marc Jacobson picked it up for me, and he and Jeremy are currently massaging it for inclusion. BTW: What's the current status of ACL and where can i get it for tests ? Rafa? My patch for fixing the silliness with the mode masks affecting changing permissions did go in, albeit with some changes that in retrospect I really dislike. As for the other small patch ... eh, I'm not really quite sure what happened with that. From rszczesniak at mis.com.pl Thu Sep 28 15:45:09 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: Changing Password from NT4 Workstation to Samba Message-ID: Can you send your password command parameter from smb.conf. Did you already try to do this or you just starting ? Rafa? Eric Davis Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-28 15:30 Odpowiedz do davis Do: samba-ntdom@us4.samba.org DW: Temat: Changing Password from NT4 Workstation to Samba I have an Origin200 running Samba 2.0.7 for Irix 6.5.7 and about 15 Windows NT Workstation's. I have about 20 users who need to be able to change their passwords on the samba server, but do not have access to the unix server directly. My problem is that the docs I have followed have not really helped me with the correct setup of samba to allow the NT Workstations to allow the users to change their passwords from the NT side. Any help would be greatly appreciated in figuring out. Thank you very much. -- Eric Davis System/Network Analyst Ohio Online Inc. 1621 Euclid Ave Suite424 Cleveland, OH 44115 http://www.ohioonline.net email: davis@ooi.net Phone: 800-403-0017, 216-522-1818 Pager: 216-388-1502 From vorlon at netexpress.net Thu Sep 28 15:44:21 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: AW: win2000 + unix In-Reply-To: Message-ID: On Thu, 28 Sep 2000, [iso-8859-2] Rafa? Szcze?niak wrote: > Why don't you use encrypted passwords ??? > It's much, much safer. This is misleading. Using encrypted passwords is much safer *from network eavesdropping*. But like CHAP (one of Microsoft's other favorite protocols), it requires storing plaintext passwords (or their equivalent) on the server, making the server a much more valuable target for a cracker. If you offer other services that use plaintext password exchange, then storing plaintext-equivalent passwords on the server could weaken security rather than strengthening it. Steve Langasek postmodern programmer From rszczesniak at mis.com.pl Thu Sep 28 15:53:38 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: AW: win2000 + unix Message-ID: Steve Langasek 00-09-28 17:44 Do: Rafa? Szcze?niak DW: Robert Wieczorek , samba-ntdom@us4.samba.org Temat: Re: Odp: AW: win2000 + unix On Thu, 28 Sep 2000, [iso-8859-2] Rafa? Szcze?niak wrote: > Why don't you use encrypted passwords ??? > It's much, much safer. This is misleading. Using encrypted passwords is much safer *from network eavesdropping*. But like CHAP (one of Microsoft's other favorite protocols), it requires storing plaintext passwords (or their equivalent) on the server, Can you explain me then, where Samba stores plaintext passwords, when uses encrypted passwords on the wire ? Rafa? making the server a much more valuable target for a cracker. If you offer other services that use plaintext password exchange, then storing plaintext-equivalent passwords on the server could weaken security rather than strengthening it. Steve Langasek postmodern programmer From timothy_d_cole at md.northgrum.com Thu Sep 28 16:04:04 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:42 2003 Subject: TNG-stable Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47162@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Mike Brodbelt [SMTP:m.brodbelt@acu.ac.uk] > Sent: Tuesday, September 26, 2000 13:06 > To: Samba NT Domains Mailing List > Subject: Re: TNG-stable > > > The problem here is that people have come to EXPECT that you can plug > Samba > > in as a replacement for Win2k for file and print service. > > Then people are idiots. No such claim with regard to Win2k has ever been > mentioned. > Unfortunately, the expectation of the outside world (and as far as I can tell this is pretty much universal) is that Samba will be able to do precisely this, relatively soon. If it doesn't after a while, a lot of Unix and Samba installations are going away, by necessity. > > NOT TRUE if the machines on your network are not Win95/98 clients, or if > > My machines are NT clients. I have no problems with Samba due to this. > > > you use things that require Exchange! > > If you need Exchange, run it on an NT server. You can't run Exchange on > Un*x anyway, so what's the problem here? > The problem here is, simply put, that Windows services, including Exchange, are more or less a package deal. If there isn't some realistic expectation of eventually being to replace ALL services hosted on NT, including Exchange, then it's really not worth the extra pain of continuing to maintainin NT and Unix installations side-by-side. It's just not. The only good reason to keep Samba in such a case is to facilitate migration to NT while still being able to access file data on legacy Unix systems until such time as they are phased out. And that's really the only role Samba is any good for currently. It's not a suitable migration path to Unix for the majority of users, and, if you're correct, it never will be. This doesn't mean that Samba should worry about being an Exchange server itself, but it does mean that right now is a good time to be thinking about (and implementing!!!) the necessary hooks to allow things like a Unix Exchange replacement to play nicely with Samba. Keep in mind that because of the design of much Microsoft stuff, Samba happens to be sitting on a good portion of the functionality and managing many of the resources that a Unix Exchange implementation must share. In general, Samba development as of late (particularly the past 6 months) has been severely hampered by two aspects of the Samba development "culture": 1. the expectation that implementations should spring "fully formed from the head of Zeus" in their ideal form 2. a refusal to make forward-looking decisions, because the future hasn't happened yet This doesn't mean the development isn't getting done, and these statements, being generalizations, are not universally true. A lot of significant stuff is in HEAD. But it's been moving at a glacially slow pace. I will guarantee you that by the time Samba has a full NT4 domain implementation in a _stable_ mainline samba release, NT4 domains will no longer be relevent. We haven't even really started on Win2K domains, either, as far as I know. > > Why the Samba team just doesn't come out and SAY this, in plain english > on > > their web pages, and here on these lists, is left as an exercise for the > > reader. > > Anyone who has been reading the mailing lists should have no trouble > understanding where things stand. > That's true. It's been stated pretty clearly on the lists; I just think a lot of people (users) are in denial, because Samba is their "last, best hope". > Anyone who downloads the software has > all this explained should they bother to read the documentation. These > days, there is even an entire book provided in the docs. What more is > needed? Those who don't read it have no cause for complaint when they > fall upon their own false assumptions > All the docs say is that it isn't supported _yet_ (or did, last I looked, it's admittedly been a while). They certainly did create the impression that it soon will be, particularly with respect to advanced domain functionality, two years ago. The docs and web page were my first introduction to Samba development. > Those who use pre-alpha software > like TNG have no right to expect production level support for it from > the developers, who have better things to do than hand hold. > You're right; it's a stupid expectation, and it shouldn't have ever come to that. People are desparate, though, and mainline Samba hasn't been delivering. They have nowhere else to go. Whinging further about this is silly too, though. Policy is set, development IS getting done, and it'd be better if the rest of us went on with our lives. Sadly, idealists don't build bridges. From timothy_d_cole at md.northgrum.com Thu Sep 28 16:22:11 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:42 2003 Subject: this discussion reminds me... (Was: Re: TNG-stable) Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47163@xcgmd008.md.essd.northgrum.com> I have this odd recurring dream that we're all at a cocktail party, and the building is burning down. Luke is madly tying the tablecloths together to make a rope to lower out the window, while Jeremy is running up and down the hall looking for a telescoping aluminum ladder. A couple minutes later, Jeremy runs back into the room, announcing that he's found out there's a ladder in the custodial closet down the hall, and asks if anyone has the keys. Luke tells him to forget about it, he's nearly done with the tablecloths, but Jeremy insists that the keys are around here somewhere, and points out that the tablecloths are too short to reach the ground (we're three stories up). Luke insisted that he saw a ladder out on the grounds (near the maintainence shed) when he drove up, and that a five-foot drop wasn't so bad anyway. Jeremy insisted that they already had a ladder here, the tablecloth probably wouldn't be strong enough (Luke protested that we wouldn't know until we tried), they just needed to find the bloody keys, and why couldn't Luke help with that (apparently someone in the room was supposed to have the keys). Luke and Jeremy started screaming at each other; the room erupted into a huge argument. Luke finally threw down the tablecloths in disgust and jumped out the window. We never did find out if anyone had the keys, because the cheese wheel (now on the floor) came to life and started singing Barry Manilow tunes. From jacksonm at ssh.com Thu Sep 28 16:13:54 2000 From: jacksonm at ssh.com (Mike Jackson) Date: Tue Dec 2 02:31:42 2003 Subject: Is there a Samba LDAP mailing list? In-Reply-To: <13082263082.20000928083612@Morris.net> References: <70737.200009261736@olib> <0009281010470E.32671@herkkusieni.hel.fi.ssh.com> <13082263082.20000928083612@Morris.net> Message-ID: <0009281929440I.32671@herkkusieni.hel.fi.ssh.com> On Thu, 28 Sep 2000, Jim Morris wrote: > Hello Mike, > Do you have Samba working with an LDAP directory service? If so, what > version of Samba are you currently running? Just curious... I've not > had a version of Samba that worked with LDAP properly since the > 1999/10/15 "MAIN" version that you can only get via CVS. I've not > messed with it much since earlier in the year though... Jim, I don't have it working, nor have I ever had it working despite various attempts mostly related to compiling on solaris. I currently have the rest of my services working with LDAP, such as intranet smtp mail routing to various mail servers, imap authentication, linux workstation logins, and apache authentication. Samba is the final piece, but I can't put a non-stable release into a production environment unless I can get some detailed examples and conversation with others who are working with the same issues. Maybe if there are enough interested people, we can get some sort of discussions going. When Samba PDC LDAP arrives, you will see an explosion of the number of Samba servers in corporate IT server rooms. This will be the thing that will allow companies to avoid win2k's active directory and all of it's proprietary schemas, licensing fees, etc. I am just itching to get about 10 of these systems into production. Mike From m.brodbelt at acu.ac.uk Thu Sep 28 15:53:26 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:42 2003 Subject: PDC support [was Re: Future/end of TNG] References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925153133.A18833@Denninger.net> <39CFBEC7.887A5F47@valinux.com> <39CFC6E0.B2DF024A@webmethods.com> <39D2183A.90C55850@valinux.com> Message-ID: <39D36976.7AEBE6A1@acu.ac.uk> Gerald Carter wrote: > We know it is important. The complexity of it > makes it slow going. I cannot say a time (as > Jeremy has mentioned), but rest assured it is not > an "if it happens" kind of thing. > > Right now, PDC support is slated for 3.0. Andrew > somewhat optimisticly is planning for a Q12001 release > of 3.0. Given the complexity of the 2.2.0 release > and how long that took, who knows? That's the first time I've seen 2.2.0 mentioned in the past tense..... Is there any word on when the release of 2.2.0 might be expected. I'm sure I'm just one of many who can't wait to get my hands on true NT spoolss support. Thanks, Mike. From bgmilne at ing.sun.ac.za Thu Sep 28 16:28:40 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:42 2003 Subject: Reusing SID References: Message-ID: <39D371B8.139AB41E@ing.sun.ac.za> Would it be possible to give the machine an alias ? Then it would connect to the domain as the Machine-OS account, but also be visible on the network on the Machine-only account ? I will probably be trying this quite soon myself. Buchan Anders Thorsen wrote: > > There is three things which identifies a machine in an WinNT Domain: > > - Machine Name > - Machine SID > - Password > > The last one makes it IMPOSSIBLE to do what you want to, i.e. if you > managed to give your samba-workstation the password, > so that it could log in, the NT machine would eventually change it so > that it could no longer log in. Or vice verce. > > The easiest way to go about this is naming the machine / OS: > TEST-NT > TEST-BSD > TEST-LINUX > > -----Anders > > Fabiano Martins > To: > Sent by: samba-ntdom@us4.samba.org > samba-ntdom-admin@us4.samba.org cc: > Subject: Reusing > 09/26/2000 12:12 PM SID > > I have a machine with dual boot: > - WinNT 4, SP 6 > - FreeBSD 4.1, SAMBA 2.0.7 > > My NT installation works on a WinNT domain "DOMAIN", with the name > "NAME" and some shared resources (files and printer). > > I?d like to use the same identification on the FreeBSD boot, so i > don't > need to change configurations on the others that access this machine. > > I saw a lot of documentation about adding a SAMBA machine on a NT > Domain, > but I need reuse the SID of my NT installation... I got the NT SID on > registry and put it on MACHINE.SID, but it didn?t work... > > Thanks in advance > > []?s > Fabiano Martins > fmartins@tj.rs.gov.br -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From Jim at Morris.net Thu Sep 28 16:42:25 2000 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:31:42 2003 Subject: Is there a Samba LDAP mailing list? In-Reply-To: <0009281929440I.32671@herkkusieni.hel.fi.ssh.com> References: <70737.200009261736@olib> <0009281010470E.32671@herkkusieni.hel.fi.ssh.com> <13082263082.20000928083612@Morris.net> <0009281929440I.32671@herkkusieni.hel.fi.ssh.com> Message-ID: <9782390311.20000928114225@Morris.net> Hello Mike, Thursday, September 28, 2000, 11:13:54 AM, you wrote: MJ> I don't have it working, nor have I ever had it working despite MJ> various attempts mostly related to compiling on solaris. I currently have the MJ> rest of my services working with LDAP, such as intranet smtp mail routing to MJ> various mail servers, imap authentication, linux workstation logins, and apache MJ> authentication. Samba is the final piece, but I can't put a non-stable release MJ> into a production environment unless I can get some detailed examples and MJ> conversation with others who are working with the same issues. I've got the last "stable" version I know of that works with LDAP available for anonymous ftp on my home server, if you are interested in trying to compile it: ftp://jmorris.dynip.com/pub/samba-main-19991015.tar.gz I've also got a copy of OpenLDAP there, along with the OpenLDAP configuration files I used, and some schema examples. Shameless plug: there is a chapter written by yours truly on this subject in the recently published book "Special Edition: Using Samba" by Que. For the purposes of the book, I found that TNG was unusable and too unstable. The samba "main" version from 10/15/1999 was about the most stable that was fairly close in functionality to Samba 2.0.6 (current Samba release when I was working on the book), and that had working LDAP support. The LDAP schema used by Samba *TNG* changed a good bit after the release of Windows 2000 earlier this year - the book doesn't really cover that, as the text was written back in January-February. I had it all working with NT4 and Win95/98 clients at the time I was working on it though... MJ> Maybe if there are enough interested people, we can get some sort of MJ> discussions going. When Samba PDC LDAP arrives, you will see an explosion of MJ> the number of Samba servers in corporate IT server rooms. This will be the MJ> thing that will allow companies to avoid win2k's active directory and all of MJ> it's proprietary schemas, licensing fees, etc. I am just itching to get about MJ> 10 of these systems into production. I would love to see it myself, as I am getting seriously tired of managing accounts on multiple Samba servers in multiple facilities... -- Best regards, Jim mailto:Jim@Morris.net From bgmilne at ing.sun.ac.za Thu Sep 28 16:43:37 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:42 2003 Subject: Changing Password from NT4 Workstation to Samba References: <39D34812.53D87DC0@ooi.net> Message-ID: <39D37539.7424100E@ing.sun.ac.za> If the client only access the samba services, or if they don't mind having to manually sync their unix password and samba/windows password, why not turn samba into a PDC ? This will allow them to change their samba password from NT by pressing CTRL-ALT-DEL and choosing "Change Passowrd" Buchan (Running samba 2.0.7 as a PDC for about 35 NT clients and 50 users) Eric Davis wrote: > > I have an Origin200 running Samba 2.0.7 for Irix 6.5.7 and about > 15 Windows NT Workstation's. I have about 20 users who need to > be able to change their passwords on the samba server, but do not > have access to the unix server directly. My problem is that the > docs I have followed have not really helped me with the correct > setup of samba to allow the NT Workstations to allow the users > to change their passwords from the NT side. Any help would be > greatly appreciated in figuring out. Thank you very much. > > -- > Eric Davis > System/Network Analyst > Ohio Online Inc. > 1621 Euclid Ave > Suite424 > Cleveland, OH 44115 > http://www.ohioonline.net > email: davis@ooi.net > > Phone: 800-403-0017, 216-522-1818 > Pager: 216-388-1502 -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From jeremy at valinux.com Thu Sep 28 17:09:22 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:42 2003 Subject: PDC support [was Re: Future/end of TNG] References: <20000925203638.A14972@baerbel.mug.maschinenbau.tu-darmstadt.de> <00ac01c02724$578f2a00$07fea8c0@bubbastop> <39CFAA3B.5F040326@weiinc.com> <20000925153133.A18833@Denninger.net> <39CFBEC7.887A5F47@valinux.com> <39CFC6E0.B2DF024A@webmethods.com> <39D2183A.90C55850@valinux.com> <39D36976.7AEBE6A1@acu.ac.uk> Message-ID: <39D37B42.3F26B595@valinux.com> Mike Brodbelt wrote: > > Gerald Carter wrote: > > > We know it is important. The complexity of it > > makes it slow going. I cannot say a time (as > > Jeremy has mentioned), but rest assured it is not > > an "if it happens" kind of thing. > > > > Right now, PDC support is slated for 3.0. Andrew > > somewhat optimisticly is planning for a Q12001 release > > of 3.0. Given the complexity of the 2.2.0 release > > and how long that took, who knows? > > That's the first time I've seen 2.2.0 mentioned in the past tense..... > Is there any word on when the release of 2.2.0 might be expected. I'm > sure I'm just one of many who can't wait to get my hands on true NT > spoolss support. I'm trying to get the first alpha snapshot available for sometime next week. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Jean-Francois.Micouleau at dalalu.fr Thu Sep 28 17:27:45 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:42 2003 Subject: Is there a Samba LDAP mailing list? In-Reply-To: <9782390311.20000928114225@Morris.net> Message-ID: On Thu, 28 Sep 2000, Jim Morris wrote: > MJ> Maybe if there are enough interested people, we can get some sort of > MJ> discussions going. When Samba PDC LDAP arrives, you will see an explosion of > MJ> the number of Samba servers in corporate IT server rooms. This will be the > MJ> thing that will allow companies to avoid win2k's active directory and all of > MJ> it's proprietary schemas, licensing fees, etc. I am just itching to get about > MJ> 10 of these systems into production. > > I would love to see it myself, as I am getting seriously tired of > managing accounts on multiple Samba servers in multiple facilities... LDAP is second on my samba's todo list. First is allowing w2k in samba domain. It will happen, I assure you :-) J.F. From Jean-Francois.Micouleau at dalalu.fr Thu Sep 28 17:23:06 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:42 2003 Subject: PDC support [was Re: Future/end of TNG] In-Reply-To: <39D36976.7AEBE6A1@acu.ac.uk> Message-ID: On Thu, 28 Sep 2000, Mike Brodbelt wrote: > That's the first time I've seen 2.2.0 mentioned in the past tense..... > Is there any word on when the release of 2.2.0 might be expected. I'm > sure I'm just one of many who can't wait to get my hands on true NT > spoolss support. We should release 2.2 before the end of the year. Don't take my words as a definitive statement. I just think it's a realistic timeframe. For the spoolss code, for people who want to test it, you can always download the HEAD branch or the 2.2 branch. It's getting pretty stable now. J.F. From abrooks at css.tayloru.edu Thu Sep 28 18:08:33 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:31:42 2003 Subject: Is there a Samba LDAP mailing list? In-Reply-To: Message-ID: On Thu, 28 Sep 2000, Jean Francois Micouleau wrote: > > I would love to see it myself, as I am getting seriously tired of > > managing accounts on multiple Samba servers in multiple facilities... > > LDAP is second on my samba's todo list. > First is allowing w2k in samba domain. > > It will happen, I assure you :-) > > J.F. Less of a wishlist more of a just something to keep in mind: The current flexibility which is offered through macro expansion of groups is outstanding. It would be good to maintain the current functionallity of NIS group expansion with the addition of some form of LDAP group macro expansion. e.g. write list = root, @syadmins, @%S-admin :ldap-group Or use any character that you want... ":" is invalid for NIS and local password files as part of the group name so you know it won't ever be used there. Just a thought. Also would it make sense for @ to represent :&+group (it now represents &+ to search NIS followed by local file) if LDAP is enabled and an LDAP server has been specified? Just other thoughts. I may have a chance to be involved in this after I leave my current place of work (~8 months in the future). So, in the meantime, I'm just blowing wind. Jean Francois, thank you for your work! Thanks to all of you!! -Aaron +-------> Aaron D. Brooks, 765 . 998 . 5168, abrooks [SHIFT"2"] css.tayloru.edu Computing Systems Resource Manager, Taylor University, CSS Department PGP public key: http://www.css.tayloru.edu/~abrooks/pgpkey/abrooks.asc PGP key fingerprint = 75 83 D2 9C 44 C7 00 C8 07 A1 6C F0 BD 04 C0 60 From abrooks at css.tayloru.edu Thu Sep 28 18:30:33 2000 From: abrooks at css.tayloru.edu (Aaron D. Brooks) Date: Tue Dec 2 02:31:42 2003 Subject: this discussion reminds me... (Was: Re: TNG-stable) In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB03F47163@xcgmd008.md.essd.northgrum.com> Message-ID: On Thu, 28 Sep 2000, Cole, Timothy D. wrote: > I have this odd recurring dream that we're all at a cocktail party, > and the building is burning down. Luke is madly tying the tablecloths > together to make a rope to lower out the window, while Jeremy is running up > and down the hall looking for a telescoping aluminum ladder. > > A couple minutes later, Jeremy runs back into the room, announcing > that he's found out there's a ladder in the custodial closet down the hall, > and asks if anyone has the keys. > > Luke tells him to forget about it, he's nearly done with the > tablecloths, but Jeremy insists that the keys are around here somewhere, and > points out that the tablecloths are too short to reach the ground (we're > three stories up). > > Luke insisted that he saw a ladder out on the grounds (near the > maintainence shed) when he drove up, and that a five-foot drop wasn't so bad > anyway. Jeremy insisted that they already had a ladder here, the tablecloth > probably wouldn't be strong enough (Luke protested that we wouldn't know > until we tried), they just needed to find the bloody keys, and why couldn't > Luke help with that (apparently someone in the room was supposed to have the > keys). > > Luke and Jeremy started screaming at each other; the room erupted > into a huge argument. Luke finally threw down the tablecloths in disgust > and jumped out the window. Timothy, I think this is the most accurate picture that one could have without reading every message on the mail lists. Actually, this is probably even more accurate as reading the mail list could distract you from what's really happening. I think the important thing to keep in mind is that both Luke and Jeremy are working for us. They are trying to help us out. I am desparatly aware that the guests (us) at the party are largely panicing or busy eating chips and dip. What useful thing are we doing? Nothing. This is not to say that nobody other than Luke and Jeremy are contributing either. On the contrary there are people who contribut massively to SaMBa. It's the rest of us who whine for features and gripe about misbehaviors but don't contribut. And don't play the I don't program, I can't code song. There is a lot of documenting to be done, too. If we get creative, everyone can be involved. OpenSource is all about contribution. It is all about making the tools you use, yours. > We never did find out if anyone had the keys, because the cheese > wheel (now on the floor) came to life and started singing Barry Manilow > tunes. On another note: At this point I'm pretty sure I herniated myself laughing very, very hard. ;) -Aaron +-------> Aaron D. Brooks, 765 . 998 . 5168, abrooks [SHIFT"2"] css.tayloru.edu Computing Systems Resource Manager, Taylor University, CSS Department PGP public key: http://www.css.tayloru.edu/~abrooks/pgpkey/abrooks.asc PGP key fingerprint = 75 83 D2 9C 44 C7 00 C8 07 A1 6C F0 BD 04 C0 60 From pilger at kahana.higp.hawaii.edu Thu Sep 28 18:37:03 2000 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: RE: Win2000Pro resources sought References: Message-ID: <39D38FCF.458C9CBF@pgd.hawaii.edu> Once all the bugs are ironed out, Win 2000 will be the only thing I use. I have kept away from NT until now because it lacked so many of the useful features that 98 had. However, now that it seems to combine all the user accessibility of 98 with the stability of a real OS, why would anybody use any other Microsoft OS? (That is, if you can't avoid Microsoft altogether :-) I need all the info about Win 2K/Samba that I can get. Though I will admit that the basics seem to work just fine out of the box. It's the PDC stuff that will really shine for me. Rafa? Szcze?niak wrote: > To be honest, I don't know how many of us connect win2k to > Samba server, and how many winnt ? > > Rafa? > -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From MArmstrong at newedgenetworks.com Thu Sep 28 18:40:30 2000 From: MArmstrong at newedgenetworks.com (XArmstrong, Mike) Date: Tue Dec 2 02:31:42 2003 Subject: net send Message-ID: Is it possible to issue a " net send " command from a unix server using samba? From pilger at kahana.higp.hawaii.edu Thu Sep 28 18:44:21 2000 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: AW: win2000 + unix References: Message-ID: <39D39185.34752193@pgd.hawaii.edu> Rafa? Szcze?niak wrote: > Steve Langasek > 00-09-28 17:44 > > > Do: Rafa? Szcze?niak > DW: Robert Wieczorek , > samba-ntdom@us4.samba.org > Temat: Re: Odp: AW: win2000 + unix > > On Thu, 28 Sep 2000, [iso-8859-2] Rafa? Szcze?niak wrote: > > > Why don't you use encrypted passwords ??? > > It's much, much safer. > > This is misleading. Using encrypted passwords is much safer *from network > eavesdropping*. But like CHAP (one of Microsoft's other favorite > protocols), > it requires storing plaintext passwords (or their equivalent) on the > server, > > Can you explain me then, where Samba stores plaintext passwords, when uses > encrypted passwords on the wire ? > > Rafa? > Plaintext passwords are not stored on the server. The passwords in smbpasswd are encrypted. You can't mix and match methods because the encryption is different from UNIX. Since there are no plain text passwords, you can't get from one to the other. I think I heard the complaint once that these encrypted passwords are as good(bad) as real passwords because they can be used just as they are. Unlike UNIX, which requires the plain text password, and then encrypts it, this mechanism requires the encrypted password, and then just uses it. Therefore, you really want to keep that smbpasswd file private. Am I getting this right? -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From jeremy at valinux.com Thu Sep 28 18:47:37 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: RE: Win2000Pro resources sought References: <39D38FCF.458C9CBF@pgd.hawaii.edu> Message-ID: <39D39249.8AA48BE3@valinux.com> Eric Pilger wrote: > > Once all the bugs are ironed out, Win 2000 will be the only thing I use. > I have kept away from NT until now because it lacked so many of the > useful features that 98 had. However, now that it seems to combine all > the user accessibility of 98 with the stability of a real OS, why would > anybody use any other Microsoft OS? (That is, if you can't avoid > Microsoft altogether :-) Because it still isn't stable or secure. It may be more stable for everyday use but in interoperability testing it has been discovered how easy it is to crash a W2k box remotely and anonymously. Regards, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From adeka at comview.com Thu Sep 28 19:13:44 2000 From: adeka at comview.com (Adegboyega S. I. Kassim) Date: Tue Dec 2 02:31:42 2003 Subject: In need of serious samba aid Message-ID: <39D39868.9B071649@comview.com> I've tried exhausting every way i know how to, but i cannot get my samba-tng-alpha 2.6 to work. It compiles and installs fine, and i know how t oset up shares fairly well ( i already have a runnig samba print server in the office. - samba 2.07) The problem is i cannot seem to log into the tng box. I've created as the PDC, but no matter what i try, i get the following error: [2000/09/28 14:42:43, 0] rpc_client/cli_lsarpc.c:lsa_open_secret(453) LSA_OPENSECRET: NT_STATUS_OBJECT_NAME_NOT_FOUND [2000/09/28 14:42:43, 0] smbd/reply.c:reply_sesssetup_and_X(805) SMB LM/NT Password did not match! [2000/09/28 14:42:43, 1] smbd/reply.c:reply_sesssetup_and_X(813) Rejecting user 'chrissa': authentication failed [2000/09/28 14:42:43, 2] smbd/server.c:exit_server(448) This is after i created the user 'chrissa' on the samba server box. Now, below is my smb.conf file: [global] workgroup = CVRD security = user encrypt passwords = yes netbios name = Zilla server string = Samba %v on Zilla lm announce = yes #Browsing/Server options domain logons = yes os level = 65 dns proxy = yes wins support = yes preferred master = yes local master = yes time server = yes domain master = yes #Network configuration options hosts allow = 10.0.0. localhost interfaces = 10.0.0.0/24 127.0.0.1 bind interfaces only = yes #Debug logging information log level = 2 log file = /var/log/samba.log.%m max log size = 50 debug timestamp = yes #Shares load printers = yes [homes] browsable = no comment = Home Directory writable = yes map archive = yes [netlogon] comment = PDC logon service path = /export/samba/logon public = no browsable = no writable = no guest ok = no [profile] path = /export/samba/profile writable = yes browsable = no public = no My train of thought , and small amount of experience first tells me the user itself must be created on the box before attempting an smbpasswd entry. That done, i make sure the passwords are the same for the box itself as well as for smbpasswd. Now, i am unsure as to whether a trust account must be created for w2k machines i tried it without one and it did not work. I tried it WITH one, and it did not create the account. I think i may have trouble loggingi n as administrator using samedit: samedit -S Zilla -U Administrator -W CVRD added interface ip=10.0.0.1 bcast=10.0.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Enter Password: Server: \\ZILLA: User: Administrator Domain: CVRD Connection: failed session setup cli_net_use_add: connection failed FAILED i've tried using the password for root, i tried creating an Administrator account on the box, editing both passwords, and trying that, and it never worked either. Regardless, when i try samedit -S . -U Administrator -W CVRD it works ok (though it takes any password i put in). I tinkered with it for a LONg time yesterday and got one w2k machine to log on, but for the life of me i cannot figure out how. I have tried rebooting the windows machine many times, to no avail. ANY help would be greatly appreciated! From vorlon at netexpress.net Thu Sep 28 19:17:24 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:42 2003 Subject: Odp: AW: win2000 + unix In-Reply-To: <39D39185.34752193@pgd.hawaii.edu> Message-ID: On Thu, 28 Sep 2000, Eric Pilger wrote: > > Can you explain me then, where Samba stores plaintext passwords, when uses > > encrypted passwords on the wire ? > Plaintext passwords are not stored on the server. The passwords in smbpasswd > are encrypted. You can't mix and match methods because the encryption is > different from UNIX. Since there are no plain text passwords, you can't get > from one to the other. > I think I heard the complaint once that these encrypted passwords are as > good(bad) as real passwords because they can be used just as they are. Unlike > UNIX, which requires the plain text password, and then encrypts it, this > mechanism requires the encrypted password, and then just uses it. Therefore, > you really want to keep that smbpasswd file private. Am I getting this right? That is correct. From a security POV, the two problems with the way passwords are stored in the private/smbpasswd file are that 1) the password hashes don't have to be decrypted to be used for gaining access via SMB, and 2) even decrypting them is not difficult because the first hash in the smbpasswd entry uses a legacy hashing mechanism which is not difficult to brute-force. There are plenty of reasons to use 'encrypted passwords = yes' on your Samba server, but security is not necessarily one of them. Steve Langasek postmodern programmer From ircd at michelog.med.uoc.gr Thu Sep 28 22:13:40 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:42 2003 Subject: LDAP question Message-ID: <4.3.0.20000928181309.00aa0bb0@michelog.med.uoc.gr> What exactly does LDAP do ? (give a brief discription) From crh at nts.umn.edu Thu Sep 28 19:30:38 2000 From: crh at nts.umn.edu (Christopher R. Hertel) Date: Tue Dec 2 02:31:42 2003 Subject: HOWTO: get familar with the Samba source code In-Reply-To: <3.0.6.32.20000928014759.00a64950@203.16.214.248> from Richard Sharpe at "Sep 28, 2000 01:47:59 am" Message-ID: <200009281930.OAA28181@nts.nts.umn.edu> > Hmmm, in what ways is NetMon better than Ethereal? I want to make Ethereal > the best available :-) At the last CIFS conference there was some discussion of promoting the idea of using Samba IDL as an input into Ethereal. That would provide a means for adding new packet descriptions, etc. Did that go anywhere? Chris -)----- -- Christopher R. Hertel -)----- University of Minnesota crh@nts.umn.edu Networking and Telecommunications Services Ideals are like stars; you will not succeed in touching them with your hands...you choose them as your guides, and following them you will reach your destiny. --Carl Schultz From timothy_d_cole at md.northgrum.com Thu Sep 28 19:34:03 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:42 2003 Subject: TNG-stable Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47165@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: kill -9 [SMTP:kill-9@elektra.warbeast.com] > Sent: None > To: Cole, Timothy D. > Cc: samba-ntdom@samba.org > Subject: Re: TNG-stable > > As a side note, HP OpenMail is a great replacement for Exchange. It is the > best commercial software for linux yet, in my opinion. > Doesn't it require new MAPI DLLs on the client side (since afaiK it doesn't do the Exchange wire protocols, correct me if I'm wrong)? From ircd at michelog.med.uoc.gr Thu Sep 28 22:51:04 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:43 2003 Subject: LDAP Message-ID: <4.3.0.20000928185019.00aa6bf0@michelog.med.uoc.gr> Will LDAP allow me to use User manager (nexus windows 98 stuff) to> administer the samba PDC ? If not, do you know how I can do this ? I use windows 98 workstations and samba tng 2.6 From Jim at Morris.net Thu Sep 28 20:07:54 2000 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:31:43 2003 Subject: LDAP question In-Reply-To: <4.3.0.20000928181309.00aa0bb0@michelog.med.uoc.gr> References: <4.3.0.20000928181309.00aa0bb0@michelog.med.uoc.gr> Message-ID: <1556347316.20000928150754@Morris.net> Hello greg, Thursday, September 28, 2000, 5:13:40 PM, you wrote: g> What exactly does LDAP do ? (give a brief discription) LDAP stands for "Lightweight Directory Access Protocol". LDAP provides a standard Internet protocol that allows any LDAP-compatible client application to communicate with any LDAP-compliant directory server. What is a "directory" one might ask? Basically, a directory server provides a centralized repository for storing information. In this case, user names, passwords, machine names, and lot's of other things. Its a lot like using a database server, but a directory server is very much optimized for lookup performance. By using an LDAP server for Samba authentication, you can store all Samba user information on a central LDAP server. The LDAP directory may also have other information for each employee in a company - payroll and tax data, and stuff like that. The LDAP server takes care of making sure each client only can see and modify what it is authenticated to access. To put it in simple terms, a directory service is simply a mechanism for organizing data, and making it easily accessible to the consumer of that data. A good paper-based analogy to an LDAP directory service is the traditional telephone book. A phone book makes information easily found, using either an alphabetical lookup by last name, or in the case of businesses, a categorical listing (the yellow pages). Hope that helps a little. -- Best regards, Jim mailto:Jim@Morris.net From Jean-Francois.Micouleau at dalalu.fr Thu Sep 28 21:04:00 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:43 2003 Subject: Is there a Samba LDAP mailing list? In-Reply-To: Message-ID: On Thu, 28 Sep 2000, Aaron D. Brooks wrote: > Less of a wishlist more of a just something to keep in mind: > > The current flexibility which is offered through macro expansion > of groups is outstanding. It would be good to maintain the current > functionallity of NIS group expansion with the addition of some form of > LDAP group macro expansion. e.g. > > write list = root, @syadmins, @%S-admin :ldap-group Interresting ! I understand why you want such a feature, but I disagree on the technical side. By using nss_ldap, you can do that already. To clear things, we (Gerry and myself mainly) want to support LDAP to replace the smbpasswd file. We don't want to replace the Unix security with direct calls to LDAP from Samba. The first line of the future ldap.txt file will propably be: "If you want full LDAP support, you need nss_ldap and pam_ldap" J.F. From Jim at Morris.net Thu Sep 28 21:17:01 2000 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:31:43 2003 Subject: LDAP question In-Reply-To: <4.3.0.20000928190322.00aa13f0@michelog.med.uoc.gr> References: <4.3.0.20000928181309.00aa0bb0@michelog.med.uoc.gr> <4.3.0.20000928181309.00aa0bb0@michelog.med.uoc.gr> <4.3.0.20000928190322.00aa13f0@michelog.med.uoc.gr> Message-ID: <710494370.20000928161701@Morris.net> Hello greg, Thursday, September 28, 2000, 6:04:52 PM, you wrote: g> Thanks! Maybe you can help just a bit more? Is it possible to use User g> Manager (nexus's window 98 stuff) to administer the LDAP part of g> samba? Also, I have ldap source code... but how would I set it up to work g> with samba tng 2.6 ? Can I store all my samba users & machines etc... in g> this LDAP server , also can I access it from a windows computer ? Unfortunately, I know of no tool to (free anyway) to let you do this from Windows. I'm not familiar with "nexus's" User Manager. Can you clue me in on that that is? As far as LDAP source code - you would use that to write code to talk to an LDAP server. Samba TNG is *not* an LDAP server, but is instead an LDAP client. You need a separate LDAP directory server, such as OpenLDAP. To answer your last question, yes - you can store all the Samba user and machine trust accounts in the LDAP directory. -- Best regards, Jim mailto:Jim@Morris.net From gcarter at valinux.com Thu Sep 28 18:38:14 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:43 2003 Subject: Suggestions & stuff References: <4.3.0.20000927222405.00a82320@michelog.med.uoc.gr> Message-ID: <39D39016.9D56E9BA@valinux.com> greg wrote: > > For future NT Domain releases (3.0 or whatever) you > should really support nt administrative tools > (event viewer, server manager, user mananger etc... > Hopefully you can get it to work with nexus also. Greg, Thanks for the suggestions. We will keep those in mind. Just curious, but what would you want to use the Event Viewer to see? Syslog files? Samba logs? EventViewer is a horrible logfile viewer IMO and the return benefit for implementing the server side RPCs necessary would not be a big payoff. Server Manager? User Manager? Both of these qill require possible editing of /etc/passwd (let's please not bring up the machine accounts in /etc/passwd again ok? At least not for right now). I'm not sure this is a good idea. Modification of existing accounts might be ok. Addition and deletion is another matter though (with more far reaching implications). > Another suggestion: Possibly make a samba program > to logout windows user after a certain amount of > time.. I once saw this winnt program/win98 > program that would log a user out like saying " > You have 5 minutes left before you are logged out > of the system." Does WinNT do this using valid logon times? Or are you asking for something that enforces policies like you can stay logged on for 60 minutes at a time? This could entirely be done in client side functionality using the userinit reigstry key to specify the user's shell. > Samba is a great project keep going ;-)) Thanks. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Thu Sep 28 18:32:54 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:43 2003 Subject: Is there a Samba LDAP mailing list? References: <70737.200009261736@olib> <39D0E703.FC0A3D62@grainsystems.com> <0009281010470E.32671@herkkusieni.hel.fi.ssh.com> Message-ID: <39D38ED6.4A33B69B@valinux.com> Mike Jackson wrote: > > Hello, > I am curious as to whether there is a mailing > list specifically dealing with Samba LDAP? If > not, are there enough interested people to start one? > This LDAP integration is VERY important IMHO. It is the > last step in implementing a single account creation > system in a mixed environment of unix,windows,apache,squid > servers and workstations. Mike, There is no list dedicated to this. I am working with 1/2 a dozen other people in the design phase right now. We try to make sure and coordinate as much correspondence on samba-technical as is possible. Join us there if you are interested? PS: Are you interested in helping out with it? Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tpot at linuxcare.com.au Thu Sep 28 23:22:39 2000 From: tpot at linuxcare.com.au (Tim Potter) Date: Tue Dec 2 02:31:43 2003 Subject: HOWTO: get familar with the Samba source code In-Reply-To: <200009281930.OAA28181@nts.nts.umn.edu> References: <3.0.6.32.20000928014759.00a64950@203.16.214.248> <200009281930.OAA28181@nts.nts.umn.edu> Message-ID: <14803.53951.325791.776872@gargle.gargle.HOWL> Christopher R. Hertel writes: > > Hmmm, in what ways is NetMon better than Ethereal? I want to make Ethereal > > the best available :-) > > At the last CIFS conference there was some discussion of promoting the > idea of using Samba IDL as an input into Ethereal. That would provide a > means for adding new packet descriptions, etc. > > Did that go anywhere? I've made some progress with some hand-written IDLs. Apart from being bogged down with other stuff, I'm currently lacking a proper IDL parsing system. I did get as far as automatically generating ethereal code to parse LSA open policy, close policy and query info policy RPC packets. Tim. From sharpe at ns.aus.com Thu Sep 28 10:10:48 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:31:43 2003 Subject: HOWTO: get familar with the Samba source code In-Reply-To: <14803.53951.325791.776872@gargle.gargle.HOWL> References: <200009281930.OAA28181@nts.nts.umn.edu> <3.0.6.32.20000928014759.00a64950@203.16.214.248> <200009281930.OAA28181@nts.nts.umn.edu> Message-ID: <3.0.6.32.20000928191048.01c93520@203.16.214.248> At 10:22 AM 9/29/00 +1100, Tim Potter wrote: >Christopher R. Hertel writes: > >> > Hmmm, in what ways is NetMon better than Ethereal? I want to make Ethereal >> > the best available :-) >> >> At the last CIFS conference there was some discussion of promoting the >> idea of using Samba IDL as an input into Ethereal. That would provide a >> means for adding new packet descriptions, etc. >> >> Did that go anywhere? > >I've made some progress with some hand-written IDLs. Apart from >being bogged down with other stuff, I'm currently lacking a >proper IDL parsing system. > >I did get as far as automatically generating ethereal code to >parse LSA open policy, close policy and query info policy RPC >packets. Actually, I am sort of working on something to automatically generate dissectors as well, and want to look at what Tim has done, but I am working on an XML-based system. >Tim. > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From ircd at michelog.med.uoc.gr Fri Sep 29 02:32:16 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:43 2003 Subject: LDAP Message-ID: <4.3.0.20000928223033.00a83480@michelog.med.uoc.gr> When I try to do ./configure --with-ldap (samba tng 2.6) It doesn't really work... it says checking configure summary: config error aborting config. I would also want to know how to connect to an LDAP Server and add users to my samba list... etc (I'm new to LDAP) From a9700671 at sp4.macarthur.uws.EDU.AU Fri Sep 29 01:47:38 2000 From: a9700671 at sp4.macarthur.uws.EDU.AU (Makis Marmaridis) Date: Tue Dec 2 02:31:43 2003 Subject: LDAP question In-Reply-To: <4.3.0.20000928181309.00aa0bb0@michelog.med.uoc.gr> Message-ID: <007b01c029b7$400f4370$15559a89@zeus> Hi Greg, You might want to check out http://www.openldap.org/doc/admin/ Although it is specific to OpenLDAP (which is only one implementation of the LDAP protocol, it still offers a very good introduction to the concepts. Of you have more questions re LDAP after this there is a list called OpenLDAP-General (http://www.openldap.org/lists/) where you can get pretty much all your questions re the LDAP protocol answered. HTH, Cheers, Makis. > -----Original Message----- > From: samba-ntdom-admin@us4.samba.org > [mailto:samba-ntdom-admin@us4.samba.org]On Behalf Of greg > Sent: Friday, 29 September 2000 8:14 AM > To: samba-ntdom@us4.samba.org > Subject: LDAP question > > > What exactly does LDAP do ? (give a brief discription) > > From gcarter at valinux.com Fri Sep 29 03:46:04 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:43 2003 Subject: smbpasswd -> /etc/passwd References: Message-ID: <39D4107C.BCD9837A@valinux.com> "Aaron D. Brooks" wrote: > > On Mon, 25 Sep 2000, Brian Wilson wrote: > > > Is there any way (a script, black magic, etc) to convert smbpasswd > > passwords to either shadowed or md5'd passwords? I know there's a > > "unix sync password" option, but this doesn't work for me in the > > [CUT] > > The ubiquitous "someone" should put this sort > of question (and answer) in a FAQ or several FAQs on > the samba.org site and mirrors. It seems to get > asked a lot. I'd volunteer but I don't know who manages > the FAQs. I think it would be appropriate to mention it > at least in the SaMBa FAQ and the SaMBa NT Domain FAQ. This will be added when we rework the current documentation which will be on the forthcoming todo list. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From sasha at acmep.ustu.ru Fri Sep 29 05:20:59 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:43 2003 Subject: Mapping NT groups to Unix groups References: <00bf01c02958$62e2b760$2d34c681@EW310> Message-ID: <39D42692.54491524@acmep.ustu.ru> Rod Sanborn wrote: > > Hello Alexander, > > Thanks for the information. How does TNG differ from Samba, is it stable > (can I run it in a production environment), and where do I get it? What does it mean 'production environment' ? I have 36 computers, including two servers running Linux RedHat. I'm working in an industrial firm and use TNG, because Samba-Stable-Branch (2.0.7) support's NTDomain very poor. In TNG there are some troubles when using it as PDC, but they are nothing in comparement with it's features (NTDomain for example). Using TNG for 3 months, I've no troubles with it, but changing an NT user's password (need to be changed directly from "bin/samedit"). So , Luke, COME BACK TO TNG, PLEASE. -- Alexander Pazdnikov From gcarter at valinux.com Fri Sep 29 06:30:49 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:43 2003 Subject: TODO list proposal for volunteers Message-ID: <39D43719.53A6B812@valinux.com> [cross posted on all samba mailing lists] Folks, This is a very rough list of items off the top of my head. It should be considered dynamic and I will post periodic updates on progress, new items, etc... Please direct all mail regarding this to samba-technical and not samba-ntdom nor the main samba mailing list. I am posting it on the latter mailing lists to keep people in the loop. However, actual development work should be coordinated on samba-technical. Documentation work can be coordinated on samba-docs. See http://lists.samba.org/ for information on the various mailing lists if you are unfamiliar. Enjoy. Cheers, jerry Documentation ------------- I will act as the contact point for documentation updates. We have a list named samba-docs that can be used for this purpose. Probably best to coordinate there. o consolidate the existing text HOWTO's and HTML FAQ's into a single admin guide document. Some of the information is outdated and needs to be filed in the "this used to be true pile" while stuff that is just wrong needs to be thrown out. All documentation needs to be converted to YODL (it's really easy) for generating HTML, text, etc... This is a fairly large project and could be distributed among a few people once the initial layout and outline was decided upon. Testing ------- Jeremy will be the main contact person for this (via the samba-technical list) o If all goes well, Samba 2.2.0 should be released in beta form next week (first week in Oct) We need volunteers to help with testing, QA, etc... Printing support, locking, ACLs, etc... The more environments tested, the better quality the final release should be. Coding Projects --------------- All coding work needs to be coordinated with Jeremy and Andrew at the very least on samba-technical. Don't just start coding and expect patches to automatically be integrated in. Obviously. projects by specific team members, winbind for example, need to be coordinated with those team members in charge. For those without CVS write access (non-team members), patches should be incremental and in the form of context diffs. I'm assuming if you want to code, you probably already know how to get the source branches via anonymous CVS. If not, see http://us4.samba.org/cvs.html o Moving server and client side RPC's back from SAMBA_TNG to HEAD branch one at a time. This can easily be distributes among many people. Probably best for one person or group to work on a single \PIPE together. Don't be intimidated by this. Just grab a network sniffer and do one RPC at a time. o design, document, and fix the DEBUG levels in the Samba code. This is a large, tedious project. All proposals for stratifying the debug levels into bitmasks and documenting what should be done at what level should be carried out on samba-technical as we are currently undecided on whether this should actually be carried out. o Help Tim with back porting the necessary client side RPC's from TNG into HEAD in order to support the new winbind system. Tim can expand on whether this needs to be done by hand or auto-generated code. o Help Chris Hertel with WINS failover implementation issues o possible password and group backend API redesign. This will go hand in hand with the current LDAP endeavors. o LDAP support to enable Samba to store and access user account information in an AD compatible schema. o UNICODE support (this is a **big** project) New project proposals can be voiced on samba-technical. Thanks for you help. ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From rszczesniak at mis.com.pl Fri Sep 29 07:46:19 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:43 2003 Subject: LDAP question Message-ID: Stores nt groups and accounts in hierarchical structure using specified samba objects, instead of flat file. Rafa? greg Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-29 00:13 Do: samba-ntdom@us4.samba.org DW: Temat: LDAP question What exactly does LDAP do ? (give a brief discription) From rszczesniak at mis.com.pl Fri Sep 29 08:08:11 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:43 2003 Subject: Is there a Samba LDAP mailing list? Message-ID: Gerald Carter Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-28 20:32 Do: Mike Jackson DW: samba-ntdom@samba.org Temat: Re: Is there a Samba LDAP mailing list? Mike Jackson wrote: > > Hello, > I am curious as to whether there is a mailing > list specifically dealing with Samba LDAP? If > not, are there enough interested people to start one? > This LDAP integration is VERY important IMHO. It is the > last step in implementing a single account creation > system in a mixed environment of unix,windows,apache,squid > servers and workstations. Mike, There is no list dedicated to this. I am working with 1/2 a dozen other people in the design phase right now. We try to make sure and coordinate as much correspondence on samba-technical as is possible. Join us there if you are interested? PS: Are you interested in helping out with it? It wasn't question to me, but if you meant Samba-LDAP functionality - I'm interested in helping. Although I recently started to translate documentation, I think I can do something not too complicated (and time-consuming). Rafa? Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Christian.Hartmann-Herrmann at web2cad.de Fri Sep 29 09:10:39 2000 From: Christian.Hartmann-Herrmann at web2cad.de (Christian.Hartmann-Herrmann@web2cad.de) Date: Tue Dec 2 02:31:43 2003 Subject: smbpasswd and other questions to samba-tng! Message-ID: Hello specialists! May i configure an useraccount on the Samba-PDC to see and use this account on the Windows-NT-Server machine. I ?ll configure all accounts over a Windows-NT Server machine without i may configure this on the Samba-PDC. What things may we to do on the Windows-NT Server and on the Samba-PDC. Is this possible, to do this? We ?ll create users and groups on a Windows-NT Server without first creating this users and groups on the Samba-PDC. We ?ll create this with the user-manager of Windows-NT-Server. How can we make this? Now i have a Samba-PDC called MYSAMBAPDC and a Windows-NT-Server called HARTMANN_PC2. Is it a condition to create the users and groups on the Samba-PDC? Or can i do this with a special configuration with the Windows-NT Server over the Samba-PDC? I hope you can do a little bit help for us! Greetings Christian Hartmann-Herrmann From m.brodbelt at acu.ac.uk Fri Sep 29 10:05:10 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:43 2003 Subject: Suggestions & stuff References: <4.3.0.20000927222405.00a82320@michelog.med.uoc.gr> <39D39016.9D56E9BA@valinux.com> Message-ID: <39D46956.7583BC71@acu.ac.uk> Gerald Carter wrote: > > greg wrote: > > > > For future NT Domain releases (3.0 or whatever) you > > should really support nt administrative tools > > (event viewer, server manager, user mananger etc... > > Hopefully you can get it to work with nexus also. > > Greg, Thanks for the suggestions. We will keep those > in mind. Just curious, but what would you want to > use the Event Viewer to see? Syslog files? Samba > logs? EventViewer is a horrible logfile viewer IMO > and the return benefit for implementing the server side > RPCs necessary would not be a big payoff. For my 2p worth, I'd think that event viewer sould be pretty far down the priority list. The tool is not very good, and in the absence of all the NT "this/that/the other has failed" messages, is largely irrelevant to administration. If it were to be implemented, I'd want the security log first and foremost, but even this I consider of very low importance. > Server Manager? User Manager? Both of these qill require > possible editing of /etc/passwd (let's please not bring up > the machine accounts in /etc/passwd again ok? At least > not for right now). Technical considerations aside for a moment, these are two tools I do regard as important for Samba to support. I'm sure many installations of Samba come into contact with people who don't know Unix that well, if at all. If it's possible to turn round and say "you can use NT admin tools", then a big anti-Samba argument goes away from the ease of use angle. I fully appreciate the technical difficulties, and don't have answers to many of them yet, but I still feel the functionality is important. For Server Manager, I'd be happy with a set up where machine accounts were placed in a Samba specific file (tdb?), and then that file could be changed by the RPC mechanism, obviating the need for this service to muck with /etc/passwd, which I admit to a sense of unease about. > > time.. I once saw this winnt program/win98 > > program that would log a user out like saying " > > You have 5 minutes left before you are logged out > > of the system." > > Does WinNT do this using valid logon times? Or are > you asking for something that enforces policies like > you can stay logged on for 60 minutes at a time? > This could entirely be done in client side functionality > using the userinit reigstry key to specify the user's > shell. I used to run NT clients on a Novell server, Each account could have valid logon times specfied on the server, and you'd be kicked off the system automatically when you reached the end of your approved hours. NT has all the same options, though I've not actually used them. Mike. From Jean-Francois.Micouleau at dalalu.fr Fri Sep 29 10:27:49 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:43 2003 Subject: Suggestions & stuff In-Reply-To: <39D46956.7583BC71@acu.ac.uk> Message-ID: On Fri, 29 Sep 2000, Mike Brodbelt wrote: > > Server Manager? User Manager? Both of these qill require > > possible editing of /etc/passwd (let's please not bring up > > the machine accounts in /etc/passwd again ok? At least > > not for right now). > > Technical considerations aside for a moment, these are two tools I do > regard as important for Samba to support. I'm sure many installations of > Samba come into contact with people who don't know Unix that well, if at > all. If it's possible to turn round and say "you can use NT admin > tools", then a big anti-Samba argument goes away from the ease of use > angle. Yesterday evening I added the rpc call: create_user to the HEAD branch.. Once I'm done with set_user_info and set_user_info2, we should be able to add/nodify accounts from the user manager. > I fully appreciate the technical difficulties, and don't have answers to > many of them yet, but I still feel the functionality is important. For > Server Manager, I'd be happy with a set up where machine accounts were > placed in a Samba specific file (tdb?), and then that file could be > changed by the RPC mechanism, obviating the need for this service to > muck with /etc/passwd, which I admit to a sense of unease about. user and server manager have a lot in common. As soon as we have user manager working, server manager will be trivial. > I used to run NT clients on a Novell server, Each account could have > valid logon times specfied on the server, and you'd be kicked off the > system automatically when you reached the end of your approved hours. NT > has all the same options, though I've not actually used them. A bit of background explanation is necessary. Let me explain, we are reluctant to add user management in samba that is not supported by the underlying unix system. I would love to support the kick-out/password change/... features of NT but only if the unix you use can support them too. It's more a philosophical than a technical issue. J.F. From m.brodbelt at acu.ac.uk Fri Sep 29 10:29:03 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:43 2003 Subject: TNG-stable References: <51FBD4A8EFD9D111BA7300A0C927DADB03F47162@xcgmd008.md.essd.northgrum.com> Message-ID: <39D46EEF.FD15EC4E@acu.ac.uk> "Cole, Timothy D." wrote: > > > -----Original Message----- > > From: Mike Brodbelt [SMTP:m.brodbelt@acu.ac.uk] > > Sent: Tuesday, September 26, 2000 13:06 > > To: Samba NT Domains Mailing List > > Subject: Re: TNG-stable > > > > > The problem here is that people have come to EXPECT that you can plug > > Samba > > > in as a replacement for Win2k for file and print service. > > > > Then people are idiots. No such claim with regard to Win2k has ever been > > mentioned. > > > Unfortunately, the expectation of the outside world (and as far as I > can tell this is pretty much universal) is that Samba will be able to do > precisely this, relatively soon. The expectations I've seen are admittedly based on wish lists as opposed to reality. > If it doesn't after a while, a lot of Unix and Samba installations > are going away, by necessity. I hope not, but I definitely agree that at least NT4 domain support is needed in the relatively short term. As time goes by, there are places where Samba becomes less viable without this. I have an NT4 PDC here that I've been waiting to get rid of for a while - it's not drastically important to me, but I know people who are holding out for domain support. The fact that many people are using TNG as a domain controller and 2.0.7 as the file server really does demonstrate that the functionality is very much in demand. I haven't heard nearly as many people expressing concern over Win2k interoperability yet... > > > > If you need Exchange, run it on an NT server. You can't run Exchange on > > Un*x anyway, so what's the problem here? > > > The problem here is, simply put, that Windows services, including > Exchange, are more or less a package deal. Ball and chain deal, don't you mean :-) > If there isn't some realistic expectation of eventually being to > replace ALL services hosted on NT, including Exchange, then it's really not > worth the extra pain of continuing to maintainin NT and Unix installations > side-by-side. But even running MS only involves admin pain. My Samba box hasn't been rebooted since October last year - my NT box lasts a few weeks at most. I run Samba/Unix systems at work for reasons of reliability/flexibility, and to a lesser extent, cost. I use Linux at home for philosophical reasons, but that alone would not be adequate justification for my professional recommendation. > This doesn't mean that Samba should worry about being an Exchange > server itself, but it does mean that right now is a good time to be thinking > about (and implementing!!!) the necessary hooks to allow things like a Unix > Exchange replacement to play nicely with Samba. I have been hoping that if the RPC's for User Manager/Server Manager and such like to work are implemented, then Exchange compatibility and similar will just sort of "fall out" of the process. > In general, Samba development as of late (particularly the past 6 > months) has been severely hampered by two aspects of the Samba development > "culture": > > 1. the expectation that implementations should spring "fully formed > from the head of Zeus" in their ideal form Yes, I see this on the lists. I appreciate Jeremy's position in terms of feeling it to be *necessary* to avoid any sacrifice in stability though. Far more Samba installations would vanish if the software was unstable. The complexities of the SMB protocol server to make Samba (and NT) quirky enough to set up right. If there were instabilities after set up, then Samba would be damaged far more than it is by some (admittedly important) missing functionality. > 2. a refusal to make forward-looking decisions, because the future > hasn't happened yet > > This doesn't mean the development isn't getting done, and these > statements, being generalizations, are not universally true. A lot of > significant stuff is in HEAD. But it's been moving at a glacially slow > pace. I will guarantee you that by the time Samba has a full NT4 domain > implementation in a _stable_ mainline samba release, NT4 domains will no > longer be relevent. I agree entirely that the progress towards full domain implementation has taken a while coming, and isn't here yet. The fact that there are very good technical reasons for the time taken to get here hasn't helped the end user in this regard. There is one good point though - many organisations are not upgrading to Windows 2000 - the cost, necessity for hardware upgrades, and hassle involves has passed a lot of pain thresholds this time. I recently spent time with someone at a MS only shop who had evaluated Windows 2000. He didn't like what he saw, and came to me to learn about Linux. He sees his upgrade path at the server as being from NT4 to Linux/Samba and the rest. So, I don't think the importance of the NT4 domain implementation shoul be underestimated, as I think NT4 domains will have relevance for quite some time to come. Active directory is overkill for a *lot* of people out there, and Win2k has a great many drawbacks as an upgrade path. > We haven't even really started on Win2K domains, either, as far as I > know. What are the plans with regard to this? Are there any? The mess MS made of Kerberos caused a lot of discussion a while ago, but I've heard little since. Is anyone working from the MS document on the grounds that their position that it is a trade secret is legally untenable, or is anyone trying to clean room reverse engineer the protocol? Or is it just too soon for anything to happen in this arena yet? > > > Those who use pre-alpha software > > like TNG have no right to expect production level support for it from > > the developers, who have better things to do than hand hold. > > > You're right; it's a stupid expectation, and it shouldn't have ever > come to that. People are desparate, though, and mainline Samba hasn't been > delivering. They have nowhere else to go. And that, I think is the key to much of this. Many people out there are getting desperate. They really need a solution to the domain problems. I think this underlies most (if not all) of the noise on the lists regarding a roadmap/timeline. If they can't have it now, they'd at least like to know when they can hope to expect it.... > Sadly, idealists don't build bridges. Indeed. Mike. From m.brodbelt at acu.ac.uk Fri Sep 29 10:36:48 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:43 2003 Subject: net send References: Message-ID: <39D470C0.56686146@acu.ac.uk> "XArmstrong, Mike" wrote: > > Is it possible to issue a " net send " command from a unix > server using samba? You can use smbclient -M to achieve similar results. To find the machine an NT user is logged in on, look up the registered NetBIOS name:- nmblookup user#03 It should be easy to write a script to do the above with these commands. HTH Mike. From m.brodbelt at acu.ac.uk Fri Sep 29 10:43:28 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:43 2003 Subject: Suggestions & stuff References: Message-ID: <39D47250.FADDA276@acu.ac.uk> Jean Francois Micouleau wrote: > > Yesterday evening I added the rpc call: create_user to the HEAD branch.. > Once I'm done with set_user_info and set_user_info2, we should be able to > add/nodify accounts from the user manager. > > > I fully appreciate the technical difficulties, and don't have answers to > > many of them yet, but I still feel the functionality is important. For > > Server Manager, I'd be happy with a set up where machine accounts were > > placed in a Samba specific file (tdb?), and then that file could be > > changed by the RPC mechanism, obviating the need for this service to > > muck with /etc/passwd, which I admit to a sense of unease about. > > user and server manager have a lot in common. As soon as we have user > manager working, server manager will be trivial. Great news. > > I used to run NT clients on a Novell server, Each account could have > > valid logon times specfied on the server, and you'd be kicked off the > > system automatically when you reached the end of your approved hours. NT > > has all the same options, though I've not actually used them. > > A bit of background explanation is necessary. Let me explain, we are > reluctant to add user management in samba that is not supported by the > underlying unix system. I would love to support the kick-out/password > change/... features of NT but only if the unix you use can support them > too. It's more a philosophical than a technical issue. The philosophy seems eminently sensible to me. I don't regard kickout as that important really. If an organisation wants to kick everyone out, they can always just cron a Samba shutdown at night, and startup in the morning. The NT password change is more irritating. From a technical perspective, I can see the arguments, but as an admin, I'd love to have the darn thing work... Mike. From ircd at michelog.med.uoc.gr Fri Sep 29 14:05:37 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:43 2003 Subject: Suggestions & stuff In-Reply-To: <39D47250.FADDA276@acu.ac.uk> References: Message-ID: <4.3.0.20000929100508.00a9d100@michelog.med.uoc.gr> I don't know if this is already activated... but Group Policies & User level access Control on windows would be great as well. From simo.sorce at polimi.it Fri Sep 29 13:36:08 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:43 2003 Subject: Suggestions & stuff References: Message-ID: <39D49AC8.801DA91@polimi.it> Jean Francois Micouleau wrote: > > On Fri, 29 Sep 2000, Mike Brodbelt wrote: > > > > Server Manager? User Manager? Both of these qill require > > > possible editing of /etc/passwd (let's please not bring up > > > the machine accounts in /etc/passwd again ok? At least > > > not for right now). > > > > Technical considerations aside for a moment, these are two tools I do > > regard as important for Samba to support. I'm sure many installations of > > Samba come into contact with people who don't know Unix that well, if at > > all. If it's possible to turn round and say "you can use NT admin > > tools", then a big anti-Samba argument goes away from the ease of use > > angle. > > Yesterday evening I added the rpc call: create_user to the HEAD branch.. > Once I'm done with set_user_info and set_user_info2, we should be able to > add/nodify accounts from the user manager. > What do you mean by add? Do you mean that samba will be able to add users in etc/passwd? And how is it performed? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From p.mayers at ic.ac.uk Fri Sep 29 11:43:46 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:31:43 2003 Subject: Suggestions & stuff Message-ID: Not quite. Now the RPC call is there. The infrastructure (*how* to add the users - that's system specific, policy about *who* can add users, and so on) will need to be put in place... Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Simo Sorce [mailto:simo.sorce@polimi.it] Sent: 29 September 2000 14:36 To: Jean Francois Micouleau Cc: samba-ntdom@us4.samba.org Subject: Re: Suggestions & stuff Jean Francois Micouleau wrote: > > On Fri, 29 Sep 2000, Mike Brodbelt wrote: > > > > Server Manager? User Manager? Both of these qill require > > > possible editing of /etc/passwd (let's please not bring up > > > the machine accounts in /etc/passwd again ok? At least > > > not for right now). > > > > Technical considerations aside for a moment, these are two tools I do > > regard as important for Samba to support. I'm sure many installations of > > Samba come into contact with people who don't know Unix that well, if at > > all. If it's possible to turn round and say "you can use NT admin > > tools", then a big anti-Samba argument goes away from the ease of use > > angle. > > Yesterday evening I added the rpc call: create_user to the HEAD branch.. > Once I'm done with set_user_info and set_user_info2, we should be able to > add/nodify accounts from the user manager. > What do you mean by add? Do you mean that samba will be able to add users in etc/passwd? And how is it performed? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Christian.Hartmann-Herrmann at web2cad.de Fri Sep 29 12:19:50 2000 From: Christian.Hartmann-Herrmann at web2cad.de (Christian.Hartmann-Herrmann@web2cad.de) Date: Tue Dec 2 02:31:43 2003 Subject: smbpasswd and other questions to samba-tng! Message-ID: Hello specialists! What the different configuration between a Samba-PDC and NT-Workstations and Samba-PDC and NT-Server? I have created successfully a Samba-PDC with Samba-TNG 2.6 and a NT-Workstation. Now i can?t use the same Samba-PDC with a NT-Server Machine. What is the problem and can anybody help us? Greetings Christian Hartmann-Herrmann From F.W.J.Wiegerinck at student.utwente.nl Fri Sep 29 12:24:06 2000 From: F.W.J.Wiegerinck at student.utwente.nl (F. Wiegerinck) Date: Tue Dec 2 02:31:43 2003 Subject: Suggestions & stuff References: <4.3.0.20000927222405.00a82320@michelog.med.uoc.gr> <39D39016.9D56E9BA@valinux.com> <39D46956.7583BC71@acu.ac.uk> Message-ID: <002c01c02a10$29cfc720$2000a8c0@student.utwente.nl> Mike Brodbelt wrote: > > > Gerald Carter wrote: > > > > greg wrote: > > > > > > For future NT Domain releases (3.0 or whatever) you > > > should really support nt administrative tools > > > (event viewer, server manager, user mananger etc... > > > Hopefully you can get it to work with nexus also. > > > > Greg, Thanks for the suggestions. We will keep those > > in mind. Just curious, but what would you want to > > use the Event Viewer to see? Syslog files? Samba > > logs? EventViewer is a horrible logfile viewer IMO > > and the return benefit for implementing the server side > > RPCs necessary would not be a big payoff. > > For my 2p worth, I'd think that event viewer sould be pretty far down > the priority list. The tool is not very good, and in the absence of all > the NT "this/that/the other has failed" messages, is largely irrelevant > to administration. If it were to be implemented, I'd want the security > log first and foremost, but even this I consider of very low importance. Every one hate to use the event manager as Microsoft is shipping it with WinNT. Is it a good idea if someone, when it is getting priority, creates a new event manager. At the unix-based system there wil run a server next to Samba and will examen the logfiles created by Samba. An windows client is able to make connection to this server and retrieve the information from the server. This will be easer to develop too. And it's up to the developer to design new futures to improve the usage of the event manager. [cut] Althow I not yet using Samba TNG, because I need to forward netbios, it is great pleasure to read that Microsoft trying to stop Samba, but haven't succeeded yet. My thanks to those who develop Samba and therefore using there sparetime. Frank From mkuhne at microsoft.com Fri Sep 29 12:15:36 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:31:43 2003 Subject: TNG-stable Message-ID: <5270E4FF9E984945A851BC018D4B7B31A890D0@muc-msg-01.europe.corp.microsoft.com> This is a myth. See http://www.microsoft.com/technet/security/kerbtech.asp (including the PAC specs) Regards, Martin Kuhne Escalation Engineer, Critical Problem Resolution (CPR) Microsoft GmbH -----Original Message----- From: Mike Brodbelt [mailto:m.brodbelt@acu.ac.uk] Sent: Friday, September 29, 2000 12:29 PM To: Cole, Timothy D. Cc: Samba NT Domains Mailing List; 'Luke Kenneth Casson Leighton' Subject: Re: TNG-stable [...] What are the plans with regard to this? Are there any? The mess MS made of Kerberos caused a lot of discussion a while ago, but I've heard little since. Is anyone working from the MS document on the grounds that their position that it is a trade secret is legally untenable, or is anyone trying to clean room reverse engineer the protocol? Or is it just too soon for anything to happen in this arena yet? [...] From m.brodbelt at acu.ac.uk Fri Sep 29 12:48:06 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:43 2003 Subject: TNG-stable References: <5270E4FF9E984945A851BC018D4B7B31A890D0@muc-msg-01.europe.corp.microsoft.com> Message-ID: <39D48F86.EEFC8ABC@acu.ac.uk> Martin Kuhne wrote: > > This is a myth. See http://www.microsoft.com/technet/security/kerbtech.asp > (including the PAC specs) Ah, I had not realised that the documents had been re-released sans the original "license" claiming them as trade secrets. Thanks for clearing up the misunderstanding. Mike. From k.blin at gmx.net Fri Sep 29 12:51:23 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:31:43 2003 Subject: Suggestions & stuff In-Reply-To: <4.3.0.20000929100508.00a9d100@michelog.med.uoc.gr>; from ircd@michelog.med.uoc.gr on Fri, Sep 29, 2000 at 10:05:37AM -0400 References: <39D47250.FADDA276@acu.ac.uk> <4.3.0.20000929100508.00a9d100@michelog.med.uoc.gr> Message-ID: <20000929145123.A10624@molgen-6.iah.medizin.uni-tuebingen.de> On Fri, Sep 29, 2000 at 10:05:37AM -0400, greg wrote: > I don't know if this is already activated... but Group Policies & User > level access Control on windows would be great as well. You don't mean security = user, by any chance? Greets, Kai -- Kai Blin, Sysop University of Tuebingen dept. of immunology A mathematician is a device for turning coffee into theorems. -- P. Erdos From Jean-Francois.Micouleau at dalalu.fr Fri Sep 29 13:05:21 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:43 2003 Subject: TNG-stable In-Reply-To: <39D48F86.EEFC8ABC@acu.ac.uk> Message-ID: On Fri, 29 Sep 2000, Mike Brodbelt wrote: > Martin Kuhne wrote: > > > > This is a myth. See http://www.microsoft.com/technet/security/kerbtech.asp > > (including the PAC specs) > > Ah, I had not realised that the documents had been re-released sans the > original "license" claiming them as trade secrets. Thanks for clearing > up the misunderstanding. No. Check again the last sentence of paragraph I-a of the license. J.F. From p.mayers at ic.ac.uk Fri Sep 29 13:07:02 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:31:43 2003 Subject: TNG-stable Message-ID: You people really are laughable: b. The Specification is confidential information and a trade secret of Microsoft. Therefore, you may not disclose the Specification to anyone else (except as specifically allowed below) License agreement displayed when you click on the EXE. Samba is an OPEN SOURCE program. By definition, making use of those specs would require us to disclose them. For the record, I clicked on the "No, I do not accept this attack on my rights as an individual" button... I particularly like the bit on the linked page, "IETF specification - (page 46 spells out the optional auth-data field)" ...kind of a "Yah, boo, sucks to you, the spec allows us to not document it, so there!". Silly little children.... Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Martin Kuhne [mailto:mkuhne@microsoft.com] Sent: 29 September 2000 13:16 To: 'Mike Brodbelt'; Cole, Timothy D. Cc: Samba NT Domains Mailing List Subject: RE: TNG-stable This is a myth. See http://www.microsoft.com/technet/security/kerbtech.asp (including the PAC specs) Regards, Martin Kuhne Escalation Engineer, Critical Problem Resolution (CPR) Microsoft GmbH -----Original Message----- From: Mike Brodbelt [mailto:m.brodbelt@acu.ac.uk] Sent: Friday, September 29, 2000 12:29 PM To: Cole, Timothy D. Cc: Samba NT Domains Mailing List; 'Luke Kenneth Casson Leighton' Subject: Re: TNG-stable [...] What are the plans with regard to this? Are there any? The mess MS made of Kerberos caused a lot of discussion a while ago, but I've heard little since. Is anyone working from the MS document on the grounds that their position that it is a trade secret is legally untenable, or is anyone trying to clean room reverse engineer the protocol? Or is it just too soon for anything to happen in this arena yet? [...] From jroman6 at ford.com Fri Sep 29 13:09:02 2000 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:31:44 2003 Subject: NT Admin Logon Message-ID: Didn't see a response to this so I'll offer some help, if you didn't receive any. Create a unix group to maintain your administrators. Say for example you called it "admin". Use the Domain Admin group option to identify your admin group. Your smb.conf entry should look something like: domain admin group = @admin Don't forget the @ sign before the group name. Note that this will only give you administrative rights on the NT workstations. This will not allow members of the admin group to administer samba. While you could manipulate the Unix permissions on the server, to allow members of the group the ability to administer some aspects of samba, make sure you have a detailed understanding of the security implications before thinking about doing this. -----Original Message----- From: Lee Johnston [mailto:lee@uk.freebsd.org] Sent: Saturday, September 16, 2000 8:18 AM To: samba-ntdom@us4.samba.org Subject: NT Admin Logon Hi, I'm running Samba-2.0.7, and I'm wondering how I can create a user with Domain Admin access under NT4. I've tried the domain admin users option in the smb.conf file, but this doesn't seem to work. Regards, Lee. From skvidal at phy.duke.edu Fri Sep 29 13:16:59 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:31:44 2003 Subject: a hopefully relatively simple question Message-ID: I have a user who I would like to make a local admin over 1 particular machine - how would I go about doing that? I'm not sure this is directly a samba question - but I looked around user mangler and it didn't see obvious. thanks -sv From m.brodbelt at acu.ac.uk Fri Sep 29 13:31:15 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:44 2003 Subject: TNG-stable References: Message-ID: <39D499A3.3B272A56@acu.ac.uk> Jean Francois Micouleau wrote: > > On Fri, 29 Sep 2000, Mike Brodbelt wrote: > > > Martin Kuhne wrote: > > > > > > This is a myth. See http://www.microsoft.com/technet/security/kerbtech.asp > > > (including the PAC specs) > > > > Ah, I had not realised that the documents had been re-released sans the > > original "license" claiming them as trade secrets. Thanks for clearing > > up the misunderstanding. > > No. Check again the last sentence of paragraph I-a of the license. Yep - "no right to implement". I thought it was too good to be true. Interestingly, the compression format has been changed so you can't just open it with WinZip any more. In that case, the original question remains - given that one used to be able to open the exe file thas was shipped with WinZip and thus extract the specs without agreeing to the license, and also the legal contention that you can't release something like that for download and still expect to enjoy trade secret protection, are there any plans for an implementation? I'd assume that anyone who tried would want some legal protection - I see MS are busy trying to sue people for implementing NTFS R/W support on Linux at the moment... Mike. From p.mayers at ic.ac.uk Fri Sep 29 13:45:26 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:31:44 2003 Subject: TNG-stable Message-ID: The rumours claim (I purposefully haven't read it, so I can't verify this) that the document is a PDF with "Confidential" images stamped all across the page. I know for a fact some people converted it to plaintext, with no copyright warning, but I avoided those too, since they're of questionable legality. I intend to try and reverse the format at some point, in a legally sound fashion, but someone in Australia would stand a much better chance. IIRC, your are legally allowed to reverse engineer there, for the purposes of compatibility. Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Mike Brodbelt [mailto:m.brodbelt@acu.ac.uk] Sent: 29 September 2000 14:31 To: Jean Francois Micouleau Cc: Samba NT Domains Mailing List Subject: Re: TNG-stable Jean Francois Micouleau wrote: > > On Fri, 29 Sep 2000, Mike Brodbelt wrote: > > > Martin Kuhne wrote: > > > > > > This is a myth. See http://www.microsoft.com/technet/security/kerbtech.asp > > > (including the PAC specs) > > > > Ah, I had not realised that the documents had been re-released sans the > > original "license" claiming them as trade secrets. Thanks for clearing > > up the misunderstanding. > > No. Check again the last sentence of paragraph I-a of the license. Yep - "no right to implement". I thought it was too good to be true. Interestingly, the compression format has been changed so you can't just open it with WinZip any more. In that case, the original question remains - given that one used to be able to open the exe file thas was shipped with WinZip and thus extract the specs without agreeing to the license, and also the legal contention that you can't release something like that for download and still expect to enjoy trade secret protection, are there any plans for an implementation? I'd assume that anyone who tried would want some legal protection - I see MS are busy trying to sue people for implementing NTFS R/W support on Linux at the moment... Mike. From stancel at netlife.de Fri Sep 29 13:50:16 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:31:44 2003 Subject: Problems with TNG 2.6 and Solaris Message-ID: <39D49E18.D09D5C5E@netlife.de> Hi all, we have following problems, which I would like discuss with you: We installed Samba-TNG 2.6 on RH 6.1 to testing it. I read the HOWTO from Oliver Korbl on the www.pro-linux.de Page. We testet it with some Win95/98 WinNT 4.0 Workstation, Win NT4 Terminalserver with Cytrix Metaframe and an Win2000. What does not works was, that Win9X Clients could not run the netlogon script, but NT Clients does. Then we installed the same samba on an Sparc Solaris7 machine. The problems we now have are: *bin/smbpasswd was not installed. *WinNt Clients can not run the netlogon skript. *When we restart samba-tng, no more user can log in to the WinNT-Terminalserver. (Domaincontroller not found). After restert of this machine - it works. On which platform does Samba-TNG works best ? Are there spetial options for Solaris with which I have to run the configure script? Thank you, Marek Stancel (sorry for my bad english) From lee.taylor at aeroton.scania.co.za Fri Sep 29 13:54:40 2000 From: lee.taylor at aeroton.scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:31:44 2003 Subject: Problems with TNG 2.6 and Solaris References: <39D49E18.D09D5C5E@netlife.de> Message-ID: <027701c02a1c$d001be80$6201010a@LeeTaylor> > What does not works was, that Win9X Clients could not run > the netlogon script, but NT Clients does. Check that the scripts have both , I think that Win9X has a problem with *NIX created files. From jroman6 at ford.com Fri Sep 29 13:58:27 2000 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:31:44 2003 Subject: The account is not authorized to log in from this station Message-ID: I've been working on a similar problem for a little while now. Users can log on initially, but if one user logs off, and another tries to log on, they receive this same message. If the same user tries to log back in, they have no problem. I've noticed that this is a temporary problem. (I.E. If you let the box sit for a period of time, it goes away, or times out, and will let you log back in.) I've noticed that the connections are not killed after you log off a workstation. If I monitor open connections with smbstatus, once the connection dies another user can log back in. I am inclined to believe that this is somehow related to the use of profiles, as it mimics the description of when you set up a "profile path = \\L%\u%\profile". (Pointing them to the "home" share, as detailed in the domain.txt.) I seem to remember that there is a function of NT that tries to maintain the server connection, but don't remember the logic that was used to establish it, or what else to do about it. While I am using profiles, I have a separate share set up for my profiles. It looks like this issue may be a little different than mine, but we get the same error, so it may be related. -----Original Message----- From: Christian Iversen [mailto:Christian.Iversen@indok.no] Sent: Friday, September 15, 2000 8:23 AM To: 'samba-ntdom@lists.samba.org' Subject: The account is not authorized to log in from this station I am running Samba on a Sun Solaris 2.6. Since I so far haven't had any problems with Samba, I am still running v.1.9.17p3. Now my company has installed a Win 2000 Server running Citrix Metaframe. We want to connect \home and \tmp as network disks in the Metaframe environment, but when we try to connect to our Sun Server, the message "The account is not authorized to log in from this station" appears. I have enabled PlainTextPassword, but that doesn't help, I have tried to connect using: net use h: \\"ip-adress"'home and net use h: \\"servername"\home, but none of them works. Does anyone know if there is any solution to our problem ? Regards, Christian Iversen From mg at connection-net.de Fri Sep 29 14:16:50 2000 From: mg at connection-net.de (Michael Glauche) Date: Tue Dec 2 02:31:44 2003 Subject: Problems with TNG 2.6 and Solaris References: <39D49E18.D09D5C5E@netlife.de> Message-ID: <014001c02a1f$e9789340$0904010a@connection.local> > we have following problems, which I would like discuss with you: > > We installed Samba-TNG 2.6 on RH 6.1 to testing it. > I read the HOWTO from Oliver Korbl on the www.pro-linux.de Page. > We testet it with some Win95/98 WinNT 4.0 Workstation, > Win NT4 Terminalserver with Cytrix Metaframe and an Win2000. > > What does not works was, that Win9X Clients could not run > the netlogon script, but NT Clients does. > > Then we installed the same samba on an Sparc Solaris7 machine. > The problems we now have are: > *bin/smbpasswd was not installed. > *WinNt Clients can not run the netlogon skript. > *When we restart samba-tng, no more user can > log in to the WinNT-Terminalserver. (Domaincontroller not found). > After restert of this machine - it works. > > On which platform does Samba-TNG works best ? > Are there spetial options for Solaris with which I have to run > the configure script? There are known problems with win9x and TNG, as TNG developent focus was on NT 4.0 clients. TNG is a developement branch, and developement has stalled at the moment :( regards, Michael From crh at nts.umn.edu Fri Sep 29 14:23:58 2000 From: crh at nts.umn.edu (Christopher R. Hertel) Date: Tue Dec 2 02:31:44 2003 Subject: HOWTO: get familar with the Samba source code In-Reply-To: <3.0.6.32.20000928191048.01c93520@203.16.214.248> from Richard Sharpe at "Sep 28, 2000 07:10:48 pm" Message-ID: <200009291423.JAA06759@nts.nts.umn.edu> Richard Sharpe conversed: > At 10:22 AM 9/29/00 +1100, Tim Potter wrote: : > >I've made some progress with some hand-written IDLs. Apart from > >being bogged down with other stuff, I'm currently lacking a > >proper IDL parsing system. > > > >I did get as far as automatically generating ethereal code to > >parse LSA open policy, close policy and query info policy RPC > >packets. > > Actually, I am sort of working on something to automatically generate > dissectors as well, and want to look at what Tim has done, but I am working > on an XML-based system. Microsoft uses MS IDL (MIDL) in their development work. The long-term hope is that either legal action or general good-will will cause them to release the IDL files, thus providing everyone with interface specifications. That in mind, it would be waycool to be able to hand Ethereal an IDL file or set of IDL files for parsing purposes. BTW, JF has handed me some traces of WINS replication (PORT TCP/42). The version of NetMon I'm using doesn't parse these. If there's a newer one that does I'd like to know about it. Ethereal doesn't parse them either but with luck and some effort... Chris -)----- -- Christopher R. Hertel -)----- University of Minnesota crh@nts.umn.edu Networking and Telecommunications Services Ideals are like stars; you will not succeed in touching them with your hands...you choose them as your guides, and following them you will reach your destiny. --Carl Schultz From crh at nts.umn.edu Fri Sep 29 14:33:28 2000 From: crh at nts.umn.edu (Christopher R. Hertel) Date: Tue Dec 2 02:31:44 2003 Subject: WINS Failover [Was: TODO list] Message-ID: <200009291433.JAA07188@nts.nts.umn.edu> > o Help Chris Hertel with WINS failover implementation > issues The failover code is actually all written. The issue is simply the workings of the UNICAST_SUBNET. I wanted Jeremy, who wrote that bit, to take a careful look at it. The UNICAST_SUBNET is a mechanism for making the point-to-point WINS communication look like broadcast communication so that both can be handled more or less the same way. The design is good, though a bit tricky, as it removes a special case that would involve a bit of redundant coding. The problem is that there is some special code for this, and the assumption is made that there is only one remote address on the UNICAST_SUBNET list. I don't know what will happen if multiple addresses are listed so I want to work Jeremy to make sure I've caught any problems. Chris -)----- -- Christopher R. Hertel -)----- University of Minnesota crh@nts.umn.edu Networking and Telecommunications Services Ideals are like stars; you will not succeed in touching them with your hands...you choose them as your guides, and following them you will reach your destiny. --Carl Schultz From david.allan at finch.org Fri Sep 29 14:38:17 2000 From: david.allan at finch.org (David Allan Finch) Date: Tue Dec 2 02:31:44 2003 Subject: [OT] Programmatically converting a UNIX passwd hash to an MD5hash? References: Message-ID: <39D4A959.70108B02@finch.org> Steve Langasek wrote: > However, it's > easy enough to add a hook to a program so that, after verifying that the user > has entered the correct password, the password file is updated with the md5 > equivalent. Intresting. I would have thought that having to hash's two work on you could reduce the amount of work needed to figure out a password. -- / The whole history of this invention has been a struggle /\|/\ against time - Charles Babbage 1837 on the Analytical Engine | K | All Hail Discordia - Burn all Orange Books! \___/ david.allan@finch.org - http://www.ironfort.com -------------- next part -------------- A non-text attachment was scrubbed... Name: david.allan.vcf Type: text/x-vcard Size: 193 bytes Desc: Card for David Allan Finch Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000929/ddb3091e/david.allan.vcf From hulet at ittc.ukans.edu Fri Sep 29 15:10:38 2000 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:31:44 2003 Subject: a hopefully relatively simple question In-Reply-To: Message-ID: If you have this line in your smb.conf config file = /usr/system/samba/lib/smb.conf.%m Then create an smb.conf file for that machine smb.conf.machine_name In the smb.conf, you can point it at your special files for this one person. If you're using TNG then modify this line: domain group map = /usr/local/samba/private/special_domaingroup.map We use it for exporting shares to certain machines and not the majority. We've also used it to make an individual administrator on only their machine. Michael Hulet Network System Administrator ITTC, University of Kansas On Fri, 29 Sep 2000, Seth Vidal wrote: > I have a user who I would like to make a local admin over 1 particular > machine - how would I go about doing that? > > I'm not sure this is directly a samba question - but I looked around user > mangler and it didn't see obvious. > > thanks > -sv > > > From gcarter at valinux.com Fri Sep 29 15:03:20 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:44 2003 Subject: TODO list proposal for volunteers References: <39D43719.53A6B812@valinux.com> <20000929151820.A10686@molgen-6.iah.medizin.uni-tuebingen.de> Message-ID: <39D4AF38.78B815A7@valinux.com> Kai Blin wrote: > > o Update the homepage a bit (it still gives > listproc@samba.org as reference adress to > subscribe (found out while trying to subscribe to > samba-docs :) The samba web site is available via anonyous CVS if anyone wants to go through and catch things like this. See http://us4.samba.org/cvs.html but checkout 'sambaweb' instead of samba. Also o we need to kill off any old references to samba-bugs. I am under the assumption this has gone away, and been replaced, but maybe I'm wrong. o add some more obvious information on submitting patches & reporting bugs (http://us4.samba.org/samba/bugreports.html) Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From m.brodbelt at acu.ac.uk Fri Sep 29 15:19:55 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:44 2003 Subject: [OT] Programmatically converting a UNIX passwd hash to an MD5hash? References: <39D4A959.70108B02@finch.org> Message-ID: <39D4B31B.E832E5C5@acu.ac.uk> David Allan Finch wrote: > > Steve Langasek wrote: > > > However, it's > > easy enough to add a hook to a program so that, after verifying that the user > > has entered the correct password, the password file is updated with the md5 > > equivalent. > > Intresting. I would have thought that having to hash's two work on > you could reduce the amount of work needed to figure out a password. You don't retain two hashes. When the users changes password, you take what they've entered as their existing password and crypt() it, then compare it to the /etc/passwd entry. Assuming you get a match, you've then authenticated the user. At this point, you request a new password, take what's entered, hash it with MD5, and store it in /etc/passwd. You never need to store both hashes at the same time, and the hashes are not of the same value. Mike. From jeremy at valinux.com Fri Sep 29 17:00:27 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:45 2003 Subject: TNG-stable References: <5270E4FF9E984945A851BC018D4B7B31A890D0@muc-msg-01.europe.corp.microsoft.com> Message-ID: <39D4CAAB.88D84714@valinux.com> Martin Kuhne wrote: > > This is a myth. See http://www.microsoft.com/technet/security/kerbtech.asp > (including the PAC specs) I'm sorry Martin, it is not a myth. The full PAC interoperability information is only available via clicking on a *very* obnoxious "I agree to not implement this" click through license. Microsoft have sent legal letters to the slashdot site (run by my employer, VA Linux Systems) demaning they remove postings giving out this information without the license. This remains unresolved. Currently the PAC format is considered a "trade secret" under US law and this is in a legal limbo (not tested in court). I can get full details from Ted Tso (one of the MIT Kerberos developers now working at VA Linux) and get a more official post if you require. But this interoperability issue is *very* alive and is currently being fought tooth and nail by Microsoft (in the USA at least). Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jeremy at valinux.com Fri Sep 29 17:04:50 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:45 2003 Subject: TNG-stable References: <5270E4FF9E984945A851BC018D4B7B31A890D0@muc-msg-01.europe.corp.microsoft.com> <39D48F86.EEFC8ABC@acu.ac.uk> Message-ID: <39D4CBB2.94E02A3D@valinux.com> Mike Brodbelt wrote: > > Martin Kuhne wrote: > > > > This is a myth. See http://www.microsoft.com/technet/security/kerbtech.asp > > (including the PAC specs) > > Ah, I had not realised that the documents had been re-released sans the > original "license" claiming them as trade secrets. Thanks for clearing > up the misunderstanding. They haven't. This link takes you to the original .exe containing the "trade secret" license. Note the web site says : "Microsoft is publishing this information to enable third party validation of the Windows 2000 security model to benefit enterprise customers, developers and the industry" Note it says nothing about publishing to allow interoperable implementations to be written. It's the same thing that caused all the fuss on slashdot. This format still has not been released without restriction. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From bgmilne at ing.sun.ac.za Fri Sep 29 17:28:03 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:45 2003 Subject: TNG-stable References: <200009281958.PAA19520@elektra.warbeast.com> Message-ID: <39D4D123.DBE79B9D@ing.sun.ac.za> But luckily with the lack of security in outlook, it's probably easier to install these files by modified virus that it is to install the security updates !! I am looking at implementing shared folders etc in outlook (98 currently), adn have a samba 2.0.7. Does anyone have any experiences they would like to share on this ? (It looks like Openmail is cheaper than Exchange, which is a major concern in South Africa. Exchange with 5 clients is more than our total monthly IT wages! Buchan kill -9 wrote: > > Yes, it requires an install of hp openmail's mapi32.dll files, but it does > make a good linux mail server. It has the ability to work extremely well > with outlook 2000 clients. > > > > > -----Original Message----- > > > From: kill -9 [SMTP:kill-9@elektra.warbeast.com] > > > Sent: None > > > To: Cole, Timothy D. > > > Cc: samba-ntdom@samba.org > > > Subject: Re: TNG-stable > > > > > > As a side note, HP OpenMail is a great replacement for Exchange. It is the > > > best commercial software for linux yet, in my opinion. > > > > > Doesn't it require new MAPI DLLs on the client side (since afaiK it > > doesn't do the Exchange wire protocols, correct me if I'm wrong)? > > > > > > -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From gcarter at valinux.com Fri Sep 29 17:36:40 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:45 2003 Subject: TNG-stable References: <200009281958.PAA19520@elektra.warbeast.com> <39D4D123.DBE79B9D@ing.sun.ac.za> Message-ID: <39D4D328.D1CF4E99@valinux.com> If we could change the thread name on this, that would be great for my mailing filtering (which has recently taken a beating :) ) Thanks. Cheers, jerry Buchan Milne wrote: > > But luckily with the lack of security in outlook, it's probably easier > to install these files by modified virus that it is to install the > security updates !! > > I am looking at implementing shared folders etc in outlook (98 > currently), adn have a samba 2.0.7. Does anyone have any experiences > they would like to share on this ? (It looks like Openmail is cheaper > than Exchange, which is a major concern in South Africa. Exchange with 5 > clients is more than our total monthly IT wages! -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From rszczesniak at mis.com.pl Fri Sep 29 17:31:42 2000 From: rszczesniak at mis.com.pl (=?iso-8859-2?q?Rafa=B3_Szcze=B6niak?=) Date: Tue Dec 2 02:31:45 2003 Subject: a hopefully relatively simple question Message-ID: Try to add this user into Administrators group using User Manager for NT. After doing this, user's name and domain may be treated as "Account unknown" but in general it should work. Rafa? Seth Vidal Wys?ane przez: samba-ntdom-admin@us4.samba.org 00-09-29 15:16 Do: samba-ntdom@samba.org DW: Temat: a hopefully relatively simple question I have a user who I would like to make a local admin over 1 particular machine - how would I go about doing that? I'm not sure this is directly a samba question - but I looked around user mangler and it didn't see obvious. thanks -sv From patrick at mindstep.com Fri Sep 29 17:45:48 2000 From: patrick at mindstep.com (Patrick Bihan-Faou) Date: Tue Dec 2 02:31:45 2003 Subject: Samba 2.0.7 + FreeBSD 4.1-STABLE + W2k sp1 References: <20337579133.20000926123544@russia.crosswinds.net> Message-ID: <01d001c02a3d$1a04fcc0$040aa8c0@local.mindstep.com> Hi, From: "Evpaty" > su-2.04# ifconfig > rl0: flags=8843 mtu 1500 > inet 10.0.1.102 netmask 0xffffff00 broadcast 10.0.1.255 > inet6 fe80::250:baff:fed1:de26%rl0 prefixlen 64 scopeid 0x1 > ether 00:50:ba:d1:de:26 > media: autoselect (none) status: active > supported media: autoselect 100baseTX 100baseTX 10baseT/UT > P 10baseT/UTP 100baseTX [...] > One of them looks at the coaxial subnet, one - at 100Mbit UTP5 > On the 100Mbit side of the router there is a Windows 2000 Box with 3Com 905B card. I have a problem with Samba from this box. Any operation > > like copying file to or from Samba share is done _extremely_ slow, 60-80 kb per second. This is not a network problem - ftp is 10 times Try disabling the autodetection of the link speed on the rl0 card. To do so either use: # ifconfig rl0 media 10baseT/UTP or # ifconfig rl0 media 100baseTX depending on the actual speed of the network connected to it (I am guessing it is 10 Base T). The rl0 driver has a lot of problems detecting the 10 base T networks, and although you have connectivity and everything appears to be working fine, the performance are really bad until you explicitely tell it to use 10 base T. The "media: autoselect (none) status: active" in ifconfig is a good indication of that problem. Good luck, Patrick. From mkuhne at microsoft.com Fri Sep 29 18:38:05 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:31:45 2003 Subject: TNG-stable Message-ID: <5270E4FF9E984945A851BC018D4B7B31B44178@muc-msg-01.europe.corp.microsoft.com> (1) I was responding to a post that claims MS messed up kerberos. This is simply not true, MS kerberos is rfc compliant plus all the changes now have been documented for everyone to review. (2) I was not referring to the legal issues you are detailing below and I am truly sorry if I have been unclear. -----Original Message----- From: Jeremy Allison [mailto:jeremy@valinux.com] Sent: Friday, September 29, 2000 7:00 PM To: Martin Kuhne Cc: 'Mike Brodbelt'; Cole, Timothy D.; Samba NT Domains Mailing List Subject: Re: TNG-stable Martin Kuhne wrote: > > This is a myth. See http://www.microsoft.com/technet/security/kerbtech.asp > (including the PAC specs) I'm sorry Martin, it is not a myth. The full PAC interoperability information is only available via clicking on a *very* obnoxious "I agree to not implement this" click through license. Microsoft have sent legal letters to the slashdot site (run by my employer, VA Linux Systems) demaning they remove postings giving out this information without the license. This remains unresolved. Currently the PAC format is considered a "trade secret" under US law and this is in a legal limbo (not tested in court). I can get full details from Ted Tso (one of the MIT Kerberos developers now working at VA Linux) and get a more official post if you require. But this interoperability issue is *very* alive and is currently being fought tooth and nail by Microsoft (in the USA at least). Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jeremy at valinux.com Fri Sep 29 18:45:21 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:45 2003 Subject: TNG-stable References: <5270E4FF9E984945A851BC018D4B7B31B44178@muc-msg-01.europe.corp.microsoft.com> Message-ID: <39D4E341.C1D14010@valinux.com> Martin Kuhne wrote: > > (1) I was responding to a post that claims MS messed up kerberos. This is > simply not true, MS kerberos is rfc compliant plus all the changes now have > been documented for everyone to review. But what is the point of this if the license prohibits implementation ? Why even bother to publish at all ? What does it achieve (except to annoy the original MIT kerberos developers) ? I fully understand that Microsoft has completely followed the RFC in their implementation. The problem is they followed the *letter* of the RFC, not the *spirit* of the RFC. No other company pulls these kind of tricks. They either produce proprietary specs and code, which is perfectly fine and is their right of course, or they follow the *spirit* of the RFC process. Why does Microsoft feel they need to try and pretend "openness" like this ? When I originally asked Peter Brundrett for the PAC spec back in 1997 (!) he told me that it would eventually be released. In no-ones wildest dreams is the current situation acceptable. > (2) I was not referring to the legal issues you are detailing below and I am > truly sorry if I have been unclear. No problem, I appreciate your presence on this list. Thanks, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From kris.ozzy at lineone.net Fri Sep 29 19:53:56 2000 From: kris.ozzy at lineone.net (Kristyan Osborne) Date: Tue Dec 2 02:31:45 2003 Subject: Messaging Message-ID: <01C02A4F.023E1560.kris.ozzy@lineone.net> Hi guys, Does anyone know if it is possible to send a message to a client when a print job have been sent to the samba server. If this is not a feature, maybe it should be considered to be added to a new release of samba. Cheers ------------- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From ed at schernau.com Fri Sep 29 19:03:21 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:31:45 2003 Subject: MS' Kerberos Implementation Message-ID: <39D4E779.1296F399@schernau.com> I read that the MIT guys were revising the spec, in effect tightening up just what can be done with the vendor-specific field. Someone remarked that this would then either: 1) break MS Kerberos, or 2) prevent a similar "subset" of MIT Kerberos from being spawned. Is this urban legend, or what can we expect on the Kerberos front? -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From jahall at nea.org Fri Sep 29 19:32:44 2000 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:31:45 2003 Subject: Messaging Message-ID: You can use postexec to send a message to the user. I have never used this so I'm not exactly sure how it works. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - Hi guys, Does anyone know if it is possible to send a message to a client when a print job have been sent to the samba server. If this is not a feature, maybe it should be considered to be added to a new release of samba. Cheers ------------- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - From ircd at michelog.med.uoc.gr Fri Sep 29 23:49:18 2000 From: ircd at michelog.med.uoc.gr (greg) Date: Tue Dec 2 02:31:45 2003 Subject: Messaging In-Reply-To: Message-ID: <4.3.0.20000929194817.00a7f840@michelog.med.uoc.gr> To message someone: smbclient -M option From vgill at technologist.com Fri Sep 29 23:32:10 2000 From: vgill at technologist.com (Vern H. Gill) Date: Tue Dec 2 02:31:45 2003 Subject: Messaging Message-ID: This should do it. Change the options sent to what you want. In smb.conf; print command = echo '%u' printed '%s' on `date -R +%A,%b%e,%Y_%X` | smbclient -N -M destination_host_netbios_name ; lpr -r -P '%p' '%s' Good luck, and let me know if it works for you. Vern H. Gill From chris at aims.com.au Sat Sep 30 04:09:36 2000 From: chris at aims.com.au (Chris Knight) Date: Tue Dec 2 02:31:45 2003 Subject: TNG-stable In-Reply-To: <39D46EEF.FD15EC4E@acu.ac.uk> Message-ID: <010f01c02a94$3fd73a10$020aa8c0@aims.private> Howdy, Are these of any help? Interoperability with Microsoft Windows 2000 Active Directory and Kerberos Services http://msdn.microsoft.com/library/techart/kerberossamp.htm The source code provided as a link at the aforementioned site is covered by a BSD-like license. SSPI/Kerberos Interoperability with GSSAPI http://msdn.microsoft.com/library/techart/sspikerberos.htm Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au > -----Original Message----- > From: samba-ntdom-admin@us4.samba.org > [mailto:samba-ntdom-admin@us4.samba.org]On Behalf Of Mike Brodbelt > Sent: Friday, 29 September 2000 21:29 > To: Cole, Timothy D. > Cc: Samba NT Domains Mailing List; 'Luke Kenneth Casson Leighton' > Subject: Re: TNG-stable > > [snip] > > > We haven't even really started on Win2K domains, > either, as far as I > > know. > > What are the plans with regard to this? Are there any? The > mess MS made > of Kerberos caused a lot of discussion a while ago, but I've heard > little since. Is anyone working from the MS document on the > grounds that > their position that it is a trade secret is legally untenable, or is > anyone trying to clean room reverse engineer the protocol? Or > is it just > too soon for anything to happen in this arena yet? > > > > > Mike. > From c2z4s9 at hotmail.com Sat Sep 30 12:12:11 2000 From: c2z4s9 at hotmail.com (John Doe) Date: Tue Dec 2 02:31:45 2003 Subject: Stupid Question Message-ID: Why... after i install Samba 2.0.7 does nmbd , smbd, and every other samba utility display version 2.0.6? _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From gcarter at valinux.com Fri Sep 29 15:14:53 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:45 2003 Subject: a hopefully relatively simple question References: Message-ID: <39D4B1ED.3C732204@valinux.com> Or just add that domain user into the local admin group using ntrights.exe (supplied with NT resource kit) "Michael S. Hulet" wrote: > > If you have this line in your smb.conf > > config file = /usr/system/samba/lib/smb.conf.%m > > Then create an smb.conf file for that machine > > smb.conf.machine_name > On Fri, 29 Sep 2000, Seth Vidal wrote: > > > I have a user who I would like to make a local admin > > over 1 particular machine - how would I go about doing that? Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From timo at gatso.nl Sat Sep 30 13:41:03 2000 From: timo at gatso.nl (Timo Gatsonides) Date: Tue Dec 2 02:31:45 2003 Subject: a hopefully relatively simple question In-Reply-To: <39D4B1ED.3C732204@valinux.com> Message-ID: <000c01c02ae4$14219870$c001a8c0@timo.gatso.nl> Have a look at www.ntfaq.com, search for 'local administrator': http://www.ntfaq.com/Articles/Index.cfm?ArticleID=13880&SearchString=local%2 0administrator John Savill / January 9, 2000 Q. How can I make domain users members of local Administrators groups during an unattended installation? A. A. The easiest way to do this is to use the net localgroup command, however before you can use the command you have to have connected to the PDC and start the netlogon service. The following commands can be used in the unattended installation using the CMDLINES.TXT file: net use \\ /user:\ net start netlogon net localgroup Administrators "\" /add > -----Original Message----- > From: samba-ntdom-admin@us4.samba.org > [mailto:samba-ntdom-admin@us4.samba.org]On Behalf Of Gerald Carter > Sent: Friday, September 29, 2000 5:15 PM > To: Michael S. Hulet > Cc: Seth Vidal; samba-ntdom@samba.org > Subject: Re: a hopefully relatively simple question > > > Or just add that domain user into the local admin > group using ntrights.exe (supplied with NT resource kit) > > "Michael S. Hulet" wrote: > > > > If you have this line in your smb.conf > > > > config file = /usr/system/samba/lib/smb.conf.%m > > > > Then create an smb.conf file for that machine > > > > smb.conf.machine_name > > > On Fri, 29 Sep 2000, Seth Vidal wrote: > > > > > I have a user who I would like to make a local admin > > > over 1 particular machine - how would I go about doing that? > > > > > > Cheers, jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com > http://www.samba.org SAMBA Team jerry@samba.org > http://www.eng.auburn.edu/~cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From gcarter at valinux.com Sat Sep 30 13:29:00 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:45 2003 Subject: TNG-stable References: <010f01c02a94$3fd73a10$020aa8c0@aims.private> Message-ID: <39D5EA9C.25FC7AA3@valinux.com> Chris Knight wrote: > > Interoperability with Microsoft Windows 2000 Active > Directory and Kerberos Services > http://msdn.microsoft.com/library/techart/kerberossamp.htm > > The source code provided as a link at the > aforementioned site is covered by a BSD-like license. > > SSPI/Kerberos Interoperability with GSSAPI > http://msdn.microsoft.com/library/techart/sspikerberos.htm If you can convince your AD admins to install the SFU package and provide NIS access to AD, in theory, you can serve NIS to your UNIX boxes and work Samba off of that (plain text). Of course, I'm not recommending this. Just pointing out possibilities. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From sorce at mail.polimi.it Sat Sep 30 14:16:46 2000 From: sorce at mail.polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:45 2003 Subject: Messaging In-Reply-To: <01C02A4F.023E1560.kris.ozzy@lineone.net> Message-ID: On Fri, 29 Sep 2000, Kristyan Osborne wrote: > Hi guys, > > Does anyone know if it is possible to send a message to a client when a print job have been sent to the samba server. > > If this is not a feature, maybe it should be considered to be added to a new release of samba. > You may send a winpopup message through smbclient. Just put a line in your printing scripts/filters. From lkcl at samba.org Sat Sep 30 18:11:03 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:45 2003 Subject: this discussion reminds me... (Was: Re: TNG-stable) In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB03F47163@xcgmd008.md.essd.northgrum.com> Message-ID: > We never did find out if anyone had the keys, because the cheese > wheel (now on the floor) came to life and started singing Barry Manilow > tunes. tim, i do not take drugs. i never have, except i have been in the company of people who smoked enough for it not to be necessary. however, if _you_ do, and you can prove to me that it has no side-effects, please send me some. i am writing a sci-fi / fantasy novel, and i am in need of the kind of creativity that you just expressed. ... although, i have to say, your example just goes to show, as i am finding out, that real life is stranger and funnier than fiction; and real-life makes a good basis for fiction. From lkcl at samba.org Sat Sep 30 18:17:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:45 2003 Subject: this discussion reminds me... (Was: Re: TNG-stable) In-Reply-To: Message-ID: > If we get creative, everyone can be > involved. OpenSource is all about contribution. It is all about making the > tools you use, yours. thank you, aaron. if nothing else, i hope this exercise has made this very clear. love to all, lukes From Dave at keston.u-net.com Sat Sep 30 22:51:59 2000 From: Dave at keston.u-net.com (David Flynn) Date: Tue Dec 2 02:31:45 2003 Subject: API's and the such Message-ID: <019101c02b31$0ab54e60$0200a8c0@thedoc> Something i have been wondering more and more about recently is about an API. Is there an API as such for Samba, which would give us (programmers of other utilities) the ability to have functions such as thoes listed in MSDN, i am refering to mainly the Net* Calls. Currently, i have had to do nasty little hacks and get link to the samba shared objects ... so is there another layer of abstraction out there ? if not, would anyone be intereseted in such a thing ? if there is a reason why this hasnt been done ( i am thinking of technical reasons of sound standing here ), then please let us know. Thanks ! Dave --------------------------------------- The information in this e-mail and any files sent with it is confidential to the ordinary user of the e-mail address to which it was addressed and may also be legally privileged. It is not to be relied upon by any person other than the addressee except with the sender's prior written approval. If no such approval is given, the sender will not accept liability (in negligence or otherwise) arising from any third party acting, or refraining from acting, on such information. If you are not the intended recipient of this e-mail you may not copy, forward, disclose or otherwise use it or any part of it in any form whatsoever. If you have received this e-mail in error please notify the sender immediately, destroy any copies and delete it from your computer system. Have a nice Day ! --------------------------------------------- From datk at albury.net.au Wed Sep 20 03:32:55 2000 From: datk at albury.net.au (David Atkinson) Date: Tue Dec 2 02:31:54 2003 Subject: Newbie question... Samba+NT PDC Howto ?? References: Message-ID: <005201c022b3$89ffb1a0$a609030a@atkinsontech.com.au> 1. There are two option you need, both in the [global] section of smb.conf security = domain password server = 2. Make sure you have a machine account for the samba server in the domain controler. 3. Before you restart samba after entering the changes run : smbpasswd -j 4. This will setup the machine account so it is ready to be used. DON'T run this command multiple times as it prevents samba from participating in the domain if it is run multiple times. If you do you need to remove the machine account from the domain server the go back to step 2. 5. Restart samba hope this helps Cheers Dave "I shall explain this by waving my hands about in an appropriate manner." --Cambridge University Math Dept. ----- Original Message ----- From: "Messias" To: Cc: Sent: Monday, October 09, 2000 2:41 PM Subject: Re: Newbie question... Samba+NT PDC Howto ?? > Hi David, Hi all... > > Whoa... I'm currently in several lists... but only in this list I've got > really quick replies to my questions!!! Really thanks!!!!! > > > Sorry, still not clear. Do you want the samba 207 server to > > manage the NT > > domain or do you want it to be a member of a NTdomain that is > > managed by another server, probably a 'real' NTServer ? > > I'm really sorry... I'll buy some english books to improve this > language... sorry! > > > In the second case, you can tell your samba server to look to the > > NTserver to authenticate users etc. > > YES... the second case... How may I do it??? > There's some example smb.conf ??? > I've saw in this list history a "domain user map" config. What's it > for ??? > > Thanks again to you all!!!!! > > > > __________________________________________________________________________ > Todo brasileiro tem direito a um e-mail gr?tis > http://www.bol.com.br > > > > > From datk at albury.net.au Wed Sep 20 22:18:27 2000 From: datk at albury.net.au (David Atkinson) Date: Tue Dec 2 02:31:55 2003 Subject: Samba TNG Back from the dead Message-ID: <008101c02350$b94f1f20$a609030a@atkinsontech.com.au> Sorry to take so long to respond - I'm suppost to be doing the HSC a week from today (A state wide university entrance exam here in Australia). I am willing to provide any support/assistance with futher developing Samba TNG, but it would most likely have to take the form of testing and/or documentation. I have access to several production and non-production testing sites with varying reliance on NT servers. I would be glad to finally be able to give something back to one of the projects I have taken advantage of for some time (I still have an old i486 server running Red Hat 5.2 acting a a print server for an inkjet printer.) Something else I see as a benificial step is greater interoperability with netatalk+asun Cheers Dave "This software comes with ABSOLUTELY NO WARRANTY. Even if it erases your hard drive, too bad. Although we did fix that bug from the last release." --README from a long-ago release of DJGPP From datk at albury.net.au Wed Sep 20 21:42:39 2000 From: datk at albury.net.au (David Atkinson) Date: Tue Dec 2 02:31:56 2003 Subject: PDC References: Message-ID: <009d01c0234b$c71782a0$a609030a@atkinsontech.com.au> Sounds like your Samba PDC is trying to use plain text passwords to which Win98 or Win2000 will object. To set Win98 to plain text passwords find (in regedit) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VXD\VNETSUP] and add a dword value of "EnablePlainTextPassword" set to 1 For NT (and Win2000, I think) it is the same as for Win95, except the value "EnablePlainTextPassword" is stored in [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rdr\Parameters] ----- Original Message ----- From: "Ray Recendez" To: Sent: Tuesday, October 10, 2000 9:56 AM Subject: PDC > I have Samba running on my servers in a workgroup environment. I have tried > to create a PDC on a Solaris 2.6 machine. I have followed all the necessary > steps, but when I try to join the Domain with a Win98 or Win2000 system, it > can not find the Domain or is generating errors. Please help. Docs, advise, > reference material, etc. > > Regards, > Ray Recendez > > >