From g.turnbull at uws.edu.au Sat Dec 1 03:48:03 2001 From: g.turnbull at uws.edu.au (Greg Turnbull) Date: Tue Dec 2 02:37:02 2003 Subject: Solaris can't join Windows 2000 Domain correctly, however same config works fine on redhat 7.1 Message-ID: <5.1.0.14.0.20011201052939.00b144e0@mail.uws.edu.au> Hi, We cant get Solaris 2.6 Sun Box to join the domain correctly. We changed the security to "security=domain" and although it was successful joining the domain, connecting using smbpasswd failed. Using the same smb.conf file and the lmhosts file we were able to join the domain correctly using redhat 7.1 and it object shows up as a windows nt member server on the windows 2000 PDC. The Solaris server that we cannot get to join correctly shows up blank. Were stumped, can anyone else help. Also we made sure that the versions were the same and that they were compiled the same way. Both the Windows 2000 PDC and Solaris server are on the same subnet. Attached is a copy of our smb.conf file. Thanks Greg Turnbull -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.domain.rtf Type: application/rtf Size: 859 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011201/071a2fbe/smb.domain.rtf From g.turnbull at uws.edu.au Sat Dec 1 03:57:03 2001 From: g.turnbull at uws.edu.au (Greg Turnbull) Date: Tue Dec 2 02:37:02 2003 Subject: Solaris can't join Windows 2000 Domain correctly, however same config works fine on redhat 7.1 Message-ID: <5.1.0.14.0.20011201065450.00b97cf0@mail.uws.edu.au> Hi, We cant get Solaris 2.6 Sun Box to join the domain correctly. We changed the security to "security=domain" and although it was successful joining the domain, connecting using smbpasswd failed. Using the same smb.conf file and the lmhosts file we were able to join the domain correctly using redhat 7.1 and it object shows up as a windows nt member server on the windows 2000 PDC. The Solaris server that we cannot get to join correctly shows up blank. Were stumped, can anyone else help. Also we made sure that the versions were the same and that they were compiled the same way. Both the Windows 2000 PDC and Solaris server are on the same subnet. Attached is a copy of our smb.conf file. Thanks Greg Turnbull -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.domain.rtf Type: application/rtf Size: 859 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011201/b568c222/smb.domain.rtf From erik at roxen.com Sat Dec 1 11:06:03 2001 From: erik at roxen.com (Erik Persson) Date: Tue Dec 2 02:37:02 2003 Subject: LDAP-SAM and Samba 2.2 In-Reply-To: <200111302326.fAUNQc3e014513@hemlock.highley-recommended.com> Message-ID: On Fri, 30 Nov 2001, David Highley wrote: > "Erik Persson wrote:" > > > > Hi! > > > > I am experimenting with the PDC features of Samba 2.2 with the LDAP SAM > > backend. This is going fairly well, except eny attempt to join the domain > > fails due to some confusion within smbd concerning what the RID for the > > workstation account should be. > > There was a posting in the last couple of days that indicated that > cvs patches were needed to get Samba 2.2.2 to operate with LDAP. Right. I pulled the SAMBA_2_2 from CVS and built it. Now, it has stopped doing the strange hex->int format conversion stuff but it still doesn't quite work. What happens now when a client tries to join is that after a looong while (1-2 minutes or so) of waiting (last message reported is a "switch message SMBclose") the client declares that it has joined the domain. After rebooting and actually trying to log into the domain i get a "Computer account doesn't exist or password incorrect". *sigh* What really eats me is that I actually had a working setup with at least one successful join and subsequent login using the original 2.2.2 release with a few source code modifications that I cannot remember now. Anyway, could I possibly be doing something wrong? How does the process of joining a domain look like. The things that I can see from the log files are: * Client (let's call it "foo") requests to joing the domain and supplies credentials for accomplishing this (administrator login and password). * smbd creates an initial account in LDAP for "foo$" and sets the password to "foo". * More magic... I assume that in the "more magic" department the client supplies some kind of data that smbd can use to set the password to something other than "foo". However, when I look in my LDAP records for "foo$" the password doesn't change. Could this be the problem? This is a typcial machine account entry in my LDAP server _after_ smbd gotten to it and added (as far as I can see) displayName and cn. dn: uid=roadrunner$, ou=People, dc=roxen, dc=com gidNumber: 7000 lmPassword: DC12FFA682C3844D2E87078C29EC8618 objectClass: shadowAccount objectClass: sambaAccount objectClass: posixAccount loginShell: /bin/false homeDirectory: /dev/null userPassword:: e2NyeXB0fSpMSyo= ntPassword: 63911FAC3D75FECB66C48A17A30C5F9D displayName: ROADRUNNER$ cn: ROADRUNNER$ uid: roadrunner$ uidNumber: 7001 pwdLastSet: 0 logonTime: 0 logoffTime: 0 kickoffTime: 0 pwdCanChange: 0 pwdMustChange: 0 smbHome: \\%N\ homeDrive: U: profilePath: \\%N\profile rid: 15002 primaryGroupID: 15001 acctFlags: [W ] The password here is hashed from foo and not from "FOO". Could that be the problem? I'm going nuts here. Any attempt to enlighten me will be greatly appreciated. ;-) Thanks, /Erik -- Erik Persson, System Manager Roxen Internet Software Voice: +46 13 376817 From phil.burrow at blueyonder.co.uk Sat Dec 1 11:44:02 2001 From: phil.burrow at blueyonder.co.uk (Philip Burrow) Date: Tue Dec 2 02:37:02 2003 Subject: Samba 2.2.2 --with-ldapsam configure error Message-ID: <001101c17aa0$46d5d760$0200000a@PTB> Hi I've been attempting to configure samba 2.2.2 with LDAP and it simply wont configure (configures fine without). I have read here that samba 2.2.2's LDAP support is "broken" so I assume this is the problem. The only argument to configure I am using is --with-ldapsam and I get this at the end of configure: checking configure summary configure: error: summary failure. Aborting config and in config.log: configure: failed program was: #line 12521 "configure" #include "confdefs.h" #include "./tests/summary.c" I have also read there are patches but I can't find anywhere where I can get them. I have checked www.samba.org and the recent posts in this list (as I am a relatively new subscriber) to no avail. Does anyone have any info? Cheers, Phil. From erik at roxen.com Sat Dec 1 12:43:03 2001 From: erik at roxen.com (Erik Persson) Date: Tue Dec 2 02:37:02 2003 Subject: Samba 2.2.2 --with-ldapsam configure error In-Reply-To: <001101c17aa0$46d5d760$0200000a@PTB> Message-ID: On Sat, 1 Dec 2001, Philip Burrow wrote: > Hi > > I've been attempting to configure samba 2.2.2 with LDAP and it simply wont > configure (configures fine without). I have read here that samba 2.2.2's > LDAP support is "broken" so I assume this is the problem. The only argument > to configure I am using is --with-ldapsam and I get this at the end of > configure: > > checking configure summary > configure: error: summary failure. Aborting config > > and in config.log: > > configure: failed program was: > #line 12521 "configure" > #include "confdefs.h" > #include "./tests/summary.c" > > I have also read there are patches but I can't find anywhere where I can get > them. I have checked www.samba.org and the recent posts in this list (as I > am a relatively new subscriber) to no avail. > > Does anyone have any info? It would help if you also included the lines from the log that holds the actual compiler, preprocessor or linker error. Anyway, I have been tinkering around with LDAP support in Samba 2.2.2 over the last few days, and have gotten similar failures due to the fact that the LDAP support relies on the OpenLDAP libraries which in turn depends on the OpenLDAP libraries if you have TLS/SSL support in OpenLDAP. The latter aren't explicitly linked into OpenLDAP which means that whoever wants to link with OpenLDAP also needs to link with OpenSSL. Check the log file. If there is a bunch of symbol referencing errors that look like SSL stuff you need to add 'LIBS="-lssl -lcrypto"' to your configure command and possibly also the OpenSSL library/include locations to LDFLAGS/CPPFLAGS. /Erik -- Erik Persson, System Manager Roxen Internet Software Voice: +46 13 376817 From dhighley at highley-recommended.com Sat Dec 1 12:56:02 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:02 2003 Subject: Samba 2.2.2 --with-ldapsam configure error In-Reply-To: from "Erik Persson" at Dec 01, 2001 09:41:39 PM Message-ID: <200112012054.fB1KsUSX001586@hemlock.highley-recommended.com> "Erik Persson wrote:" > > On Sat, 1 Dec 2001, Philip Burrow wrote: > > > Hi > > > > I've been attempting to configure samba 2.2.2 with LDAP and it simply wont > > configure (configures fine without). I have read here that samba 2.2.2's > > LDAP support is "broken" so I assume this is the problem. The only argument > > to configure I am using is --with-ldapsam and I get this at the end of > > configure: > > > > checking configure summary > > configure: error: summary failure. Aborting config > > > > and in config.log: > > > > configure: failed program was: > > #line 12521 "configure" > > #include "confdefs.h" > > #include "./tests/summary.c" > > > > I have also read there are patches but I can't find anywhere where I can get > > them. I have checked www.samba.org and the recent posts in this list (as I > > am a relatively new subscriber) to no avail. You would need to extract the patches from cvs at: http://samba.org/samba/cvs.html You can read about how to use the web interface to cvs and the branch tagging. > > > > Does anyone have any info? > > It would help if you also included the lines from the log that holds the > actual compiler, preprocessor or linker error. Anyway, I have been > tinkering around with LDAP support in Samba 2.2.2 over the last few days, > and have gotten similar failures due to the fact that the LDAP support > relies on the OpenLDAP libraries which in turn depends on the OpenLDAP > libraries if you have TLS/SSL support in OpenLDAP. The latter aren't > explicitly linked into OpenLDAP which means that whoever wants to link > with OpenLDAP also needs to link with OpenSSL. > > Check the log file. If there is a bunch of symbol referencing errors that > look like SSL stuff you need to add 'LIBS="-lssl -lcrypto"' to your > configure command and possibly also the OpenSSL library/include locations > to LDFLAGS/CPPFLAGS. It is a peach to build as it needs ssl and a database which configure does not search for or do they provide options for specifying where you have installed them. Here is a wrapper script I created for configure. Paths will need to be changed for your installation: #! /bin/sh CPPFLAGS="-I/usr/local/ssl/include -I/usr/local/ssl/include/openssl -I/usr/local/BerkeleyDB.3.3/include" LDFLAGS="-L/usr/local/ssl/lib -L/usr/local/BerkeleyDB.3.3/lib -R/usr/local/ssl/lib -R/usr/local/BerkeleyDB.3.3/lib" export CPPFLAGS export LDFLAGS exec ./configure > > /Erik > > -- > Erik Persson, System Manager > Roxen Internet Software Voice: +46 13 376817 > > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From phil.burrow at blueyonder.co.uk Sat Dec 1 16:14:19 2001 From: phil.burrow at blueyonder.co.uk (Philip Burrow) Date: Tue Dec 2 02:37:02 2003 Subject: Samba 2.2.2 --with-ldapsam configure error Message-ID: <003001c17ac5$029f60f0$0200000a@PTB> Thanks for your replies guys. If I'd known it needed OpenSSL I wouldn't have deleted its source tree prior to messing with samba! I have installed OpenLDAP, run its tests etc and all is well, however the only command line args I supplied were --with-ldapsam > LDAP support > relies on the OpenLDAP libraries which in turn depends on the OpenLDAP > libraries if you have TLS/SSL support in OpenLDAP. The latter aren't > explicitly linked into OpenLDAP which means that whoever wants to link > with OpenLDAP also needs to link with OpenSSL. I will bear this in mind when I have a blast with it tomorrow. > Check the log file. If there is a bunch of symbol referencing errors that > look like SSL stuff you need to add 'LIBS="-lssl -lcrypto"' to your > configure command and possibly also the OpenSSL library/include locations > to LDFLAGS/CPPFLAGS. Thanks Erik I will have a look deeper into the log files and try and resolve it from there. Regards, Phil. From phil.burrow at blueyonder.co.uk Sun Dec 2 10:52:02 2001 From: phil.burrow at blueyonder.co.uk (Philip Burrow) Date: Tue Dec 2 02:37:02 2003 Subject: Samba 2.2.2 --with-ldapsam configure error References: <200112012054.fB1KsUSX001586@hemlock.highley-recommended.com> Message-ID: <000901c17b62$20dfbdb0$0200000a@PTB> > You would need to extract the patches from cvs at: > http://samba.org/samba/cvs.html > > You can read about how to use the web interface to cvs and the branch > tagging. Okay, I managed to get it working with the stable 2.2.2 from CVS. I have a RedHat7.2 test box and it configured flawlessly on that, and the box I was having problems with was a modified RH6.2. Basically I upgraded GCC, make and automake on 6.2 and it worked. I still get errors in the log regarding LFS support, but I'll bring that up in the relevant mailing list. Thanks for your help. Phil From info at kwnet.at Sun Dec 2 13:05:02 2001 From: info at kwnet.at (Kurt Weiss) Date: Tue Dec 2 02:37:02 2003 Subject: access problem References: Message-ID: <3C0A97A7.EF72F65A@kwnet.at> i'm using suse linux with kernel 2.2.18 installed samba 2.2.2 (from source) linux is used as smb-server and gateway for my windows clients. therefore i installed two network cards: eth0: 192.168.XXX.XXX for internal network, and eth1: 10.XXX.XXX.XXX for the ADSL adapter. the adsl daemon (pptp) builds a ppp connection with an 212.XXX.XXX.XXX address. so i have 3 networks: 192.168.XXX.0/24 10.XXX.XXX.0/24 212.XXX.XXX.XXX/32 in smb.conf (the one and only) i've configured: (/etc/smb.conf i've deleted. -> /usr/local/samba/lib/smb.conf is valid) interfaces = 192.168.XXX.XXX/24 hosts allow = 192.168.XXX. EXCEPT 192.168.XXX.1 the gateway is enabled over ipchains: forward DENY forward 192.168.XXX.0 -> ppp0 MASQ now something strange happend: i can connect to samba over the internet!!!!!!! =============================================== what did i wrong??? thx in advance kurt From gzart at leiinc.com Sun Dec 2 18:49:04 2001 From: gzart at leiinc.com (Greg Zartman) Date: Tue Dec 2 02:37:02 2003 Subject: Samba Include Parameter Message-ID: <000701c17ba5$491ef370$6500a8c0@greg> Documentation seems a little unclear on this, but is it possible to use the samba include parameter with the %U or %u samba variables. Specifically, I'm looking into configuring Samba to use roaming profiles some users and local profiles for others. Thanks you. Greg Zartman From S.Scheufen at ebv.com Mon Dec 3 00:46:03 2001 From: S.Scheufen at ebv.com (Scheufen Stephan) Date: Tue Dec 2 02:37:02 2003 Subject: more than one logon with the same user to samba2.2.2 Message-ID: <2C573D5DEB7AEC4482D5512074A7023C013F61BD@bdcexch2.ebv.com> Hello Samba Experts, i have the following installation: 1x MS NT4 PDC 1x SuSE LinuxMachine with SAMBA 2.2.2 and Winbind Winbind is working and authenticating the users completely agains the NT4 PDC. fine but: If i?m logged on with my W98se to my NT-Domain and have a mapping to the Linux box then i get problems on my second W98se machine trying to logon with the same username....the sharing on the linux box wants to have a username and password again....instead of passing it through to the NT4 PDC via Winbind...!? What is wrong? Can somebody help me please? best regards Stephan > Stephan Scheufen > L?tscher Weg 66 - D-41334 Nettetal - Germany > Fon: +49-2153-733-315 - Fax: 310 - Mail: s.scheufen@ebv.com > From 31710594 at fam.ulusiada.pt Mon Dec 3 02:25:02 2001 From: 31710594 at fam.ulusiada.pt (31710594@fam.ulusiada.pt) Date: Tue Dec 2 02:37:02 2003 Subject: authentication throw mysql table Message-ID: <1007374847.3c0b51ff29c3f@mail.fam.ulusiada.pt> Hi, Does anyone now how to authenticate a Samba user(PDC) with a mysql table ? I'm trying with PAM but with no success. Miguel Soares --------------------------------------------------------------- This mail was sent through IMP: http://mail.fam.ulusiada.pt --------------------------------------------------------------- Visit http://www.fam.ulusiada.pt Main Web Pages --------------------------------------------------------------- Visit http://alunos.fam.ulusiada.pt Students Web Pages --------------------------------------------------------------- From h.p.bernhard at ieee.org Mon Dec 3 02:43:02 2001 From: h.p.bernhard at ieee.org (Hans-Peter Bernhard) Date: Tue Dec 2 02:37:02 2003 Subject: rejected our name registration Message-ID: <3C0B56C9.3B047EBF@ieee.org> Hi, I am using samba 2.2.2 on a Suse 7.3 LINUX, Kernel 2.4.10 I have one backbone 10.24.17.xxx and about 10 subnets. 192.168.yy.xxx. The samba server is on the backbone and its os level is set to 128 When I force an election of the local masterbrowser, the sambaserver wins the election but it cannot become local master browser because a local master browser on a subnet refuses to register the samba server. Below comes the log.nmbd excerpt. Thanks for any help hpb become_domain_master_browser_bcast: querying subnet 10.24.17.10 for domain master browser on workgroup ETINF [2001/12/02 20:04:28, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(117) become_logon_server_success: Samba is now a logon server for workgroup ETINF on subnet 10.24.17.10 [2001/12/02 20:04:32, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(117) ***** Samba server FTKLSRV is now a domain master browser for workgroup ETINF on subnet 10.24.17.10 ***** [2001/12/02 20:04:44, 0] nmbd/nmbd_nameregister.c:register_name_response(111) register_name_response: server at IP 192.168.99.29 rejected our name registration of ETINF<1d> with error code 6. [2001/12/02 20:04:44, 0] nmbd/nmbd_become_lmb.c:become_local_master_fail2(426) become_local_master_fail2: failed to register name ETINF<1d> on subnet 10.24.17.10. Failed to become a local master browser . [2001/12/02 20:04:44, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(294) standard_fail_register: Failed to register/refresh name ETINF<1d> on subnet 10.24.17.10 [2001/12/02 20:16:09, 0] nmbd/nmbd_nameregister.c:register_name_response(111) register_name_response: server at IP 192.168.99.29 rejected our name registration of ETINF<1d> with error code 6. [2001/12/02 20:16:09, 0] nmbd/nmbd_become_lmb.c:become_local_master_fail2(426) become_local_master_fail2: failed to register name ETINF<1d> on subnet 10.24.17.10. Failed to become a local master browser . [2001/12/02 20:16:09, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(294) standard_fail_register: Failed to register/refresh name ETINF<1d> on subnet 10.24.17.10 [2001/12/02 20:17:38, 0] nmbd/nmbd_nameregister.c:register_name_response(111) register_name_response: server at IP 192.168.99.29 rejected our name registration of ETINF<1d> with error code 6. [2001/12/02 20:17:38, 0] nmbd/nmbd_become_lmb.c:become_local_master_fail2(426) become_local_master_fail2: failed to register name ETINF<1d> on subnet 10.24.17.10. Failed to become a local master browser . [2001/12/02 20:17:38, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(294) standard_fail_register: Failed to register/refresh name ETINF<1d> on subnet 10.24.17.10 -- +-------------------------------------------------------------+ | Dr. Hans-Peter BERNHARD | | Email: h.p.bernhard@ieee.org | +-------------------------------------------------------------+ | @ | @ | | Inst. for Communications | HTBLA-Steyr | | and Information Engineering | Schluesselhofgasse 63 | | Johannes Kepler University | A-4400 Steyr | | Linz, AUSTRIA | AUSTRIA | | Phone: +43-732-2468-9711 | Phone: +43-7252-72914-42 | | Fax : +43-7252-72914-25 | Fax : +43-7252-72914-25 | +-------------------------------------------------------------+ From bon at teamlog.fr Mon Dec 3 07:46:03 2001 From: bon at teamlog.fr (JM Bonnefond) Date: Tue Dec 2 02:37:02 2003 Subject: Modifications of ACLs via Windows client Message-ID: <20011203164443.482A568B@hal.ionix-services.com> Hi, I'm trying to implement the XFS ACLs under samba 2.2.2. I'd compiled a new kernel with xfs support and all the ACL functions (setfacl, getfacl, etc) works well. I'd then compiled samba 2.2.2 with the --with-acl option, and it seems to be happy with that. Now I'm trying to access the ACLs via windows clients. A client could modify the access right existing until it correspond to the unix rights, but when i try to modify others rights, like adding a user or a group in the ACLs, I got an "Unable to register the autorisation modification on the file foobar, Access denied" (approximative translation from french). The rights declared in the ACL are well used because a user that is only declared in the ACL rights (not the primary(unix) rights) could acces a specific shared following the ACLs. My question is, could we change the acl via the security panel of Windows, and if yes, what could I have done wrong? Here is my global section of the smb.conf : [global] workgroup = SMAD02 netbios name = SMAD security = user nt acl support = yes encrypt passwords = Yes map to guest = Bad User null passwords = No log level = 1 log file = /var/log/log.%h name resolve order = wins lmhosts host bcast time server = Yes deadtime = 5 keepalive = 30 socket options = IPTOS_LOWDELAY TCP_NODELAY domain admin group = samba @adm_info logon script = %U.bat logon drive = p: domain logons = Yes os level = 64 preferred master = True domain master = True wins support = Yes kernel oplocks = No admin users = @adm_info create mask = 0770 directory mask = 0770 Thanks. From erik at roxen.com Mon Dec 3 10:05:15 2001 From: erik at roxen.com (Erik Persson) Date: Tue Dec 2 02:37:02 2003 Subject: LDAP-SAM and Samba 2.2 In-Reply-To: Message-ID: On Sat, 1 Dec 2001, Erik Persson wrote: > On Fri, 30 Nov 2001, David Highley wrote: > > > "Erik Persson wrote:" > > > > > > Hi! > > > > > > I am experimenting with the PDC features of Samba 2.2 with the LDAP SAM > > > backend. This is going fairly well, except eny attempt to join the domain > > > fails due to some confusion within smbd concerning what the RID for the > > > workstation account should be. > > > > There was a posting in the last couple of days that indicated that > > cvs patches were needed to get Samba 2.2.2 to operate with LDAP. Now I'm starting to get desperate. If there is anybody out there who has any clue on what might be wrong, please let me know. So now I have fetched the SAMBA_2_2 branch from cvs (the LDAP parts in 3.0 won't compile) and have still no luck getting a client to join the domain. As far as I can see, this happens: * Client requests to join domain and supplies root login and password * Samba creates initial machine account data with my script. The script creates an account with basic sambaAccoun, posixAccount and shadowAccount properties so that the user also instantly created in the Unix context. * Samba adds lmPassword, ntPassword, rid, primaryGroupID and more in LDAP. rid and primaryGroupID values seem to be correctly calculated (15000/15001 for a uidNumber/gidNumber of 7000/7000). * By now, I cannot make out anything definitive from the log (debuglevel 3), but the client thinks at last that it has joined the domain. Observations: * The lmPassword and ntPassword LDAP attributes contain suspicious data after the join operation. If the initial passwords for "roadrunner$" was DC12FFA682C3844D2E87078C29EC8618:63911FAC3D75FECB66C48A17A30C5F9D, samba changes them to 0029170800000000002E1E388B7B9D9B:0000000100000002002DF49000000000 during the join operation. What's with all the zeroes? * If i don't set acctFlags within the "add user script" script to [W ], samba will set acctFlags to [DW ]. Is this a good thing or a bad thing. * I use PADL nss_ldap and pam_ldap to import LDAP users and groups to the operating system. The operating system in question i Solaris 8. Questions: * How is the password generated that is used to generate the final lm/nt hashes for the machine account? Where in the Samba code does this happen? * What value for "debug level" should I use to get information that might lead me to a solution? Any thoughts will be greatly appreciated, /Erik -- Erik Persson, System Manager Roxen Internet Software Voice: +46 13 376817 From tarjei at nu.no Mon Dec 3 10:51:33 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:37:02 2003 Subject: LDAP-SAM and Samba 2.2 References: Message-ID: <3C0BC943.9082336@nu.no> > * The lmPassword and ntPassword LDAP attributes contain suspicious data > after the join operation. If the initial passwords for "roadrunner$" was > DC12FFA682C3844D2E87078C29EC8618:63911FAC3D75FECB66C48A17A30C5F9D, samba > changes them to > 0029170800000000002E1E388B7B9D9B:0000000100000002002DF49000000000 during > the join operation. What's with all the zeroes? When joining the domain, the machine will change the pwd to a random value known by the machine and the pdc. > * If i don't set acctFlags within the "add user script" script to > [W ], samba will set acctFlags to [DW ]. Is this a good > thing or a bad thing. Try setting them to w :) > * How is the password generated that is used to generate the final lm/nt > hashes for the machine account? Where in the Samba code does this > happen? It happens on the client. > * What value for "debug level" should I use to get information that might > lead me to a solution? Beats me :) > Any thoughts will be greatly appreciated, Try getting tng-alpha. I've used the ldap support there in production for 7 months without any trouble. Also read the docs (and links!) on ldap that you find here: www.samba-tng.org/docs.html Tarjei > /Erik > > -- > Erik Persson, System Manager > Roxen Internet Software Voice: +46 13 376817 From erik at roxen.com Mon Dec 3 12:35:04 2001 From: erik at roxen.com (Erik Persson) Date: Tue Dec 2 02:37:02 2003 Subject: LDAP-SAM and Samba 2.2 In-Reply-To: <3C0BC943.9082336@nu.no> Message-ID: On Mon, 3 Dec 2001, Tarjei Huse wrote: > > * The lmPassword and ntPassword LDAP attributes contain suspicious data > > after the join operation. If the initial passwords for "roadrunner$" was > > DC12FFA682C3844D2E87078C29EC8618:63911FAC3D75FECB66C48A17A30C5F9D, samba > > changes them to > > 0029170800000000002E1E388B7B9D9B:0000000100000002002DF49000000000 during > > the join operation. What's with all the zeroes? > When joining the domain, the machine will change the pwd to a random value known > by the machine and the pdc. I figured as much. I was only questioning wether those hashes really are sane. There are typically that many zeroes in the final (non working) machine accounts and when feeding smbencrypt with a large number of random passwords I don't get anything that looks like this. > > * If i don't set acctFlags within the "add user script" script to > > [W ], samba will set acctFlags to [DW ]. Is this a good > > thing or a bad thing. > Try setting them to w :) Oh, is the lowercase important? I'll try that. > > * How is the password generated that is used to generate the final lm/nt > > hashes for the machine account? Where in the Samba code does this > > happen? > It happens on the client. Sorry, I was more thinking about where in the samba source code this is negotiated. > Try getting tng-alpha. I've used the ldap support there in production for 7 > months without any trouble. Also read the docs (and links!) on ldap that you > find here: www.samba-tng.org/docs.html I will definitely try that. Thanks, /Erik -- Erik Persson, System Manager Roxen Internet Software Voice: +46 13 376817 From tarjei at nu.no Mon Dec 3 13:05:05 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:37:02 2003 Subject: LDAP-SAM and Samba 2.2 References: Message-ID: <3C0BE887.124283AE@nu.no> > Oh, is the lowercase important? I'll try that. NONONO! My spellingmisstake! > > Try getting tng-alpha. I've used the ldap support there in production for 7 > > months without any trouble. Also read the docs (and links!) on ldap that you > > find here: www.samba-tng.org/docs.html > > I will definitely try that. > > Thanks, > /Erik > > -- > Erik Persson, System Manager > Roxen Internet Software Voice: +46 13 376817 From cbarry at infiniconsys.com Mon Dec 3 13:31:09 2001 From: cbarry at infiniconsys.com (Barry, Christopher) Date: Tue Dec 2 02:37:02 2003 Subject: Weird Share problem... Message-ID: <08628CA53C6CBA4ABAFB9E808A5214CB34D8@mercury.infiniconsys.com> Hi All, I had to move my samba server to a different computer. It was hosting multiple MSDFS roots. I zipped the tree I was using for the msdfs:\\share symlinks, and moved it as well. From awilliam at whitemice.org Mon Dec 3 17:51:29 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:37:02 2003 Subject: LDAP-SAM and Samba 2.2 In-Reply-To: <3C0BC943.9082336@nu.no> Message-ID: >> Any thoughts will be greatly appreciated, >Try getting tng-alpha. I've used the ldap support there in production for 7 >months without any trouble. Also read the docs (and links!) on ldap that you >find here: www.samba-tng.org/docs.html If 2.2.1a will work for you, we are using that very succesfully with WInY2k clients joining the domain. Heard way to many bad stories aboue 2.2.2 -- ----------------------------------------------------------- Ximian GNOME, Evolution, LTSP, and RedHat Linux + LVM & XFS ----------------------------------------------------------- From esexauer at neuearbeit.de Tue Dec 4 02:02:08 2001 From: esexauer at neuearbeit.de (Ernst Sexauer) Date: Tue Dec 2 02:37:03 2003 Subject: Samba and iptables References: <20011130101031.65453.qmail@web14003.mail.yahoo.com> Message-ID: <3C0C9EA8.4497188E@neuearbeit.de> Uwe Dippel wrote: > > Slightly off the track: > I have a packet filter running on iptables to keep intruders out. My > *outside* network is a private network (University) in the 172.20 range > and my inside network on 192.168.0. We do this with IP-tunneling. It works fine. In this case You can protect your private network and use samba w/o problems. Of course, you must add both networks to 'hosts allowed'. -- MfG E.R. Sexauer EDV-Neuearbeit, 0711-25593-53, esexauer@neuearbeit.de From didier.roques at brive.unilim.fr Tue Dec 4 02:48:01 2001 From: didier.roques at brive.unilim.fr (didier roques) Date: Tue Dec 2 02:37:03 2003 Subject: file corrupted Message-ID: <4.2.0.58.20011204113704.00a9c8e0@mail> I use samba 2.2.2 with linux mdk 8.1. my clients machines run under win2k, everything is ok but sometimes when a user write a file to a service shared by samba with word, excel ... that seems to write ok, but when the user want to reopen this file, word or excel don't want to open it, because file is corrupted i think. We can find into this file at the beginning a a piece of text like this ------------------------------------------------------------ [2001/11/30 15:43:52, 2] smbd/open.c:open_file(213) mgoudour opened file TOTO.doc read=Yes write=Yes (numopen=1) ??????????????????????????????????????????????????????????????????? ----------------------------------------------------------- Does anyone know why ? is it a samba problem, a network error, a disk error ? i've no error on the ethernet card. From didier.roques at brive.unilim.fr Tue Dec 4 02:51:05 2001 From: didier.roques at brive.unilim.fr (didier roques) Date: Tue Dec 2 02:37:03 2003 Subject: win2k and roaming profile Message-ID: <4.2.0.58.20011204113843.00a9f370@mail> I use samba 2.2.2 with linux mdk 8.1. my clients machines run under win2k, everything is ok but sometimes there are some problems to load the profiles from the server and it says that is going to use the local profile. I have no errors on the network card. Does anyone know why ? From didier.roques at brive.unilim.fr Tue Dec 4 02:51:49 2001 From: didier.roques at brive.unilim.fr (didier roques) Date: Tue Dec 2 02:37:03 2003 Subject: %G Message-ID: <4.2.0.58.20011204114042.00a9f5f0@mail> I use samba 2.2.2 and linux MDK8.1. I would like to use multiple configuration file (smb.conf) depending on the group of the user connected. so i use the include directive like this: include = /etc/smb.conf.%G but samba don't know %G (log file says that) but with the previous version of samba it worked. I've tried with other parameters, %a for the client OS, %U for the user and it works. Does anyone know why ? From cbarry at infiniconsys.com Tue Dec 4 04:15:02 2001 From: cbarry at infiniconsys.com (Barry, Christopher) Date: Tue Dec 2 02:37:03 2003 Subject: Visual Understanding Message-ID: <08628CA53C6CBA4ABAFB9E808A5214CB1D462F@mercury.infiniconsys.com> All, I tend to think visually. Is there available a flow chart or similar description of the events to getting Samba/Winbind/ACLs up and running? Actually, I would love to create such a document for other like-minded folks if I understood the process enough. Can anyone recommend the best current docs to read to get this working? Thanks, Christopher From adam.evans at infrasoft-civil.com Tue Dec 4 04:25:01 2001 From: adam.evans at infrasoft-civil.com (Adam Evans) Date: Tue Dec 2 02:37:03 2003 Subject: A few problems with Samba 2.2.1a Message-ID: I posted this via deja, but I don't think it comes through the list..... I have a couple of minor problems/situations that I need to try and clear up. Firstly, is there a time scale as to when we will see better group handling within Samba. All my users are currently domain admin, as if they're not then spell checkers etc don't work in Office 97. I know I can do a basic fix by adding the domain users group to power users etc on the local workstation apparently. Also, does anyone know how to fix Office 97 spell check under a standard user? Secondly. I have set up a couple of network printers which are accessed by Samba, then lpr/lpd to the printer adapter. I have found that /var/spool/samba has been filling up with print jobs, and that they're not being cleared. Should they be cleared automatically? Thirdly. Not sure where this problem lies buts. One of my printers is an HP DeskJet 970 and it will only print one sheet at a time. If you say do 100 copies, it will do one. The settings in Samba and LPD are the same. Do you have an idea where the problem lies? Printing to a Canon printer/copier works fine. Fourth. Drivers for Win2K and the deskjet are the basic Win2k ones as the latest HP drivers don't work at all. Is that a problem with the HP drivers, or Samba? That's about it ATM. Thanks for any help you can give.... Adam ********************************************************************** The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be those of Infrasoft, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact : postmaster@infrasoft-civil.com and delete this message. **********************************************************************" From egon.schaal at cadcons.de Tue Dec 4 05:18:02 2001 From: egon.schaal at cadcons.de (Egon Schaal) Date: Tue Dec 2 02:37:03 2003 Subject: w2k Message-ID: <004101c17cc5$b18a58c0$1d0a64c1@emil> Hello, I have Installed samba 2.2.2 on my Suse Linux 7.0 machine and want connection to a w2k machine. I can see the server on my w2k machine, but if I want connect to the server, Iget the message: wrong password. But the password is correct, whats wrong. Thanks ******************************************************************** Egon Schaal, CAD-Consulting, Softwareerstellung Aspacherstr. 15 D-71522 Backnang Tel +49-7191-84498 Fax +49-7191-71410 Email egon.schaal@cadcons.de Web http://www.cadcons.de ********************************************************************* From egon.schaal at cadcons.de Tue Dec 4 05:26:02 2001 From: egon.schaal at cadcons.de (Egon Schaal) Date: Tue Dec 2 02:37:03 2003 Subject: w2k Message-ID: <001c01c17cc6$d29d7d70$1d0a64c1@emil> Hello, I have Installed samba 2.2.2 on my Suse Linux 7.0 machine and want connection to a w2k machine. I can see the server on my w2k machine, but if I want connect to the server, Iget the message: wrong password. But the password is correct, whats wrong. Thanks ******************************************************************** Egon Schaal, CAD-Consulting, Softwareerstellung Aspacherstr. 15 D-71522 Backnang Tel +49-7191-84498 Fax +49-7191-71410 Email egon.schaal@cadcons.de Web http://www.cadcons.de ********************************************************************* From turner at juelich-enzyme.com Tue Dec 4 05:50:06 2001 From: turner at juelich-enzyme.com (Francis Turner) Date: Tue Dec 2 02:37:03 2003 Subject: w2k References: <004101c17cc5$b18a58c0$1d0a64c1@emil> Message-ID: <3C0CD040.9030404@juelich-enzyme.com> Egon Schaal wrote: > Hello, > I have Installed samba 2.2.2 on my Suse Linux 7.0 machine and want > connection to a w2k machine. > I can see the server on my w2k machine, but if I want connect to the server, > Iget the message: wrong password. > But the password is correct, whats wrong. > Thanks > Do you have an entry in smbpasswd for user? Are you using share or user level security? Francis (The 2 issues I just learned about while configuring my samba) -- Francis Turner, CIO Juelich Enzyme Products Gmbh http://www.juelich-enzyme.com/ +49-173-291-7278 In just two days, tomorrow will be yesterday. From cbarry at infiniconsys.com Tue Dec 4 06:50:03 2001 From: cbarry at infiniconsys.com (Barry, Christopher) Date: Tue Dec 2 02:37:03 2003 Subject: Visual Understanding Message-ID: <08628CA53C6CBA4ABAFB9E808A5214CB1D4631@mercury.infiniconsys.com> > -----Original Message----- > From: Scott Mann [mailto:Scott.Mann@lefthandnetworks.com] > Sent: Tuesday, December 04, 2001 9:02 AM > To: Barry, Christopher > Subject: Re: Visual Understanding > > > "Barry, Christopher" wrote: > > > > All, > > I tend to think visually. Is there available a flow chart or > > similar description of the events to getting > Samba/Winbind/ACLs up and > > running? Actually, I would love to create such a document for other > > like-minded folks if I understood the process enough. Can anyone > > recommend the best current docs to read to get this working? > > > > Thanks, > > Christopher > > Hi Christopher, > > I wrote this mini setup doc for Samba & winbindd. I don't know if it > is the sort of thing you are looking for, so feel free to toss it. > > Also, check out the mandrake site: > > http://mandrakeuser.org/connect/csamba5.html > > for a similar recipe. > > Regards, > Scott > Scott, Wow. This is an excellent document (the one you wrote). Thank you very much. Is your doc available on the web? I'll bet many other people could use it. Once I perform this in a testing environment, and get to understand it better, I shall turn it into a visual doc. Thanks, +--------------------------+-------------------------+ | Christopher Barry | InfiniCon Systems | | Sr. SysAdmin | King of Prussia | | cbarry@infiniconsys.com | Pennsylvania | | 610-205-0130 ext: 25 | 19406 | +--------------------------+-------------------------+ From jra at samba.org Tue Dec 4 09:45:17 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:37:03 2003 Subject: A few problems with Samba 2.2.1a In-Reply-To: ; from adam.evans@infrasoft-civil.com on Tue, Dec 04, 2001 at 12:23:37PM +0000 References: Message-ID: <20011204094337.C19066@va.samba.org> On Tue, Dec 04, 2001 at 12:23:37PM +0000, Adam Evans wrote: > Firstly, is there a time scale as to when we will see better group handling > within Samba. All my users are currently domain admin, as if they're not > then spell checkers etc don't work in Office 97. I know I can do a basic fix > by adding the domain users group to power users etc on the local workstation > apparently. Also, does anyone know how to fix Office 97 spell check under a > standard user? Extended group mapping is being implemented and will be in Samba 3.0, due early next year. Jeremy. From ken at escfx.com Tue Dec 4 14:12:05 2001 From: ken at escfx.com (Ken Harris) Date: Tue Dec 2 02:37:03 2003 Subject: Samba server 'joining' Win 2000 domain Message-ID: <2C71DF3DBE79474FB1DD4180574D558002D760@EXCHANGE.escfx.com> I'm trying to make this Samba server join a Win2k domain. I run 'smbpasswd -j ...', and it says it's OK, but then wbinfo doesn't work. I verified the 'join' on the Windoze side by using the 'computer management' tool 'Active Directory Users and Computers': it sees the machine (with OS "NT 4"). When I run "wbinfo", I get: ken@perth:~ 102% wbinfo -u Error looking up domain users Exit 1 ken@perth:~ 103% wbinfo -t Could not check secret Exit 1 ken@perth:~ 104% wbinfo -m Could not list trusted domains Exit 1 In /var/log/samba/log. , I get : [2001/12/04 13:58:23, 3] nsswitch/winbindd_util.c:establish_connections(367) could not find any domain controllers for domain ESCFX I'm running Mandrake 8.1 w/ the Samba 2.2.2 rpms: samba-common-2.2.2-3.3mdk samba-client-2.2.2-3.3mdk samba-2.2.2-3.3mdk samba-winbind-2.2.2-3.3mdk samba-doc-2.2.2-3.3mdk sambapdf-1.0-2mdk gnosamba-0.3.3-5mdk I have /etc/samba/smb.conf set up for domains: workgroup = ESCFX security = domain password server = * Any help would be appreciated. From hchcheng at scg.math.uwaterloo.ca Tue Dec 4 19:00:06 2001 From: hchcheng at scg.math.uwaterloo.ca (Howard Cheng) Date: Tue Dec 2 02:37:03 2003 Subject: Machine accounts Message-ID: Hi, I am trying to set up Samba 2.2.1a as a PDC, and I have it working now using the setup as indicated in the PDC Howto. For some reasons that I would not get into, it is not desirable to have Unix user names ending with "$". Is it possible to avoid this? Here are two proposed solutions: 1. Use a Unix account of a different name, and use "username map" to map the samba user to the Unix account. Does this work? If so, is it possible to use multiple samba machine accounts with only one Unix account? 2. Just have samba machine accounts and no corresponding Unix accounts whatsoever. From hchcheng at scg.math.uwaterloo.ca Tue Dec 4 19:13:11 2001 From: hchcheng at scg.math.uwaterloo.ca (Howard Cheng) Date: Tue Dec 2 02:37:03 2003 Subject: A couple of newbie questions Message-ID: Hi, I just configured Samba 2.2.1a as a PDC for Windows 2000 machines (and maybe NT 4 too). I am a newbie when it comes to Windows, and I have a couple of questions: 1. In the log files, I see messages that says it cannot create some subdirectories in Profile, yet they are created and everything is copied correctly. What do they mean, and should I worry? 2. I have read the FAQ and supposedly it is bad to have the profiles stored in the user's home directory. Why not? I didn't really understand the explanation in the FAQ. It would be much more convenient to do so since I can have everything backed up just by backing up the home directories. Thank you for any assistance. Howard --- Howard Cheng e-mail: hchcheng@scg.math.uwaterloo.ca University of Waterloo URL : http://www.scg.uwaterloo.ca/~hchcheng/ Computer Science Graduate Student (PhD) To divide a cube into two other cubes, a fourth power or in general any power whatever into two powers of the same denomination above the second is impossible, and I have assuredly found an admirable proof of this, but the margin is too narrow to contain it. - Pierre de Fermat From ffoss at hotpop.com Tue Dec 4 21:24:02 2001 From: ffoss at hotpop.com (ffoss) Date: Tue Dec 2 02:37:04 2003 Subject: samba-ntdom digest, Vol 1 #566 - 15 msgs In-Reply-To: <20011204200230.E70BF514B@lists.samba.org> Message-ID: <000001c17d4c$dc88e4b0$6900a8c0@fwf> I have been using samba for quite a while. My wife's win 98 machine logs on to the domain fine, and has for quite a while. My son upgraded to win2000, and I have upgraded to XP. (Which is a major improvement over 98 imho! :-) ) 1> To date I have been unable to get either win2k or XP to log into the domain. I have upgraded to samba 2.2.2, created machine accounts, and modified the registry on XP, to no avail. When I try to join the domain I get an error "The following error occurred attempting to join the domain "xx": the procedure number is out of range." Any thoughts as to what I've missed?? It works fine under 98, but gets nowhere with win 2K or win XP. 2> when sharing files in "user" mode within windoz, I can't get the list of users on the domain. Is this going to be supported in the future? A patch now?? Thanx, fred From jfenner at sino.de Tue Dec 4 23:38:03 2001 From: jfenner at sino.de (Jan Fenner) Date: Tue Dec 2 02:37:04 2003 Subject: Bug / Feature with Temporary Internet Files on a samba Message-ID: <006d01c17d5f$9deee9d0$0c71a8c0@sinojfenner> Hi Everyone, last night we had a strange problem, after testing some settings we finally put the path for "Internet Explorer Internet Cache" du x:\samba-server\xyz\cache. Still anything was fine until we rebootet the windows machine. When it was up again the x:\samba-server\xyz\cache path couldnt be access anymore by IE. Following happend, 50% of all directoris on the samba server was gone! They still appeared by "ls -la" and you could access them through windows if you know the exact path, but they where some kind of hidden. We checked everything, there were no differences between the invisible and the visible directories, user rights etc were quite fine. Next thing we found out was that somehow some cache files of the IE had not been placed in x:\samba-server\xyz\cache\ but in x:\samba-server\. I dont know if they were places there by the IE or if samba mad a mistake managing those files. We found 4 files, having the same name (some not displayable ascii char) and the same size. a fifth file had the name "-" (only the hyphen) and couldnt be opened by root/vi or windows/notepad. After we deleted those files all hidden directories were visible again, but all files in the root-sharing dir of smb (x:\samba-server\*) were deleted. Maybe anyone knows why this happend or can tell me what to do so it doesnt happen again? :-) Used versions: Windows 2000 Prof. Internet Explorer 5.00.2920.0000 Red Hat Linux release 7.0 (Guinness) Kernel 2.2.16-22 on an i686 Samba Version 2.0.7 x:\samba-server\ = windows network drive like \\10.0.0.1\shares\ Regrades Jan Fenner From R.J.Baart at Prompt.NL Wed Dec 5 00:09:21 2001 From: R.J.Baart at Prompt.NL (R.J. Baart) Date: Tue Dec 2 02:37:04 2003 Subject: Error logging into domain (c0000252) In-Reply-To: <001501c1774a$02d567f0$0200000a@Haxed> Message-ID: <3C0DE3BB.5290.8553B5E@localhost> I believe the CVS version is to blame. The system I was telling about never functioned ok, whatever I try. I renewed the system: Suse 7.2 from CD and Samba package (rpm). Everything back to normal. Yesterday I was working with another server and this system did also have problems with the domain logon. I removed the CVS version of Samba and installed the "latest stable" version. Problems were gone. So I think the current CVS version is not working properly. From: "Philip Burrow" To: Copies to: Subject: Re: Error logging into domain (c0000252) Date sent: Tue, 27 Nov 2001 13:47:10 -0000 > > We use several Samba servers. On one system we try things out. That system > is a > > > > Until yesterday we were able to logon to the domain withe a w98, nt4(sp6) > and a w2k > > (sp2) client. We use roaming profiles, smb printservices, etc.But today we > can't logon > > to the domain. Why? We don't know. In our opinion we have not changed > relevant > > options. > > > > It is obvious it has something to do with the workstation, because we can > access the > > domain as workgroup. So usernames and passwords are correct.We have > deleted > > the workstations UID from smbpasswd and passwd. We have added the machines > > to the domain with useradd, smbpasswd and on the NT workstation. All > without any > > problem. We have concentrated on an NT4(SP6) workstation. No success > > > > But what is the problem? I think we miss something very simple, but what. > > This sounds exactly like the problem I am getting when using WinXP Pro as > client. I believe it is something trivial I may have changed with the > workstation but like yourself I cannot get it to log on to the domain, but > can get it to join the workgroup, and I have had it working prior to this. > > If you find the solution would you please post it here as well! > > Thanks > > Phil > > Met vriendelijke groet/Regards Prompt R.J. Baart Marktveldpassage 35c 5261ED Vught tel: +31 73 6567041 mailto:R.J.Baart@Prompt.NL From Zoran.Pucar at era.ericsson.se Wed Dec 5 04:12:07 2001 From: Zoran.Pucar at era.ericsson.se (Zoran Pucar) Date: Tue Dec 2 02:37:04 2003 Subject: NT_STATUS_ACCESS_DENIED Message-ID: <3C0E0ED0.33AF750F@era.ericsson.se> Hi all! I wonder what this problem may depend on. I got 3 servers running solaris 8 and samba 2.2.2. One, in this case ZDLFILES is configured to be a PDC for domain OSSFLU. Following is smb.conf on this machine. [global] workgroup = OSSFLU security = user #I even tried server och domain with same result here.. encrypt passwords = Yes os level = 128 preferred master = True domain master = True domain logons = yes add user script = /usr/sbin/useradd -g machines -d /dev/null -s /bin/false -c Machine %m$ log file = /usr/local/samba/var/log.%m log level = 4 max log size = 50 Rest of the machines ie. lager and zdlcomp2 are clients. Their smb.conf follows. [global] workgroup = OSSFLU security = DOMAIN encrypt passwords = Yes password server = zdlfiles log file = /usr/local/samba/var/log.%m log level = 4 max log size = 50 ....shares and stuff... I have joined OSSFLU domain on both zdlcomp2 and lager with. smbpasswd -jOSSFLU -rZDLFILES -Uroot and i got the message that everything was successfull. However when I try to access zdlcomp2 from lager as user ezoranp, this user exists on all 3 servers with same group and uid (in fact zdlfiles is nis server of all machines), it fails complaining about bad user/password. log.lager on zdlcomp2 says following. cli_net_req_chal: LSA Request Challenge from ZDLFILES to ZDLCOMP2: D874D11E2C1E6002 [2001/12/05 10:43:18, 4] libsmb/credentials.c:cred_session_key(64) cred_session_key [2001/12/05 10:43:18, 4] libsmb/credentials.c:cred_create(95) cred_create [2001/12/05 10:43:18, 4] rpc_client/cli_netlogon.c:cli_net_auth2(134) cli_net_auth2: srv:\\ZDLFILES acct:ZDLCOMP2$ sc:2 mc: ZDLCOMP2 chal 957EC33D2FF3FBDB neg: 1ff [2001/12/05 10:43:18, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160) cli_net_auth2: Error NT_STATUS_ACCESS_DENIED [2001/12/05 10:43:18, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) cli_nt_setup_creds: auth2 challenge failed [2001/12/05 10:43:18, 0] smbd/password.c:connect_to_domain_password_server(1371) connect_to_domain_password_server: unable to setup the PDC credentials to machine ZDLFILES. Error was : NT_STATUS_A CCESS_DENIED. [2001/12/05 10:43:18, 0] smbd/password.c:domain_client_validate(1591) domain_client_validate: Domain password server not available. Somebody? If I set security = server on clients (zdlcomp2 and lager) everything seams to be working just fine, however I would like to optimize access by using domain security. Thnx! Zoran Pucar From bgmilne at cae.co.za Wed Dec 5 06:05:04 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:37:04 2003 Subject: Samba server 'joining' Win 2000 domain References: <2C71DF3DBE79474FB1DD4180574D558002D760@EXCHANGE.escfx.com> Message-ID: <3C0E2891.4040804@cae.co.za> Hi Ken, The best way to setup winbind is to: 1) stop all samba services: # service smb stop # service winbind stop 2)Join the domain: # smbpasswd -j -R -U 3)Start the samba services: # service smb start # service winbind start (the winbind service, which runs the winbindd daemon, needs to be running for wbinfo to work) 4)Test: wbinfo -t Also, you might want to read the docs on winbind at http://mandrakeuser.org/connect/csamab5.html#winbind. Please don't hesitate to reply if you have trouble. Also, I haven't tested winbind against a Windows DC, so I could be wrong .... Buchan Ken Harris wrote: > >I'm trying to make this Samba server join a Win2k domain. > >I run 'smbpasswd -j ...', and it says it's OK, but then wbinfo >doesn't work. I verified the 'join' on the Windoze side by using >the 'computer management' tool 'Active Directory Users and Computers': >it sees the machine (with OS "NT 4"). > >When I run "wbinfo", I get: > >ken@perth:~ 102% wbinfo -u >Error looking up domain users >Exit 1 >ken@perth:~ 103% wbinfo -t >Could not check secret >Exit 1 >ken@perth:~ 104% wbinfo -m >Could not list trusted domains >Exit 1 > > In /var/log/samba/log. , I get : > >[2001/12/04 13:58:23, 3] >nsswitch/winbindd_util.c:establish_connections(367) > could not find any domain controllers for domain ESCFX > >I'm running Mandrake 8.1 w/ the Samba 2.2.2 rpms: > >samba-common-2.2.2-3.3mdk >samba-client-2.2.2-3.3mdk >samba-2.2.2-3.3mdk >samba-winbind-2.2.2-3.3mdk >samba-doc-2.2.2-3.3mdk >sambapdf-1.0-2mdk >gnosamba-0.3.3-5mdk > >I have /etc/samba/smb.conf set up for domains: > > workgroup = ESCFX > security = domain > password server = * > >Any help would be appreciated. > -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From lutz.westhaeusser at base-system.com Wed Dec 5 06:59:02 2001 From: lutz.westhaeusser at base-system.com (Lutz Westhaeusser) Date: Tue Dec 2 02:37:04 2003 Subject: Samba PDC and WinNT BDC Message-ID: <01120515570400.20748@manchester> Hi there, has anyone expirences with a samba PDC and a win BDC? I treid to install a Windows BDC for a program which requires a windows dc and the result si that i cant logon on that bdc. i have a pdc running with samba-tng 2.6.1 and a bdc with nt40 best regards Lutz From gareth at wgsf.org.uk Wed Dec 5 07:17:15 2001 From: gareth at wgsf.org.uk (Gareth Norman) Date: Tue Dec 2 02:37:04 2003 Subject: directory permissions/login problems Message-ID: <001701c17da0$1c605840$0b0aa8c0@gareth> Hi all Probably a minor problem that everyone will look at and mumble "goddam n00bies" but: I have a Samba 2.2.2 PDC running on Red Hat 7.1 - everything is hunky dory apart form 2 things We are a school and sometimes the IT staff are required to move files around the network to different users home directories. For example, user IThead copies a file (temp.doc) to user directory of fred. When the file is copied the user fred only had read premissions on this file and therefore can't save it. The ownership/group are of the person that did the copying in the first place (in this case IThead) and the permissions are rwx for owner and r only for group. I have played around with the force mask and force create mask etc on the homes share but this makes no difference (the homes share points to \home\%U and works fine. The other problem is when several machines try to log in at the same time. I am using win95 workstations and a login script processor called KixTart due to needing a load of if/else statements for mappings based on username. By itsself the kix script works fine but when a number of users log in at the same time the mappings just refuse to work for some of the stations even though the user is authenticated. Any help whatsoever would be greatly appreciaited. Many thanks Gareth Norman From Zoran.Pucar at era.ericsson.se Wed Dec 5 07:32:03 2001 From: Zoran.Pucar at era.ericsson.se (Zoran Pucar) Date: Tue Dec 2 02:37:04 2003 Subject: directory permissions/login problems References: <001701c17da0$1c605840$0b0aa8c0@gareth> Message-ID: <3C0E3DA9.6AAC21D1@era.ericsson.se> Gareth Norman wrote: > > Hi all > > Probably a minor problem that everyone will look at and mumble "goddam > n00bies" but: > > I have a Samba 2.2.2 PDC running on Red Hat 7.1 - everything is hunky dory > apart form 2 things > > We are a school and sometimes the IT staff are required to move files around > the network to different users home directories. For example, user IThead > copies a file (temp.doc) to user directory of fred. When the file is copied > the user fred only had read premissions on this file and therefore can't > save it. The ownership/group are of the person that did the copying in the > first place (in this case IThead) and the permissions are rwx for owner and > r only for group. I have played around with the force mask and force create > mask etc on the homes share but this makes no difference (the homes share > points to \home\%U and works fine. Force mask should help you. How does your smb.conf look like? force mask = 664 (not alike umask on unix) should do the trick i guess. > > The other problem is when several machines try to log in at the same time. I > am using win95 workstations and a login script processor called KixTart due > to needing a load of if/else statements for mappings based on username. By > itsself the kix script works fine but when a number of users log in at the > same time the mappings just refuse to work for some of the stations even > though the user is authenticated. > > Any help whatsoever would be greatly appreciaited. Can't you just use a script /user? I know it means more administration but those scripts can be autogeneraded and will improve performance. Hope this helps! -- Zoran Pucar From ggoodrich at medinotes.com Wed Dec 5 07:50:03 2001 From: ggoodrich at medinotes.com (Greg Goodrich) Date: Tue Dec 2 02:37:04 2003 Subject: Password expiration after joining Domain References: <20011123200229.40FED45B3@lists.samba.org> <3BF71713.619F3660@gmx.net> Message-ID: <3C0E4160.7CD6F733@medinotes.com> I'm having the same issues, so if you find the answer to this problem, please let me know. Also, if anyone on the list knows, I'd appreciate it. TIA, "S. Zwedler" wrote: > Hi, > after installing Samba 2.2.2 and successfully joining the domain, users are now prompted to change their > passwords. I believe this is triggered by Samba, and while it makes sense security-wise, it's not needed in the > trusted environment here so I'd like to set the password expiration time to infinite (never expires). I haven't > yet found the right option in Samba yet, so i'd be more than grateful if someone could tell me where I can find > the proper option. (i'm aware that there is a last-time-changed field in smbpasswd file but I do not want to > change that manually for all users every month...) > > Thanks all, > Steffen Zwedler -- Greg Goodrich Senior Software Engineer MediNotes Corp. ggoodrich@medinotes.com From gzart at leiinc.com Wed Dec 5 07:59:06 2001 From: gzart at leiinc.com (Greg Zartman) Date: Tue Dec 2 02:37:06 2003 Subject: Password expiration after joining Domain References: <20011123200229.40FED45B3@lists.samba.org> <3BF71713.619F3660@gmx.net> <3C0E4160.7CD6F733@medinotes.com> Message-ID: <005101c17da5$f428e080$6500a8c0@greg> > I'm having the same issues, so if you find the answer to this problem, please let me know. Also, if anyone on the > list knows, I'd appreciate it. TIA, This behavior is most strange. I've setup samba 2.x.x on numerous networks and have never seen this... I'm wondering if it is a client thing??? Does it happen on multiple clients? What about different client OSs? Have you tried posting your smb.conf to the list? I don't think the problem is in here, but I've been proven wrong before. Regards, Greg From jmcd at us.ibm.com Wed Dec 5 08:00:01 2001 From: jmcd at us.ibm.com (Jim McDonough) Date: Tue Dec 2 02:37:06 2003 Subject: Samba PDC and WinNT BDC Message-ID: Forwarding to tng-users, as this is a samba-tng question ---------------------------- Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA jmcd@us.ibm.com jmcd@samba.org Phone: (207) 885-5565 IBM tie-line: 776-9984 ---------------------- Forwarded by Jim McDonough/Portland/IBM on 12/05/2001 10:58 AM --------------------------- Lutz Westhaeusser @lists.samba.org on 12/05/2001 09:57:04 AM Please respond to lutz.westhaeusser@base-system.com Sent by: samba-ntdom-admin@lists.samba.org To: samba-ntdom@lists.samba.org cc: Subject: Samba PDC and WinNT BDC Hi there, has anyone expirences with a samba PDC and a win BDC? I treid to install a Windows BDC for a program which requires a windows dc and the result si that i cant logon on that bdc. i have a pdc running with samba-tng 2.6.1 and a bdc with nt40 best regards Lutz From silviu at delrom.ro Wed Dec 5 08:14:06 2001 From: silviu at delrom.ro (Silviu Marin-Caea) Date: Tue Dec 2 02:37:06 2003 Subject: Samba PDC and WinNT BDC In-Reply-To: References: Message-ID: <20011205181401.1f920e97.silviu@delrom.ro> On Wed, 5 Dec 2001 10:57:21 -0500 "Jim McDonough" wrote: > has anyone expirences with a samba PDC and a win BDC? I treid to > install a Windows BDC for a program which requires a windows dc and > the result si that > i cant logon on that bdc. > > i have a pdc running with samba-tng 2.6.1 and a bdc with nt40 Automatic user database replication between PDC and BDC is not yet implemented in any samba, tng or not. The windows BDC will not import automatically the new users, except at reboot, or if you restart that service, whatever it is. And to be honest who needs windows, anyway? After I phased out the last windows NT server, everything started working smoothly. Until then, it was a pain. I have a samba-tng PDC, and another lot of 5 servers runing samba. And am very happy this way too. Right now, I'm studying how to implement a BDC in tng. -- Silviu Marin-Caea - Network & Systems Administrator - Delta Romania Phone +4093-267961 From ggoodrich at medinotes.com Wed Dec 5 08:25:06 2001 From: ggoodrich at medinotes.com (Greg Goodrich) Date: Tue Dec 2 02:37:06 2003 Subject: Password expiration after joining Domain References: <20011123200229.40FED45B3@lists.samba.org> <3BF71713.619F3660@gmx.net> <3C0E4160.7CD6F733@medinotes.com> <005101c17da5$f428e080$6500a8c0@greg> Message-ID: <3C0E493B.BA8D4CB8@medinotes.com> Well, I'm not certain that everyone is having the problem, but I am, and a few of my colleagues are as well. I am running Win2K SP2, and I have tinkered around with the local account policies on my machine, but my local policy is set so that Minimum password and Maximum password age are both zero, which I believe states no forced changes. I'm certainly not 100% certain that samba is the culprit in this case, but we switched from an NT4 domain to a samba domain, and this wasn't happening on the NT4 domain. I guess I just wish there was better information on how all this stuff works, especially through samba. Greg Zartman wrote: > > I'm having the same issues, so if you find the answer to this problem, > please let me know. Also, if anyone on the > > list knows, I'd appreciate it. TIA, > This behavior is most strange. I've setup samba 2.x.x on numerous networks > and have never seen this... I'm wondering if it is a client thing??? > Does it happen on multiple clients? What about different client OSs? > > Have you tried posting your smb.conf to the list? I don't think the problem > is in here, but I've been proven wrong before. > > Regards, > Greg -- Greg Goodrich Senior Software Engineer MediNotes Corp. ggoodrich@medinotes.com From scott at qualitycorps.com Wed Dec 5 08:49:09 2001 From: scott at qualitycorps.com (Scott) Date: Tue Dec 2 02:37:06 2003 Subject: Tcp/IP Message-ID: <012b01c17dbd$4cd14a80$d6230640@office> I am trying to get away from using Netbeui. I have Samba 2.2.2 running as a PDC for W2k, W98, and W95 systems. If I remove the netbeui protocol from the network properties on the windows machine they are now longer viewable in the network neighborhood. Any help would be appreciated in how I can make this happen. Also in W2k does anyone now where to type the information into the system so that a comment appears in network neighborhood next to the machine name? TIA Scott Swaim From vgill at technologist.com Wed Dec 5 09:32:02 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:37:07 2003 Subject: Samba PDC and WinNT BDC Message-ID: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> That is a (IMNSHO) stupid answer. Obviously this person has a need, possibly outside of his control, that he use an nt box that acts as a dc. To give the answer "Linux Rocks, Windows Sucks", or even your equivalent answer, just wastes time and disk space. If you can/want to help, do so. If you want to be a windows basher, do it on another list... Besides, I need windows. There is still no an equivalent in linux for exchange. Nothing comes close. And, everything has been running smoothly here for almost 2 years... With windows. -----Original Message----- From: Silviu Marin-Caea [mailto:silviu@delrom.ro] Sent: Wednesday, December 05, 2001 8:14 AM To: Jim McDonough Cc: tng-users@samba-tng.org; lutz.westhaeusser@base-system.com; samba-ntdom@samba.org Subject: Re: Samba PDC and WinNT BDC On Wed, 5 Dec 2001 10:57:21 -0500 "Jim McDonough" wrote: > has anyone expirences with a samba PDC and a win BDC? I treid to > install a Windows BDC for a program which requires a windows dc and > the result si that > i cant logon on that bdc. > > i have a pdc running with samba-tng 2.6.1 and a bdc with nt40 Automatic user database replication between PDC and BDC is not yet implemented in any samba, tng or not. The windows BDC will not import automatically the new users, except at reboot, or if you restart that service, whatever it is. And to be honest who needs windows, anyway? After I phased out the last windows NT server, everything started working smoothly. Until then, it was a pain. I have a samba-tng PDC, and another lot of 5 servers runing samba. And am very happy this way too. Right now, I'm studying how to implement a BDC in tng. -- Silviu Marin-Caea - Network & Systems Administrator - Delta Romania Phone +4093-267961 From gzart at leiinc.com Wed Dec 5 10:01:04 2001 From: gzart at leiinc.com (Greg Zartman) Date: Tue Dec 2 02:37:07 2003 Subject: Password expiration after joining Domain References: <20011123200229.40FED45B3@lists.samba.org> <3BF71713.619F3660@gmx.net> <3C0E4160.7CD6F733@medinotes.com> <005101c17da5$f428e080$6500a8c0@greg> <3C0E493B.BA8D4CB8@medinotes.com> Message-ID: <008801c17db7$14d8bc40$6500a8c0@greg> > this wasn't happening on the NT4 domain. I guess I just wish there was better > information on how all this stuff works, especially through samba. Well, I'm certainly not aware of Samba functionality to expire passwords. If you are using policies, then they are the likely culprit. The other thing that can cause headaches is trying to implement roaming profiles. Get Samba working before you play around with roaming profiles. I agree that it's difficult to find good information on Samba in one place, but there is ALOT of good information out there. Like I said in my previous message, post your smb.conf file. People can't help you if can't see how you are setup. The more information you provide, the more responses you will likely get. In terms of references: I started with the book, Using Samba, and then read some of the FAQs and HowTo documents. From here, I started playing with samba and reading the man pages. Good luck. Greg Zartman From dr0q at lvcm.com Wed Dec 5 10:56:04 2001 From: dr0q at lvcm.com (Synikal) Date: Tue Dec 2 02:37:07 2003 Subject: Samba PDC and WinNT BDC In-Reply-To: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> Message-ID: <000a01c17dbe$39bf4860$020000a9@l0nging> I'm going to waste another 550(or so) bytes saying that we should'nt be fighting about this. There will always be the "Linux,UNIX,every other stable os on the planet vs. windows" debate. It just wont end. I've used windows 2000 server and nt4 servers occasionally and they have been relatively stable. I'm not a Windows supporter, but nor am I a windows basher... I think they both have their strong points, even though personally I think OpenBSD is better... Ok having said that lets let this thread die :) -----Original Message----- From: tng-users-bounce@lists.dcerpc.org [mailto:tng-users-bounce@lists.dcerpc.org] On Behalf Of Gill, Vern Sent: Wednesday, December 05, 2001 9:34 AM To: 'Silviu Marin-Caea'; Jim McDonough Cc: tng-users@samba-tng.org; lutz.westhaeusser@base-system.com; samba-ntdom@samba.org Subject: RE: Samba PDC and WinNT BDC That is a (IMNSHO) stupid answer. Obviously this person has a need, possibly outside of his control, that he use an nt box that acts as a dc. To give the answer "Linux Rocks, Windows Sucks", or even your equivalent answer, just wastes time and disk space. If you can/want to help, do so. If you want to be a windows basher, do it on another list... Besides, I need windows. There is still no an equivalent in linux for exchange. Nothing comes close. And, everything has been running smoothly here for almost 2 years... With windows. -----Original Message----- From: Silviu Marin-Caea [mailto:silviu@delrom.ro] Sent: Wednesday, December 05, 2001 8:14 AM To: Jim McDonough Cc: tng-users@samba-tng.org; lutz.westhaeusser@base-system.com; samba-ntdom@samba.org Subject: Re: Samba PDC and WinNT BDC On Wed, 5 Dec 2001 10:57:21 -0500 "Jim McDonough" wrote: > has anyone expirences with a samba PDC and a win BDC? I treid to > install a Windows BDC for a program which requires a windows dc and > the result si that > i cant logon on that bdc. > > i have a pdc running with samba-tng 2.6.1 and a bdc with nt40 Automatic user database replication between PDC and BDC is not yet implemented in any samba, tng or not. The windows BDC will not import automatically the new users, except at reboot, or if you restart that service, whatever it is. And to be honest who needs windows, anyway? After I phased out the last windows NT server, everything started working smoothly. Until then, it was a pain. I have a samba-tng PDC, and another lot of 5 servers runing samba. And am very happy this way too. Right now, I'm studying how to implement a BDC in tng. -- Silviu Marin-Caea - Network & Systems Administrator - Delta Romania Phone +4093-267961 From peter at cadcamlab.org Wed Dec 5 12:25:02 2001 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:37:07 2003 Subject: Samba PDC and WinNT BDC In-Reply-To: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> References: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> Message-ID: <20011205142229.D747@cadcamlab.org> [Vern Gill] > That is a (IMNSHO) stupid answer. Obviously this person has a need, > possibly outside of his control, that he use an nt box that acts as a > dc. To give the answer "Linux Rocks, Windows Sucks", or even your > equivalent answer, just wastes time and disk space. I think the answer was not so much "windows sux, linux rocks" as the Gatesian dictum "One domain controller ought to be enough for anybody". Your concern is valid, though - no matter how good Samba/Unix/Linux might be, some organisations have a need for DC redundancy. Load balancing is one reason, proximity (one DC at each end of the WAN) is another. The sorry fact is, Samba-TNG does not really support BDC operation either as the PDC or the BDC. Specifically, it does not support the "partial update" notifications from the PDC when the SAM changes. So you *can* set up TNG as either PDC or BDC in such a relationship, but you'll have to force a SAM sync every now and then. If TNG is the BDC, it's the rpcclient command 'samsync'; if NT is the BDC, you need to restart some service (probably 'smss.exe', but I'm not sure) or reboot. Peter From Iwan.Sanders at proeftuin-ict.com Wed Dec 5 14:52:06 2001 From: Iwan.Sanders at proeftuin-ict.com (Iwan Sanders) Date: Tue Dec 2 02:37:07 2003 Subject: Joining My Samba Domain with Win2000/XP Message-ID: <1007596330.3c0eb32a95aa7@email-ict.proeftuin-ict.com> Hi, I've installed samba version 2.2 on a suse linux 7.2 machine. I first made my own smb.conf and tried to make a win2000/xp machine a member of it. I did this through the windows interface and changed the workgroup into member of a domain. I got the error: Access is denied.?! Thus i tried one of the example smb.conf that came with the smb package. But the error keeps coming back. Can somebody please assist me with this annoying problem? Thanks. From Iwan.Sanders at proeftuin-ict.com Wed Dec 5 16:44:02 2001 From: Iwan.Sanders at proeftuin-ict.com (Iwan Sanders) Date: Tue Dec 2 02:37:07 2003 Subject: becoming a member of a samba domain Message-ID: <1007603044.3c0ecd64059fa@email-ict.proeftuin-ict.com> Hi, when i try to make a windows 2000 computer a member of a samba domain i get the following error message: procedure number out of range can somebody please help me? i included my smb.conf file. thanks -------------- next part -------------- # Samba config file created using SWAT # from 192.168.0.7 (192.168.0.7) # Date: 2001/07/01 19:58:00 # Global parameters [global] workgroup = THUISWERK netbios name = TW-LINUX-SERVER server string = LINUX SERVER encrypt passwords = Yes map to guest = Bad User keepalive = 30 logon script = KIX32.EXE logon drive = I: domain logons = Yes os level = 64 preferred master = True domain master = True kernel oplocks = No [homes] comment = home-directory read only = No create mask = 0750 browseable = No [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [NETLOGON] comment = User Login Share path = /netlogon write list = ntadmin [CDROM] comment = CDROM Drive Of The Linux Server path = /cdrom [win32Apps] comment = Windows 32 Applications path = /apps/win32apps read only = No [Muziek] comment = Gedeelde Muziek Bestanden path = /apps/Muziek read only = No From ken at escfx.com Wed Dec 5 17:40:02 2001 From: ken at escfx.com (Ken Harris) Date: Tue Dec 2 02:37:07 2003 Subject: Samba server 'joining' Win 2000 domain Message-ID: <2C71DF3DBE79474FB1DD4180574D558002D765@EXCHANGE.escfx.com> Hmmm. I did this, but 'wbinfo' still doesn't work :(, but the DC is a Windoze 2000 Server. -----Original Message----- From: Buchan Milne [mailto:bgmilne@cae.co.za] Sent: Wednesday, December 05, 2001 6:01 AM To: Ken Harris Cc: samba-ntdom@lists.samba.org; staburet@mandrakesoft.com Subject: Re: Samba server 'joining' Win 2000 domain Hi Ken, The best way to setup winbind is to: 1) stop all samba services: # service smb stop # service winbind stop 2)Join the domain: # smbpasswd -j -R -U 3)Start the samba services: # service smb start # service winbind start (the winbind service, which runs the winbindd daemon, needs to be running for wbinfo to work) 4)Test: wbinfo -t Also, you might want to read the docs on winbind at http://mandrakeuser.org/connect/csamab5.html#winbind. Please don't hesitate to reply if you have trouble. Also, I haven't tested winbind against a Windows DC, so I could be wrong .... Buchan Ken Harris wrote: > >I'm trying to make this Samba server join a Win2k domain. > >I run 'smbpasswd -j ...', and it says it's OK, but then wbinfo >doesn't work. I verified the 'join' on the Windoze side by using >the 'computer management' tool 'Active Directory Users and Computers': >it sees the machine (with OS "NT 4"). > >When I run "wbinfo", I get: > >ken@perth:~ 102% wbinfo -u >Error looking up domain users >Exit 1 >ken@perth:~ 103% wbinfo -t >Could not check secret >Exit 1 >ken@perth:~ 104% wbinfo -m >Could not list trusted domains >Exit 1 > > In /var/log/samba/log. , I get : > >[2001/12/04 13:58:23, 3] >nsswitch/winbindd_util.c:establish_connections(367) > could not find any domain controllers for domain ESCFX > >I'm running Mandrake 8.1 w/ the Samba 2.2.2 rpms: > >samba-common-2.2.2-3.3mdk >samba-client-2.2.2-3.3mdk >samba-2.2.2-3.3mdk >samba-winbind-2.2.2-3.3mdk >samba-doc-2.2.2-3.3mdk >sambapdf-1.0-2mdk >gnosamba-0.3.3-5mdk > >I have /etc/samba/smb.conf set up for domains: > > workgroup = ESCFX > security = domain > password server = * > >Any help would be appreciated. > -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From hchcheng at scg.math.uwaterloo.ca Wed Dec 5 19:55:02 2001 From: hchcheng at scg.math.uwaterloo.ca (Howard Cheng) Date: Tue Dec 2 02:37:07 2003 Subject: Does domain admin accounts work? Message-ID: Hi, I have been reading the PDC HowTo and FAQ, and it was pointed out that domain admin users don't really work in the pre-release. I haven't found any updated documentation for 2.2.1a. Does domain admin users work in this release? i.e. if a non-root user is a domain admin, can this user be used to create a machine account? Howard --- Howard Cheng e-mail: hchcheng@scg.math.uwaterloo.ca University of Waterloo URL : http://www.scg.uwaterloo.ca/~hchcheng/ Computer Science Graduate Student (PhD) The ultimate goal of mathematics is to eliminate any need for intelligent thought. - Alfred N. Whitehead From Lightfoot.Michael at comcare.gov.au Wed Dec 5 23:43:04 2001 From: Lightfoot.Michael at comcare.gov.au (Lightfoot.Michael) Date: Tue Dec 2 02:37:07 2003 Subject: The bloomin' Irish Message-ID: Let me first apologise for asking on two lists, but this problem is (of course) urgent because prior to this afternoon I was unaware of the problem and it has been affecting production users for two days despite me having warned everyone that they should be looking out for possible Samba problems! I have just upgraded most of our samba servers from 1.9.18 (various patch levels) to 2.2.2 on Solaris 8 and Solaris 2.6. This was forced by an upgrade of the Windoze password server from NT4 to Win2K. Patch levels of 1.9.18 prior to (about) 10 would not work with the new server. Patch level 10 does, luckily and remains on a system about to be retired. We now have another problem. Our users.map file contains a few Irish characters with apostrophes in their NT login names (e.g. O'Nerk.Fred) which are all of the format lastname.firstname. When these users now try to attach to a share the name get mangled by samba, changing the apostrophe to an underscore (ie o_nerk.fred) as well as the ussual case mangling and this results in a login failure. On the 1.9.18p10 system no such mangling occurs. I have searched archives of both lists and found only one entry about 18 months ago where someone asked if this would work. I have also searched most of the docos and not found a solution. Does anyone on the lists have the (probably bleeding obvious) answer? Relevant smb.conf entries (this file wasn't changed between versions and passes testparm on 2.2.2 except mysteriously for "share modes".) workgroup = COMCARE security = server password server = act-primary encrypt passwords = yes wins server = act-secondary username map = /usr/local/samba/lib/users.map domain master = no local master = no Michael Lightfoot SysIX Unix Systems Consulting 02 6258 8185 michael.lightfoot@canb.auug.org.au [Also deem apologies for the silly message below and for using Outhouse] ______________________________________ NOTICE: This e-mail message and attachments may contain confidential information. If you are not the intended recipient you should not use or disclose any information in the message or attachments. If received in error, please notify the sender by return e-mail immediately. Comcare does not waive any confidentiality or privilege. From abartlet at pcug.org.au Thu Dec 6 00:59:09 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:37:07 2003 Subject: The bloomin' Irish References: Message-ID: <3C0F32E0.837FA63E@bartlett.house> "Lightfoot.Michael" wrote: > > Let me first apologise for asking on two lists, but this problem is (of > course) urgent because prior to this afternoon I was unaware of the problem > and it has been affecting production users for two days despite me having > warned everyone that they should be looking out for possible Samba problems! > > I have just upgraded most of our samba servers from 1.9.18 (various patch > levels) to 2.2.2 on Solaris 8 and Solaris 2.6. This was forced by an > upgrade of the Windoze password server from NT4 to Win2K. Patch levels of > 1.9.18 prior to (about) 10 would not work with the new server. Patch level > 10 does, luckily and remains on a system about to be retired. > > We now have another problem. Our users.map file contains a few Irish > characters with apostrophes in their NT login names (e.g. O'Nerk.Fred) which > are all of the format lastname.firstname. > > When these users now try to attach to a share the name get mangled by samba, > changing the apostrophe to an underscore (ie o_nerk.fred) as well as the > ussual case mangling and this results in a login failure. On the 1.9.18p10 > system no such mangling occurs. The lowercasing is becouse the name didn't map, so it got caught up in the normal samba 'attempt to find matching unix user' process... > I have searched archives of both lists and found only one entry about 18 > months ago where someone asked if this would work. I have also searched > most of the docos and not found a solution. Unfortunetly the only reference is an obscure line in the WHATSNEW.TXT and the cvs commit message. None of which would have attracted your attention... > Does anyone on the lists have the (probably bleeding obvious) answer? > Relevant smb.conf entries (this file wasn't changed between versions and > passes testparm on 2.2.2 except mysteriously for "share modes".) > > workgroup = COMCARE > security = server > password server = act-primary > encrypt passwords = yes > wins server = act-secondary > username map = /usr/local/samba/lib/users.map > domain master = no > local master = no > > Michael Lightfoot > SysIX Unix Systems Consulting > 02 6258 8185 > michael.lightfoot@canb.auug.org.au It looks like you have hit some Samba parinoia on user-supplied inputs. The following snippit in reply.c:sesssetup_and_X() caused your problem: /* don't allow strange characters in usernames or domains */ alpha_strcpy(user, user, ". _-$", sizeof(user)); alpha_strcpy(domain, domain, ". _-", sizeof(domain)); if (strstr(user, "..") || strstr(domain,"..")) { return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw); } This patch should fix it tempoarily - but don't use %U in your smb.conf, becouse the ' could (potentially, possibly) cause problems. Index: reply.c =================================================================== RCS file: /data/cvs/samba/source/smbd/reply.c,v retrieving revision 1.240.2.72 diff -u -r1.240.2.72 reply.c --- reply.c 20 Oct 2001 21:23:51 -0000 1.240.2.72 +++ reply.c 6 Dec 2001 08:48:23 -0000 @@ -856,7 +856,7 @@ } /* don't allow strange characters in usernames or domains */ - alpha_strcpy(user, user, ". _-$", sizeof(user)); + alpha_strcpy(user, user, ". _-$'", sizeof(user)); alpha_strcpy(domain, domain, ". _-", sizeof(domain)); if (strstr(user, "..") || strstr(domain,"..")) { return ERROR_BOTH(NT_STATUS_LOGON_FAILURE,ERRSRV,ERRbadpw); In the long term, I'll see if we can arrange for usernames to be used unchanged within samba - except for the %U substituions - to avoid this in future (this is a larger change, and will require significantly more testing). Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net From mjs at blitz-technology.net Thu Dec 6 01:00:12 2001 From: mjs at blitz-technology.net (Mitchell) Date: Tue Dec 2 02:37:07 2003 Subject: Windows 2k and Samba PDC Message-ID: <20011206191032.A11915@blitz-technology.net> This is more a Windows 2k problem than a Samba one. I have set up my samba server as a PDC for ur Win 2k network. I have a workstation called lift which I have added as follows useradd -g 100 -d /dev/null -s /bin/false -c "lift" lift$ passwd -l lift$ smbpasswd -a -m lift I then went to that workstation and joined it to the domain using user root password xxxxxx it said it joined and would I like to add a user which had access to network services. I answered "don't add a user at this time" and it finished the network setup wizard. I then logged out of the administrator account and tried to log back in as user mjs user mjs exists as a system user as well as in the smbpassword file. it bumped me off with an invalid user/password warning. it is as if it isn't authenticating users against the PDC. Is there anything else under windows 2k that I have to change to get it to authenticate users out of the PDC? I assume that I don't have to add *all* users to each workstation. Any assistance here would greatly be appreciated. Thanks From MathiasWohlfarth at bwb.org Thu Dec 6 02:12:02 2001 From: MathiasWohlfarth at bwb.org (Mathias Wohlfarth) Date: Tue Dec 2 02:37:07 2003 Subject: Antwort: Re: Password expiration after joining Domain Message-ID: I have reed (half a year ago) that there was a bug in the cvs code with this behaviour. This bug has been fixed. I have been looking into the code in this area, because I had to create a patch to implement a password expire function. There is no password expiry in the latest version of 2.2.2 Did you compile the latest code or did you get a compiled package? MW Greg Goodrich @lists.samba.org on 05.12.2001 16:46:40 Gesendet von: samba-ntdom-admin@lists.samba.org An: "S. Zwedler" Kopie: samba-ntdom@lists.samba.org Org.Element: Telefon: Thema: Re: Password expiration after joining Domain I'm having the same issues, so if you find the answer to this problem, please let me know. Also, if anyone on the list knows, I'd appreciate it. TIA, "S. Zwedler" wrote: > Hi, > after installing Samba 2.2.2 and successfully joining the domain, users are now prompted to change their > passwords. I believe this is triggered by Samba, and while it makes sense security-wise, it's not needed in the > trusted environment here so I'd like to set the password expiration time to infinite (never expires). I haven't > yet found the right option in Samba yet, so i'd be more than grateful if someone could tell me where I can find > the proper option. (i'm aware that there is a last-time-changed field in smbpasswd file but I do not want to > change that manually for all users every month...) > > Thanks all, > Steffen Zwedler -- Greg Goodrich Senior Software Engineer MediNotes Corp. ggoodrich@medinotes.com From linux at gymkc.cz Thu Dec 6 04:23:01 2001 From: linux at gymkc.cz (Michal Safranek) Date: Tue Dec 2 02:37:07 2003 Subject: Samba and Windows XP Message-ID: <200112061221.fB6CLMD05690@master.gymkc.cz> Hello, I've installed Windows XP on one computer in my network and i have problems with its connecting to Samba. I dont know if the mistake is in WinXP or Samba(ver 2.2.2). I can look at shared drives, read and write, but i cannot log into domain. The most frequently errorsw when i'm trying to log in are: You cannot log in, but there are any more errors... Thanx for answers. Michal Safranek Czech Rep. admin@gymkc.cz, linux@gymkc.cz From aaa at netman.dk Thu Dec 6 04:43:08 2001 From: aaa at netman.dk (Alaa Alamood) Date: Tue Dec 2 02:37:07 2003 Subject: Samba and CPU usage Message-ID: <3C0F6706.EC5209D6@netman.dk> Hi samba folk I'm using samba samba.2.0.7 which running on tru64 unix, when some body tring to print from windows 2000 client. it will get samba to use 50% from the CPU and no body in my company can do any thing until the print is finish and the cpu usage down again, I use also samba 2.2.2 in another machine it doaing exacly the same. is any body has an idea what's going on regards Alaa [global] browse list = yes mangled stack = 100 max xmit = 8192 preferred master = yes printing = bsd read size = 8192 security = user domain master = no os level = 33 From jay at toltec.metran.cx Thu Dec 6 05:15:03 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:37:07 2003 Subject: Samba and Windows XP In-Reply-To: <200112061221.fB6CLMD05690@master.gymkc.cz> from "Michal Safranek" at Dec 06, 2001 01:21:22 PM Message-ID: <200112061313.fB6DD8I09541@toltec.metran.cx> Michal Safranek wrote: > > I've installed Windows XP on one computer in my network and i have > problems with its connecting to Samba. I dont know if the mistake is > in WinXP or Samba(ver 2.2.2). I can look at shared drives, read and > write, but i cannot log into domain. If the problem is that the WinXP system can't find the domain controller, try the registry patch found in the docs/Registry directory of the Samba source distribution. > The most frequently errorsw when i'm trying to log in are: > You cannot log in, but there are any more errors... You might get better help if you would tell us exactly what error messages you are seeing! Jay Ts From olli.fink at ak-vorarlberg.at Thu Dec 6 07:28:03 2001 From: olli.fink at ak-vorarlberg.at (Olli Fink) Date: Tue Dec 2 02:37:07 2003 Subject: AW: Samba and Windows XP In-Reply-To: <200112061221.fB6CLMD05690@master.gymkc.cz> Message-ID: <002201c17e6a$3796afe0$6401000a@olli> Try the registry-hack WinXP_SignOrSeal.reg in your /docs/Registry in the samba sources !!! Greetings Olli > -----Ursprüngliche Nachricht----- > Von: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Michal Safranek > Gesendet am: Donnerstag, 06. Dezember 2001 13:21 > An: samba-ntdom@lists.samba.org > Betreff: Samba and Windows XP > > Hello, > I've installed Windows XP on one computer in my network and i have > problems with its connecting to Samba. I dont know if the mistake is > in WinXP or Samba(ver 2.2.2). I can look at shared drives, read and > write, but i cannot log into domain. > > The most frequently errorsw when i'm trying to log in are: > You cannot log in, but there are any more errors... > > Thanx for answers. > > Michal Safranek > Czech Rep. > admin@gymkc.cz, linux@gymkc.cz > > From silviu at delrom.ro Thu Dec 6 07:58:02 2001 From: silviu at delrom.ro (Silviu Marin-Caea) Date: Tue Dec 2 02:37:07 2003 Subject: Samba PDC and WinNT BDC In-Reply-To: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> References: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> Message-ID: <20011206175820.44eec86c.silviu@delrom.ro> On Wed, 5 Dec 2001 09:34:23 -0800 "Gill, Vern" wrote: > That is a (IMNSHO) stupid answer. Obviously this person has a need, > possibly outside of his control, that he use an nt box that acts as a You have jumped the gun. The first two paragraphs (bellow) of my first reply contained, IMHO, helpful information. > Automatic user database replication between PDC and BDC is not yet > implemented in any samba, tng or not. > > The windows BDC will not import automatically the new users, except at > reboot, or if you restart that service, whatever it is. -- Silviu Marin-Caea - Network & Systems Administrator - Delta Romania Phone +4093-267961 From gzart at leiinc.com Thu Dec 6 08:03:03 2001 From: gzart at leiinc.com (Greg Zartman) Date: Tue Dec 2 02:37:08 2003 Subject: Does domain admin accounts work? References: Message-ID: <007c01c17e6f$ce36ebe0$6500a8c0@greg> > work in this release? i.e. if a non-root user is a domain admin, can > this user be used to create a machine account? No, only root can create machine accounts. From mark at bowmansystems.com Thu Dec 6 11:31:09 2001 From: mark at bowmansystems.com (Mark Rinaudo) Date: Tue Dec 2 02:37:08 2003 Subject: Can't become connected user! Message-ID: <3C0F74B2.5080104@bowmansystems.com> Well I'm still trying to attempt to connect this win 2000 box to the domain with samba as the pdc. I added root to the smbpasswd file and set the password as the same as the root unix account. That seemed to get me a little further. Now when i attempt to connect i get an error message on the windows box saying "The specified network password is not correct" So i turned to samba for the answer. I jacked the debug level up to 4 to see what was bombing out. Everything looks alright in the logging until it get's to this point quoted below. [2001[2001/12/06 13:19:43, 0] smbd/service.c:make_connection(553) Can't become connected user! [2001/12/06 13:19:43, 3] smbd/connection.c:yield_connection(50) Yielding connection to IPC$ [2001/12/06 13:19:43, 3] smbd/error.c:error_packet(99) error string = No such file or directory I was told when joing the machine to the domain you should use the root as the user and his password when prompted. I also read somewhere that it's not needed to enter the machine name into the smbpasswd file just as long as you have it entry in the /etc/passwd file with a preceding '$' to mark it as a machine. I've tried this with and without the entry in the smbpasswd file. No luck. Any Help would be great. TIA Mark Rinaudo From grobe at gmx.net Thu Dec 6 14:23:02 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:37:08 2003 Subject: unix groups and samba head 2.2 - how do they appear on the windows side? Message-ID: <3C0FFDB8.35EF351F@gmx.net> Hi! Currently, I use a TNG-PDC. It is working quite well, but I can't make accounts expire, and so I consider to move back to head. I have a configuration where I can "map" a unix group to a local windows group by adding the group "MYDOMAIN\UNIXGROUP" to the local windows group. I need the members of the unix group in this local windows-group (it's not me who did the clients' installation ;-). Will this be possible with samba 2.2.2 and the windows 2000 clients? Thank You, CU, Lars. From ladislav.kostal at fem.uniag.sk Fri Dec 7 05:22:02 2001 From: ladislav.kostal at fem.uniag.sk (Ladislav Kostal) Date: Tue Dec 2 02:37:08 2003 Subject: Win2K SP2 + Samba 2.2.2 + Roaming Profiles Message-ID: Hello admins, Does someone have working %SUBJ%? All I can get for this configuration is: 1) Win2K client can join domain with Samba 2.2.2 as PDC 2) User from samba server can log in to the Win2K client 3) Profile is moved after logout to server properly 4) BUT when the user logs in again profile is NOT copied from server, but Win2K creates NEW one! Could someone explain me, what am i doing wrong? Relevant sections from smb.conf: (profile is stored in users's home directory on Samba server) [global] workgroup = TEST domain logons = yes security = user encrypt passwords = yes local master = yes os level = 65 domain master = yes preferred master = yes wins support = yes preserve case = yes case sensitive = yes logon script = common.bat logon drive = S: logon home = \\%N\%U logon path = \\%N\%U\profile preserve case = yes case sensitive = yes [homes] comment = Home Directories browseable = no writable = yes force directory mode = 0700 nt acl support = no inherit permissions = yes Thanks Ladislav Kostal From tcurdt at dff.st Fri Dec 7 07:27:04 2001 From: tcurdt at dff.st (Torsten Curdt) Date: Tue Dec 2 02:37:08 2003 Subject: defining domain rights on PDC In-Reply-To: Message-ID: Hi, there. I want to grant permissions on a domain basis. So everyone logged in on our W2k workstations has e.g. the right to do this or not do that. Is this possible at all? AFAIK all current sambas are still lacking the trust relationship... If it DOES work - which version of samba would I need? And how can I administrate those rights. Some hints and/or links would be great -- Torsten From erik at roxen.com Fri Dec 7 08:26:03 2001 From: erik at roxen.com (Erik Persson) Date: Tue Dec 2 02:37:08 2003 Subject: Unable to join Samba 2.2.2 server to TNG PDC Message-ID: Hi, After a lot of sweat and tears I have finally managed to get a Samba TNG PDC working with an LDAP backend. I had to give up on Samba 2.2 as there was always something that would break when using the LDAP backend. Now, having Win2K clients join the domain works like a charm, but I have simply no luck in figuring out why. I do the same thing as for the Win2K clients, that is, creating a machine account with the default password but when I try to join using: wopr:/# /opt/samba/bin/smbpasswd -j TESTDOMAIN -r PDC-LIN -UAdministrator INFO: Debug class all level = 1 (pid 23940 from pid 23940) Password: session setup ok Domain=[TESTDOMAIN] OS=[Unix] Server=[Samba TNG-alpha] Unable to join domain TESTDOMAIN. When examining the log from the TNG smbd the log looks almost identical in both cases, except that the log for the W2K client is longer. Typically, the log files look like: --->cut here<--- Changed root to / netbios connect: name1=PDC-LIN name2=WOPR Changed root to / msrpc_process: client_name: lsarpc my_name: pdc-lin Closing connections Changed root to / msrpc_process: client_name: netlogon my_name: pdc-lin Changed root to / msrpc_process: client_name: lsarpc my_name: pdc-lin Connected to LDAP server Searching in [dc=roxen,dc=com] for [(&(ntuid=ADMINISTRATOR)(objectclass=sambaAccount))] with scope [2] 1 matching entries found Retrieving account [Administrator] Closing connections Connection closed . . . . Connected to LDAP server Searching in [dc=roxen,dc=com] for [(&(sambaMember=nobody,*)(objectclass=sambaGroup))] with scope [2] 0 matching entries found Connection closed Connected to LDAP server Searching in [dc=roxen,dc=com] for [(&(rid=1f5)(objectclass=sambaAccount))] with scope [2] 1 matching entries found Retrieving account [nobody] Connection closed --->cut here<--- OK. Until now, the log entries are almost identical except that in the case of the Samba client LDAP is searched for "ADMINISTRATOR" rather than "Administrator" which should not be a problem. But now, things start to change. When the W2K client tries to join it looks like: --->cut here<--- Changed root to / msrpc_process: client_name: samr my_name: pdc-lin ldap_connect: Connect denied: euid=60001 uid=0 ldap_connect: Connect denied: euid=60001 uid=0 Allocating new RID ldap_connect: Connect denied: euid=60001 uid=0 Failed to add entry for user sunpci$. Closing connections WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=60001, egid=60001 _lsa_open_secret failed with 0xc0000022 Closing connections Closing connections Closing connections Changed root to / netbios connect: name1=PDC-LIN name2=SUNPCI Changed root to / msrpc_process: client_name: lsarpc my_name: pdc-lin Closing connections Changed root to / msrpc_process: client_name: netlogon my_name: pdc-lin Changed root to / msrpc_process: client_name: lsarpc my_name: pdc-lin Closing connections Connected to LDAP server Searching in [dc=roxen,dc=com] for [(&(ntuid=Administrator)(objectclass=sambaAccount))] with scope [2] . . loads of more LDAP searches and other stuff . . authorise_login: TODO. split function, it's 6 levels! WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=60001, egid=60001 LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=60001, egid=60001 LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED Changed root to / msrpc_process: client_name: netlogon my_name: pdc-lin Connected to LDAP server . . more LDAP searches . . --->cut here<--- Finally the procedure is done and the client has sucessfully joined the domain. With the Samba client however this is all that happens: --->cut here<--- Changed root to / msrpc_process: client_name: lsarpc my_name: pdc-lin WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=60001, egid=60001 Changed root to / _lsa_open_secret failed with 0xc0000022 Closing connections msrpc_process: client_name: samr my_name: pdc-lin ldap_connect: Connect denied: euid=60001 uid=0 ldap_connect: Connect denied: euid=60001 uid=0 Allocating new RID ldap_connect: Connect denied: euid=60001 uid=0 Failed to add entry for user wopr$. Closing connections Closing connections Closing connections --->cut here<--- Besides: What's with the message: "WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack?" Any ideas? /Erik -- Erik Persson, System Manager Roxen Internet Software Voice: +46 13 376817 From Ben.Coakley at tcaction.org Fri Dec 7 08:57:02 2001 From: Ben.Coakley at tcaction.org (Ben Coakley) Date: Tue Dec 2 02:37:08 2003 Subject: Win2K Server can't use Samba PDC groups? Message-ID: <351AAD621F25D411BB730006293987D415EEA3@MAIL> I have a Samba 2.2.2 server running in Domain Controller mode, and a Win2K SP2 server that's successfully joined the domain. The Win2K server is not a domain controller, just a domain member. I'm able to log on to the domain on the Win2K server as a domain admin and as a normal user. What I'd like to do is create shares on the Win2K server that use groups from the Samba server. Currently, this isn't working at all. I can create shares on the Samba server with group permissions, and when I view the properties of those shares on the Win2K server, I see the groups. But when I create shares on the Win2K server, the Security tab only shows users, not groups. Running USRMGR.EXE on the Win2K server lets me see all the groups (they show up as "Local Unix Groups"), but not the membership. I've tried this both with and without NT ACL support compiled in, with no success. I've made sure that "nt acl support = yes" is in my smb.conf file. The "domain group map" directive appears to be obsolete, but I tried that too. There are some hints in the Samba documentation that this might not be possible, which would be too bad. Can anyone confirm this? Can I work around the problem with the smbcacls application? Thanks, -- Ben Coakley ben.coakley@tcaction.org Director of Information Technology V:607-273-8816 x110 Tompkins Community Action F:607-273-3293 Learn more about Tompkins Community Action at http://www.tcaction.org/ From ralf at owlnet.rice.edu Fri Dec 7 10:02:19 2001 From: ralf at owlnet.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:37:08 2003 Subject: spawning smb processes out of control Message-ID: Please help. I have a weird problem with samba 2.2.1a. For the most part, Samba behaves just wonderfully. I'd say, 99.9% of the time it chugs along serving applications, sharing files and printers like a champ. But at least once a week, and some weeks, three or four times, the samba server starts spawning smbd processes like there's no tomorrow until it runs out of resources. At that point, users services come to a complete halt. Nobody is able to login, print, or do anything else. The load on the server becomes extremely high, and the only way to recover is by killing all the smbd processes that were spawned by the server. The number of processes spawned goes way past the 500 mark. If you're lucky and the server responds, you can kill the processes and everything goes back to normal. If the server is beyond recovery, only a reboot will get the server back. The server is a dedicated Sun Enterprise 220R with truckloads of memory, running Solaris 8. The weird part is that, the out-of-control spawning can happen when there's only a handful (8 or 10) of users, or when the labs are packed, sometimes during the day, at other times at wee hours of the night. The logs don't show information that I could relate the this problem. I've set the debug level to 3 or 4, and the only thing that I was able to spot was a problem with the oplocks. Something to the effect that the server was waiting for an oplock to be released, and then receiving a notification without expecting it, also about oplocks, (sorry, I do not have the log output anymore. I think I can get it again though). Anyway; thinking that this was the cause of the problem, I disabled the oplocks parameter on the smb.conf file, but it did not make a difference. If anybody has experienced the same problem, or knows what is causing it, I would really, I mean REALLY, appreciate pointing me in the right direction to correct it. Thanks; Al Ramos. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | Educational Technology Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From h.p.bernhard at ieee.org Fri Dec 7 10:54:33 2001 From: h.p.bernhard at ieee.org (Hans-Peter Bernhard) Date: Tue Dec 2 02:37:08 2003 Subject: spawning smb processes out of control References: Message-ID: <3C110D67.5B6E5725@ieee.org> I had nearly the same problem, on a linux system maybe it is not a great help but I upgraded my linux system from suse 7.2 to suse 7.3 and I never saw this behaviour again. I assume, as I patched the lpd (the week before) I had to install newer clibs maybe something went wrong..... It is not a nice solution, but I am serving about 200 workstations and 800 users and I never saw it again. hpb Alfredo Ramos schrieb: > > Please help. I have a weird problem with samba 2.2.1a. > > For the most part, Samba behaves just wonderfully. I'd say, 99.9% of the > time it chugs along serving applications, sharing files and printers like > a champ. But at least once a week, and some weeks, three or four times, > the samba server starts spawning smbd processes like there's no tomorrow > until it runs out of resources. At that point, users services come to a > complete halt. Nobody is able to login, print, or do anything else. The > load on the server becomes extremely high, and the only way to recover is > by killing all the smbd processes that were spawned by the server. The > number of processes spawned goes way past the 500 mark. If you're lucky > and the server responds, you can kill the processes and everything goes > back to normal. If the server is beyond recovery, only a reboot will get > the server back. > > The server is a dedicated Sun Enterprise 220R with truckloads of memory, > running Solaris 8. The weird part is that, the out-of-control spawning can > happen when there's only a handful (8 or 10) of users, or when the labs > are packed, sometimes during the day, at other times at wee hours of the > night. > > The logs don't show information that I could relate the this problem. I've > set the debug level to 3 or 4, and the only thing that I was able to spot > was a problem with the oplocks. Something to the effect that the server > was waiting for an oplock to be released, and then receiving a > notification without expecting it, also about oplocks, (sorry, I do not > have the log output anymore. I think I can get it again though). > > Anyway; thinking that this was the cause of the problem, I disabled the > oplocks parameter on the smb.conf file, but it did not make a difference. > > If anybody has experienced the same problem, or knows what is causing it, > I would really, I mean REALLY, appreciate pointing me in the right > direction to correct it. > > Thanks; > > Al Ramos. > > --------------------------------------------------------------------------------- > | Alfredo Ramos > This space available for rent. | Educational Technology > Get your product moving. Advertise here! | Rice University. > | Email: ralf@is.rice.edu > --------------------------------------------------------------------------------- From ralf at owlnet.rice.edu Fri Dec 7 11:22:03 2001 From: ralf at owlnet.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:37:08 2003 Subject: spawning smb processes out of control In-Reply-To: <3C110D67.5B6E5725@ieee.org> Message-ID: Bernhard; Thanks for the reply. But I don't think upgrading/downgrading the OS is an option for me. Thanks though. Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | Educational Technology Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Fri, 7 Dec 2001, Hans-Peter Bernhard wrote: > I had nearly the same problem, on a linux system maybe it is not > a great help but I upgraded my linux system from suse 7.2 to suse 7.3 > and I never saw this behaviour again. > I assume, as I patched the lpd (the week before) I had to install > newer clibs maybe something went wrong..... > It is not a nice solution, but I am serving about 200 workstations and > 800 users and I never saw it again. > > hpb > > Alfredo Ramos schrieb: > > > > Please help. I have a weird problem with samba 2.2.1a. > > > > For the most part, Samba behaves just wonderfully. I'd say, 99.9% of the > > time it chugs along serving applications, sharing files and printers like > > a champ. But at least once a week, and some weeks, three or four times, > > the samba server starts spawning smbd processes like there's no tomorrow > > until it runs out of resources. At that point, users services come to a > > complete halt. Nobody is able to login, print, or do anything else. The > > load on the server becomes extremely high, and the only way to recover is > > by killing all the smbd processes that were spawned by the server. The > > number of processes spawned goes way past the 500 mark. If you're lucky > > and the server responds, you can kill the processes and everything goes > > back to normal. If the server is beyond recovery, only a reboot will get > > the server back. > > > > The server is a dedicated Sun Enterprise 220R with truckloads of memory, > > running Solaris 8. The weird part is that, the out-of-control spawning can > > happen when there's only a handful (8 or 10) of users, or when the labs > > are packed, sometimes during the day, at other times at wee hours of the > > night. > > > > The logs don't show information that I could relate the this problem. I've > > set the debug level to 3 or 4, and the only thing that I was able to spot > > was a problem with the oplocks. Something to the effect that the server > > was waiting for an oplock to be released, and then receiving a > > notification without expecting it, also about oplocks, (sorry, I do not > > have the log output anymore. I think I can get it again though). > > > > Anyway; thinking that this was the cause of the problem, I disabled the > > oplocks parameter on the smb.conf file, but it did not make a difference. > > > > If anybody has experienced the same problem, or knows what is causing it, > > I would really, I mean REALLY, appreciate pointing me in the right > > direction to correct it. > > > > Thanks; > > > > Al Ramos. > > > > --------------------------------------------------------------------------------- > > | Alfredo Ramos > > This space available for rent. | Educational Technology > > Get your product moving. Advertise here! | Rice University. > > | Email: ralf@is.rice.edu > > --------------------------------------------------------------------------------- > From mike at digitalpipe.net Fri Dec 7 13:06:26 2001 From: mike at digitalpipe.net (Mike Papper) Date: Tue Dec 2 02:37:08 2003 Subject: Samba PDC and WinNT BDC In-Reply-To: <20011206175820.44eec86c.silviu@delrom.ro> References: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> <20011206175820.44eec86c.silviu@delrom.ro> Message-ID: <200112072103.fB7L3Zc09077@mail.digitalpipe.com> Was wondering if samba will run a BDC on a linux machine? In this scenario the PDC is a NT box. Details: -------- We are using samba 2.2.2 with winbind in order to replicate the list of NT users/groups on a NT 4 network. There is an existing NT 4 PDC running on the network. Our software would like to know the complete list of users and groups so it can manage access to resources. To clarify: An network already exists with a set of user/groups. We have software that needs to know the existing set of user/groups so it can use these users/groups when assigning access to videos. We tried the following: on Linux run samba 2.2.2 with winbind and nsswitch to "add" the NT users to the linux machines set of users. Problem: winbind leaks memory. When you have 15,000 users in the PDC, logging into the linux machine can take a long time. The linux machine hits the PDC an awful lot (network traffic and PDC load) as it keeps updating its list. It appears that we could solve this problem if the Linux machine were also a BDC (it is NOT currently a PDC). Then the PDC and BDC would communicate using their own protocls and hopefully on user/group UPDATES would be sent across the wire thereby reducing network traffic enormously and reding the load on the PDC. Additionally winbindd would talk locally (to the BDC) so it would work more efficiently. NOTE: I dont trust that the "winbind cache time" option for winbindd does anything at all - in particular winbind is supposed to check for the PDC's "sequence number" as it keeps hitting the PDC. Has anyone tested this? Or perhaps the PDC changes its sequence number every other minute andf so the cache doesnt seem to work. ?? Some questions: 1) Can samba be configured to run a BDC on a linux machine? And is stable? With what version of samba? 2) Can winbindd be configured to talk to that BDC rather than a PDC? 3) I read the following from these newsgroups: > > Automatic user database replication between PDC and BDC is not yet > > implemented in any samba, tng or not. > > > > The windows BDC will not import automatically the new users, except at > > reboot, or if you restart that service, whatever it is. This would imply that we cannot have a BDC on linux and that even if we did, since the PDC-BDC does not import new users its wont be very useful. Anyone?? 4) I heard that the memory leaks in winbindd were fixed...anyone know of a release version of this code (RPMs...). 5) When we configured winbindd we put entries into PAM. Perhaps we dont need these entries? What our code does is call the C function getgrent and getpwent (which I assume are the same as the "getent passwd" and "getent group" shell commands/programs whatever) - for these to work does PAM have to be involved? -- Mike Papper Digital Pipe mike@digitalpipe.net 650-627-5100 ext. 5211 From jra at samba.org Fri Dec 7 13:22:19 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:37:08 2003 Subject: Samba PDC and WinNT BDC In-Reply-To: <200112072103.fB7L3Zc09077@mail.digitalpipe.com>; from mike@digitalpipe.net on Fri, Dec 07, 2001 at 01:05:46PM -0800 References: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> <20011206175820.44eec86c.silviu@delrom.ro> <200112072103.fB7L3Zc09077@mail.digitalpipe.com> Message-ID: <20011207132151.C784@va.samba.org> On Fri, Dec 07, 2001 at 01:05:46PM -0800, Mike Papper wrote: > We tried the following: on Linux run samba 2.2.2 with winbind and nsswitch to > "add" the NT users to the linux machines set of users. Problem: winbind leaks > memory. When you have 15,000 users in the PDC, logging into the linux machine > can take a long time. The linux machine hits the PDC an awful lot (network > traffic and PDC load) as it keeps updating its list. This is fixed in the current winbindd code in the SAMBA_2_2 CVS tree. If you'd like to test it out that would be very welcome, a lot of work is currently going on in this area to speed this up. Jeremy. From eirvine at tpgi.com.au Fri Dec 7 13:32:06 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:37:08 2003 Subject: spawning smb processes out of control References: <3C110D67.5B6E5725@ieee.org> Message-ID: <3C1132D7.2FB873AF@tpgi.com.au> Hi, Yes, I've seen this on Solaris too. We also noticed *some* smbd processes using huge amounts of memory and cpu time. Using truss, we found that those processes were stuck in an endless loop dealing with a recursive symlink. I now have "follow symlinks = no" as a default in my smb.conf and I haven't seen either problem since. I also removed the reursive symlink :) Eddie. Hans-Peter Bernhard wrote: > > I had nearly the same problem, on a linux system maybe it is not > a great help but I upgraded my linux system from suse 7.2 to suse 7.3 > and I never saw this behaviour again. > I assume, as I patched the lpd (the week before) I had to install > newer clibs maybe something went wrong..... > It is not a nice solution, but I am serving about 200 workstations and > 800 users and I never saw it again. > > hpb > > Alfredo Ramos schrieb: > > > > Please help. I have a weird problem with samba 2.2.1a. > > > > For the most part, Samba behaves just wonderfully. I'd say, 99.9% of the > > time it chugs along serving applications, sharing files and printers like > > a champ. But at least once a week, and some weeks, three or four times, > > the samba server starts spawning smbd processes like there's no tomorrow > > until it runs out of resources. At that point, users services come to a > > complete halt. Nobody is able to login, print, or do anything else. The > > load on the server becomes extremely high, and the only way to recover is > > by killing all the smbd processes that were spawned by the server. The > > number of processes spawned goes way past the 500 mark. If you're lucky > > and the server responds, you can kill the processes and everything goes > > back to normal. If the server is beyond recovery, only a reboot will get > > the server back. > > > > The server is a dedicated Sun Enterprise 220R with truckloads of memory, > > running Solaris 8. The weird part is that, the out-of-control spawning can > > happen when there's only a handful (8 or 10) of users, or when the labs > > are packed, sometimes during the day, at other times at wee hours of the > > night. > > > > The logs don't show information that I could relate the this problem. I've > > set the debug level to 3 or 4, and the only thing that I was able to spot > > was a problem with the oplocks. Something to the effect that the server > > was waiting for an oplock to be released, and then receiving a > > notification without expecting it, also about oplocks, (sorry, I do not > > have the log output anymore. I think I can get it again though). > > > > Anyway; thinking that this was the cause of the problem, I disabled the > > oplocks parameter on the smb.conf file, but it did not make a difference. > > > > If anybody has experienced the same problem, or knows what is causing it, > > I would really, I mean REALLY, appreciate pointing me in the right > > direction to correct it. > > > > Thanks; > > > > Al Ramos. > > > > --------------------------------------------------------------------------------- > > | Alfredo Ramos > > This space available for rent. | Educational Technology > > Get your product moving. Advertise here! | Rice University. > > | Email: ralf@is.rice.edu > > --------------------------------------------------------------------------------- From samba at denverdata.com Fri Dec 7 13:55:04 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:37:08 2003 Subject: defining domain rights on PDC In-Reply-To: Message-ID: Torsten, > Hi, there. > > I want to grant permissions on a domain > basis. So everyone logged in on our W2k > workstations has e.g. the right to do > this or not do that. > What do you mean by "this or that"? If you mean the ability to perform certain actions on a client, you can use policies to accomplish this. Policies are automatically looked for by win clients in the netlogon share of samba. If you mean the ability to control access to a share or files in a share, unix groups and proper configuration of share definitions in smb.conf will cover this. If you mean the ability to control access to parts of the client file systems/applications, other then for administrators, you can't do that yet. > If it DOES work - which version of samba would > I need? And how can I administrate those rights. > I believe all the samba 2.x series have the same behaviour as I've outlined above. HTH, Doug From jra at samba.org Fri Dec 7 13:58:02 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:37:08 2003 Subject: spawning smb processes out of control In-Reply-To: ; from ralf@owlnet.rice.edu on Fri, Dec 07, 2001 at 11:59:29AM -0600 References: Message-ID: <20011207135733.A13864@va.samba.org> On Fri, Dec 07, 2001 at 11:59:29AM -0600, Alfredo Ramos wrote: > Please help. I have a weird problem with samba 2.2.1a. > > For the most part, Samba behaves just wonderfully. I'd say, 99.9% of the > time it chugs along serving applications, sharing files and printers like > a champ. But at least once a week, and some weeks, three or four times, > the samba server starts spawning smbd processes like there's no tomorrow > until it runs out of resources. At that point, users services come to a > complete halt. Nobody is able to login, print, or do anything else. The > load on the server becomes extremely high, and the only way to recover is > by killing all the smbd processes that were spawned by the server. The > number of processes spawned goes way past the 500 mark. If you're lucky > and the server responds, you can kill the processes and everything goes > back to normal. If the server is beyond recovery, only a reboot will get > the server back. > > The server is a dedicated Sun Enterprise 220R with truckloads of memory, > running Solaris 8. The weird part is that, the out-of-control spawning can > happen when there's only a handful (8 or 10) of users, or when the labs > are packed, sometimes during the day, at other times at wee hours of the > night. > > The logs don't show information that I could relate the this problem. I've > set the debug level to 3 or 4, and the only thing that I was able to spot > was a problem with the oplocks. Something to the effect that the server > was waiting for an oplock to be released, and then receiving a > notification without expecting it, also about oplocks, (sorry, I do not > have the log output anymore. I think I can get it again though). > > Anyway; thinking that this was the cause of the problem, I disabled the > oplocks parameter on the smb.conf file, but it did not make a difference. I think this is the contention on the share modes database that I believe we've fixed in the SAMBA_2_2 CVS tree. If you could test that out I'd appreciate it. Thanks, Jeremy. From ralf at owlnet.rice.edu Fri Dec 7 22:22:04 2001 From: ralf at owlnet.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:37:08 2003 Subject: spawning smb processes out of control In-Reply-To: <20011207135733.A13864@va.samba.org> Message-ID: Yes, of course I will. Thanks for the reply. Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | Educational Technology Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Fri, 7 Dec 2001, Jeremy Allison wrote: > On Fri, Dec 07, 2001 at 11:59:29AM -0600, Alfredo Ramos wrote: > > Please help. I have a weird problem with samba 2.2.1a. > > > > > > Anyway; thinking that this was the cause of the problem, I disabled the > > oplocks parameter on the smb.conf file, but it did not make a difference. > > I think this is the contention on the share modes database that I > believe we've fixed in the SAMBA_2_2 CVS tree. If you could test > that out I'd appreciate it. > > Thanks, > > Jeremy. > From matt.jones at petersfood.com Sat Dec 8 09:58:54 2001 From: matt.jones at petersfood.com (Matt Jones) Date: Tue Dec 2 02:37:08 2003 Subject: Windows 95 Login Script Problem Message-ID: <000301c18011$70dd1160$3d0a3296@peterk93qwgnku> Hi All I have a problem with login scripts processing on Windows 95 clients. I have a Windows NT primary domain controller and a Samba 2.2.2 server running Security = Domain mode. I have winbind configured. In my login scripts I have a net use command to map a drive to a share on the Samba server: net use n: \\pfbwlx06\install This works fine on Windows NT and Windows 2000 workstations but fails on Windows 95 machines - the login script stops on the command and it says "THE PASSWORD IS INVALID FOR PFBWLX06\INSTALL" the asks me to re-enter the password, once I have tried three times it fails completely and completes the rest of the script. Now what makes this very confusing is that when the login script has finished and I am at the desktop I can browse the share on that server in My Computer and map a network drive that way!! Has any body else seen this problem, I am really confused because none of my windows nt and 2000 machines have this problem. This is the message in /var/log/messages Dec 8 18:46:48 pfbwlx06 smbd[4823]: [2001/12/08 18:46:48, 0] smbd/password.c:domain_client_validate(1544) Dec 8 18:46:48 pfbwlx06 smbd[4823]: domain_client_validate: no challenge done - password failed Dec 8 18:46:48 pfbwlx06 smbd[4823]: [2001/12/08 18:46:48, 0] smbd/password.c:password_ok(601) Dec 8 18:46:48 pfbwlx06 smbd[4823]: Error: challenge not done for user=mjones Please help before I crack up completely. Matt From jvk at iname.com Sat Dec 8 10:46:05 2001 From: jvk at iname.com (Jan Vidar Klevengen) Date: Tue Dec 2 02:37:08 2003 Subject: Samba & PGP Message-ID: Hi! Anyone have accounts using PGP with Samba Domain ? I'm running a test network at home to see how Samba Domain works with Windows 2000, and so far it works pretty well. Just one problem. I use PGP 7.0 for Windows on my Windows 2000 computers, and when I reboot these computers I get a message when I open my pgpkeys that says "An error has occurred: bad parameters". This is a PGP error, but I think this has to do with Samba somehow, cause it don't happen when I use local users in Windows 2000. Anyone else experienced this? Kind Regards Jan Vidar Klevengen jvk@iname.com or janvkl@start.no From mike at digitalpipe.net Sat Dec 8 12:05:53 2001 From: mike at digitalpipe.net (Mike Papper) Date: Tue Dec 2 02:37:08 2003 Subject: Samba PDC and WinNT BDC References: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> <20011206175820.44eec86c.silviu@delrom.ro> <200112072103.fB7L3Zc09077@mail.digitalpipe.com> <20011207132151.C784@va.samba.org> Message-ID: <02b601c18022$388ea380$0401a8c0@pacbell.net> So in cvs I would do something like: cvs update -r SAMBA_2_2 ?? I will test it out - weve been using tcpdump and ethereal to look at the packet traffic between winbindd and the PDC - lots of traffic... Mike ----- Original Message ----- From: Jeremy Allison To: Mike Papper Cc: ; ; Sent: Friday, December 07, 2001 1:21 PM Subject: Re: Samba PDC and WinNT BDC On Fri, Dec 07, 2001 at 01:05:46PM -0800, Mike Papper wrote: > We tried the following: on Linux run samba 2.2.2 with winbind and nsswitch to > "add" the NT users to the linux machines set of users. Problem: winbind leaks > memory. When you have 15,000 users in the PDC, logging into the linux machine > can take a long time. The linux machine hits the PDC an awful lot (network > traffic and PDC load) as it keeps updating its list. This is fixed in the current winbindd code in the SAMBA_2_2 CVS tree. If you'd like to test it out that would be very welcome, a lot of work is currently going on in this area to speed this up. Jeremy. From jra at samba.org Sat Dec 8 13:54:03 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:37:08 2003 Subject: Samba PDC and WinNT BDC In-Reply-To: <02b601c18022$388ea380$0401a8c0@pacbell.net>; from mike@digitalpipe.net on Sat, Dec 08, 2001 at 11:44:54AM -0800 References: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> <20011206175820.44eec86c.silviu@delrom.ro> <200112072103.fB7L3Zc09077@mail.digitalpipe.com> <20011207132151.C784@va.samba.org> <02b601c18022$388ea380$0401a8c0@pacbell.net> Message-ID: <20011208134826.B7980@va.samba.org> On Sat, Dec 08, 2001 at 11:44:54AM -0800, Mike Papper wrote: > So in cvs I would do something like: > > cvs update -r SAMBA_2_2 That's correct. > I will test it out - weve been using tcpdump and ethereal to look at the > packet traffic between winbindd and the PDC - lots of traffic... Thanks. Jeremy. From blank.stv at charter.net Sat Dec 8 23:10:07 2001 From: blank.stv at charter.net (blank.stv@charter.net) Date: Tue Dec 2 02:37:08 2003 Subject: (no subject) Message-ID: <000501c18080$686e41b0$0301a8c0@sbhome> help -------------- next part -------------- HTML attachment scrubbed and removed From sanjay_floyd at yahoo.com Sat Dec 8 23:53:02 2001 From: sanjay_floyd at yahoo.com (Sanjay Rao) Date: Tue Dec 2 02:37:08 2003 Subject: NT authentication Message-ID: <20011209075143.94447.qmail@web11504.mail.yahoo.com> Hi, I have a probelm with the LINUX as a PDC, I am using samba 2.1.4 which is shipped along with RedHat7.2. I am able to authenticate Win95/98 clients with The linux Box as PDC but the NT workstation (service pack-6) is not able to recognize the username and password in that domain. I have done the changes in the registry of windows NT also, but the problem still persists. Please help me out, desperately need all your help. Thanks in advance Sanjay __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com From ffoss at hotpop.com Sat Dec 8 23:54:03 2001 From: ffoss at hotpop.com (ffoss) Date: Tue Dec 2 02:37:08 2003 Subject: problem logging xp machine / win 2k machine into samba domain In-Reply-To: <20011208200242.1CBCD4D19@lists.samba.org> Message-ID: <000001c18086$74d343a0$6900a8c0@fwf> Samba works great with win 98, but I have been knocking my head against the wall trying to join a win 2k and a win xp machine to the network. I have created the machine accounts (correctly I hope :-) ) machinename$ and user accounts in both Linux and samba. The registry has been changed on the xp machine. When I try to join the name I get (with good password and user root) The following error occurred attempting to join the domain "WG": The specified user does not exist. If I try with a bad password (same user name): The following error occurred attempting to join the domain "WG": Logon Failure: unknown user name or bad password It must be matching the user name / password, otherwise why would I get a different error when I use a bad password????? Unless of course the first error is the result of the machine name. machine name is fred machine account is fred$ User root exists in both /etc/passwd and /etc/samba/smbpasswd, but with different passwords the machine appears in both What to heck am I missing????????? Thanx fred From tarjei at nu.no Sun Dec 9 03:23:02 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:37:08 2003 Subject: Samba PDC and WinNT BDC References: <574607996176D51195A400A0C90AB760CA36@mail.gillnet.org> <20011206175820.44eec86c.silviu@delrom.ro> <200112072103.fB7L3Zc09077@mail.digitalpipe.com> <20011207132151.C784@va.samba.org> <02b601c18022$388ea380$0401a8c0@pacbell.net> Message-ID: <3C13491F.3B1F605E@nu.no> Hi Here's a suggestion for getting PDC-BDC like functionality for most samba users.I haven't tried it yet, but I thought I'd throw it into the discussion, as an idea (hopefully someone will tell me what's wrong with the consept). Here goes: Is it's possible to set up openldap so it replicates out other servers. How would this affect a bdc? i.e: PDC Server --> Samba BDC | | Openldap server --> OL server will it have an effect? Is it possible to set up the bdc once, and then sync on the ldap level and still have bdc functionality? AFAIK nitehr 2.2 or 2.0 has BDC functionality, but Samba-tng can do this. I thought I'd post the idea to hear some input before I try it. TH From daniel at systemexploit.org Sun Dec 9 05:12:03 2001 From: daniel at systemexploit.org (Daniel Frencham) Date: Tue Dec 2 02:37:08 2003 Subject: problem logging xp machine / win 2k machine into samba domain References: <000001c18086$74d343a0$6900a8c0@fwf> Message-ID: <001701c180b3$60f2f100$c954000a@ocean> Use the account "root" and the root pass of the PDC to join the machine to the domain. Dan ----- Original Message ----- From: "ffoss" To: Sent: Sunday, December 09, 2001 5:52 PM Subject: problem logging xp machine / win 2k machine into samba domain > Samba works great with win 98, but I have been knocking my head against > the wall trying to join a win 2k and a win xp machine to the network. I > have created the machine accounts (correctly I hope :-) ) machinename$ > and user accounts in both Linux and samba. The registry has been changed > on the xp machine. > > When I try to join the name I get (with good password and user root) > > The following error occurred attempting to join the domain "WG": > The specified user does not exist. > > If I try with a bad password (same user name): > The following error occurred attempting to join the domain "WG": > Logon Failure: unknown user name or bad password > > It must be matching the user name / password, otherwise why would I get > a different error when I use a bad password????? Unless of course the > first error is the result of the machine name. machine name is fred > machine account is fred$ > > User root exists in both /etc/passwd and /etc/samba/smbpasswd, but with > different passwords the machine appears in both > > What to heck am I missing????????? > > Thanx fred > > > > From goetz.rieger at suse.de Mon Dec 10 01:16:04 2001 From: goetz.rieger at suse.de (Goetz Rieger) Date: Tue Dec 2 02:37:08 2003 Subject: Winbindd in Large Installations Message-ID: <3C147D00.F734E8C4@suse.de> Hello all, we are evaluating a server consolidation involving Samba/Winbindd. The main goal is migrating a couple (~40) OS/2 fileservers to virtual Linux-Servers on S/390 running Samba. As a central authentication instance a W2K PDC in going to be used. The userbase is about ~950 accounts. We definitely don?t want to maintain a second user database. So I think our best guess is winbindd, which I used in a small installation and which I found pretty impressing. But here some questions are coming to my mind: - Does anybody use winbindd in a larger productive environment? - Is there any way to get a consistent user/ID mapping with winbindd (ja, I read the manual) over several Samba servers? Something like "tell winbindd to fetch all user/groups on startup" or distribute a predefined tdb-database? - Has anybody experience with the management of the memoryleak mentioned in the release notes? - Losing the database with the user/ID mapping would be a disaster. Is there any problem with backing up and re-using the (tdb?)-files? And apart from winbindd: - What is the status of quotas in 2.4.x? Any improvements in newer kernels? Every hint and tip would be appreciated. Best Regards, Goetz Rieger From michael.auleta at boeing.com Mon Dec 10 06:42:09 2001 From: michael.auleta at boeing.com (Auleta, Michael) Date: Tue Dec 2 02:37:08 2003 Subject: Joining a Windows 2000 Domain in an OU other than the top level Message-ID: <3770A45DCD946A459AADDDDA5606F7C201CA84A6@xch-phl-01.ne.nos.boeing.com> Due to restrictions set up in our Windows 2000 domain, I've been having trouble adding a Samba server to the domain. I've had a domain administrator add the server into an OU that we do have access to, and my Windows account has been enabled to add nodes to that OU. When I execute "smbpasswd -j DOM -r PDC -U myid%mypasswd", I get the traditional: smbpasswd -j DOMAIN/OU/SUBOU -r PDC -D 4 -U myid added interface ip=###.###.25.36 bcast=###.###.25.255 nmask=255.255.255.0 Password: resolve_lmhosts: Attempting lmhosts lookup for name PDC<0x20> getlmhostsent: lmhost entry: ###.###.22.14 PDC Connecting to ###.###.22.14 at port 139 session setup ok Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Unable to join domain DOMAIN. The same thing happens whether I try to add it to just DOMAIN or DOMAIN/OU/SUBOU. I'm trying to set this up using Samba 2.2.2 under Solaris 8. I was successfully able to add it to both an NT domain as well as a test Windows 2000 domain in the top level OU. I deleted the MACHINE.SID and secrets.tdb files in between each attempt. Mike From jay at toltec.metran.cx Mon Dec 10 06:57:07 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:37:08 2003 Subject: Joining a Windows 2000 Domain in an OU other than the top level In-Reply-To: <3770A45DCD946A459AADDDDA5606F7C201CA84A6@xch-phl-01.ne.nos.boeing.com> from "Auleta, Michael" at Dec 10, 2001 09:39:59 AM Message-ID: <200112101454.fBAEscT31012@toltec.metran.cx> Don't even try to add the server to the Active Directory (LDAP/ Kerberos) domain. When you add a Samba server to a Win 2000 domain, the domain controller(s) use backward compatiblity to support it as if they are a Windows NT 4.0 PDC. When running the smbpasswd command, you need to use the Administrator account and password, not your personal user account. Try: smbpasswd -j DOMAIN-NAME -r PDC-NAME -U Administrator% I think that may do it for you. Jay Ts > Due to restrictions set up in our Windows 2000 domain, I've been having > trouble adding a Samba server to the domain. I've had a domain > administrator add the server into an OU that we do have access to, and my > Windows account has been enabled to add nodes to that OU. When I execute > "smbpasswd -j DOM -r PDC -U myid%mypasswd", I get the traditional: > > smbpasswd -j DOMAIN/OU/SUBOU -r PDC -D 4 -U myid > added interface ip=###.###.25.36 bcast=###.###.25.255 nmask=255.255.255.0 > Password: > resolve_lmhosts: Attempting lmhosts lookup for name PDC<0x20> > getlmhostsent: lmhost entry: ###.###.22.14 PDC > Connecting to ###.###.22.14 at port 139 > session setup ok > Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] > Unable to join domain DOMAIN. > > The same thing happens whether I try to add it to just DOMAIN or > DOMAIN/OU/SUBOU. I'm trying to set this up using Samba 2.2.2 under Solaris > 8. I was successfully able to add it to both an NT domain as well as a test > Windows 2000 domain in the top level OU. I deleted the MACHINE.SID and > secrets.tdb files in between each attempt. > > Mike > From gareth at wgsf.org.uk Mon Dec 10 08:02:09 2001 From: gareth at wgsf.org.uk (Gareth Norman) Date: Tue Dec 2 02:37:08 2003 Subject: Netlogon Connections Message-ID: <000901c18194$3be08f80$0b0aa8c0@gareth> Im running samba 2.2.1a on RedHat 7.1. I have 20 win95 workstations currently accessing the PDC. If a class comes in (I work at a school) and they logon as they normally would there isn't a problem. however, if they all hit return at the same time (try to login simultaneousley) then about 30% of the workstations don't find (it would appear) the netlogon share and therefore don't pick up user.man or find the login script. any help is greatly appreciated. Many thanks Gareth Norman From samdu at ronintech.com Mon Dec 10 12:55:12 2001 From: samdu at ronintech.com (Sam Dunham) Date: Tue Dec 2 02:37:08 2003 Subject: Lock files Message-ID: <20011210205409.IKQH28277.imf02bis.bellsouth.net@there> I have a client that's running Red Hat 7.2 and Samba 2.2.2 and everything seems to be running fine with one weird exception. They are unable to open Access databases from explorer. If they double-click on the database from Explorer, Access tells them that they don't have permission or that the file is open exclusive. However, if they open it from the File menu in Access, it opens fine. This wasn't an issue until I moved them from a Windows 2000 server to the Linux box. Any ideas as to what's going on with this? -Sam Dunham Owner/Consultant Ronin Tech http://www.ronintech.com/ From I.W.C.Sanders at student.tue.nl Mon Dec 10 16:09:20 2001 From: I.W.C.Sanders at student.tue.nl (Sanders, I.W.C.) Date: Tue Dec 2 02:37:09 2003 Subject: Domain logon problems with XP pro Message-ID: <3D090DA8CFA4EA4E96E9D82DA52EDF410C9802@studentex5.student.tue.nl> Hi everybody, i've installed Samba 2.2.2 on my linux box and made it a PDC for my (little) network of windowz machines. I've got a windows XP pro version, a windows 2000 version (on my laptop) and some windows me stuff. All machines have been logged on to the PDC except the Windows XP Pro. It complains about a machine account missing for it. I logged on a windows 2000 machine (SP2) with the same techinque and this machine works "perfectly" ;-). Can somebody tell me what is going on? Is there a patch that i need to run or maybe samba 2.2.2 does NOT support windows Xp professional logins?? Greetz Iwan From d.sbragion at infotecna.it Mon Dec 10 23:45:04 2001 From: d.sbragion at infotecna.it (Denis Sbragion) Date: Tue Dec 2 02:37:09 2003 Subject: Lock files In-Reply-To: <20011210205409.IKQH28277.imf02bis.bellsouth.net@there> Message-ID: <5.1.0.14.1.20011211083402.024072a0@pop3.infotecna.lcl> Hello, At 15.50 10/12/01 -0500, Sam Dunham wrote: >I have a client that's running Red Hat 7.2 and Samba 2.2.2 and everything >... >opens fine. This wasn't an issue until I moved them from a Windows 2000 >server to the Linux box. Any ideas as to what's going on with this? try disabling kernel oplocks. I had similar problems with kernel oplocks enabled. Bye, -- Denis Sbragion InfoTecna Tel: +39 0362 805396, Fax: +39 0362 805404 URL: http://www.infotecna.it From olli.fink at ak-vorarlberg.at Tue Dec 11 01:02:03 2001 From: olli.fink at ak-vorarlberg.at (Olli Fink) Date: Tue Dec 2 02:37:09 2003 Subject: AW: Domain logon problems with XP pro In-Reply-To: <3D090DA8CFA4EA4E96E9D82DA52EDF410C9802@studentex5.student.tue.nl> Message-ID: <001701c1821f$91457590$6401000a@olli> Try the registry-hack WinXP_SignOrSeal.reg in your /docs/Registry in the samba sources !!! Maybe it doesn't work with a double click -> Look into the file and modify your registry manually !!! Greetings Olli > -----Urspr?ngliche Nachricht----- > Von: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Sanders, I.W.C. > Gesendet am: Dienstag, 11. Dezember 2001 01:07 > An: 'samba-ntdom@lists.samba.org' > Betreff: Domain logon problems with XP pro > > Hi everybody, > > i've installed Samba 2.2.2 on my linux box and made it a PDC for > my (little) > network of windowz machines. > I've got a windows XP pro version, a windows 2000 version (on my > laptop) and > some windows me stuff. > All machines have been logged on to the PDC except the Windows XP Pro. It > complains about a machine account > missing for it. I logged on a windows 2000 machine (SP2) with the same > techinque and this machine works "perfectly" ;-). > > Can somebody tell me what is going on? Is there a patch that i need to run > or maybe samba 2.2.2 does NOT support > windows Xp professional logins?? > > > Greetz Iwan > > From KMetz at psakids.com Tue Dec 11 04:46:03 2001 From: KMetz at psakids.com (Kevin Metz) Date: Tue Dec 2 02:37:09 2003 Subject: Removal Message-ID: <20BB5A31033CD411AB0500010238B1B4016866D3@PSAMES1> How can I be removed from this list? From sledof at wanadoo.fr Tue Dec 11 05:49:03 2001 From: sledof at wanadoo.fr (stef) Date: Tue Dec 2 02:37:09 2003 Subject: Netlogon Connections References: <000901c18194$3be08f80$0b0aa8c0@gareth> Message-ID: <3C161268.5BE2C912@wanadoo.fr> Gareth Norman wrote: > > Im running samba 2.2.1a on RedHat 7.1. > I have 20 win95 workstations currently accessing the PDC. If a class comes > in (I work at a school) and they logon as they normally would there isn't a > problem. however, if they all hit return at the same time (try to login > simultaneousley) then about 30% of the workstations don't find (it would > appear) the netlogon share and therefore don't pick up user.man or find the > login script. > any help is greatly appreciated. > > Many thanks > > Gareth Norman in my school, i have been this same pb. My solution is to put locks=no and oplocks=no for the netlogon share. Stef PS : scuse my english From Andre.Liem at redknee.com Tue Dec 11 06:48:19 2001 From: Andre.Liem at redknee.com (Andre Liem) Date: Tue Dec 2 02:37:09 2003 Subject: viewing Shares on Windows 2000 Message-ID: I've been at this for about 3 days now. Banging my head against the wall for 2. I am running samba 2.2.2 under Redhat 7.2. I am having a minor problem using net view and net use with my samba share. I've been at this all day, and can't help feeling I've overlooked something incredibly stupid. I've run through the DIAGNOSIS.TXT and I'm able to pass tests 1 - 7. Krusty has also been added to the Simpsons NT domain, which uses Win2000. We use DHCP for all of our network needs, so we don't have a WINS server and DNS seems to resolve everything. I've also tried importing the LMHOSTS file and checked the resolve order without success. When I do a "net view", I get: ..... \\KEVIN \\KRUSTY samba 2.2.2 on (krusty) ...etc But when I perform a net use x: \\krusty or \\krusty\test. I get the usual network path not found. I wasn't able to set clear text passwords either: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Rdr\Parameters\ doesn't seem to exist. My testparm: Load smb config files from /usr/local/samba/lib/smb.conf INFO: Debug class all level = 1 (pid 27268 from pid 27268) Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters [global] coding system = client code page = 850 code page directory = /usr/local/samba/lib/codepages workgroup = SIMPSONS netbios name = netbios aliases = netbios scope = server string = krusty: samba %v on (%L) interfaces = bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes password server = smb passwd file = /usr/local/samba/private/smbpasswd root directory = pam password change = No passwd program = /bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No < SNIP > dns proxy = Yes wins proxy = No wins server = wins support = No wins hook = < SNIP > msdfs root = No [homes] [test] comment = For testing only, please path = /tmp I don't know what else I can try Any input would be apreciated, thanks Andre Liem andre.liem@redknee.com From esexauer at neuearbeit.de Tue Dec 11 07:16:07 2001 From: esexauer at neuearbeit.de (Ernst Sexauer) Date: Tue Dec 2 02:37:09 2003 Subject: Netlogon Connections References: <000901c18194$3be08f80$0b0aa8c0@gareth> <3C161268.5BE2C912@wanadoo.fr> Message-ID: <3C162226.DFA09F1F@neuearbeit.de> stef wrote: > > Gareth Norman wrote: > > > > Im running samba 2.2.1a on RedHat 7.1. > > I have 20 win95 workstations currently accessing the PDC. If a class comes > > in (I work at a school) and they logon as they normally would there isn't a > > problem. however, if they all hit return at the same time (try to login > > simultaneousley) then about 30% of the workstations don't find (it would > > appear) the netlogon share and therefore don't pick up user.man or find the > > login script. > > any help is greatly appreciated. > > > > Many thanks > > > > Gareth Norman > > in my school, i have been this same pb. My solution is to put locks=no > and oplocks=no for the netlogon share. Shouldnt the problem disappear, if you set netlogon ro read-only - what is a good idea anyway? In this case there should be no lock-requests. Those requests make sense only in read/write mode. > > Stef > PS : scuse my english -- MfG E.R. Sexauer EDV-Neuearbeit, 0711-25593-53, esexauer@neuearbeit.de From ignoranceandmicrosoft at yahoo.com Tue Dec 11 07:52:02 2001 From: ignoranceandmicrosoft at yahoo.com (MS Will Fall) Date: Tue Dec 2 02:37:09 2003 Subject: PDC and user-included services Message-ID: <20011211155005.24600.qmail@web13308.mail.yahoo.com> I have 2.2.2 samba server acting as PDC. I have all the services (with the exception of [homes] and [netlogon]) included by username include = /etc/samba/smbusers/%U.conf but the shares are only listed intermitently using smbclient to list and access shares works exactly as it should, each user has all the shares they are supposed to see. the client machines all logon to the server correctly and mapped shares USUALLY function but the others sometimes come up and sometimes dont if anyone has any ideas on how to correct this problem, I would be forever grateful should I be using the 'config file' option instead of include; or maybe should I be preloading the shares...PLEASE HELP thanks; matt smb.conf [global] server string = Samba-%v netbios name = atlas log file = /var/log/samba/smblog.%m socket options = TCP_NODELAY #netbios aliases = WEIL_NETLOGON workgroup = weil wins support = yes dns proxy = no security = user encrypt passwords = yes smbpasswd file = /etc/samba/smbpasswd guest account = nobody local master = yes os level = 64 preferred master = yes logon script = %U.bat domain logons = yes logon home = \\atlas\%U [homes] writeable = yes browsable = no [NETLOGON] path = /home/netlogon guest ok = no writeable = no include = /etc/samba/smbusers/%U.conf ...end... example of a user conf file: ksr.conf [publishing] path = /etc/samba/smbusers/%U/publishing force user = atlasuser create mask = 640 force create mode = 640 group = atlasgroup public = no writeable = yes [consulting] path = /data/data2/consulting force user = atlasuser create mask = 640 force create mode = 640 group = atlasgroup public = no writeable = yes [atlantic] path = /data/data2/atlantic force user = atlasuser create mask = 640 force create mode = 640 group = atlasgroup public = no writeable = yes [templates] path = /data/data2/publishing/templates force user = tmplts create mask = 640 force create mode = 640 group = atlasgroup public = no writeable = yes ...end... __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com From mpav at algx.net Tue Dec 11 11:08:04 2001 From: mpav at algx.net (Matt Pavlovich) Date: Tue Dec 2 02:37:09 2003 Subject: Get data from NT 4.0 for migration to Samba PDC Message-ID: <3C165832.1D5E9BDD@algx.net> I am working on a project to migrate from an existing NT 4.0 domain to a Samba controlled domain, and have a few hang-ups. Since there will be a large contingent of existing NT servers that need to remain functional, we need to mirror the current environment precisely. I have found pwdump2 to be very helpful, as I am able to extract login id's, what appears to be user id's, and the NT and LM hashes (won't have to reset passwords). Dumping information from Exchange aids in email information, but little about the NT accounting. 1) RIDs Is there a way to extract a list of RIDs from the PDC? Group RIDs? 2) UIDs Is there a way to extract a list of User and (Primary) Group IDs? 3) Account Flags How can you extract the account flag information for users and servers? 4) Other user information Extraction of logon script setting? Home Drive? If anyone has experience in this type of migration and would like to offer assistance (off-list if prefered), I would appreciate it. Regards, Matt Pavlovich Allegiance Telecom, Inc. From david.moruzzi at babcockbrown.com Tue Dec 11 13:54:09 2001 From: david.moruzzi at babcockbrown.com (David Moruzzi) Date: Tue Dec 2 02:37:09 2003 Subject: "File being modified" Win2000 Message-ID: I have been working with Samba 2.2.0 and have hit a major problem when users accessing files from the server. A 'FILE RESERVATION' warning pops---in Windows 2000--up with an error saying that the "File.xyz is being modified by USER---where user is the last person to have opened the file. I have tried turning of oplocks and kernel locks in the Global section of the smd.conf: [global] client code page = 437 workgroup = XYZ server string = San Francisco File Server security = DOMAIN encrypt passwords = Yes password server = sfprinters, nyprinters passwd program = /usr/bin/yppasswd %u log file = /usr/local/samba/var/log.%m local master = No wins server = xx.xx.xx.xx kernel oplocks = No create mask = 0666 directory mask = 0777 oplocks = No This does not seems to work. Also I have been unable to get the log file to use the %m variable and create a separate file for each client. Are these bugs of 2.2.0. I have stop and started the smbd service several times. I have found a few postings on the web about this, but no answers. Thanx for your help This email message may contain information that is confidential and proprietary to Babcock & Brown or a third party. If you are not the intended recipient, please contact the sender and destroy the original and any copies of the original message. Babcock & Brown takes measures to protect the content of its communications. However, Babcock & Brown cannot guarantee that email messages will not be intercepted by third parties or that email messages will be free of errors or viruses. From delaitt at cpc.wmin.ac.uk Tue Dec 11 14:33:03 2001 From: delaitt at cpc.wmin.ac.uk (Thierry Delaitre) Date: Tue Dec 2 02:37:09 2003 Subject: W2K logon problem after joining a domain Message-ID: Hi, I've configured samba-2.2.2 as an NT PDC and successfuly joined a W2K box. However, I cannot login to the W2K box using the Samba domain name. I get the following error messages in log.smb: [2001/12/11 22:19:00, 0] rpc_server/srv_netlog.c:api_net_sam_logon(208) api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. [2001/12/11 22:19:00, 0] rpc_server/srv_pipe.c:api_rpcTNP(1204) api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. [2001/12/11 22:24:12, 1] smbd/server.c:main(689) smbd version 2.2.2 started. Copyright Andrew Tridgell 1992-1998 Also, I don't know why but I cannot mount a shared area provided by samba-2.2.2 and the strange things is that it works ok when I use smbclient "\\server\sharename" -U username I've put a copy of the smb.conf file that i's using. Cheers, Thierry. [globals] username level = 5 smb passwd file = /tmp/etc/private/smbpasswd workgroup = CPCNEW server string = Samba Server - Thierry Delaitre browseable = yes status = yes password level = 4 netbios aliases = SNAIL2 SNAIL3 SNAIL4 SNAIL5 SNAIL6 security = user encrypt passwords = yes domain logons = yes logon drive = h: logon script = %a.bat preserve case = yes lpq cache time = 30 time server = true wins support = no wins server = 161.74.92.102 domain master = yes local master = yes preferred master = yes os level = 65 map to guest = Bad User domain admin group = @adm [homes] comment = CPC home directories writable = yes hide dot files = yes [netlogon] path = /opt/samba/netlogon/%G writeable = yes guest ok = no locking = no From janvkl at start.no Tue Dec 11 14:40:11 2001 From: janvkl at start.no (Jan Vidar Klevengen) Date: Tue Dec 2 02:37:09 2003 Subject: Log file error! Message-ID: When I logon my Samba domain this appears in /var/log/samba/log. ---- [2001/12/11 23:29:49, 0] rpc_server/srv_netlog.c:api_net_sam_logon(208) api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. [2001/12/11 23:29:49, 0] rpc_server/srv_pipe.c:api_rpcTNP(1204) api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. [2001/12/11 23:30:08, 0] smbd/nttrans.c:call_nt_transact_ioctl(1762) call_nt_transact_ioctl: Currently not implemented. ---- Anyone know what this is ? Kind Regards Jan Vidar Klevengen jvk@iname.com From delaitt at cpc.wmin.ac.uk Tue Dec 11 14:41:03 2001 From: delaitt at cpc.wmin.ac.uk (Thierry Delaitre) Date: Tue Dec 2 02:37:09 2003 Subject: W2K logon problem after joining a domain In-Reply-To: Message-ID: Hi, I think I found the problem. It seems that users cannot login when they have complex passwords which include uppercase characters. It works ok with lowercase passwords. Is there a remedy to this problem ? Note that I'm already using password level = 4 Cheers, Thierry. On Tue, 11 Dec 2001, Thierry Delaitre wrote: > > Hi, > > I've configured samba-2.2.2 as an NT PDC and successfuly joined a W2K box. > However, I cannot login to the W2K box using the Samba domain name. I get > the following error messages in log.smb: > > [2001/12/11 22:19:00, 0] rpc_server/srv_netlog.c:api_net_sam_logon(208) > api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. > [2001/12/11 22:19:00, 0] rpc_server/srv_pipe.c:api_rpcTNP(1204) > api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. > [2001/12/11 22:24:12, 1] smbd/server.c:main(689) > smbd version 2.2.2 started. > Copyright Andrew Tridgell 1992-1998 > > Also, I don't know why but I cannot mount a shared area provided by > samba-2.2.2 and the strange things is that it works ok when I use > smbclient "\\server\sharename" -U username > > I've put a copy of the smb.conf file that i's using. > > Cheers, > > Thierry. > > [globals] > username level = 5 > smb passwd file = /tmp/etc/private/smbpasswd > workgroup = CPCNEW > server string = Samba Server - Thierry Delaitre > browseable = yes > status = yes > password level = 4 > netbios aliases = SNAIL2 SNAIL3 SNAIL4 SNAIL5 SNAIL6 > security = user > encrypt passwords = yes > domain logons = yes > logon drive = h: > logon script = %a.bat > preserve case = yes > lpq cache time = 30 > time server = true > wins support = no > wins server = 161.74.92.102 > domain master = yes > local master = yes > preferred master = yes > os level = 65 > map to guest = Bad User > domain admin group = @adm > > [homes] > comment = CPC home directories > writable = yes > hide dot files = yes > > [netlogon] > path = /opt/samba/netlogon/%G > writeable = yes > guest ok = no > locking = no > > > > ---------------------------------------- Dr Thierry DELAITRE Systems and Services Manager, CSCS University of Westminster 115 New Cavendish Street, London W1W 6UW Tel: 020 7911 5000 ext: 3586 Fax: 020 7911 5089 Mobile short dial code 1788 http://www.cscs.wmin.ac.uk/~delaitt ---------------------------------------- This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must not copy or show them to anyone, nor should you take any action based on them, other than to notify the error by replying to the sender. From dhighley at highley-recommended.com Tue Dec 11 20:45:02 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:09 2003 Subject: W2K logon problem after joining a domain In-Reply-To: from "Thierry Delaitre" at Dec 11, 2001 10:32:43 PM Message-ID: <200112120442.fBC4gcwM029296@hemlock.highley-recommended.com> "Thierry Delaitre wrote:" > > > Hi, > > I think I found the problem. It seems that users cannot login when they > have complex passwords which include uppercase characters. It works ok > with lowercase passwords. Is there a remedy to this problem ? Note that > I'm already using password level = 4 Thats not the problem. We are using Samba 2.2.2 and we have Win 2k systems. We use upper, lower, special characters, and numbers in our passwords. We are using Samba as a PDC running on Solaris 8. I see a few differences when I view the testparm output on our system: password level = 0 username level = 0 lanman auth = Yes name resolve order = lmhosts host wins bcast The above are Samba default settings. We also added the following lines to our dhcpd.conf file in the subnet section: option netbios-name-servers 10.2.2.3; option netbios-dd-server 10.2.2.3; option netbios-dd-server 10.2.2.3; option netbios-node-type 8; > > Cheers, > > Thierry. > > On Tue, 11 Dec 2001, Thierry Delaitre wrote: > > > > > Hi, > > > > I've configured samba-2.2.2 as an NT PDC and successfuly joined a W2K box. > > However, I cannot login to the W2K box using the Samba domain name. I get > > the following error messages in log.smb: > > > > [2001/12/11 22:19:00, 0] rpc_server/srv_netlog.c:api_net_sam_logon(208) > > api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. > > [2001/12/11 22:19:00, 0] rpc_server/srv_pipe.c:api_rpcTNP(1204) > > api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. > > [2001/12/11 22:24:12, 1] smbd/server.c:main(689) > > smbd version 2.2.2 started. > > Copyright Andrew Tridgell 1992-1998 > > > > Also, I don't know why but I cannot mount a shared area provided by > > samba-2.2.2 and the strange things is that it works ok when I use > > smbclient "\\server\sharename" -U username > > > > I've put a copy of the smb.conf file that i's using. > > > > Cheers, > > > > Thierry. > > > > [globals] > > username level = 5 > > smb passwd file = /tmp/etc/private/smbpasswd > > workgroup = CPCNEW > > server string = Samba Server - Thierry Delaitre > > browseable = yes > > status = yes > > password level = 4 > > netbios aliases = SNAIL2 SNAIL3 SNAIL4 SNAIL5 SNAIL6 > > security = user > > encrypt passwords = yes > > domain logons = yes > > logon drive = h: > > logon script = %a.bat > > preserve case = yes > > lpq cache time = 30 > > time server = true > > wins support = no > > wins server = 161.74.92.102 > > domain master = yes > > local master = yes > > preferred master = yes > > os level = 65 > > map to guest = Bad User > > domain admin group = @adm > > > > [homes] > > comment = CPC home directories > > writable = yes > > hide dot files = yes > > > > [netlogon] > > path = /opt/samba/netlogon/%G > > writeable = yes > > guest ok = no > > locking = no > > > > > > > > > > ---------------------------------------- > Dr Thierry DELAITRE > Systems and Services Manager, CSCS > University of Westminster > 115 New Cavendish Street, London W1W 6UW > > Tel: 020 7911 5000 ext: 3586 > Fax: 020 7911 5089 > Mobile short dial code 1788 > > http://www.cscs.wmin.ac.uk/~delaitt > ---------------------------------------- > > This e-mail and its attachments are intended for the above named only > and may be confidential. If they have come to you in error you must > not copy or show them to anyone, nor should you take any action based > on them, other than to notify the error by replying to the sender. > > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From dhighley at highley-recommended.com Tue Dec 11 20:48:02 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:11 2003 Subject: "File being modified" Win2000 In-Reply-To: from "David Moruzzi" at Dec 11, 2001 01:50:56 PM Message-ID: <200112120445.fBC4jwo6029335@hemlock.highley-recommended.com> "David Moruzzi wrote:" > > I have been working with Samba 2.2.0 and have hit a major problem when users > accessing files from the server. > > A 'FILE RESERVATION' warning pops---in Windows 2000--up with an error saying > that the "File.xyz is being modified by USER---where user is the last person > to have opened the file. > > I have tried turning of oplocks and kernel locks in the Global section of > the smd.conf: Try the following in the share section: oplocks = No level2 oplocks = No > > [global] > client code page = 437 > workgroup = XYZ > server string = San Francisco File Server > security = DOMAIN > encrypt passwords = Yes > password server = sfprinters, nyprinters > passwd program = /usr/bin/yppasswd %u > log file = /usr/local/samba/var/log.%m > local master = No > wins server = xx.xx.xx.xx > kernel oplocks = No > create mask = 0666 > directory mask = 0777 > oplocks = No > > This does not seems to work. Also I have been unable to get the log file to > use the %m variable and create a separate file for each client. Are these > bugs of 2.2.0. I have stop and started the smbd service several times. > > I have found a few postings on the web about this, but no answers. > > Thanx for your help > > > > This email message may contain information that is confidential and > proprietary to Babcock & Brown or a third party. If you are not the > intended recipient, please contact the sender and destroy the original and > any copies of the original message. Babcock & Brown takes measures to > protect the content of its communications. However, Babcock & Brown cannot > guarantee that email messages will not be intercepted by third parties or > that email messages will be free of errors or viruses. > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From torvir at dpsl.net Tue Dec 11 22:07:02 2001 From: torvir at dpsl.net (Rahul Torvi) Date: Tue Dec 2 02:37:11 2003 Subject: Access rights Message-ID: <016d01c182d2$f2486ba0$060610ac@versa> Hi All, I had set up a samba server with users having certain permission, Now what I want to do is to a group of users i need to give access to create file but they should not be allowed to delete the file. Is this possible....HOW???? PS : i got to know from the web that there is some patch for this but could not get... Thanks in advance Best Regards Rahul T. From avleeuwen at piwebs.com Wed Dec 12 06:25:02 2001 From: avleeuwen at piwebs.com (Arjan van Leeuwen) Date: Tue Dec 2 02:37:11 2003 Subject: Windows XP logon problem - used WinXP_SignOrSeal.reg Message-ID: <000201c18318$95632100$6400a8c0@amd760> Hi all, I run Samba 2.2.2 on a FreeBSD system. It is set up as a PDC as described in David Bannon's HOWTO. My Windows XP workstation can join the domain (i.e. the computer can join the domain), and an entry in smbpasswd is created. When I restart the workstation and try to login, I always get a server not found or computer not found in domain error. I already used the WinXP_SignOrSeal.reg file that comes with the Samba source. This didn't solve my problem. I see this entry in the Windows XP System Event Log: This computer could not authenticate with \\THUIS, a Windows domain controller for domain PIWEBS, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. Does anyone know how to solve this? Regards, Arjan From Bryan_Anslow at candle.com Wed Dec 12 07:20:10 2001 From: Bryan_Anslow at candle.com (Bryan_Anslow@candle.com) Date: Tue Dec 2 02:37:11 2003 Subject: WinXP... Message-ID: Hi, I had Samba running from Caldera Linux to a couple of Windows machines, Win98 and WinME. Now I have upgraded both Win machines to WinXP, but have not yet looked at setting Samba up to connect to them. Is there anything I should do/avoid? Also, what is the registry file "WinXP_SignorSeal.reg" ? and where can I get it? Many Thanks in Advance. Bryan. P.S. I seem to have a problem with "search" on the samba.org website currently and cannot get to any of the search results. From akillian at footlocker.com Wed Dec 12 08:07:10 2001 From: akillian at footlocker.com (Adam Killian) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing Message-ID: Greetings, I was wondering if anyone has any experience with Micorosft's licensing policy wrt samba. I want to use an NT PDC and some BDCs to do my username/password authentication, and use Samba for all my file/print servers. Obviously, I will need licenses for each NT server, but if all I am doing with it is authenticating users, do I need a CAL for each user? This is going to be a 2500 user installation, so it makes a big difference to the total cost. If I do end up needing CALS, I will have to use some other authentication mechanism. As I understand it, I can configure Samba to act as a PDC, but not as a BDC. Since this will be a mutli-site deployment, that won't work. I guess that leaves me with NIS or LDAP. Does anyone have any reccomendations/suggestions/horror stories? Thanks, Adam Killian akillian@footlocker.com From mcl at elex.be Wed Dec 12 08:09:26 2001 From: mcl at elex.be (Marc Collignon) Date: Tue Dec 2 02:37:11 2003 Subject: Windows XP and Domain Admins group Message-ID: <5.1.0.14.0.20011212165435.02fb1b08@10.32.48.1> Hello all, when attempting to insert the group \Domain Admins to the local Administrator group of a Windows XP machine, I get : "Information returned from the object picker for object "Domain Admins" was incomplete. The object will not be pricessed" The user I am logged in as is already in the local Administrator group and is in the Domain Admins group on the server. The same happens when I try to add the Domain Users group. I see nothing special in the log files on the server... And I'm not getting the problem using a W2K machine... Has anyone had and resolved the same problem. Marc From samba at denverdata.com Wed Dec 12 08:23:05 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:37:11 2003 Subject: "File being modified" Win2000 In-Reply-To: <200112120445.fBC4jwo6029335@hemlock.highley-recommended.com> Message-ID: David, Is this file some type of MS Office document? I suspect it is, in which case I'm not certain that any combination of samba locking settings will solve your problem. Look for any temp files in the directory with the file being opened (similar in name to the file to be opened, but obviously a wierd name). If one (or more) are there, then either the file is still in use by this other person, or the application did not exit properly and clean them up. HTH, Doug > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of David Highley > Sent: Tuesday, December 11, 2001 9:46 PM > To: NTDomain Samba > Subject: Re: "File being modified" Win2000 > > > "David Moruzzi wrote:" > > > > I have been working with Samba 2.2.0 and have hit a major > problem when users > > accessing files from the server. > > > > A 'FILE RESERVATION' warning pops---in Windows 2000--up with an > error saying > > that the "File.xyz is being modified by USER---where user is > the last person > > to have opened the file. > > > > I have tried turning of oplocks and kernel locks in the Global > section of > > the smd.conf: > > Try the following in the share section: > oplocks = No > level2 oplocks = No > > > > > [global] > > client code page = 437 > > workgroup = XYZ > > server string = San Francisco File Server > > security = DOMAIN > > encrypt passwords = Yes > > password server = sfprinters, nyprinters > > passwd program = /usr/bin/yppasswd %u > > log file = /usr/local/samba/var/log.%m > > local master = No > > wins server = xx.xx.xx.xx > > kernel oplocks = No > > create mask = 0666 > > directory mask = 0777 > > oplocks = No > > > > This does not seems to work. Also I have been unable to get the > log file to > > use the %m variable and create a separate file for each client. > Are these > > bugs of 2.2.0. I have stop and started the smbd service several times. > > > > I have found a few postings on the web about this, but no answers. > > > > Thanx for your help > > > > > > > > This email message may contain information that is confidential and > > proprietary to Babcock & Brown or a third party. If you are not the > > intended recipient, please contact the sender and destroy the > original and > > any copies of the original message. Babcock & Brown takes measures to > > protect the content of its communications. However, Babcock & > Brown cannot > > guarantee that email messages will not be intercepted by third > parties or > > that email messages will be free of errors or viruses. > > > > > > > -- > > > Regards, > > David Highley Phone: (206) 669-0081 > Highley Recommended, Inc. FAX: (253) 838-8509 > 2927 SW 339th Street Email: dhighley@highley-recommended.com > Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com > From Volker.Lendecke at SerNet.DE Wed Dec 12 08:55:01 2001 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing In-Reply-To: References: Message-ID: On Wed, Dec 12, 2001 at 11:07:58AM -0500, Adam Killian wrote: > As I understand it, I can configure Samba to act as a PDC, but not as a BDC. > Since this will be a mutli-site deployment, that won't work. I guess that > leaves me with NIS or LDAP. Does anyone have any > reccomendations/suggestions/horror stories? I installed exactly your setup with replicated OpenLDAP. It should go into production these days. It's a lot of small details to care for, but once you got it working it's straightforward. The only idea is to have samba get its SAM information from a local OpenLDAP that is replicated from the PDC's LDAP Server to the BDC's LDAP. The BDC should have 'domain master = no' and 'domain logons = yes'. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011212/0496b049/attachment.bin From mpav at algx.net Wed Dec 12 09:09:02 2001 From: mpav at algx.net (Matt Pavlovich) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing References: Message-ID: <3C178E0F.CC121168@algx.net> Volker- Will NT clients automatically direct authentication to the Samba "BDC" by changing 'domain master = no', 'domain logons = yes'? What about OS level? Wouldn't it have to be the second highest value to the Samba PDC? Have you tested this? Matt Pavlovich Allegiance Telecom, Inc. Volker Lendecke wrote: > > On Wed, Dec 12, 2001 at 11:07:58AM -0500, Adam Killian wrote: > > > As I understand it, I can configure Samba to act as a PDC, but not as a BDC. > > Since this will be a mutli-site deployment, that won't work. I guess that > > leaves me with NIS or LDAP. Does anyone have any > > reccomendations/suggestions/horror stories? > > I installed exactly your setup with replicated OpenLDAP. It should go into > production these days. It's a lot of small details to care for, but once you > got it working it's straightforward. > > The only idea is to have samba get its SAM information from a local OpenLDAP > that is replicated from the PDC's LDAP Server to the BDC's LDAP. The BDC should > have 'domain master = no' and 'domain logons = yes'. > > Volker > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature From mpav at algx.net Wed Dec 12 09:20:14 2001 From: mpav at algx.net (Matt Pavlovich) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing References: Message-ID: <3C1790BD.9B79ECBB@algx.net> My understanding of CAL's, is that you only need to purchase a Cal if you are connecting a workstation to a server and the versions of Windows are different, or for every user that connects to a server over the base number of allowed clients. If you have one Win2k server, and one Win2k workstation, you would not need a CAL, as it is included in the purchase price of the products. ie.. Windows 2000 Server, and WinNT 4.0 workstation would require a Win2k CAL. Win2k server and 4000 Win2k clients requires 4000 CAL's. Of course, the licensing model changes daily.. so consider this only a base guide. With Samba as the PDC and file servers, you should not have to buy any CALs as you have already licensed the workstation licenses. It would be very bold of Microsoft to attempt to charge licenses for anything that speaks the protocol. Matt Pavlovich Allegiance Telecom, Inc. Adam Killian wrote: > > Greetings, > > I was wondering if anyone has any experience with Micorosft's licensing policy wrt samba. > I want to use an NT PDC and some BDCs to do my username/password authentication, and use Samba for all my file/print servers. Obviously, I will need licenses for each NT server, but if all I am doing with it is authenticating users, do I need a CAL for each user? This is going to be a 2500 user installation, so it makes a big difference to the total cost. If I do end up needing CALS, I will have to use some other authentication mechanism. > > As I understand it, I can configure Samba to act as a PDC, but not as a BDC. Since this will be a mutli-site deployment, that won't work. I guess that leaves me with NIS or LDAP. Does anyone have any reccomendations/suggestions/horror stories? > > Thanks, > > Adam Killian > akillian@footlocker.com From eric_brunet at ifrance.com Wed Dec 12 09:23:02 2001 From: eric_brunet at ifrance.com (Brunet Eric) Date: Tue Dec 2 02:37:11 2003 Subject: need help for winbind PLEASE Message-ID: <3C179219.40702@ifrance.com> hello, I have some problems to authentificate domain users on a samba server (2.2.2, member of same domain). i read all samba docs and browsed many archives, i didn't see the case of samba PDC with samba member, it's always samba member with NT4 or WIN2000 PDC. So my first question is: is it possible??? my situation is following: -samba PDC(v2.2.2) work fine with all windows clients -samba member(v2.2.2) it seems correctly configured: -in smb.conf: security = domain, winbind parameters .....) -pam : add pam_winbind.so in different files of /etc/pam.d About winbindd: #wbinfo -t Secret is good #wbinfo -u ... OFFICE+foo ... notice: foo is an account of my domain OFFICE # wbinfo -g OFFICE+Domain Admins OFFICE+Domain Users # wbinfo -r OFFICE+ericb 10003 ok all seems to wrok BUT: # wbinfo -a OFFICE+foo%xxxxx plaintext password authentication succeeded """""""""" challenge/response password authentication failed """""" Could not authenticate user OFFICE+foo%xxxxx with challenge/response Notice: of course there aren't account system "foo" in the samba member machine So why plaintext authentification rocks only??? is it normal???? #wbinfo -m # ->no response????? it might display OFFICE domain i give you the log of winbind(with debug option to 3) when i tried to connect at a share directory in the member machine with: #smbclient //member/test -U foo -W OFFICE the log: [2001/12/12 19:09:49, 3] nsswitch/winbindd_user.c:winbindd_getpwnam_from_user(104) [13630]: getpwnam OFFICE+FOO [2001/12/12 19:09:49, 3] nsswitch/winbindd_util.c:domain_handles_open(187) checking domain handles for domain OFFICE [2001/12/12 19:09:49, 3] nsswitch/winbindd_util.c:debug_conn_state(33) server: dc=MAISON, pwdb_init=1, lsa_hnd=1 [2001/12/12 19:09:49, 3] nsswitch/winbindd_util.c:debug_conn_state(39) OFFICE: dc=MAISON, got_sid=1, sam_hnd=1 sam_dom_hnd=1 [2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:get_cache_sequence_number(112) CACHESEQ OFFICE/USR/FOO is 1008173647 [2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:cache_domain_expired(84) seq 1008173647 for OFFICE has expired """"""""""""""""""" [2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:cached_sequence_number(67) cached sequence number for OFFICE is 1008176371 [2001/12/12 19:09:49, 3] nsswitch/winbindd_user.c:winbindd_getpwnam_from_user(104) [13630]: getpwnam office+foo [2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:get_cache_sequence_number(112) CACHESEQ OFFICE/USR/ericb is 1008173647 [2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:cached_sequence_number(67) cached sequence number for OFFICE is 1008176371 [2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:cache_domain_expired(84) seq 1008173647 for OFFICE has expired """"""""""""""""""""" [2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:cached_sequence_number(67) cached sequence number for OFFICE is 1008176371 [2001/12/12 19:09:50, 3] nsswitch/winbindd_group.c:winbindd_getgroups(908) [13630]: getgroups office+foo [2001/12/12 19:09:50, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(187) [13630]: uid to sid 10000 [2001/12/12 19:09:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(224) [13630]: gid to sid 10000 [2001/12/12 19:09:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(224) [13630]: gid to sid 10003 [2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_setgrent(396) [13634]: setgrent [2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_getgrent(567) [13634]: getgrent [2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_getgrent(567) [13634]: getgrent [2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_endgrent(449) [13634]: endgrent [2001/12/12 19:10:30, 3] nsswitch/winbindd_util.c:establish_connections(350) establishing connections [2001/12/12 19:10:30, 3] nsswitch/winbindd_util.c:debug_conn_state(33) server: dc=MAISON, pwdb_init=1, lsa_hnd=1 notice: MAISON is the domain controller. -the log for the client which execute the smbclient: [2001/12/12 17:30:05, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD [2001/12/12 17:30:05, 0] smbd/password.c:domain_client_validate(1608) domain_client_validate: unable to validate password for user FOO in domain OFFICE to Domain controller MAISON. Error was NT_STATUS_WRONG_PASSWORD. big thx for your help :) From Volker.Lendecke at SerNet.DE Wed Dec 12 09:25:02 2001 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing In-Reply-To: <3C178E0F.CC121168@algx.net> (message from Matt Pavlovich on Wed, 12 Dec 2001 11:04:15 -0600) References: <3C178E0F.CC121168@algx.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Will NT clients automatically direct authentication to the Samba "BDC" > by changing 'domain master = no', 'domain logons = yes'? After asking the WINS for DOMAIN#1c the Workstation sends out a Broadcast NetBIOS Datagram along with a directed packet to the first IP in the DOMAIN#1c answer. The broadcast responder is then preferred. This way you always get the local DC to answer the logon request. 'domain master = no' is necessary to direct the password change requests to the PDC and to avoid the WINS name clash. > What about OS level? Not relevant, this only applies to Browsing. > Have you tested this? Yes :-) Only in a test scenario until now, but there it works perfectly fine. Volker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Fingerprint available: phone +49 551 3700000 iD8DBQE8F5JpZeeQha3jd9gRAohjAKCBHUgHk4Ygxm2XQ9GDbn5VMMdrvQCfRCo5 LpC7LhRUqcwX3XI/F+ravks= =+GuW -----END PGP SIGNATURE----- From jra at samba.org Wed Dec 12 09:30:03 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing In-Reply-To: ; from Volker.Lendecke@SerNet.DE on Wed, Dec 12, 2001 at 06:22:53PM +0100 References: <3C178E0F.CC121168@algx.net> Message-ID: <20011212092937.B11202@va.samba.org> On Wed, Dec 12, 2001 at 06:22:53PM +0100, Volker Lendecke wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Will NT clients automatically direct authentication to the Samba "BDC" > > by changing 'domain master = no', 'domain logons = yes'? > > After asking the WINS for DOMAIN#1c the Workstation sends out a > Broadcast NetBIOS Datagram along with a directed packet to the first > IP in the DOMAIN#1c answer. The broadcast responder is then > preferred. This way you always get the local DC to answer the logon > request. 'domain master = no' is necessary to direct the password > change requests to the PDC and to avoid the WINS name clash. > > > What about OS level? > > Not relevant, this only applies to Browsing. > > > Have you tested this? > > Yes :-) Only in a test scenario until now, but there it works > perfectly fine. Volker, can you write a howto for this ? I'm also intending to integrate and test all the LDAP patches for Samba 2.2.3 to make sure it works well with an LDAP SAM backend. Can you let me know which (if any) patches you used to set this up ? Thanks, Jeremy. From flb at strathom.com Wed Dec 12 09:32:06 2001 From: flb at strathom.com (Frederic Le Bastard) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing In-Reply-To: Message-ID: Hi, > My understanding of CAL's, is that you only need to purchase a Cal if > you are connecting a workstation to a server and the versions > of Windows > are different, or for every user that connects to a server > over the base > number of allowed clients. If you have one Win2k server, and > one Win2k > workstation, you would not need a CAL, as it is included in > the purchase > price of the products. I'm afraid you're wrong. If you have a 2k server, and a 2k workstation you'll need a 2k CAL for the workstation to access the server. By default, if you buy a box with 2k server, you have 5 CAL included. If you have more than 5 clients (2k, NT wkst, 98, whatever) you have to buy supplemental CAL > > ie.. Windows 2000 Server, and WinNT 4.0 workstation would require a > Win2k CAL. True > > Win2k server and 4000 Win2k clients requires 4000 CAL's. True > > Of course, the licensing model changes daily.. so consider this only a > base guide. > > With Samba as the PDC and file servers, you should not have to buy any > CALs as you have already licensed the workstation licenses. True, what is to remember (it's true for any microsoft server product) : You need a license for the server You need a license for the client You need a license for the client to access the server. That is, considering samba, you don't pay any license for the server, so you don't have to pay any license for the client to access the server. All you have to pay is the client's license. Have fun ! Fred > From teilo at cdt.luth.se Wed Dec 12 09:35:04 2001 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing References: Message-ID: <3C1794D8.90108@cdt.luth.se> Probably not, acording to http://www.microsoft.com/PIRACY/samguide/tools/cal_guide/winnt.asp but IANAL and havn't read the full NT licence aggreement *CALs are Required * Windows NT 4.0 Server can be used for any of the following, in which CALs are required: (*Note:* that some of these functions are "basic" and will be a common use of Windows NT Server, while others are more specialized and thus will be less common) * File Services--i.e. accessing or managing files on the network. * Printing Services--i.e. sharing and managing printers on the network. * Macintosh connectivity--file sharing and/or printing sharing. * Remote Access Services--i.e. accessing a server from a remote location through a communications link, including the use of Internet Connection Services. * Message Queue Server--i.e. sending or receiving messages from Message Queue Server. * Transaction Server--invoking component-based applications managed by Transaction Server. * Terminal Server Functionality--using Windows NT Server to display or use Windows-based or Windows NT-based applications on a device. No mention of Authenticating users here... But you must not share any files from them. Adam Killian wrote: >Greetings, > >I was wondering if anyone has any experience with Micorosft's licensing policy wrt samba. >I want to use an NT PDC and some BDCs to do my username/password authentication, and use Samba for all my file/print servers. Obviously, I will need licenses for each NT server, but if all I am doing with it is authenticating users, do I need a CAL for each user? This is going to be a 2500 user installation, so it makes a big difference to the total cost. If I do end up needing CALS, I will have to use some other authentication mechanism. > >As I understand it, I can configure Samba to act as a PDC, but not as a BDC. Since this will be a mutli-site deployment, that won't work. I guess that leaves me with NIS or LDAP. Does anyone have any reccomendations/suggestions/horror stories? > >Thanks, > >Adam Killian >akillian@footlocker.com > -- Technology is a word that describes something that doesn't work yet. Douglas Adams From mpav at algx.net Wed Dec 12 09:48:02 2001 From: mpav at algx.net (Matt Pavlovich) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing References: <3C178E0F.CC121168@algx.net> <20011212092937.B11202@va.samba.org> Message-ID: <3C17974B.3B2AE1C3@algx.net> I will be testing this in a lab in the next few weeks and will gladly assist in authoring a "Samba LDAP Domain HOWTO". What does the timeframe for 2.2.3 look like? Having the HOWTO ready by then would be handy. Additionally, I am migrating a production NT 4.0 domain to the Samba managed domain and am willing to work with anyone on this as well. "NT->Samba Domain Migration HOWTO" to come later.. Matt Pavlovich Jeremy Allison wrote: > > On Wed, Dec 12, 2001 at 06:22:53PM +0100, Volker Lendecke wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > Will NT clients automatically direct authentication to the Samba "BDC" > > > by changing 'domain master = no', 'domain logons = yes'? > > > > After asking the WINS for DOMAIN#1c the Workstation sends out a > > Broadcast NetBIOS Datagram along with a directed packet to the first > > IP in the DOMAIN#1c answer. The broadcast responder is then > > preferred. This way you always get the local DC to answer the logon > > request. 'domain master = no' is necessary to direct the password > > change requests to the PDC and to avoid the WINS name clash. > > > > > What about OS level? > > > > Not relevant, this only applies to Browsing. > > > > > Have you tested this? > > > > Yes :-) Only in a test scenario until now, but there it works > > perfectly fine. > > Volker, can you write a howto for this ? I'm also intending to > integrate and test all the LDAP patches for Samba 2.2.3 to make > sure it works well with an LDAP SAM backend. > > Can you let me know which (if any) patches you used to set this > up ? > > Thanks, > > Jeremy. From jra at samba.org Wed Dec 12 09:51:03 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing In-Reply-To: <3C17974B.3B2AE1C3@algx.net>; from mpav@algx.net on Wed, Dec 12, 2001 at 11:43:39AM -0600 References: <3C178E0F.CC121168@algx.net> <20011212092937.B11202@va.samba.org> <3C17974B.3B2AE1C3@algx.net> Message-ID: <20011212095006.D11202@va.samba.org> On Wed, Dec 12, 2001 at 11:43:39AM -0600, Matt Pavlovich wrote: > I will be testing this in a lab in the next few weeks and will gladly > assist in authoring a "Samba LDAP Domain HOWTO". > > What does the timeframe for 2.2.3 look like? Having the HOWTO ready by > then would be handy. > > Additionally, I am migrating a production NT 4.0 domain to the Samba > managed domain and am willing to work with anyone on this as well. > "NT->Samba Domain Migration HOWTO" to come later.. As soon as I've finished going through the bugs list applying patches and regression testing. I'm hoping before Christmas but it's looking less likely.... Jeremy. From Volker.Lendecke at SerNet.DE Wed Dec 12 09:56:04 2001 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing In-Reply-To: References: Message-ID: On Wed, Dec 12, 2001 at 06:30:56PM +0100, Frederic Le Bastard wrote: > That is, considering samba, you don't pay any license for the server, so > you don't have to pay any license for the client to access the server. > All you have to pay is the client's license. The question is: If the PDC does *not* serve any files, it's *only* PDC for a bunch of Samba servers, do you need the CALs? The clients only access the PDC for authentication. But wait... The [netlogon] share is always shared from the DC. Does this count? Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011212/f0cc3244/attachment.bin From dhighley at highley-recommended.com Wed Dec 12 09:58:02 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:11 2003 Subject: SIDs and Gremlin Laptop Message-ID: <200112121756.fBCHu1sC002390@hemlock.highley-recommended.com> We use a bit of a gremlin laptop for portable integration testing. Some times it is a Linux system and sometimes it is an NT 4.0 system. Does anyone know how we can keep the SID identity consistent between OS changes so the Samba PDC will be unaware of the OS changing? -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From mpav at algx.net Wed Dec 12 10:00:03 2001 From: mpav at algx.net (Matt Pavlovich) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing References: <3C178E0F.CC121168@algx.net> <20011212092937.B11202@va.samba.org> <3C17974B.3B2AE1C3@algx.net> <20011212095006.D11202@va.samba.org> Message-ID: <3C179A11.A6D20581@algx.net> > As soon as I've finished going through the bugs list applying patches > and regression testing. I'm hoping before Christmas but it's looking > less likely.... Sounds good. Volker- I'll move the documentation conversation offline. Matt Pavlovich From turner at juelich-enzyme.com Wed Dec 12 10:06:03 2001 From: turner at juelich-enzyme.com (Francis Turner) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing References: Message-ID: <3C179BBE.8020600@juelich-enzyme.com> Volker Lendecke wrote: > The question is: If the PDC does *not* serve any files, it's *only* PDC for a > bunch of Samba servers, do you need the CALs? The clients only access the PDC > for authentication. But wait... The [netlogon] share is always shared from the > DC. Does this count? > > Volker > I think it will count when you change password. IIRC clients use the netlogon share to change passwords and they have to change passowrds on the PDC. To do this they will access a file on the PDC's netlogon share and thus will count as a user of file services on the PDC. I'll be happy to be corrected on this if I'm wrong Francis -- Francis Turner, CIO Juelich Enzyme Products GmbH http://www.juelich-enzyme.com/ +49-173-291-7278 If you're not part of the solution, you're part of the precipitate. -- Henry J. Tillman From olivier.lemaire at IDEALX.com Wed Dec 12 10:21:38 2001 From: olivier.lemaire at IDEALX.com (Olivier Lemaire) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing In-Reply-To: <3C17974B.3B2AE1C3@algx.net>; from mpav@algx.net on Wed, Dec 12, 2001 at 11:43:39AM -0600 References: <3C178E0F.CC121168@algx.net> <20011212092937.B11202@va.samba.org> <3C17974B.3B2AE1C3@algx.net> Message-ID: <20011212191238.A30534@gobey.ird.idealx.com> > I will be testing this in a lab in the next few weeks and will gladly > assist in authoring a "Samba LDAP Domain HOWTO". I propose to merge jobs: we've got the beginning of an Samba+LDAP PDC Howto have a look at http://samba.idealx.org/ Some scripts come along with this howto... no problem to create some write accounts on the cvs repo :-) or to move jobs to the any other samba cvs repo anyway. -- Olivier Lemaire aka lem http://IDEALX.org/ From akillian at footlocker.com Wed Dec 12 11:33:03 2001 From: akillian at footlocker.com (Adam Killian) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing In-Reply-To: Message-ID: Volker, This seems like a good option to me. This project is to see how feasible it would be to replace a Novell Netware file/print environemnt with Linux/Samba. I am going to need OpenLdap to replace NDS anyhow. Just to be sure I understand... I setup a Samba servers in each site with domain logons=yes and OpenLdap as a slave I pick one server to be the OpenLdap master and all is well? Can a real NT4 app server be a member of such a domain? We have some apps the MUST be run on NT4 servers. If that works, I am home free! Woo Hoo! Thanks, Adam Killian akillian@footlocker.com > -----Original Message----- > I installed exactly your setup with replicated OpenLDAP. > It should go into > production these days. It's a lot of small details to > care for, but once you > got it working it's straightforward. > > The only idea is to have samba get its SAM information > from a local OpenLDAP > that is replicated from the PDC's LDAP Server to the > BDC's LDAP. The BDC should > have 'domain master = no' and 'domain logons = yes'. > > Volker > > From tarjei at nu.no Wed Dec 12 11:36:04 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:37:11 2003 Subject: NT PDC licensing References: <3C178E0F.CC121168@algx.net> <20011212092937.B11202@va.samba.org> <3C17974B.3B2AE1C3@algx.net> <20011212191238.A30534@gobey.ird.idealx.com> Message-ID: <3C17B122.5C1D9EA8@nu.no> Hi A few comments: 1. Two things are missing: - a script to create the initial .ldifs - a webfrontend. The first one woulde be great if was added the last I know there are several who are working on. 2. Check out the samba-tng ldap howto's if you haven't :) 3. There's a ldap replication howto on the web somewhere. Check it out if you havent :) 4. Why "do not choose use tls"? The pam-ldap libs work very well with ssl/tls. I can send you a small script that you can use to generate openldap certificates if you whant to. Hope this helps a bit PS: THere is a huge samba w/ldap howto on the net that contaings infor for all sambas Tarjei From delaitt at cpc.wmin.ac.uk Wed Dec 12 11:39:03 2001 From: delaitt at cpc.wmin.ac.uk (Thierry Delaitre) Date: Tue Dec 2 02:37:11 2003 Subject: W2K logon problem after joining a domain In-Reply-To: <200112120442.fBC4gcwM029296@hemlock.highley-recommended.com> Message-ID: > Thats not the problem. We are using Samba 2.2.2 and we have Win 2k > systems. We use upper, lower, special characters, and numbers in our > passwords. We are using Samba as a PDC running on Solaris 8. it got it to work with lowercase & uppercase as well but this only seems to work for passwords which are no longer than 8 characters. I'm using Sol7 11/99. Thierry. > I see a few differences when I view the testparm output on our > system: > password level = 0 > username level = 0 > lanman auth = Yes > name resolve order = lmhosts host wins bcast > > The above are Samba default settings. We also added the following lines > to our dhcpd.conf file in the subnet section: > option netbios-name-servers 10.2.2.3; > option netbios-dd-server 10.2.2.3; > option netbios-dd-server 10.2.2.3; > option netbios-node-type 8; > > > > > Cheers, > > > > Thierry. > > > > On Tue, 11 Dec 2001, Thierry Delaitre wrote: > > > > > > > > Hi, > > > > > > I've configured samba-2.2.2 as an NT PDC and successfuly joined a W2K box. > > > However, I cannot login to the W2K box using the Samba domain name. I get > > > the following error messages in log.smb: > > > > > > [2001/12/11 22:19:00, 0] rpc_server/srv_netlog.c:api_net_sam_logon(208) > > > api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. > > > [2001/12/11 22:19:00, 0] rpc_server/srv_pipe.c:api_rpcTNP(1204) > > > api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. > > > [2001/12/11 22:24:12, 1] smbd/server.c:main(689) > > > smbd version 2.2.2 started. > > > Copyright Andrew Tridgell 1992-1998 > > > > > > Also, I don't know why but I cannot mount a shared area provided by > > > samba-2.2.2 and the strange things is that it works ok when I use > > > smbclient "\\server\sharename" -U username > > > > > > I've put a copy of the smb.conf file that i's using. > > > > > > Cheers, > > > > > > Thierry. > > > > > > [globals] > > > username level = 5 > > > smb passwd file = /tmp/etc/private/smbpasswd > > > workgroup = CPCNEW > > > server string = Samba Server - Thierry Delaitre > > > browseable = yes > > > status = yes > > > password level = 4 > > > netbios aliases = SNAIL2 SNAIL3 SNAIL4 SNAIL5 SNAIL6 > > > security = user > > > encrypt passwords = yes > > > domain logons = yes > > > logon drive = h: > > > logon script = %a.bat > > > preserve case = yes > > > lpq cache time = 30 > > > time server = true > > > wins support = no > > > wins server = 161.74.92.102 > > > domain master = yes > > > local master = yes > > > preferred master = yes > > > os level = 65 > > > map to guest = Bad User > > > domain admin group = @adm > > > > > > [homes] > > > comment = CPC home directories > > > writable = yes > > > hide dot files = yes > > > > > > [netlogon] > > > path = /opt/samba/netlogon/%G > > > writeable = yes > > > guest ok = no > > > locking = no > > > > > > > > > > > > > > > > ---------------------------------------- > > Dr Thierry DELAITRE > > Systems and Services Manager, CSCS > > University of Westminster > > 115 New Cavendish Street, London W1W 6UW > > > > Tel: 020 7911 5000 ext: 3586 > > Fax: 020 7911 5089 > > Mobile short dial code 1788 > > > > http://www.cscs.wmin.ac.uk/~delaitt > > ---------------------------------------- > > > > This e-mail and its attachments are intended for the above named only > > and may be confidential. If they have come to you in error you must > > not copy or show them to anyone, nor should you take any action based > > on them, other than to notify the error by replying to the sender. > > > > > > > > > -- > > > Regards, > > David Highley Phone: (206) 669-0081 > Highley Recommended, Inc. FAX: (253) 838-8509 > 2927 SW 339th Street Email: dhighley@highley-recommended.com > Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com > > ---------------------------------------- Dr Thierry DELAITRE Systems and Services Manager, CSCS University of Westminster 115 New Cavendish Street, London W1W 6UW Tel: 020 7911 5000 ext: 3586 Fax: 020 7911 5089 Mobile short dial code 1788 http://www.cscs.wmin.ac.uk/~delaitt ---------------------------------------- This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must not copy or show them to anyone, nor should you take any action based on them, other than to notify the error by replying to the sender. From dhighley at highley-recommended.com Wed Dec 12 11:56:03 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:12 2003 Subject: W2K logon problem after joining a domain In-Reply-To: from "Thierry Delaitre" at Dec 12, 2001 07:30:33 PM Message-ID: <200112121954.fBCJs36Y003206@hemlock.highley-recommended.com> "Thierry Delaitre wrote:" > > > > > Thats not the problem. We are using Samba 2.2.2 and we have Win 2k > > systems. We use upper, lower, special characters, and numbers in our > > passwords. We are using Samba as a PDC running on Solaris 8. > > it got it to work with lowercase & uppercase as well but this only seems > to work for passwords which are no longer than 8 characters. I'm using > Sol7 11/99. I know that we have at least one password that is longer than 8 characters. > > Thierry. > > > I see a few differences when I view the testparm output on our > > system: > > password level = 0 > > username level = 0 > > lanman auth = Yes > > name resolve order = lmhosts host wins bcast > > > > The above are Samba default settings. We also added the following lines > > to our dhcpd.conf file in the subnet section: > > option netbios-name-servers 10.2.2.3; > > option netbios-dd-server 10.2.2.3; > > option netbios-dd-server 10.2.2.3; > > option netbios-node-type 8; > > > > > > > > Cheers, > > > > > > Thierry. > > > > > > On Tue, 11 Dec 2001, Thierry Delaitre wrote: > > > > > > > > > > > Hi, > > > > > > > > I've configured samba-2.2.2 as an NT PDC and successfuly joined a W2K box. > > > > However, I cannot login to the W2K box using the Samba domain name. I get > > > > the following error messages in log.smb: > > > > > > > > [2001/12/11 22:19:00, 0] rpc_server/srv_netlog.c:api_net_sam_logon(208) > > > > api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. > > > > [2001/12/11 22:19:00, 0] rpc_server/srv_pipe.c:api_rpcTNP(1204) > > > > api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. > > > > [2001/12/11 22:24:12, 1] smbd/server.c:main(689) > > > > smbd version 2.2.2 started. > > > > Copyright Andrew Tridgell 1992-1998 > > > > > > > > Also, I don't know why but I cannot mount a shared area provided by > > > > samba-2.2.2 and the strange things is that it works ok when I use > > > > smbclient "\\server\sharename" -U username > > > > > > > > I've put a copy of the smb.conf file that i's using. > > > > > > > > Cheers, > > > > > > > > Thierry. > > > > > > > > [globals] > > > > username level = 5 > > > > smb passwd file = /tmp/etc/private/smbpasswd > > > > workgroup = CPCNEW > > > > server string = Samba Server - Thierry Delaitre > > > > browseable = yes > > > > status = yes > > > > password level = 4 > > > > netbios aliases = SNAIL2 SNAIL3 SNAIL4 SNAIL5 SNAIL6 > > > > security = user > > > > encrypt passwords = yes > > > > domain logons = yes > > > > logon drive = h: > > > > logon script = %a.bat > > > > preserve case = yes > > > > lpq cache time = 30 > > > > time server = true > > > > wins support = no > > > > wins server = 161.74.92.102 > > > > domain master = yes > > > > local master = yes > > > > preferred master = yes > > > > os level = 65 > > > > map to guest = Bad User > > > > domain admin group = @adm > > > > > > > > [homes] > > > > comment = CPC home directories > > > > writable = yes > > > > hide dot files = yes > > > > > > > > [netlogon] > > > > path = /opt/samba/netlogon/%G > > > > writeable = yes > > > > guest ok = no > > > > locking = no > > > > > > > > > > > > > > > > > > > > > > ---------------------------------------- > > > Dr Thierry DELAITRE > > > Systems and Services Manager, CSCS > > > University of Westminster > > > 115 New Cavendish Street, London W1W 6UW > > > > > > Tel: 020 7911 5000 ext: 3586 > > > Fax: 020 7911 5089 > > > Mobile short dial code 1788 > > > > > > http://www.cscs.wmin.ac.uk/~delaitt > > > ---------------------------------------- > > > > > > This e-mail and its attachments are intended for the above named only > > > and may be confidential. If they have come to you in error you must > > > not copy or show them to anyone, nor should you take any action based > > > on them, other than to notify the error by replying to the sender. > > > > > > > > > > > > > > > -- > > > > > > Regards, > > > > David Highley Phone: (206) 669-0081 > > Highley Recommended, Inc. FAX: (253) 838-8509 > > 2927 SW 339th Street Email: dhighley@highley-recommended.com > > Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com > > > > > > ---------------------------------------- > Dr Thierry DELAITRE > Systems and Services Manager, CSCS > University of Westminster > 115 New Cavendish Street, London W1W 6UW > > Tel: 020 7911 5000 ext: 3586 > Fax: 020 7911 5089 > Mobile short dial code 1788 > > http://www.cscs.wmin.ac.uk/~delaitt > ---------------------------------------- > > This e-mail and its attachments are intended for the above named only > and may be confidential. If they have come to you in error you must > not copy or show them to anyone, nor should you take any action based > on them, other than to notify the error by replying to the sender. > > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From olivier.lemaire at IDEALX.com Wed Dec 12 12:30:16 2001 From: olivier.lemaire at IDEALX.com (Olivier Lemaire) Date: Tue Dec 2 02:37:12 2003 Subject: NT PDC licensing In-Reply-To: <3C17B122.5C1D9EA8@nu.no>; from tarjei@nu.no on Wed, Dec 12, 2001 at 08:33:54PM +0100 References: <3C178E0F.CC121168@algx.net> <20011212092937.B11202@va.samba.org> <3C17974B.3B2AE1C3@algx.net> <20011212191238.A30534@gobey.ird.idealx.com> <3C17B122.5C1D9EA8@nu.no> Message-ID: <20011212212251.A18667@gobey.ird.idealx.com> Hi, > 1. Two things are missing: > - a script to create the initial .ldifs > woulde be great if was added ok, why not. I'll do it. > - a webfrontend. > I know there are several who are working on. well, we wanted to make scripts that are just ?over? regular system tools, so any existing frontend using system tools would be fairly quick to customize (example: webmin user management module, just a small patch to it). anyway, just send my links to the following undergoing works on a frontend, as It may serve > 2. Check out the samba-tng ldap howto's if you haven't :) I've got it, Thank's to Ignacio Coupeau job ! > 3. There's a ldap replication howto on the web somewhere. Check it out if you > havent :) Yes, I think I should add to the beginning howto some info on : . ldap replication (in case of master/slave) . ldap configuration (indexes) . ldap backup and restore > 4. Why "do not choose use tls"? The pam-ldap libs work very well with ssl/tls. > I can send you a small script that you can use to generate openldap certificates > if you whant to. ok, I'm waiting for them :-) > Hope this helps a bit It does :-) > PS: THere is a huge samba w/ldap howto on the net that contaings infor for all > sambas Ignacio Coupeau'job ? -- lem From bstrauch at cmsd.k12.pa.us Wed Dec 12 13:04:13 2001 From: bstrauch at cmsd.k12.pa.us (Bill Strauch) Date: Tue Dec 2 02:37:12 2003 Subject: Script File for SMB server in an NT 2000 Domain Message-ID: <3C17C448.2070501@cmsd.k12.pa.us> Hello there, Does anyone have a samba script file for a windows 2000 domain? We are trying to introduce the SAMBA (rh 7.1) Server in our school district as a viable resource and are having a little difficulty with setting up share access to resources. The problem is simple, everytime we try to use the server resources from windoze 98 or 2000, there is a problem with authentication. Any help would be appreciated. Thanks you. Bill Strauch From dhighley at highley-recommended.com Wed Dec 12 13:08:11 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:12 2003 Subject: W2K logon problem after joining a domain In-Reply-To: from "Thierry Delaitre" at Dec 12, 2001 08:04:37 PM Message-ID: <200112122106.fBCL6SIw003615@hemlock.highley-recommended.com> "Thierry Delaitre wrote:" > > > > I know that we have at least one password that is longer than 8 > > characters. > > have you tried it with W2K and does it work ? Okay I checked it with a 16 character password that had all kinds of junk in it and it works with a Win 2k client. > > are you using some particular options with ./configure ? > > Cheers, > > Thierry. > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From awilliam at whitemice.org Wed Dec 12 13:12:03 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:37:12 2003 Subject: NT PDC licensing In-Reply-To: <20011212212251.A18667@gobey.ird.idealx.com> Message-ID: >> 2.Check out the samba-tng ldap howto's if you haven't :) >I've got it, Thank's to Ignacio Coupeau job ! Do Samba and Samba TNG use the same schema? Once upon a time I though they looked diffrent. Also we (users) need better documentation OF the schema, currently it looks like lots of attributes are there but not used (current = 2.2.1a patched). If there already is comprehensive schema documentation I'd appreciate an href to it. >>3. There's a ldap replication howto on the web somewhere. Check it out if you >>havent :) >Yes, I think I should add to the beginning howto some info on : > . ldap replication (in case of master/slave) > . ldap configuration (indexes) > . ldap backup and restore I have an LDAP presentation at ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf It has been checked over by several people from the OpenLDAP list, so most of the content should be correct. If any one wants to reference (link to) it they are more than welcome. I also intend to add a Samba section once a little more documentation comes out the chute. >>4. Why "do not choose use tls"? The pam-ldap libs work very well with ssl/tls. >>I can send you a small script that you can use to generate openldap certificates >>if you whant to. >ok, I'm waiting for them :-) >>Hope this helps a bit >It does :-) >> PS: THere is a huge samba w/ldap howto on the net that contaings infor >>for all sambas -- ----------------------------------------------------------- Ximian GNOME, Evolution, LTSP, and RedHat Linux + LVM & XFS ----------------------------------------------------------- From olivier.lemaire at IDEALX.com Wed Dec 12 13:40:03 2001 From: olivier.lemaire at IDEALX.com (Olivier Lemaire) Date: Tue Dec 2 02:37:12 2003 Subject: NT PDC licensing In-Reply-To: ; from awilliam@whitemice.org on Wed, Dec 12, 2001 at 04:09:36PM -0500 References: <20011212212251.A18667@gobey.ird.idealx.com> Message-ID: <20011212223353.A26920@gobey.ird.idealx.com> > Do Samba and Samba TNG use the same schema? Seems that answer = no Samba 2.2.2 schema is lighter than the on used on TNG (cvs from the beginning of November) : only sambaAccount (users and workstation) are dealt by 2.2.2. TNG have support for sambaGroups and sambaBuiltin For Samba 3.0, it's another pb. It seems that 3.0 will use the Microsoft Schema... I need to spend some time about it in the near future. > Also we (users) need better documentation OF the > schema, currently it looks like lots of attributes are there but not > used (current = 2.2.1a patched). If there already is comprehensive schema > documentation I'd appreciate an href to it. Most of what you're looking for is in the Ignacio Coupeau Samba + LDAP Howtos. some other will (for now, few explanation exists, I'll update this asap) be written in the Samba-2.2.2 + LDAP PDC Howto, but 'specific' to Samba-2.2.2 (samba.schema). > >>3. There's a ldap replication howto on the web somewhere. Check it out if > >> you havent :) > I have an LDAP presentation at > ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf cute ! > It has been checked over by several people from the OpenLDAP list, so most > of the content should be correct. If any one wants to reference (link > to) it they are more than welcome. No pb ! done ! thx ! > I also intend to add a Samba section once a little more documentation comes > out the chute. ok, I'll work on it for this next weekend. -- lem From olivier.lemaire at IDEALX.com Wed Dec 12 15:25:04 2001 From: olivier.lemaire at IDEALX.com (Olivier Lemaire) Date: Tue Dec 2 02:37:12 2003 Subject: NT PDC licensing In-Reply-To: <20011212212251.A18667@gobey.ird.idealx.com>; from olivier.lemaire@idealx.com on Wed, Dec 12, 2001 at 09:22:51PM +0100 References: <3C178E0F.CC121168@algx.net> <20011212092937.B11202@va.samba.org> <3C17974B.3B2AE1C3@algx.net> <20011212191238.A30534@gobey.ird.idealx.com> <3C17B122.5C1D9EA8@nu.no> <20011212212251.A18667@gobey.ird.idealx.com> Message-ID: <20011213001717.A30675@gobey.ird.idealx.com> > > 1. Two things are missing: > > - a script to create the initial .ldifs > > woulde be great if was added > ok, why not. I'll do it. done (smbldap-populate.pl), thank's to David Le Corfec ;-) -- lem From carl.huang at mic.com.tw Wed Dec 12 18:00:03 2001 From: carl.huang at mic.com.tw (=?gb2312?B?Y2FybC5odWFuZyBb/FO9qORoXQ==?=) Date: Tue Dec 2 02:37:12 2003 Subject: samba as PDC with ldap Message-ID: Hello, I'm using samba2.2.2 with ldap supporting as PDC under redhat linux, win2000 as clients. I setup ldap server and import the corresponding file to it, and it seems that samba works well without as a PDC since I can access samba file. But now I want it to be a PDC. I can join the domain from win2000, but can't login . There is a meesage like "no trusted relation between this machine and PDC" since my computer isn't in english language environment. I doubt that ldap server may cause it. I read samba-ldap-howto, but it for NT. I found that win2000 differs from NT, so i really don't know how i should organise the entry in ldap server. Is there anyone successful in doing that? Thanks for any help. Regards, Carl From gboug at unico.com.au Wed Dec 12 18:33:06 2001 From: gboug at unico.com.au (Greg Boug) Date: Tue Dec 2 02:37:12 2003 Subject: Windows NT 4.0 and Windows 2000 connections to a domain. Message-ID: <000a01c183da$64f74380$6564a8c0@akari> Hi all, I'm attempting to get a Windows NT or 2000 computer hooking into a domain. I have a Windows NT 4.0 server running as the PDC, though it is on a completely seperate subnet to the NT clients. To counter this, I have placed a Samba 2.0.7 server on the same network, and have had that machine join the domain. This machine is now running in security=domain mode, and is also set to accept domain logins, etc. Upon attempting to get a Win2k machine to connect to the domain on this seperate subnet, I get the following error: "The following error occurred attempting to joing the domain 'DOMAIN': The credentials supplied conflict with an existing set of credentials" This implies any of a number of things to me: 1. I got the password wrong (Not likely, unless somehow my caps lock key has jammed up) 2. Its not liking the fact that there was once a computer of the same name on the network. I have pre-created the machine account on the PDC and gotten this error, but the error is also present when the machine account is not present. 3. Samba server isn't doing the "right thing" (tm) with the credentials it is given... (Most likely due to a configuration problem) Logging on the PDC (Yay event viewer, one of the most useless logs of all time) indicates the PDC is not even being _asked_ about the credentials I supply. I turned on all auditing in User Mangler for Domains and still got no info. I have been running on debug level 3, which produced the following in the log.nmb logfile, which is probably the only line in the logfile at that point in time that I'm not sure what it means... [2001/12/13 12:30:28, 3] nmbd/nmbd_processlogon.c:process_logon_packet(248) process_logon_packet: SAMLOGON request from CLIENT(x.x.x.x) for CLIENT$, returning logon svr \\SAMBASVR domain DOMAIN code 13 token=ffff Any ideas what this means??? Code 13 seems to mean that it is a response to a SAMLOGON (someone want to point me at a description of what a SAMLOGIN is supposed to be? ;-) thanks, Greg From jmcd at us.ibm.com Wed Dec 12 18:45:02 2001 From: jmcd at us.ibm.com (Jim McDonough) Date: Tue Dec 2 02:37:12 2003 Subject: Windows NT 4.0 and Windows 2000 connections to a domain. Message-ID: Greg Boug wrote: >The credentials supplied conflict with an existing set of credentials" You've already got a connection to that PDC. Have you done a net use, mapped a drive, or are just browsing something on there? You've got to close all other connections to that PDC. ---------------------------- Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA jmcd@us.ibm.com jmcd@samba.org Phone: (207) 885-5565 IBM tie-line: 776-9984 From jdandrea at superlink.net Wed Dec 12 20:50:02 2001 From: jdandrea at superlink.net (Joe D'Andrea) Date: Tue Dec 2 02:37:12 2003 Subject: Domain security, Solaris 2.6->Win2K (Samba 2.2) Message-ID: Greetings! I've been working diligently to get a samba installation working with a domain/PDC on a different subnet from mine, and we're closer, but then this isn't horseshoes. :-) Here's what we've done so far: * We've got domain security set up in smb.conf, per the infamous HOWTO file. * We've joined said domain successfully. :-D * I have just been given an account on said domain. NOW, I figured I'd try to connect to my samba host. The expectation I had was that it would authenticate me relative to the domain (I still have a UNIX account with the same name so it will match up in Samba 2.2). I decided to use smbclient first: smbclient \\my.domain.fqdn\share -Ujdandrea Instead, it wanted my smbpasswd password (from when I had it set up for user security). Interestingly, when I gave it that, it told me the domain was the new domain I had added. But I didn't authenticate w/that domain. Ahh! Perhaps I should lose my smbpasswd entry. Bad move. I still couldn't login. So I decided to be explicit and try -UDOMAIN\jdandrea ... no dice. I checked the log files. Nothing useful there. Kicked up the log levels and tried again. Still nothing providing any hints. Somehow I get the suspicion it's pilot error here, but I'm also wondering in the back of my head if being on another subnet is tripping me up. I sure hope not, but anyway ... clues welcome! - JD From ratzka at HRZ.Uni-Marburg.DE Wed Dec 12 23:57:02 2001 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:37:12 2003 Subject: Windows NT 4.0 and Windows 2000 connections to a domain. References: <000a01c183da$64f74380$6564a8c0@akari> Message-ID: <3C185E81.2DE5BE36@hrz.uni-marburg.de> Greg Boug wrote: > ... This machine is now running in > security=domain mode, and is also set to accept domain logins, etc. This is the problem: after enabling domain logins, your samba server claims to be the PDC and thus prevents any communication with the Windows NT PDC. There is currently no way of making samba a BDC, so you have to run your domain either on NT or on samba. To work across subnets you don't realy need a second domain controler but a WINS server that ensures NetBios name resolution across subnets. -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany (0x2b|~(0x2b))==??? From Volker.Lendecke at SerNet.DE Thu Dec 13 00:14:02 2001 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:37:12 2003 Subject: NT PDC licensing In-Reply-To: References: Message-ID: On Wed, Dec 12, 2001 at 02:34:22PM -0500, Adam Killian wrote: > This seems like a good option to me. This project is to see how feasible it > would be to replace a Novell Netware file/print environemnt with Linux/Samba. > I am going to need OpenLdap to replace NDS anyhow. > > Just to be sure I understand... > I setup a Samba servers in each site with domain logons=yes and OpenLdap as a > slave > I pick one server to be the OpenLdap master and all is well? Yes. > Can a real NT4 app server be a member of such a domain? We have some apps the > MUST be run on NT4 servers. Yes, certainly. But be aware that Samba 2.2 does *not* do any group mapping. This means that you can not use domain groups on your NT Member server. Samba 3.0alpha contains group mapping code, but this does currently not compile with an LDAP SAM. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011213/77b9afb9/attachment.bin From cdgraph at ihug.com.au Thu Dec 13 01:12:16 2001 From: cdgraph at ihug.com.au (Colin Jenkins) Date: Tue Dec 2 02:37:12 2003 Subject: Script File for SMB server in an NT 2000 Domain In-Reply-To: <3C17C448.2070501@cmsd.k12.pa.us> References: <3C17C448.2070501@cmsd.k12.pa.us> Message-ID: <1798114097.20011213200949@ihug.com.au> Hello Bill, Thursday, December 13, 2001, 7:55:36 AM, you wrote: BS> Hello there, BS> Does anyone have a samba script file for a windows 2000 domain? BS> We are trying to introduce the SAMBA (rh 7.1) Server in our school I have been playing around with samba, w2k and nt server on my school network (nt) At home I have a linux mandrake server with win 98 clients. I have just got a w2k laptop which I use at school and home. At school, I run kixtart for the login scripts, and at home have a batch file calling up kixtart on the windows clients. What do you need to do with the script, and are you using a linux server with all w2k clients? ================================================================ Colin Jenkins ICQ: 650611 registered linux user 223862 Politics. From the greek poly, meaning many, and ticks, a small, annoying bloodsucker. ================================================================ From sanjeev at unisoftindia.net Thu Dec 13 02:23:05 2001 From: sanjeev at unisoftindia.net (san) Date: Tue Dec 2 02:37:12 2003 Subject: Samba 3.0 alpha5 Message-ID: <001101c183c0$36a2c140$0100a8c0@UNISOFTINDIA.NET> Hi all Im trying samba 3 alpha5, here how to join to a Domain using "net"command, or else is there any other way for joining into my windows domain.. Before this i was using samba 2.2.2 with that i joined into windows 2000 server, but as a computer it joined there.... thanx sanjeev -------------- next part -------------- HTML attachment scrubbed and removed From f.berger at qubix.de Thu Dec 13 04:33:02 2001 From: f.berger at qubix.de (Florian Berger) Date: Tue Dec 2 02:37:12 2003 Subject: W2k Prof client can't join samba domain Message-ID: Hi I downloaded today the samba code via cvs via "cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_2_2" and compiled it without any ./configure options Then i wrote the following smb.conf: [global] workgroup = QXCLIENTS security = DOMAIN encrypt passwords = yes log level = 4 log file = /var/log/smb/%m.log domain admin group = @pdcadm domain logons = yes os level = 65 preferred master = true domain master = true [netlogon] path = /home/netlogon browseable = no and i created the user and the machine accounts 4 my workstations, but when i try to join the domain i get the following error in the logfile: domain_client_validate: could not fetch trust account password for domain QXCLIENTS What have i todo that my w2k workstation can join? so long Flow-B From jdandrea at superlink.net Thu Dec 13 10:23:09 2001 From: jdandrea at superlink.net (Joe D'Andrea) Date: Tue Dec 2 02:37:12 2003 Subject: Domain security, Solaris 2.6->Win2K (Samba 2.2) In-Reply-To: Message-ID: Well, as an update ... I was able to set security = SERVER and then pick an explicit PDC as a password server, and NOW THAT WORKS. Now I can do: smbclient -L SERVER -Ujdandrea%password Using the PDC account this time. :-) ... except I'd really like to get domain security working. If I enable it, it's as if I'm back at user level security. It ignores passing things on to the PDC. Bizarre. The DOMAIN_MEMBER.html doc also explains why domain security is "a good thing" so that is only driving me on to want to do it this way. As extra credit, I also ran through DIAGNOSIS.txt from top-to-bottom and all looks good, except for it not passing the login along to the PDC! (Sort of the whole reason I'd use security = domain.) Clues still welcome. -- Joe From rtanner at cls.usask.ca Thu Dec 13 12:26:05 2001 From: rtanner at cls.usask.ca (Robby Tanner) Date: Tue Dec 2 02:37:12 2003 Subject: WinBind and ????? Message-ID: <000001c18414$025b3a30$1401140a@cls> A while ago, there was some talk about an effort to merge to branches of the tree. These two branches would make integration into an NT environment smoother, and provide the same file-based permission granularity as NT (as opposed to the Unix file permissions). WinBind was one of them and I can't remember the other. I wish to to accomplish the same sort of file permission control as NT file servers have on their shares. I asked this question a while ago, and found that someone had done it for BSD. Is this now possible with the Linux port of Samba? Please excuse me if the terms I'm using are not very articulate. I'm not that familiar with the issues surrounding SMB. Cheers, Robby Tanner B.Sc. (EE), B.Sc. (Cmpt. Sci) Controls Engineer Canadian Light Source University of Saskatchewan 107 North Road Saskatoon, Saskatchewan Canada S7N 5C6 Phone: (306) 966-6054 Direct: (306) 657-3582 Fax: (306) 966-6058 http://www.cls.usask.ca From samba at denverdata.com Thu Dec 13 14:57:06 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:37:12 2003 Subject: samba as PDC with ldap In-Reply-To: Message-ID: Carl, can you see the sambaAccount entry for this Win2k machine in your directory? Are the acctFlags set correctly ([M ])? Are lmPassword and ntPassword set? I use Samba 2.2.1a with ldap support. As a habit I create the sambaAccount entry in my directory before trying to join the machine to the domain and have had no problems. HTH, Doug > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of carl.huang [üS½¨äh] > Sent: Wednesday, December 12, 2001 6:56 PM > To: 'samba-ntdom@lists.samba.org' > Subject: samba as PDC with ldap > > > Hello, > > I'm using samba2.2.2 with ldap supporting as PDC under redhat > linux, win2000 > as clients. > I setup ldap server and import the corresponding file to it, and it seems > that > samba works well without as a PDC since I can access samba file. > > But now I want it to be a PDC. I can join the domain from > win2000, but can't > login . There is a meesage like "no trusted relation between this machine > and > PDC" since my computer isn't in english language environment. > > I doubt that ldap server may cause it. I read samba-ldap-howto, but it for > NT. > I found that win2000 differs from NT, so i really don't know how > i should > organise the entry in ldap server. > > Is there anyone successful in doing that? > Thanks for any help. > > Regards, > Carl > > > From gaubrig at yahoo.com Thu Dec 13 15:21:03 2001 From: gaubrig at yahoo.com (Gaurang Pandya) Date: Tue Dec 2 02:37:12 2003 Subject: Adding Samba in ADS Message-ID: <20011213231846.72166.qmail@web10206.mail.yahoo.com> Hi Group, I am having trouble in adding my Samba 2.2.2 server in to ADS. When I apply command smbpasswd -r -j -U administrator it first prompts for the password after I type the correct password, it says "session setup ok" Then shows details about my pdc such as "Domain name", "OS", "Server". But after that is says "Unable to Join to domain " Does any one know about this problem. Or can any one tell me where to look for problem (may be any log files). Thanks for giving me time. Gaurang. __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com From prabusubroto at yahoo.com Thu Dec 13 17:51:06 2001 From: prabusubroto at yahoo.com (Prabu Subroto) Date: Tue Dec 2 02:37:12 2003 Subject: (no subject) Message-ID: <20011214014917.66269.qmail@web14704.mail.yahoo.com> Dear Ma Pals, I have an application for my clients computer which using ftp protocol to cdownload some report periodically. But we have only one connection through my proxy server with Squid. I tried to use ipmasquerading with kernel.2.2 and SuSEFirewall1 and it made it... My client can doing ftp but...why did it only take a very short time only in 15 minutes than my client can not doing ftp anymore.... So I have to restart my proxy machine because after I restart it my client can do ftping back with ipmasquarading.... But again another 15 minutes more I have to restart it again. Funny.... Linux is very funny.... Non Sense..... I am using Squid as the proxy server. What should I do to make my clients can doing ftp permanently ? Thank you in advance. __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com From calvin18 at calvin18.dhs.org Thu Dec 13 21:00:02 2001 From: calvin18 at calvin18.dhs.org (Calvin18) Date: Tue Dec 2 02:37:12 2003 Subject: Configuring samba 2.2.2 for PAM support Message-ID: <001601c1845b$e5bf3b90$0200a8c0@gemmacomp> I would like to configure my linux PDC to use PAM for authentication both ways.. meaning samba being able to authenticate users thru my linux server's password database and also being able to change passwords on my linux server thru windows. I read the Samba Howto collecting but still do not understand how to go about doing it.. could someone pls help me? Thank you -------------- next part -------------- HTML attachment scrubbed and removed From Nicolas.Kowalski at imag.fr Fri Dec 14 02:23:03 2001 From: Nicolas.Kowalski at imag.fr (Nicolas Kowalski) Date: Tue Dec 2 02:37:12 2003 Subject: Change uid of machine accounts Message-ID: I need to change uids for almost all our windows workstations (95/98/NT4/2K). If I change the relevant information in smbpasswd and passwd files, will all run smoothly or do I need to restart these workstations ? Are there some other issues ? Thanks in advance. Nicolas. From masterplan at barrysworld.com Fri Dec 14 02:26:03 2001 From: masterplan at barrysworld.com (Richard Cunningham) Date: Tue Dec 2 02:37:12 2003 Subject: Newbie questions ahoy Message-ID: <1008325025.4765.50.camel@Linuxmachine> Hi, I've been asked to set up a small linux network at a school where i am currently a ICT technicnan, we have numerous NT servers, and we have a old p2 333 server which is going to be the new linux server for teaching the kids how to use\setup linux (deathwish if you ask me.) but anyway, I need to know if it is.. 1) Possible to make a log-in script in linux so it automounts their home directory on the main fileserver 2) Able to get a list of all the users from the main server to the linux server without having to type them all up If you have any suggestions\how-to's or anything please let me know, ta :) Regards Richard @ NSFB From m.brodbelt at acu.ac.uk Fri Dec 14 04:11:08 2001 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:37:12 2003 Subject: NT PDC licensing References: <3C178E0F.CC121168@algx.net> <20011212092937.B11202@va.samba.org> <3C17974B.3B2AE1C3@algx.net> Message-ID: <3C19EBE7.9030800@acu.ac.uk> Matt Pavlovich wrote: > I will be testing this in a lab in the next few weeks and will gladly > assist in authoring a "Samba LDAP Domain HOWTO". > > What does the timeframe for 2.2.3 look like? Having the HOWTO ready by > then would be handy. > > Additionally, I am migrating a production NT 4.0 domain to the Samba > managed domain and am willing to work with anyone on this as well. > "NT->Samba Domain Migration HOWTO" to come later.. I've been writing one off and on for a while. I've spoken to Gerry about it, and it's currently a plain text document itemising what you need to do. I have tested a migration based on these instructions, and it is transparent. I've also written a Perl script to go through the contents of a smbpasswd file dumped from the NT SAM with pwdump, and sync the UID's and the UID's in /etc/passwd, create new accounts where necessary, and add all the machine accounts. I'm now at the stage where I need to run one more test (which I was planning on doing next week) and then add any necessary updates, convert the documentation written thus far to DocBook, and submit it. I'm happy to send out copies of my docs (and perl code) to any interested parties. I was hoping to have it in a finished state before Christmas, but I'm not sure I'll make it. It's been ongoing for months, 'cause I hardly ever get time to look at it. Mike. From LMaze at aubertduval.fr Fri Dec 14 05:18:02 2001 From: LMaze at aubertduval.fr (Lionel MAZE) Date: Tue Dec 2 02:37:12 2003 Subject: security = domain and username map necessity Message-ID: <3C19FB67.F6950EB1@aubertduval.fr> Hi, I have installed a SAMBA server 2.0.10 on COMPAQ Tru64. I have added my UNIX server in NT domain with Server Manager on my PDC. I have created a smb.conf file using SWAT and I have added a share. Then I have started samba as daemon. I can see the unix server in my browser and I can see the share too but I can't access it unles I use a username map file. What's wrong ? Lionel. From leet at leenx.co.za Fri Dec 14 07:35:06 2001 From: leet at leenx.co.za (C.Lee Taylor) Date: Tue Dec 2 02:37:12 2003 Subject: NT PDC licensing References: <20011212200213.2631550D9@lists.samba.org> Message-ID: <3C1A1BAC.2060201@leenx.co.za> Please don't take the discussion off-list, I would like to know how things are going and if I might be able help and test what you guys are doing. On the question of member servers joining the domain, what else would be need to add a Terminal Server as a domain member ... I think I saw once that I will loos some functionality, could any give me an idea on this. Thanks for all the hard work everbody has put into all of this ... Mailed Lee From Volker.Lendecke at SerNet.DE Fri Dec 14 07:46:03 2001 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:37:12 2003 Subject: NT PDC licensing In-Reply-To: (message from Adam Williams on Wed, 12 Dec 2001 16:09:36 -0500 (EST)) References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I have an LDAP presentation at > ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf God, this is great! Do you have more written notes about what you say when you give that presentation? Where did you find all that information? Mere RTFM did not give that kind of understanding that you have, at least not to me. Volker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Fingerprint available: phone +49 551 3700000 iD8DBQE8Gh43ZeeQha3jd9gRAg3SAJwM7Nt4fQiJgh5HKlBP1t3j7NJEkwCfWal3 7hZIAF+XR2CCfp+deZmVo/o= =17HD -----END PGP SIGNATURE----- From mpav at algx.net Fri Dec 14 09:30:02 2001 From: mpav at algx.net (Matt Pavlovich) Date: Tue Dec 2 02:37:12 2003 Subject: NT PDC licensing References: <20011212200213.2631550D9@lists.samba.org> <3C1A1BAC.2060201@leenx.co.za> Message-ID: <3C1A35FD.3C06313A@algx.net> We are talking about taking the discussion of writing the HOWTO documentation off-list. The documentation will be readily available, and anyone who is interested in helping is invited to participate, simply email me or any of the others who have noted they are going to be helping. A discussion on the details of writing the documentation does not fit into the scope of use for what this mailing list is intended. Matt Pavlovich mpav@debian.org "C.Lee Taylor" wrote: > > Please don't take the discussion off-list, I would like to > know how things are going and if I might be able help > and test what you guys are doing. > > On the question of member servers joining the domain, > what else would be need to add a Terminal Server as a > domain member ... I think I saw once that I will loos > some functionality, could any give me an idea on this. > > Thanks for all the hard work everbody has put into > all of this ... > > Mailed > Lee From delaitt at cpc.wmin.ac.uk Fri Dec 14 10:21:10 2001 From: delaitt at cpc.wmin.ac.uk (Thierry Delaitre) Date: Tue Dec 2 02:37:12 2003 Subject: W2K logon problem after joining a domain In-Reply-To: <200112122106.fBCL6SIw003615@hemlock.highley-recommended.com> Message-ID: I seem to be having the same problem as the one described in: http://lists.samba.org/pipermail/samba-ntdom/2001-February/051331.html I suspect it's due to the Solaris 7 OS. Has anybody tried 2.2.2 with Solaris 7 and with more than 8 characters in a password ? I'll try with Solaris 8. T. On Wed, 12 Dec 2001, David Highley wrote: > "Thierry Delaitre wrote:" > > > > > > > I know that we have at least one password that is longer than 8 > > > characters. > > > > have you tried it with W2K and does it work ? > > Okay I checked it with a 16 character password that had all kinds of > junk in it and it works with a Win 2k client. > > > > > are you using some particular options with ./configure ? > > > > Cheers, > > > > Thierry. From claudio.hernandez at ogiharaproeza.com.mx Fri Dec 14 10:52:45 2001 From: claudio.hernandez at ogiharaproeza.com.mx (Claudio Hernandez) Date: Tue Dec 2 02:37:13 2003 Subject: Smbclient -N -R wins -L machine Message-ID: <03BD7AD64A6DD211AE2A0060977F01D9489A31@EXCHANGE> Smbclient -N -R wins -L machine This command send me the next results: added interface ip=192.6.11.2 bcast 192.6.11.255 nmask=255.255.255.0 Got a positive name query response from 192.6.1.170 [WINS SERVER] (192.6.11.35) [my ip address] session setup failed: ERRDOS - ERRnoaccess (Access Denied) I can?t see the shared resources, but I CAN access to them. ?? I really don't know what is happening. I have this unique machine runing in a NT DOMAIN, It?will be the first FTP, HTTP, Print Server in the entire corporation. Thanks. Ing. Claudio Hern?ndez. Sistemas OPM Tel. 83-54-72-60 Ext. 259 Skytel Tel. 83190779 Pin: 5996543 e-mail: claudio.hernandez@ogiharaproeza.com.mx La informaci?n contenida o adjunta a este mensaje es clasificada como No-P?blica, de car?cter privado y confidencial, es propiedad de Proeza, sus afiliados y/o subsidiarias que en conjunto denominaremos Proeza y no puede ser reproducida, revelada o transmitida a terceros o ser utilizada para prop?sitos no definidos dentro de los t?rminos comercialmente aceptables por el receptor del mensaje, sus colaboradores o asociados sin el consentimiento previo y por escrito por parte de Proeza. Estas restricciones son adicionales a cualquier acuerdo paralelo que se hubiese establecido entre las partes en t?rminos de acuerdos, contratos o convenios de Confidencialidad o similares entre Proeza y el receptor de este mensaje. The information contained in or attached to this message, to the extent it is non-public, is the confidential, proprietary information of Proeza.,its affiliates and/or subsidiaries (collectively, "Proeza") and may not be reproduced, disclosed to any third party or used by the recipient and/or the recipient's employer (hereinafter "recipient"), for other than the intended purpose for which it was provided to the recipient, without the prior written approval of Proeza. These restrictions are in addition to any restrictions that may apply pursuant to the terms of any Confidentiality or Non-Disclosure Agreement(s) between Proeza and the recipient From mlueck at lueckdatasystems.com Fri Dec 14 19:06:04 2001 From: mlueck at lueckdatasystems.com (Michael Lueck) Date: Tue Dec 2 02:37:13 2003 Subject: DOS Client to Samba Server? Message-ID: <200112150303.VAA27516@turqua.propagation.net> Does anyone have info or links to data on connecting a real DOS client to a Linux Samba server? If so, is there any options to NOT have a static IP address on the DOS side? I would like to make some sort of generic bootable image that does not need an IP address set into it for each computer one visits with the disk. TIA! Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ From jdandrea at superlink.net Sat Dec 15 09:32:02 2001 From: jdandrea at superlink.net (Joe D'Andrea) Date: Tue Dec 2 02:37:13 2003 Subject: Domain security, Solaris 2.6->Win2K (Samba 2.2) In-Reply-To: Message-ID: Interesting. Since posting this, I've tried searching a bit more closely for said topic, and I've found I'm not the only one in this quandary! Seems to be an issue on Solaris 2.6/2.8 Samba 2.2.2, authenticating via a Win2K PDC using Domain security. Another symptom that more than one person has matched up on: The Win2K box sees the Samba server not as "NT" or "NT 4.0" but as "" - yup, blank. The clue hunt continues ... - JD From jbeauchamp7 at mindspring.com Sat Dec 15 09:42:03 2001 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:37:13 2003 Subject: Another Win2000 sp2 logon problem Message-ID: <001801c1858f$ee20f780$1501a8c0@kitchen> Hello All: I have been monitoring this list for quite a while and thought when I got around to upgrading to the latest Samba version that I would not have any trouble setting up Samba as a PDC :) Boy was I wrong. Here is my situation: redhat 7.2 with CVS from 12/11/01 I compiled with the only option being --with-smbmount. I have a win2k box that is SP2. I got it to join the domain without much problem but I cannot log on now! I get the error message "the system cannot log you on to this domain because the systems computer account in its primary domain is missing or the password on that account is incorrect" I have not seen this message in any of the online docs (diagnosis.txt etc.). I can list shares fine with smbclient, I can log on localy to the win2k box and then browse the samba server shares fine so I know that it authenticates my userid and password O.K. Has anyone seen this error message or have a clue as to what I should try?? Thanks in advance James From jbeauchamp7 at mindspring.com Sat Dec 15 09:46:02 2001 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:37:13 2003 Subject: Follow up on win2k logon problems Message-ID: <000701c18590$81d09580$1501a8c0@kitchen> Sorry: I forgot to insert the error message I'm getting in the log for that machine (netbios name 'kitchen' - yes I know - but that is where the machine is located ;) ) Here is what is in the log: [2001/12/13 19:40:54, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) get_md4pw: Workstation kitchen$: no account in domain [2001/12/13 19:43:24, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) get_md4pw: Workstation kitchen$: no account in domain And it does have an account (workstation account with $ appended) Thanks James From jbeauchamp7 at mindspring.com Sat Dec 15 15:54:07 2001 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:37:13 2003 Subject: Follow up on win2k logon problems References: <000701c18590$81d09580$1501a8c0@kitchen> <3C1BD6E8.D022A578@unav.es> Message-ID: <000701c185c3$f0771ee0$1501a8c0@kitchen> Ignacio: I checked that registry entry and it is already '0' like the docs say. Thanks though... James ----- Original Message ----- From: "Ignacio Coupeau" To: "James W. Beauchamp" Sent: Saturday, December 15, 2001 6:04 PM Subject: Re: Follow up on win2k logon problems > sound me like the sign|seal problem (common to XP and W2K+SP); see the > docs (the name is simirar to signorseal...) > Ignacio > -- > ____________________________________________________ > Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es > CTI, Director fax: 948 425619 > University of Navarra voice: 948 425600 > Pamplona, SPAIN http://www.unav.es/cti/ > From cdgraph at ihug.com.au Sat Dec 15 19:32:02 2001 From: cdgraph at ihug.com.au (Colin Jenkins) Date: Tue Dec 2 02:37:13 2003 Subject: Another Win2000 sp2 logon problem In-Reply-To: <001801c1858f$ee20f780$1501a8c0@kitchen> References: <001801c1858f$ee20f780$1501a8c0@kitchen> Message-ID: <1081044894.20011216143256@ihug.com.au> Hello James, Sunday, December 16, 2001, 4:42:56 AM, you wrote: --with-smbmount. JWB> I have a win2k box that is SP2. I got it to join the domain without much JWB> problem but I cannot log on now! I get the error message "the system cannot JWB> log you on to this domain because the systems computer account in its JWB> primary domain is missing or the password on that account is incorrect" I to get my w2k laptop to logon to my linux-mandrake network, I had to bind netbui to tcp/ip on the w2k box. (had to do this to get it to run logon scripts on an nt domain as well. ================================================================ Colin Jenkins ICQ: 650611 registered linux user 223862 WEILER'S LAW: Nothing is impossible for the man who does not have to do it himself. ================================================================ From jon at yackgoggleclick.com Sun Dec 16 07:43:03 2001 From: jon at yackgoggleclick.com (Jon Agland) Date: Tue Dec 2 02:37:13 2003 Subject: DOS Client to Samba Server? References: <200112150303.VAA27516@turqua.propagation.net> Message-ID: <002a01c18648$173374a0$1e00900a@private.ntl.com> Hi Michael try the following url; http://www.bovistech.com/tcpip.htm Many Thanks Jon Agland E-mail: jon@yackgoggleclick.com ICQ: 132480600 E-bay User: aggie_slim Mobiles: 07779259661/07941018761/07763601184 Webpage: www.yackgoggleclick.com ----- Original Message ----- From: Michael Lueck To: SAMBA NTDom Sent: 15 December 2001 03:04 Subject: DOS Client to Samba Server? > Does anyone have info or links to data on connecting a real DOS client to a > Linux Samba server? > > If so, is there any options to NOT have a static IP address on the DOS side? I > would like to make some sort of generic bootable image that does not need an IP > address set into it for each computer one visits with the disk. > > TIA! > > Michael Lueck > Lueck Data Systems > http://www.lueckdatasystems.com/ > > > From jbeauchamp7 at mindspring.com Sun Dec 16 10:07:01 2001 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:37:13 2003 Subject: Another Win2000 sp2 logon problem References: <001801c1858f$ee20f780$1501a8c0@kitchen> <1081044894.20011216143256@ihug.com.au> Message-ID: <002101c1865c$7ac182a0$1601a8c0@easypea.com> Colin: Thanks for the reply. I'll give this a try since I am desperate! However, it doesn't seem like this should be necessary should it? James > Hello James, > > Sunday, December 16, 2001, 4:42:56 AM, you wrote: > > --with-smbmount. > > JWB> I have a win2k box that is SP2. I got it to join the domain without much > JWB> problem but I cannot log on now! I get the error message "the system cannot > JWB> log you on to this domain because the systems computer account in its > JWB> primary domain is missing or the password on that account is incorrect" I > to get my w2k laptop to logon to my linux-mandrake network, I had to > bind netbui to tcp/ip on the w2k box. > (had to do this to get it to run logon scripts on an nt domain as > well. > > > > > > > > ================================================================ > Colin Jenkins > ICQ: 650611 registered linux user 223862 > WEILER'S LAW: Nothing is impossible for the man who does not have to do it himself. > ================================================================ > From Geoffrey.Dolman at cimr.cam.ac.uk Sun Dec 16 10:35:03 2001 From: Geoffrey.Dolman at cimr.cam.ac.uk (Geoffrey Dolman) Date: Tue Dec 2 02:37:13 2003 Subject: Logging into Windows 2000/sp2 with Samba PDC Message-ID: Hi I am having problems logging into a Windows 2000 client in a samba domain. I have added a root account using smbpasswd -a, a machine account to /etc/passwd with a $ appended to the end and home space and shell set to /dev/null and /bin/false. Then I added this machine to smbpasswd with smbpasswd -a -m machine_name. Having done this I restarted samba and logged into windows. I changed from a workgroup to the relevant domain and after about two minutes of egg-timer I got a message welcome to the test4 domain - you must reboot for changes to take effect etc. After I rebooted I tried to logon to the domain using the root account I had setup. I got an error message saying that the computer account did not exist on the domain etc that other people have posted about. At this point I figured that at no point had I told windows what password to use when authenticating itself to the domain so I ran smbpasswd -n machine_name$ to set the computer password to null and then allowed (against better judgement) null passwords in smb.conf. I rebooted windows and tried to login to the domain the same as before with the result that I was told you cannot login to the test4 domain now because it is not available. I checked with tcpdump and network connectivity is *not* the problem. If I log into the pc with a local account I can browse the domain in net'hood and I can map a network drive passing over one of the usernames eg root that I have setup. I have tried this several different times using different domain names and different client account names. All with the same result. I have read through the faqs, how-tos etc and months worth of list messages but can't find an answer to this particular problem. Can anyone help please? Here is my smb.conf [global] workgroup = TEST4 server string = test4 encrypt passwords = Yes update encrypted = Yes null passwords = Yes # I'd rather not have this username map = /map # /map says root = root. This does not appear to help/make any diff unix password sync = Yes log level = 3 log file = /var/log/samba/log.%m large readwrite = Yes time server = Yes domain admin group = root @wheel add user script = /usr/sbin/adduser %m domain logons = Yes os level = 255 preferred master = True domain master = True wins support = Yes admin users = root hosts allow = 192.168.0. [homes] username = %S read only = No only user = Yes [netlogon] path = /tmp/netlogon/ read only = No This is only a test machine so I'm not bothered about shares and printers and stuff. I just want the pdc emulation to work so I know what to do on the real server which is currenlty only supporting a workgroup. Other details Windows version: 2000 Professional sp2 (all recent patches installed) Server: Red Hat 7.2 kernel 2.4.7-10 samba 2.2.2 (but I had the same problems with 2.2.1a supplied out of the can with Red Hat - yes I did remove 2.2.1a before installing 2.2.2) Many thanks Geoff Dolman From bgmilne at cae.co.za Sun Dec 16 13:18:02 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:37:13 2003 Subject: WinBind and ????? Message-ID: <20011216210242.68EE71EED4@mail.cae.sun.ac.za> >Message: 1 >From: "Robby Tanner" ; >To: ; >Subject: WinBind and ????? >Date: Thu, 13 Dec 2001 14:23:20 -0600 > >A while ago, there was some talk about an effort to merge to branches of the >tree. These two branches would make integration into an NT environment >smoother, and provide the same file-based permission granularity as NT (as >opposed to the Unix file permissions). WinBind was one of them and I can't >remember the other. That would be samba-tng and samba. samba-tng provided better support for domain controlling and membership, but most of that functionality is in the current alpha releases of samba-3. >I wish to to accomplish the same sort of file permission control as NT file >servers have on their shares. I asked this question a while ago, and found >that someone had done it for BSD. Is this now possible with the Linux port >of Samba? Samba-2.2.2 supports ACLs on certain filesystems (XFS and ACL-patched ext2) and winbind. Winbind is however improving in samba_2_2 cvs, and will hopefully be better in samba-2.2.3. >Please excuse me if the terms I'm using are not very articulate. I'm not >that familiar with the issues surrounding SMB. If you have not got a significant investment in a particular distribution, the easiest way to get working ACLs and winbind under linux is to install Mandrake 8.1 (use XFS for data partitions you wish to share out with ACLs) and upgrade to samba-2.2.2, rpms ( with working XFS ACLs and almost-out-the-box winbind) of which can be found in the unsupported directory of cooker or at http://ranger.dnsalias.com/mandrake/samba. XFS quotas work in the updated kernel, and are supported by samba. There is also some documentation on setting up winbind at http://mandrakeuser.org/connect/csamba5.html#winbind. The only other linux distribution which supports ACLs out the box (AFAIK) is SGI's installer for Redhat, and I am not sure if they have ACL support in their samba RPMs. Regards, Buchan From bgmilne at cae.co.za Sun Dec 16 14:28:01 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:37:13 2003 Subject: Newbie questions ahoy Message-ID: <20011216221218.C5D8D7EF8@mail.cae.sun.ac.za> >Message: 7 >Subject: Newbie questions ahoy >From: Richard Cunningham ; >To: samba-ntdom@lists.samba.org >Date: 14 Dec 2001 10:17:04 +0000 > >Hi, I've been asked to set up a small linux network at a school where i >am currently a ICT technicnan, we have numerous NT servers, and we have >a old p2 333 server which is going to be the new linux server for >teaching the kids how to use\setup linux (deathwish if you ask me.) but >anyway, I need to know if it is.. > >1) Possible to make a log-in script in linux so it automounts their home >directory on the main fileserver No, login scripts can't be executed. It is however (apparently) possible to set pam_mount to automatically mount directories when a user logs in, even for use as their home directory. I have just compiled RPMs of this for Mandrake 8.1 (available at http://ranger.dnsalias.com/mandrake/mandrake8.1), but I can't seem to get it to work yet ... (it does umount the directories I have set up at logout, but it doesn't yet mount them at login ...) >2) Able to get a list of all the users from the main server to the linux >server without having to type them all up For this you will need to use winbind, which is only available in samba-2.2.2 at present. Mandrake 8.1 RPMs of samba-2.2.2 with working winbind are available at http://ranger.dnsalias.com/mandrake/samba/. For associated docs see http://mandrakeuser.org/connect/csamba5.html#winbind >If you have any suggestions\how-to's or anything please let me know, ta >:) Regards, Buchan From datk at albury.net.au Sun Dec 16 14:58:02 2001 From: datk at albury.net.au (David Atkinson) Date: Tue Dec 2 02:37:13 2003 Subject: DOS Client to Samba Server? In-Reply-To: <200112150303.VAA27516@turqua.propagation.net> Message-ID: Michael, The company I work for uses something much like you probably want. At our laptop repair site there is a disk (multiple copies of the same disk) that boots dos and brings up networking (off the disk) then runs ghost off the network to do a pre-load of the machine. The disk is based on the Microsoft Client which is on the Microsoft website. It can also be made up on a WinNT server (I think it is one of the options under administrative tools) As for the preload disk I'll try and obtain a copy for you to look at, but it has only Xircom (PCMCIA) network drivers. Regards, David Atkinson -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Michael Lueck Sent: Saturday, 15 December 2001 2:05 PM To: SAMBA NTDom Subject: DOS Client to Samba Server? Does anyone have info or links to data on connecting a real DOS client to a Linux Samba server? If so, is there any options to NOT have a static IP address on the DOS side? I would like to make some sort of generic bootable image that does not need an IP address set into it for each computer one visits with the disk. TIA! Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ From lamasney at mlode.com Sun Dec 16 18:26:09 2001 From: lamasney at mlode.com (Mike Lamasney) Date: Tue Dec 2 02:37:13 2003 Subject: DOS Client to Samba Server? In-Reply-To: <200112150303.VAA27516@turqua.propagation.net> Message-ID: <3.0.5.32.20011216182608.008b0380@mlode.com> Mike, at our school I have a single diskette that I can boot on an empty machine, fdisk the HDD, format it, connect to the network, map a Samba server share and build the client. It supports about a dozen NICs we commonly use and uses DHCP to get its IP address. It uses the common Microsoft client DOS software -- no magic -- but includes a host of DOS maintenance utilities I've found are convenient to have. If you send me your address, I'll mail you a copy. At 10:04 PM 12/14/01 -0500, Michael Lueck wrote: >Does anyone have info or links to data on connecting a real DOS client to a >Linux Samba server? > >If so, is there any options to NOT have a static IP address on the DOS side? I >would like to make some sort of generic bootable image that does not need an IP >address set into it for each computer one visits with the disk. > >TIA! > >Michael Lueck >Lueck Data Systems >http://www.lueckdatasystems.com/ > > > > From cdgraph at ihug.com.au Mon Dec 17 01:18:05 2001 From: cdgraph at ihug.com.au (Colin Jenkins) Date: Tue Dec 2 02:37:13 2003 Subject: Logging into Windows 2000/sp2 with Samba PDC In-Reply-To: References: Message-ID: <32614545.20011217201817@ihug.com.au> Hello Geoffrey, Monday, December 17, 2001, 5:32:26 AM, you wrote: GD> Hi GD> I am having problems logging into a Windows 2000 client in a samba domain. Had exactly the same problem. (using lm8) on the w2k box binding netbui to tcp/ip fixed it for me. ================================================================ Colin Jenkins ICQ: 650611 registered linux user 223862 Politics. From the greek poly, meaning many, and ticks, a small, annoying bloodsucker. ================================================================ From Maxime.Quinzin at integris.fr Mon Dec 17 05:29:02 2001 From: Maxime.Quinzin at integris.fr (Maxime.Quinzin@integris.fr) Date: Tue Dec 2 02:37:13 2003 Subject: Pb read refresh Message-ID: Hello, I have Samba between Windows and AIX, we've got a synchronization prob : - An update file on AIX is not immediatly visible in his latest version on Windows (98 or NT) - The upadte can reach several minutes Is there a solution to force the synchronization immediatly (or faster) with Samba ? Thank you. From linux at fenix.uam.mx Mon Dec 17 07:31:05 2001 From: linux at fenix.uam.mx (Romy Perez Moreno) Date: Tue Dec 2 02:37:13 2003 Subject: DOS Client to Samba Server? In-Reply-To: <200112150303.VAA27516@turqua.propagation.net> Message-ID: HI, I have done a floppy disk that is used to mirror w2k workstation from a SAMBA server in case they get corrupted. It uses microsoft lanmanager and logs into the samba server, mounts a share and runs ghost FROM the server mirrowing the image TO the WS. On the boot, it asks the ip for the WS and sets the gateway and dns according to the IP provided, this is because I have two subnets in my Laboratory. If it is usefull for you, send me an e-mail and I'll send it to you. cu. On Fri, 14 Dec 2001, Michael Lueck wrote: > Does anyone have info or links to data on connecting a real DOS client to a > Linux Samba server? > > If so, is there any options to NOT have a static IP address on the DOS side? I > would like to make some sort of generic bootable image that does not need an IP > address set into it for each computer one visits with the disk. > > TIA! > > Michael Lueck > Lueck Data Systems > http://www.lueckdatasystems.com/ > > > -- Ing. Romy Perez Moreno e-mail: romy@fenix.uam.mx, romy@correo.azc.uam.mx http://fenix.uam.mx/romy tel: 5318 9067 / 5382-7157 From wardd at thewinesociety.com Mon Dec 17 07:41:06 2001 From: wardd at thewinesociety.com (Dean Ward) Date: Tue Dec 2 02:37:13 2003 Subject: Winbind on Solaris 2.6 Message-ID: <8B9E950C899EB846B61E4EACFDDF6CA95367@postman-pat.internal.thewinesociety.com> Hi All, I've successfully installed Winbind on a Solaris 2.6 box and started the winbindd daemon to talk to our NT boxes. I executed wbinfo -t and 'secret is good' was returned and from the debug output at level 3 the daemon appears to be talking to our PDC. However, for some reason when executing wbinfo -u or wbinfo -g no information is returned. No errors are stated in the debug log - it acknowledges that the request was received, but it does not seem to do pull any data back from the PDC. Any ideas? Could this be a problem with the Anonymous access registry settings on the PDC or something along those lines? Thanks for your help, Dean Ward Info Systems The Wine Society From Andre.Liem at redknee.com Mon Dec 17 11:07:07 2001 From: Andre.Liem at redknee.com (Andre Liem) Date: Tue Dec 2 02:37:13 2003 Subject: I can view smbclient from samba share, but not smbclient from ano ther client. Message-ID: Hi I'm running samba 2.2.2 on a Solaris machine named "Homer" and a Redhat Linux 7.2 machine named "Krusty". The setup of Samba on Solaris (Homer) went without a hitch. Very smooth in fact. However when I set up Samba on Redhat (Krusty), I've had some issues. When I view smbclient from krusty I get: ./smbclient -U% -L krusty added interface ip=5.1.1.31 bcast=5.1.1.255 nmask=255.255.255.0 Domain=[WORKGROUP] OS=[Unix] Server=[Samba 2.2.2] Sharename Type Comment --------- ---- ------- test Disk For testing on Krusty IPC$ IPC IPC Service (samba 2.2.2 on (krusty)) ADMIN$ Disk IPC Service (samba 2.2.2 on (krusty)) Server Comment --------- ------- KRUSTY samba 2.2.2 on (krusty) Workgroup Master --------- ------- WORKGROUP But when I do this from Homer I get: ./smbclient -U% -L krusty added interface ip=5.1.1.8 bcast=5.1.1.255 nmask=255.255.255.0 error connecting to 5.1.1.31:139 (Connection refused) Connection to krusty failed I've checked the etc/services file and I have the following settings: netbios-ns 137/tcp nbns # NETBIOS Name Service netbios-ns 137/udp nbns netbios-dgm 138/tcp nbdgm # NETBIOS Datagram Service netbios-dgm 138/udp nbdgm netbios-ssn 139/tcp nbssn # NETBIOS session service I can ping/ftp from Krusty <-> Homer and vice-versa When I performed the testparm, everything was fine: Load smb config files from /usr/local/samba/lib/smb.conf Processing section "[test]" Loaded services file OK. My smb.conf file is very simple as well: [global] workgroup = workgroup server string = samba %v on (%L) encrypt passwords = yes local master = no [test] comment = For testing on Krusty path = /export/samba/test read only = no guest ok = yes Is there anything else I'm missing? Andre Liem Redknee Inc. email: andre.liem@redknee.com From jbeauchamp at gesinc.com Mon Dec 17 11:12:02 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:37:13 2003 Subject: I can view smbclient from samba share, but not smbclient from another client. References: Message-ID: <000a01c18747$3c4d2100$1d01a8c0@gesinc.com> Andre: By any chance when you installed the RH 7.2 did you enable any of the firewalling? If so, netfilter is probably blocking the Samba packets. Just a guess though. James ----- Original Message ----- From: "Andre Liem" To: Sent: Monday, December 17, 2001 11:04 AM Subject: I can view smbclient from samba share, but not smbclient from another client. > Hi > > I'm running samba 2.2.2 on a Solaris machine named "Homer" and a Redhat > Linux 7.2 machine named "Krusty". > The setup of Samba on Solaris (Homer) went without a hitch. Very smooth in > fact. > However when I set up Samba on Redhat (Krusty), I've had some issues. > > When I view smbclient from krusty I get: > ./smbclient -U% -L krusty > added interface ip=5.1.1.31 bcast=5.1.1.255 nmask=255.255.255.0 > Domain=[WORKGROUP] OS=[Unix] Server=[Samba 2.2.2] > > Sharename Type Comment > --------- ---- ------- > test Disk For testing on Krusty > IPC$ IPC IPC Service (samba 2.2.2 on (krusty)) > ADMIN$ Disk IPC Service (samba 2.2.2 on (krusty)) > > Server Comment > --------- ------- > KRUSTY samba 2.2.2 on (krusty) > > Workgroup Master > --------- ------- > WORKGROUP > > But when I do this from Homer I get: > ./smbclient -U% -L krusty > added interface ip=5.1.1.8 bcast=5.1.1.255 nmask=255.255.255.0 > error connecting to 5.1.1.31:139 (Connection refused) > Connection to krusty failed > > I've checked the etc/services file and I have the following settings: > netbios-ns 137/tcp nbns # NETBIOS Name Service > netbios-ns 137/udp nbns > netbios-dgm 138/tcp nbdgm # NETBIOS Datagram Service > netbios-dgm 138/udp nbdgm > netbios-ssn 139/tcp nbssn # NETBIOS session service > > I can ping/ftp from Krusty <-> Homer and vice-versa > > When I performed the testparm, everything was fine: > Load smb config files from /usr/local/samba/lib/smb.conf > Processing section "[test]" > Loaded services file OK. > > My smb.conf file is very simple as well: > > [global] > workgroup = workgroup > server string = samba %v on (%L) > encrypt passwords = yes > local master = no > > [test] > comment = For testing on Krusty > path = /export/samba/test > read only = no > guest ok = yes > > Is there anything else I'm missing? > > Andre Liem > Redknee Inc. > email: andre.liem@redknee.com > > > From david.moruzzi at babcockbrown.com Mon Dec 17 18:51:39 2001 From: david.moruzzi at babcockbrown.com (David Moruzzi) Date: Tue Dec 2 02:37:13 2003 Subject: "File being modified" Win2000 Message-ID: Thanks for the pointer. This option did not help either. Any one else ever heard of this issue. -----Original Message----- From: David Highley [mailto:dhighley@highley-recommended.com] Sent: Tuesday, December 11, 2001 8:46 PM To: samba-ntdom@lists.samba.org Subject: Re: "File being modified" Win2000 "David Moruzzi wrote:" > > I have been working with Samba 2.2.0 and have hit a major problem when users > accessing files from the server. > > A 'FILE RESERVATION' warning pops---in Windows 2000--up with an error saying > that the "File.xyz is being modified by USER---where user is the last person > to have opened the file. > > I have tried turning of oplocks and kernel locks in the Global section of > the smd.conf: Try the following in the share section: oplocks = No level2 oplocks = No > > [global] > client code page = 437 > workgroup = XYZ > server string = San Francisco File Server > security = DOMAIN > encrypt passwords = Yes > password server = sfprinters, nyprinters > passwd program = /usr/bin/yppasswd %u > log file = /usr/local/samba/var/log.%m > local master = No > wins server = xx.xx.xx.xx > kernel oplocks = No > create mask = 0666 > directory mask = 0777 > oplocks = No > > This does not seems to work. Also I have been unable to get the log file to > use the %m variable and create a separate file for each client. Are these > bugs of 2.2.0. I have stop and started the smbd service several times. > > I have found a few postings on the web about this, but no answers. > > Thanx for your help > > > > This email message may contain information that is confidential and > proprietary to Babcock & Brown or a third party. If you are not the > intended recipient, please contact the sender and destroy the original and > any copies of the original message. Babcock & Brown takes measures to > protect the content of its communications. However, Babcock & Brown cannot > guarantee that email messages will not be intercepted by third parties or > that email messages will be free of errors or viruses. > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com This email message may contain information that is confidential and proprietary to Babcock & Brown or a third party. If you are not the intended recipient, please contact the sender and destroy the original and any copies of the original message. Babcock & Brown takes measures to protect the content of its communications. However, Babcock & Brown cannot guarantee that email messages will not be intercepted by third parties or that email messages will be free of errors or viruses. From gabriel_orozco at mx.sumida.com Mon Dec 17 20:57:33 2001 From: gabriel_orozco at mx.sumida.com (gabriel_orozco@mx.sumida.com) Date: Tue Dec 2 02:37:13 2003 Subject: Newbie questions ahoy Message-ID: I have uploaded an update ntlogon python script, that uses a configuration file where you can put what you want for every group, and if the user is into the user group, then it will connect to the shares especified. it's pretty straighforward and is based on NTLOGON v0.87, but with many enhancements. this is the link: www.glo.org.mx/~redimido/ntlogon.zip documented in spanish and english. i've packed it into windows zip because it's what I have at this very moment : ) best regards. Gabriel Orozco Ruiz Velazco Magnetics & ABS M.I.S. Guadalajara Information Systems (523)619-1720 Ext. 102 From dhighley at highley-recommended.com Mon Dec 17 23:28:03 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:13 2003 Subject: Samba Issues With HPUX 11i Message-ID: <200112180725.fBI7PeVl025297@hemlock.highley-recommended.com> Need to ask if any site has been successful running Samba 2.2.2 on an HPUX 11i system. We have a customer site that we did an upgrade on over the weekend. First problem we noticed were two group names that were longer than 8 characters did not seem to authenticate. We had the Windows administrators shorten the names to 8 characters and all appeared to be working. Today when the employees started accessing the server things would slow down after a while and then Samba would stop serving the shares. By the way HPUX 10.20 does not seem to truncate the group names. Monitoring the system showed now unusual loads. We kept running smbstatus and we would see the number of lock files grow and then they would be released. Nothing appeared unusual here either. Then after a while we would need to restart Samba to get the file serving working. This is not a large site, probably not more than 20 client systems. We had upgraded from a TAS installation running on another HPUX 11 system. Here is the smb.conf file: [global] workgroup = XXXXX netbios name = BAKER server string = Samba %v on %L (ClearCase) load printers = no show add printer wizard = no log file = /var/adm/syslog/samba_log.%m max log size = 50 max open files = 5000 password server = blues security = server encrypt passwords = yes guest account = smbnull domain logons = no domain master = false local master = no preferred master = false wins server = 172.16.0.10 dns proxy = no username map = /opt/samba/lib/users.map kernel oplocks = no [ClearCase] comment = ClearCase path = /ClearCase read list = @Develope @vob @build write list = @Develope @vob @build read only = no guest ok = yes oplocks = no level2 oplocks = no -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From stuart.callender at ellisonslegal.com Tue Dec 18 03:33:04 2001 From: stuart.callender at ellisonslegal.com (stuart.callender@ellisonslegal.com) Date: Tue Dec 2 02:37:13 2003 Subject: Samba & Network Printers Message-ID: <511F963F7114D4119D6B00D0B73E7A6F28AABC@ELLSERVER> Hi All My Windows 2000 Professional PC which I am currently using as a printer server can no longer handle the number of users required (10 connections max). Following my successful implementation of a Samba PDC running on a SuSe Linux 7.2 Box, I thought that I would turn my hand to configuring another Linux Server as a Printer Server using Samba. However, I am not sure that this is possible... Currently, I have 4 HPLaserJet 4100 printers network configured using TCP/IP and each one allocated it's own IP address, plugged straight into the network. All these printers are accessable via my Windows2000 pro box, each one having it's own JetDirect Port. Before I start this project, I would appreciate any infeed as to whether it would be possible for me to set up a Linux Print Server to control these printers, without the need to physically connect them to the Linux server. My gut feeling is that it is possible, but I am not sure about the steps needed to accomplish this feat. Would I need to set them up under Linux first, then configure Samba to control them? Some brief steps would be extremelly appreciated in order to get me started on this one...... Thanks & Regards Stuart Callender From read_a at univerahealthcare.org Tue Dec 18 05:54:03 2001 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:37:13 2003 Subject: Samba & Network Printers Message-ID: <972A14E1A4EF2140A5EB399EAA9CA7DE0302CA77@cnyw2k112.uhccny.com> This is very easy to implement and can scale qute nicely. We have three sets of print servers(each has a failover via Mon and heartbeat) with anywhere between 17 to 90 mostly Hp 4000/4050/4100 hung on the network via jetdirect cards. We have 10 8000/8100 hung off the main box (10 of 90). All printers print to thier full speed capacity, and users have thier jobs spool out within seconds. These have been upgraded, but started out at Samba 2.2.1 alpha. You must first set up the printer in your printcap then set up drivers in Samba. There are How-To's and info in the Samba documentation(keep up the good work). Any other questions, ask away. Good Luck, Adam Read IT, Univera HealthCare, WNY From Jean.Guillou at upmf-grenoble.fr Tue Dec 18 06:19:02 2001 From: Jean.Guillou at upmf-grenoble.fr (Jean Guillou) Date: Tue Dec 2 02:37:13 2003 Subject: Logging into Windows 2000/sp2 with Samba PDC Message-ID: <20011218151654.C24820@upmf-grenoble.fr> Hello I have the same problem ( samba 2.2.2) GD> I am having problems logging into a Windows 2000 client in a samba domain. Had exactly the same problem. (using lm8) on the w2k box binding netbui to tcp/ip fixed it for me. Please an you explain what does that mean, and what you did exactly on the w2k box? Thanks -- ---- Jean Guillou T?l (+33) (0)4 76 82 54 07 Fax CRI UPMF/ Batiment ANRT/ BP 47 / 38040 GRENOBLE CEDEX 9 / FRANCE http://www.upmf-grenoble.fr/cri Jean.Guillou@upmf-grenoble.fr From jim at morris-world.com Tue Dec 18 06:40:05 2001 From: jim at morris-world.com (Jim Morris) Date: Tue Dec 2 02:37:13 2003 Subject: Samba & Network Printers In-Reply-To: <511F963F7114D4119D6B00D0B73E7A6F28AABC@ELLSERVER> Message-ID: On Tue, 18 Dec 2001 stuart.callender@ellisonslegal.com wrote: > Before I start this project, I would appreciate any infeed as to whether it > would be possible for me to set up a Linux Print Server to control these > printers, without the need to physically connect them to the Linux server. > My gut feeling is that it is possible, but I am not sure about the steps > needed to accomplish this feat. Yes - I have done just this in the past. The printers implement the lpd/lpr protocol, which is pretty much the "native" Unix printing protocol. You configure the Linux system to access these as remote Unix-style printers using the IP address of each printer when defining the print queues under Linux. You can also specify a queue name on the printer to use as well - not sure this matters though. I don't have one of these printers handy right now, as they are all out at a customer site where I did some consulting work in the past... > Would I need to set them up under Linux first, then configure Samba to > control them? Yes. Once setup in the printcap under Linux, the printers SHOULD automatically show up for Samba clients, if you have the [printers] share configured properly in smb.conf. > Some brief steps would be extremelly appreciated in order to get me started > on this one...... I suggest setting up the printers first, and making sure you can print to them from the Linux system. If just about any "modern" Linux distribution (Redhat, Mandrake, Caldera, Suse), there will be a printer control panel style utility that should assist you in configuring each print queue, as well as print test pages too. Once that is done, simply setup the [printers] share in smb.conf. This can be done manually (see "man smb.conf"), or via a control panel utility such as Swat, Webmin or Linuxconf... -- /-------------------------------------\ | Jim Morris | jim@morris-world.com | \-------------------------------------/ From gary at edisoninfo.com Tue Dec 18 07:34:36 2001 From: gary at edisoninfo.com (Gary S MacKay) Date: Tue Dec 2 02:37:13 2003 Subject: Samba & Network Printers In-Reply-To: References: <511F963F7114D4119D6B00D0B73E7A6F28AABC@ELLSERVER> Message-ID: <5.1.0.14.0.20011218102819.00ac3b30@mail.edisoninfo.com> I'm not sure you need to worry about having the proper drivers on the samba box. I've setup many of these and the only thing you need is to define the printer in /etc/printcap (ie. lp1, lp2, lp3, etc.) and, as mentioned, in the smb.conf file. If you are not going to actually print from an app running on the samba box, then don't worry about drivers. Samba just passes the traffic through. - Gary At 08:37 AM 12/18/2001 -0600, Jim Morris wrote: >On Tue, 18 Dec 2001 stuart.callender@ellisonslegal.com wrote: > > > Before I start this project, I would appreciate any infeed as to whether it > > would be possible for me to set up a Linux Print Server to control these > > printers, without the need to physically connect them to the Linux server. > > My gut feeling is that it is possible, but I am not sure about the steps > > needed to accomplish this feat. > >Yes - I have done just this in the past. The printers implement the >lpd/lpr protocol, which is pretty much the "native" Unix printing >protocol. You configure the Linux system to access these as remote >Unix-style printers using the IP address of each printer when defining the >print queues under Linux. You can also specify a queue name on the >printer to use as well - not sure this matters though. I don't have one >of these printers handy right now, as they are all out at a customer site >where I did some consulting work in the past... > > > Would I need to set them up under Linux first, then configure Samba to > > control them? > >Yes. Once setup in the printcap under Linux, the printers SHOULD >automatically show up for Samba clients, if you have the [printers] share >configured properly in smb.conf. > > > Some brief steps would be extremelly appreciated in order to get me started > > on this one...... > >I suggest setting up the printers first, and making sure you can print to >them from the Linux system. If just about any "modern" Linux distribution >(Redhat, Mandrake, Caldera, Suse), there will be a printer control panel >style utility that should assist you in configuring each print queue, as >well as print test pages too. > >Once that is done, simply setup the [printers] share in smb.conf. This can >be done manually (see "man smb.conf"), or via a control panel utility such >as Swat, Webmin or Linuxconf... > > -- >/-------------------------------------\ >| Jim Morris | jim@morris-world.com | >\-------------------------------------/ ----------------------------------------------------------------------- Edison Information Technologies www.EdisonInfo.com P.O. Box 554 Gary@EdisonInfo.com Milan, OH 44846-0554 419.499.7040 From tabolom at mail.ru Tue Dec 18 07:56:08 2001 From: tabolom at mail.ru (Vladislav Tabolin) Date: Tue Dec 2 02:37:13 2003 Subject: Samba PDC and domain logon script Message-ID: I have a samba PDC on OpenBSD and i whant to launch script on server (such as netfilter configuration per machine ) when user is loging in to domain. I use "root preexec script" parameter and script that cheking username and service name(netlogon or profile). But client may refer to this services several times so script was launching several times. sorry for bad english From greg at leiinc.com Tue Dec 18 09:12:05 2001 From: greg at leiinc.com (Greg Zartman) Date: Tue Dec 2 02:37:13 2003 Subject: This list still active Message-ID: <20011218090901.10ax5gw@server.leiinc.com> How active is this list? I understand that it isn't mainstream, but are people still participating? Greg Zartman -- Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. 1243 West 7th Avenue Eugene, Oregon 97402 541-683-8383 fax 541-683-8144 From dariush at forouher.de Tue Dec 18 09:20:38 2001 From: dariush at forouher.de (Dariush Forouher) Date: Tue Dec 2 02:37:13 2003 Subject: profiles file problem Message-ID: Hi! I have a problem with Win2K Worstations in a Samba Domain: If a file in the profile (e.g. on the desktop) is deleted local on the client, this file won't be removed on the samba server while transfering the profile back. Create/Change files works. On the server runs Samba 2.2.2stable, the Workstations Win2000 SP2. regards Dariush Forouher From jon at yackgoggleclick.com Tue Dec 18 09:41:24 2001 From: jon at yackgoggleclick.com (Jon Agland) Date: Tue Dec 2 02:37:13 2003 Subject: profiles file problem References: Message-ID: <001b01c187ea$9f51f4d0$e100900a@npt.private.ntli.net> Hi Thats NT/2k Profiles for you try removing the file from the profiles folder on the server in the users home directory and also on the desktop on the profile I think its h:\profiles\desktop obviously where h is the home and profiles is the profile folder. Many Thanks Jon Agland E-mail: jon@yackgoggleclick.com ICQ: 132480600 E-bay User: aggie_slim Mobiles: 07779259661/07941018761/07763601184 Webpage: www.yackgoggleclick.com ----- Original Message ----- From: "Dariush Forouher" To: "Samba NT Domain Mailing List" Sent: 18 December 2001 17:05 Subject: profiles file problem > Hi! > > I have a problem with Win2K Worstations in a Samba Domain: > If a file in the profile (e.g. on the desktop) is deleted local on the > client, this file won't be removed on the samba server while transfering > the profile back. Create/Change files works. > On the server runs Samba 2.2.2stable, the Workstations Win2000 SP2. > > regards > Dariush Forouher > > From adam.evans at infrasoft-civil.com Tue Dec 18 09:48:02 2001 From: adam.evans at infrasoft-civil.com (Adam Evans) Date: Tue Dec 2 02:37:14 2003 Subject: Suggestions for best solution Message-ID: My Samba 2.2.1a server is running happily at present. I'm waiting for a lot of the nice features which will hopefully come in v3, but before then I've got something to sort out. Simply, I need to get an email server working. This will be accessed through MS Outlook, so straight off, probably an IMAP server. I know that bit. Question is, what about authentication? I'd like the server setup so they logon to the network with there single password, and that is it, no other password for the email! Is it possible to set up the server to do this? Would I need to use PAM? I've seen several HOWTO's about different areas, but nothing there has really helped me. Thanks for any help, Adam ********************************************************************** The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be those of Infrasoft, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact : postmaster@infrasoft-civil.com and delete this message. **********************************************************************" From greg at leiinc.com Tue Dec 18 10:19:04 2001 From: greg at leiinc.com (Greg Zartman) Date: Tue Dec 2 02:37:14 2003 Subject: Junkmail filter and this list Message-ID: <20011218101851.11xr4hu@server.leiinc.com> I've noticed that most of my messages from this list get filtered out by my junkmail filter (procmail). Would anyone have any idea what is causing that? Greg Zartman -- Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. 1243 West 7th Avenue Eugene, Oregon 97402 541-683-8383 fax 541-683-8144 From awilliam at whitemice.org Tue Dec 18 10:21:06 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:37:14 2003 Subject: Suggestions for best solution In-Reply-To: References: Message-ID: <1008699519.14518.4.camel@estate1.whitemice.org> >My Samba 2.2.1a server is running happily at present. I'm waiting for a lot >of the nice features which will hopefully come in v3, but before then >I've got something to sort out. >Simply, I need to get an email server working. This will be accessed through >MS Outlook, so straight off, probably an IMAP server. I know that bit. >Question is, what about authentication? I'd like the server setup so >they logon to the network with there single password, and that is it, >no other password for the email! Is it possible to set up the server to >do this? Would I need to use PAM? I've seen several HOWTO's about >different areas, but nothing there has really helped me. You probably need to look for an IMAP server that support NTLM, I don't know if a PAM modules is available for that or not (I haven't seen one). These are NT/2000 clients? If it is pure 2000 you might take a crack at Kerberos. The link below provides some information about PAM and NSS- ftp://ftp.kalamazoolinux.org/pub/pdf/pam_and_nss.pdf The link below provided some information about Kerberos- ftp://ftp.kalamazoolinux.org/pub/pdf/KerberosV-v3.pdf From lists.samba-ntdom at zylex.co.nz Tue Dec 18 13:20:05 2001 From: lists.samba-ntdom at zylex.co.nz (Warren Shepherd) Date: Tue Dec 2 02:37:14 2003 Subject: Samba 2.2.2 PDC Logon with Windows XP Professional Message-ID: <000001c18809$9becdfc0$0a00a8c0@century> Hello I've got a problem with Windows XP Pro logging into a Samba 2.2.2 PDC. Unfortunately it's a production server so it's very urgent that I fix this, people complaining, etc. I got through various hassles of problems with joining the domain, however the XP Pro workstation in question (named 'Century') has now successfully joined the domain, showing the "Welcome to the Zylex domain" dialog box. The computer has successfully rebooted as it says it should with the "You must restart for the changes to take effect - yes/no" box. After the reboot however when you try to login to the domain, the following dialog box is displayed. Logon Message: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, please contact your system administrator for assistance. There's no noticeable delay in between hitting enter and the box being displayed. I've made a computer account on the Samba PDC using the following commands: useradd -s /bin/false -d /dev/null century\$ (also tried without the slash just incase). Smbpasswd -a -m century Samba has been restarted at every stage. Various configurations have been tried (including encrypt passwords being on and off). WinXP SignOrSeal is off (Registry patch applied, and changed manually). My 98SE Laptop can log into it fine with the same username and password I am using to log into this machine. The 98 machine is not logged in when I'm trying to log into this one. I've had multiple 9x machines logging into the domain successfully. What am I missing? Can anybody help me? -------------- next part -------------- HTML attachment scrubbed and removed From claudio.hernandez at ogiharaproeza.com.mx Tue Dec 18 14:48:06 2001 From: claudio.hernandez at ogiharaproeza.com.mx (Claudio Hernandez) Date: Tue Dec 2 02:37:14 2003 Subject: =?iso-8859-1?Q?Guest_account_doesn=B4t_get_access_to_samba?= Message-ID: <03BD7AD64A6DD211AE2A0060977F01D949F365@EXCHANGE> Samba, 2.2.2 RH 7.2 Hi all, I?m new in the samba issues as you can see in the subject. I need that all my clients get access to a shared resource in my samba server, but without creating all the unix accounts, I read that I could do that by adding the line: gest account = nobody And in the shared resource: [share] guest ok = yes I did it, but when I try to access the PC samba, using the Network Neighborhood, it asks me a network password. What am I doing wrong? Thanks for all. Ing. Claudio Hern?ndez. Sistemas OPM Tel. 83-54-72-60 Ext. 259 Skytel Tel. 83190779 Pin: 5996543 e-mail: claudio.hernandez@ogiharaproeza.com.mx La informaci?n contenida o adjunta a este mensaje es clasificada como No-P?blica, de car?cter privado y confidencial, es propiedad de Proeza, sus afiliados y/o subsidiarias que en conjunto denominaremos Proeza y no puede ser reproducida, revelada o transmitida a terceros o ser utilizada para prop?sitos no definidos dentro de los t?rminos comercialmente aceptables por el receptor del mensaje, sus colaboradores o asociados sin el consentimiento previo y por escrito por parte de Proeza. Estas restricciones son adicionales a cualquier acuerdo paralelo que se hubiese establecido entre las partes en t?rminos de acuerdos, contratos o convenios de Confidencialidad o similares entre Proeza y el receptor de este mensaje. The information contained in or attached to this message, to the extent it is non-public, is the confidential, proprietary information of Proeza.,its affiliates and/or subsidiaries (collectively, "Proeza") and may not be reproduced, disclosed to any third party or used by the recipient and/or the recipient's employer (hereinafter "recipient"), for other than the intended purpose for which it was provided to the recipient, without the prior written approval of Proeza. These restrictions are in addition to any restrictions that may apply pursuant to the terms of any Confidentiality or Non-Disclosure Agreement(s) between Proeza and the recipient From aoclarit at kiwi.dhs.org Tue Dec 18 16:24:02 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:37:14 2003 Subject: profile-folder keeps getting created in home/user Message-ID: <007401c18823$1745fc60$8c4331a2@Alex2000> Hi When my W2k box logs on to my samba pdc (2.2.1a-4) it keeps creating the profiles folder in my home folder. I don't have any of the roaming profile stuff enabled in smb.conf and I changed my profile from roaming to local in W2k, yet when I delete the folder and log on again - it's back. Has anyone seen this ? regards, Alex From rtanner at cls.usask.ca Tue Dec 18 19:18:02 2001 From: rtanner at cls.usask.ca (Robby Tanner) Date: Tue Dec 2 02:37:14 2003 Subject: Can not connect to samba server In-Reply-To: <03BD7AD64A6DD211AE2A0060977F01D949F365@EXCHANGE> Message-ID: <000001c1883b$7b5b6600$1401140a@cls> Hello all, I have a RHL 7.1 server with Samba 2.0 (not sure of actual version, but I can get it if need be) on a Win2K run network. The network has XP NT4.0 and 98 workstations and so is not running in "native" mode, as I understand. I have configured the samba server and it is running on the network. I can ping the server and see it in Microsoft Windows, however, there is no + sign beside the machine icon to show that there is a share. I have shared a dir /pub with guest ok, writeable, browseable, printable and just about everything else imaginable = true. When I click on the machine however, I get an "\\Cmpt065 is inaccessible" or "Could not find a path to \\Cmpt065" error. I'm sure that it is just a matter of getting smb.conf sorted out (well, I hope anyway) and would greatly appreciate any help any could provide. Regards, Rob From cdgraph at ihug.com.au Tue Dec 18 20:28:02 2001 From: cdgraph at ihug.com.au (Colin Jenkins) Date: Tue Dec 2 02:37:14 2003 Subject: Logging into Windows 2000/sp2 with Samba PDC In-Reply-To: <20011218151654.C24820@upmf-grenoble.fr> References: <20011218151654.C24820@upmf-grenoble.fr> Message-ID: <1201027146.20011219152901@ihug.com.au> Hello Jean, Wednesday, December 19, 2001, 1:16:54 AM, you wrote: JG> Please an you explain what does that mean, and what you did exactly on JG> the w2k box? On the w2k box, 1. right click on networkneighbourhood 2. select properties 3. right click on Local area connection 4. select properties 5. select properties for tcp/ip 6. click on ADVANCED tab 7. click on WINS tab 8. tick enable NetBIOS over TCP/IP 9. restart ================================================================ Colin Jenkins ICQ: 650611 registered linux user 223862 WEILER'S LAW: Nothing is impossible for the man who does not have to do it himself. ================================================================ From chris at aims.com.au Tue Dec 18 23:09:03 2001 From: chris at aims.com.au (Chris Knight) Date: Tue Dec 2 02:37:14 2003 Subject: Migration from NT4 PDC to Samba PDC Message-ID: <02b501c1885b$b75bc210$020aa8c0@aims.private> Howdy, I was wondering how I go about achieving a migration of an NT4 PDC to a Samba PDC. I was thinking of using Samba TNG with the SAM stored in LDAP, configuring it as a BDC, take down the NT4 PDC, then promoting Samba TNG to be the PDC. My options at this stage would be to run a dual-head Samba configuration, with Samba authenticating against TNG, or to move the LDAP data out of the samba-tng schema and into the samba schema and then configure Samba as the PDC. Does anyone have a better idea of how to achieve this? Ideally, I'd like to move from NT4 to Samba, but if I have to use Samba TNG, so be it. Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au From didier.roques at brive.unilim.fr Wed Dec 19 00:20:02 2001 From: didier.roques at brive.unilim.fr (didier roques) Date: Tue Dec 2 02:37:14 2003 Subject: group policy Message-ID: <4.2.0.58.20011219090334.00c82510@mail> Hi all, i use samba 2.2.2 under a linux box, and win2ksp2 clients, everythink work ok, but is it possible to define a group policy (like on a win2kserver) for a group defined on the samba server ? From andreas at xss.co.at Wed Dec 19 04:37:11 2001 From: andreas at xss.co.at (Andreas Haumer) Date: Tue Dec 2 02:37:14 2003 Subject: Upgrade Samba PDC from 2.2.0 -> 2.2.2 Message-ID: <3C20896E.9CFB7D7@xss.co.at> Hi! We have samba 2.2.0 running as PDC for a domain with about 30 NT workstations. We are using server-based profiles, and also some printer drivers are stored on the server. There are about 40 disk shares and 10 printer shares defined. We now want to upgrade this server to samba-2.2.2, because of new W2kSP2 workstations which sould be installed in the near future. The upgrade is scheduled for next week, because between Christmas and New Year the office is almost empty, and other services are shut down due to Euro conversion... :-) My question is: now that samba uses a lot of database files which are not easily human-readable ("/var/lock/samba/*.tdb" with samba-2.2.0, "/var/cache/samba/*.tdb" with samba-2.2.2), and also some files in /etc/samba/ ("secrets.tdb", "MACHINE.SID"), what are the files to save during the update? What files can be deleted, what files must not be deleted? Can I just copy all the files from "/var/lock/samba/" to "/var/cache/samba/"? It is absolutely essential that after the update all people on all workstations can work in the domain just as before! A complete (or even partial) re-install of the NT workstations is not an option! Is there a "samba-update-HOWTO" somewhere? Does anyone out there have any experience with such an update on a samba PDC server in production use? Any help would be appreciated! If I survive this challenge I'm quite willing to report all experiences to the list... :-) Thanks in advance! - andreas -- Andreas Haumer | mailto:andreas@xss.co.at *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 From geoffrey.dolman at cimr.cam.ac.uk Wed Dec 19 06:12:07 2001 From: geoffrey.dolman at cimr.cam.ac.uk (Geoffrey Dolman) Date: Tue Dec 2 02:37:14 2003 Subject: Logging into Windows 2000/sp2 with Samba PDC In-Reply-To: <20011218151654.C24820@upmf-grenoble.fr> References: <20011218151654.C24820@upmf-grenoble.fr> Message-ID: <1008770962.1042.26.camel@trabaccalo> Hi Jean, I don't think that binding NetBIOS to TCP/IP is the problem I'm having. In my humble experience of samba I have found that Windows 2000 clients will not browse samba shares or anything without NetBIOS bound to TCP/IP. The problem I am having can be summarised as follows: Samba shares in a workgroup : OK Log onto PC with local account & browse samba share or map drive : OK Changed to domain logons etc in smb.conf as shown in my original post (sorry I don't have a copy to hand), added a root account and a machine account with smbpasswd. Logged onto the PC (which does have NetBIOS bound to tcp/ip) opened the system applet in the control panel and clicked properties. I changed from workgroup to domain supplying the username root and the relevant password when prompted. After a minute or so I got a message saying welcome to the domain. I rebooted the pc. When it came back up I got a message along the lines of There is no computer account for this machine on the domain or the password is wrong. I then changed the computer password to null ie smbpasswd -n machine, allowed null passwords in smb.conf, restarted smaba and rebooted the pc. When the pc came back up I tried to log in again except this time I was told that the domain was not available. I've tried using different machine names and domain names and this does not make any difference. I've also tried to add the computer to the domain without creating an account for it before hand and this does not work. I get an access denied message. This may well be the source of the problem because the root account needs to be able to alter the account to join it to the domain doesn't it? However, comparing the HOW-TOS with what I have done and the problems other people report, I can't see why this should be the case. cheers Geoff On Tue, 2001-12-18 at 14:16, Jean Guillou wrote: > Hello > > I have the same problem ( samba 2.2.2) > > GD> I am having problems logging into a Windows 2000 client in a samba domain. > Had exactly the same problem. (using lm8) > on the w2k box binding netbui to tcp/ip fixed it for me. > > Please an you explain what does that mean, and what you did exactly on > the w2k box? > > Thanks > > > -- > ---- > Jean Guillou T?l (+33) (0)4 76 82 54 07 Fax > CRI UPMF/ Batiment ANRT/ BP 47 / 38040 GRENOBLE CEDEX 9 / FRANCE > http://www.upmf-grenoble.fr/cri Jean.Guillou@upmf-grenoble.fr > -- Geoff Dolman JDRF/WT Diabetes and Inflammation Laboratory Cambridge Institute for Medical Research University of Cambridge http://www-gene.cimr.cam.ac.uk/todd/ From jbeauchamp at gesinc.com Wed Dec 19 06:17:36 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:37:14 2003 Subject: Samba 2.2.2 PDC Logon with Windows XP Professional References: <000001c18809$9becdfc0$0a00a8c0@century> Message-ID: <004701c188b0$6894fa20$1d01a8c0@gesinc.com> Warren: I believe this is the XP SignorSeal issue. In your source files you will find a .reg file that is named xpsignorseal or something like that. HTH I have the exact same problem except with a Win2K machine and I haven't been able to figure it out yet. James ----- Original Message ----- From: Warren Shepherd To: samba-ntdom@lists.samba.org Sent: Tuesday, December 18, 2001 1:18 PM Subject: Samba 2.2.2 PDC Logon with Windows XP Professional Hello I've got a problem with Windows XP Pro logging into a Samba 2.2.2 PDC. Unfortunately it's a production server so it's very urgent that I fix this, people complaining, etc. I got through various hassles of problems with joining the domain, however the XP Pro workstation in question (named 'Century') has now successfully joined the domain, showing the "Welcome to the Zylex domain" dialog box. The computer has successfully rebooted as it says it should with the "You must restart for the changes to take effect - yes/no" box. After the reboot however when you try to login to the domain, the following dialog box is displayed. Logon Message: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, please contact your system administrator for assistance. There's no noticeable delay in between hitting enter and the box being displayed. I've made a computer account on the Samba PDC using the following commands: useradd -s /bin/false -d /dev/null century\$ (also tried without the slash just incase). Smbpasswd -a -m century Samba has been restarted at every stage. Various configurations have been tried (including encrypt passwords being on and off). WinXP SignOrSeal is off (Registry patch applied, and changed manually). My 98SE Laptop can log into it fine with the same username and password I am using to log into this machine. The 98 machine is not logged in when I'm trying to log into this one. I've had multiple 9x machines logging into the domain successfully. What am I missing? Can anybody help me? From turner at juelich-enzyme.com Wed Dec 19 06:29:04 2001 From: turner at juelich-enzyme.com (Francis Turner) Date: Tue Dec 2 02:37:14 2003 Subject: Logging into Windows 2000/sp2 with Samba PDC References: <20011218151654.C24820@upmf-grenoble.fr> <1008770962.1042.26.camel@trabaccalo> Message-ID: <3C20A36D.1070705@juelich-enzyme.com> Geoffrey Dolman wrote: > Hi Jean, > > I don't think that binding NetBIOS to TCP/IP is the problem I'm having. > In my humble experience of samba I have found that Windows 2000 clients > will not browse samba shares or anything without NetBIOS bound to > TCP/IP. > The problem I am having can be summarised as follows: > > Samba shares in a workgroup : OK > Log onto PC with local account & browse samba share or map drive : OK > > Changed to domain logons etc in smb.conf as shown in my original post > (sorry I don't have a copy to hand), added a root account and a machine > account with smbpasswd. > Logged onto the PC (which does have NetBIOS bound to tcp/ip) opened the > system applet in the control panel and clicked properties. I changed > from workgroup to domain supplying the username root and the relevant > password when prompted. > After a minute or so I got a message saying welcome to the domain. > I rebooted the pc. > > When it came back up I got a message along the lines of There is no > computer account for this machine on the domain or the password is > wrong. I then changed the computer password to null ie smbpasswd -n > machine, allowed null passwords in smb.conf, restarted smaba and > rebooted the pc. > When the pc came back up I tried to log in again except this time I was > told that the domain was not available. > > I've tried using different machine names and domain names and this does > not make any difference. I've also tried to add the computer to the > domain without creating an account for it before hand and this does not > work. I get an access denied message. This may well be the source of the > problem because the root account needs to be able to alter the account > to join it to the domain doesn't it? However, comparing the HOW-TOS with > what I have done and the problems other people report, I can't see why > this should be the case. > > cheers > > Geoff > On Tue, 2001-12-18 at 14:16, Jean Guillou wrote: > >>Hello >> >>I have the same problem ( samba 2.2.2) >> >>GD> I am having problems logging into a Windows 2000 client in a samba domain. >> Had exactly the same problem. (using lm8) >> on the w2k box binding netbui to tcp/ip fixed it for me. >> The enclosed post on the samba mail list seems to explain the problem ans possible solution. Haven't tried it yet but I'm stuck at exactly this point myself -- Francis Turner, CIO Juelich Enzyme Products GmbH http://www.juelich-enzyme.com/ +49-173-291-7278 If you're not part of the solution, you're part of the precipitate. -- Henry J. Tillman -------------- next part -------------- An embedded message was scrubbed... From: "David Kadlec" Subject: Re: Replacing NT4 PDC with Samba 2.2.2 Date: Wed, 19 Dec 2001 12:55:02 +0100 Size: 4665 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20011219/3efbd009/ReplacingNT4PDCwithSamba2.2.eml From tarjei at nu.no Wed Dec 19 08:17:05 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:37:14 2003 Subject: Suggestions for best solution References: Message-ID: <3C20BD0A.5E93EB23@nu.no> > Simply, I need to get an email server working. This will be accessed through MS Outlook, so straight off, probably an >to do this? Would I need to use PAM? I've seen several HOWTO's about different areas, but nothing there has really >helped me. There's a number of different routes that I can think of: Winbind pam & nss module: Problem: All usernames are DOMAIN\uid a bit cludgy for a mailuid -> might be solved (long time since I tried winbind) samba-ldap: This is what I run: Samba-tng w/LDAP and a ldapserver with both posix and samba users on. The ldap entry has three ifferent passwords: the nt/lm crypts for windows and a normaly encrypted unixstyle password. There are quite a few utilities for migrating password & shadow files to ldap (se padl.com) also there are scripts in the samba 2.2.2 src dist for migrating smbpasswd to ldap. Tarjei > > Thanks for any help, > > Adam > > ********************************************************************** > The information contained in this message or any of its > attachments is confidential and is intended for the > exclusive use of the addressee. The information may also > be legally privileged. The views expressed may not be > those of Infrasoft, but the personal views of the originator. > If you are not the addressee, any disclosure, reproduction, > distribution or other dissemination or use of this > communication is strictly prohibited. If you have received > this message in error, please contact : > postmaster@infrasoft-civil.com and delete this message. > **********************************************************************" From mailinglists.removethis at grimmerink.nl Wed Dec 19 08:23:07 2001 From: mailinglists.removethis at grimmerink.nl (Pieter Grimmerink) Date: Tue Dec 2 02:37:14 2003 Subject: Junkmail filter and this list In-Reply-To: <20011218101851.11xr4hu@server.leiinc.com> Message-ID: > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Greg Zartman > Sent: dinsdag 18 december 2001 19:19 > To: Samba News > Subject: Junkmail filter and this list > > > > I've noticed that most of my messages from this list get filtered out by > my junkmail filter (procmail). Would anyone have any idea what is > causing that? When you created your procmail filter, you did not accidentally put in a line that rejects messages that are not addressed to you? Mailinglist messages are addressed to the mailinglist. Regards, Pieter From jbeauchamp at gesinc.com Wed Dec 19 08:25:02 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:37:14 2003 Subject: Logging into Windows 2000/sp2 with Samba PDC References: <20011218151654.C24820@upmf-grenoble.fr> <1008770962.1042.26.camel@trabaccalo> <3C20A36D.1070705@juelich-enzyme.com> Message-ID: <009a01c188c2$5ba41f00$1d01a8c0@gesinc.com> Francis: I'm having the same problem and was wondering if you could elaborate on the email you attached. I am not at all familiar with the Domain SID /RID issues and can't tell from the email what solution he is proposing. Thanks James ----- Original Message ----- From: "Francis Turner" To: "Geoffrey Dolman" Cc: "Jean Guillou" ; Sent: Wednesday, December 19, 2001 6:25 AM Subject: Re: Logging into Windows 2000/sp2 with Samba PDC > Geoffrey Dolman wrote: > > > Hi Jean, > > > > I don't think that binding NetBIOS to TCP/IP is the problem I'm having. > > In my humble experience of samba I have found that Windows 2000 clients > > will not browse samba shares or anything without NetBIOS bound to > > TCP/IP. > > The problem I am having can be summarised as follows: > > > > Samba shares in a workgroup : OK > > Log onto PC with local account & browse samba share or map drive : OK > > > > Changed to domain logons etc in smb.conf as shown in my original post > > (sorry I don't have a copy to hand), added a root account and a machine > > account with smbpasswd. > > Logged onto the PC (which does have NetBIOS bound to tcp/ip) opened the > > system applet in the control panel and clicked properties. I changed > > from workgroup to domain supplying the username root and the relevant > > password when prompted. > > After a minute or so I got a message saying welcome to the domain. > > I rebooted the pc. > > > > When it came back up I got a message along the lines of There is no > > computer account for this machine on the domain or the password is > > wrong. I then changed the computer password to null ie smbpasswd -n > > machine, allowed null passwords in smb.conf, restarted smaba and > > rebooted the pc. > > When the pc came back up I tried to log in again except this time I was > > told that the domain was not available. > > > > I've tried using different machine names and domain names and this does > > not make any difference. I've also tried to add the computer to the > > domain without creating an account for it before hand and this does not > > work. I get an access denied message. This may well be the source of the > > problem because the root account needs to be able to alter the account > > to join it to the domain doesn't it? However, comparing the HOW-TOS with > > what I have done and the problems other people report, I can't see why > > this should be the case. > > > > cheers > > > > Geoff > > On Tue, 2001-12-18 at 14:16, Jean Guillou wrote: > > > >>Hello > >> > >>I have the same problem ( samba 2.2.2) > >> > >>GD> I am having problems logging into a Windows 2000 client in a samba domain. > >> Had exactly the same problem. (using lm8) > >> on the w2k box binding netbui to tcp/ip fixed it for me. > >> > > The enclosed post on the samba mail list seems to explain the problem > ans possible solution. Haven't tried it yet but I'm stuck at exactly > this point myself > > > > > -- > Francis Turner, CIO Juelich Enzyme Products GmbH > http://www.juelich-enzyme.com/ +49-173-291-7278 > > If you're not part of the solution, you're part of the precipitate. > -- Henry J. Tillman > > From turner at juelich-enzyme.com Wed Dec 19 08:52:09 2001 From: turner at juelich-enzyme.com (Francis Turner) Date: Tue Dec 2 02:37:14 2003 Subject: Logging into Windows 2000/sp2 with Samba PDC References: <20011218151654.C24820@upmf-grenoble.fr> <1008770962.1042.26.camel@trabaccalo> <3C20A36D.1070705@juelich-enzyme.com> <009a01c188c2$5ba41f00$1d01a8c0@gesinc.com> Message-ID: <3C20C500.2070700@juelich-enzyme.com> James W. Beauchamp wrote: > Francis: > I'm having the same problem and was wondering if you could elaborate on the > email you attached. I am not at all familiar with the Domain SID /RID > issues and can't tell from the email what solution he is proposing. I'd love to explain it BUT um err I'm stuck too and would love some help >>The enclosed post on the samba mail list seems to explain the problem >>ans possible solution. Haven't tried it yet but I'm stuck at exactly >>this point myself I've started from scratch with a Samba machine for a domain, as per the HOWTO (I think) and win 9x clients appear to be able to join OK. I can't get my win2k machines to join and I don't understand this text either so I can't I sent it out in the hope that someone more knowledgable than me (this is not difficult wrt samba) could explain Francis -- Francis Turner, CIO Juelich Enzyme Products GmbH http://www.juelich-enzyme.com/ +49-173-291-7278 If you're not part of the solution, you're part of the precipitate. -- Henry J. Tillman From filipi at em.pucrs.br Wed Dec 19 12:10:24 2001 From: filipi at em.pucrs.br (Filipi D. Vianna) Date: Tue Dec 2 02:37:14 2003 Subject: Logging into Windows 2000/sp2 with Samba PDC References: <20011218151654.C24820@upmf-grenoble.fr> <1008770962.1042.26.camel@trabaccalo> <3C20A36D.1070705@juelich-enzyme.com> <009a01c188c2$5ba41f00$1d01a8c0@gesinc.com> <3C20C500.2070700@juelich-enzyme.com> Message-ID: <3C20F305.EF5D3CB9@em.pucrs.br> Hey Guys, I was looking this thread becouse I would like to upgrade my NT4 workstations to Windows 2000, I also have one Samba PDC working petry fine... Is there something I need to change in my PDC to create the machine accounts for de W2K machines? Do I need to change my existing smb.conf? Thanks in advance, Filipi Vianna From bgmilne at cae.co.za Wed Dec 19 13:07:02 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:37:14 2003 Subject: Authenticating email off samba PDC (Was: Suggestions for best solution) Message-ID: <20011219205119.962676052@mail.cae.sun.ac.za> The easiest way, and the way we use, is to run uw-imap (which provides pop3, pop3s, imap and imaps) with authentication via pam_smb. In fact, all our authentication is via pam_smb, even for our desktop linux boxes (in combination with LDAP). UW-IMAP might not be the best server out there (apparently Courier IMAP performs better), but it: -is standards compliant -supports ssl -supports imap -is officially part of most linux distros pam_smb can be found here: http://www.csn.ul.ie/~airlied/pam_smb/ Redhat 7.2 includes pam_smb, and you can find RPMs for Mandrake 8.0/8.1 at http://ranger.dnsalias.com/mandrake Shout if you want a sample pam config file for /etc/pam.d/{imap,pop3,pop3s,imaps} Buchan >Message: 7 >Date: Tue, 18 Dec 2001 17:46:21 +0000 >From: "Adam Evans" ; >To: < >; >Subject: Suggestions for best solution > >My Samba 2.2.1a server is running happily at present. I'm waiting for a lot= >of the nice features which will hopefully come in v3, but before then I've= >got something to sort out. > >Simply, I need to get an email server working. This will be accessed throug= >h MS Outlook, so straight off, probably an IMAP server. I know that bit. Qu= >estion is, what about authentication? I'd like the server setup so they log= >on to the network with there single password, and that is it, no other pass= >word for the email! Is it possible to set up the server to do this? Would I= >need to use PAM? I've seen several HOWTO's about different areas, but noth= >ing there has really helped me. > >Thanks for any help, > > >Adam From j.k.bijl at viddel.nl Thu Dec 20 02:02:20 2001 From: j.k.bijl at viddel.nl (Joost Bijl) Date: Tue Dec 2 02:37:14 2003 Subject: Samba, CUPS & printer accounting References: <20011218151654.C24820@upmf-grenoble.fr> <1008770962.1042.26.camel@trabaccalo> <3C20A36D.1070705@juelich-enzyme.com> <009a01c188c2$5ba41f00$1d01a8c0@gesinc.com> <3C20C500.2070700@juelich-enzyme.com> <3C20F305.EF5D3CB9@em.pucrs.br> Message-ID: <03fb01c1893d$8d9cabf0$0400a8c0@thor> Hi there, i want to count several things about printing to generate those 'management reports'. I use samba 2.2 with a few printers attachted which print via the CUPS spooler software (cupsomatic backend). I want to count - date - username - documentname - pages - maybe the saturation Can this be easily done by doing a 'preexec' command in samba or patch the cupsomatic backend? TIA Joost From j.k.bijl at viddel.nl Thu Dec 20 02:02:54 2001 From: j.k.bijl at viddel.nl (Joost Bijl) Date: Tue Dec 2 02:37:14 2003 Subject: Samba, CUPS & printer accounting References: <20011218151654.C24820@upmf-grenoble.fr> <1008770962.1042.26.camel@trabaccalo> <3C20A36D.1070705@juelich-enzyme.com> <009a01c188c2$5ba41f00$1d01a8c0@gesinc.com> <3C20C500.2070700@juelich-enzyme.com> <3C20F305.EF5D3CB9@em.pucrs.br> Message-ID: <03fc01c1893d$92789170$0400a8c0@thor> Hi there, i want to count several things about printing to generate those 'management reports'. I use samba 2.2 with a few printers attachted which print via the CUPS spooler software (cupsomatic backend). I want to count - date - username - documentname - pages - maybe the saturation Can this be easily done by doing a 'preexec' command in samba or patch the cupsomatic backend? TIA Joost From trehm at fitnessquest.com Thu Dec 20 05:10:09 2001 From: trehm at fitnessquest.com (Tym Rehm) Date: Tue Dec 2 02:37:14 2003 Subject: Windows XP Pro Message-ID: <001001c18957$5d93c550$142aa8c0@trehm0258> I'm trying to get a XP Pro computer to join my Samba 2.2.2 controlled domain. I get an error something can't find the network? With this exact configuration I can add Win2K computers no problem. I have the add user script in my smb.conf file and I have also tried manually adding the computer to /etc/passwd using useradd. Is there something I'm missing for XP? Thanks. From pereti at ump.edu.br Thu Dec 20 05:53:04 2001 From: pereti at ump.edu.br (Bruno Gimenes Pereti) Date: Tue Dec 2 02:37:14 2003 Subject: Police editor on W2k Pro. (and more) Message-ID: <00dd01c1895d$b5e43400$6300a8c0@Metropolitana.administracao> Hi, I have a lot of question. First my configuration. Server: Redhat 7.1 now I'm using samba-2.2.1a but i'm testing with 2.2.3. Workstations: win2k sp2. 1) Is there any police editor to win2k pro? I didn't find poledit.exe. I also looked for in the SP2 files. I don't have Win2k server. 2) Is there any srvtool for win2k? I installed one that is like winNT server manager and almost every function I tried get me an access denied error or another one I don't remember now. 3) I want to allow just one user to logon from some workstations. Is it possible? Thank's Bruno. From wilsons at safetechintl.com Thu Dec 20 07:24:03 2001 From: wilsons at safetechintl.com (Wilson Sanchez) Date: Tue Dec 2 02:37:14 2003 Subject: Please remove In-Reply-To: <00dd01c1895d$b5e43400$6300a8c0@Metropolitana.administracao> Message-ID: <001001c1896a$29cca260$1b01a8c0@covad.net> To: List Administrator Please remove me from the list. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Bruno Gimenes Pereti Sent: Thursday, December 20, 2001 7:54 AM To: samba-ntdom@lists.samba.org Subject: Police editor on W2k Pro. (and more) Hi, I have a lot of question. First my configuration. Server: Redhat 7.1 now I'm using samba-2.2.1a but i'm testing with 2.2.3. Workstations: win2k sp2. 1) Is there any police editor to win2k pro? I didn't find poledit.exe. I also looked for in the SP2 files. I don't have Win2k server. 2) Is there any srvtool for win2k? I installed one that is like winNT server manager and almost every function I tried get me an access denied error or another one I don't remember now. 3) I want to allow just one user to logon from some workstations. Is it possible? Thank's Bruno. From ringram at acpl.lib.wy.us Thu Dec 20 08:18:02 2001 From: ringram at acpl.lib.wy.us (Russel Ingram) Date: Tue Dec 2 02:37:15 2003 Subject: profile permission problems Message-ID: I've seen this same problem posted a couple of times with earlier versions of Samba as well as with 2.2.x but haven't found a solution. The problem I'm having is that certain parts of some of my users profile seem to be unchangeable. The easiest way to see it is by trying to map a connection to a share. When I do so it gives me the message "Cannot change your save connections setting." Other symptoms are "don't ask me again" type check boxes in applications don't take and the Welcome to Windows NT splash appears every time as if every login is the first login. In a previous post from someone with this same problem it was noted that the users that have this problem have ntuser.dat rather than NTUSER.DAT in their profile directory. This is also true in my case only he was able to fix the problem by deleting the lowercase version of the file as well as the cached profile on the local machine. That hasn't worked for me thus far. Any suggestions on how to fix this are very welcome. It would also be very helpful to know if anyone has any explanations for why this happens. I'm running this domain on a Debian Woody Linux kernel version 2.4.16-xfs server with Samba 2.2.2. My smb.conf is as follows: ---------------------------------------------------------------- smb.conf ---------------------------------------------------------------- [global] netbios name = server workgroup = acpl2 os level = 65 comment = Albany County Public Library File Server allow hosts = 192.168.1. 127.0.0. interfaces = 192.168.1.126 name resolve order = lmhosts hosts bcast printcap name = /etc/printcap load printers = YES log file = /var/log/samba-log.%m ; debug level = 9 max log size = 50 security = user encrypt passwords = yes null passwords = Yes smb passwd file = /etc/samba/smbpasswd domain logons = Yes domain master = YES local master = Yes preferred master = Yes wins support = YES time server = Yes logon path = "\\%L\profile\%U" logon home = "\\%L\%U" logon drive = h: logon script = startup.bat socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 SO_KEEPALIVE [homes] comment = Home Directories browsable = No writeable = Yes [netlogon] path = /home/netlogon public = No writeable = Yes browsable = No [profile] path = /home/profiles writeable = Yes browseable = No force group = users create mode = 0755 directory mode = 0755 [printers] comment = All Printers path = /var/spool/samba read only = No create mask = 0700 guest ok = Yes print ok = Yes [public] comment = Public Stuff path = /shared/public force user = nobody read only = No guest ok = Yes -------------------------------------------------------------------- Thanx, Russ -- Russel H. Ingram Unix Systems Administrator Institute for Scientific Computation University of Wyoming/Math Dept. Phone: (307)766-6546 E-Mail: ringram@uwyo.edu From jamestcc at innocent.com Thu Dec 20 08:22:02 2001 From: jamestcc at innocent.com (james tan) Date: Tue Dec 2 02:37:15 2003 Subject: NIMDA Alert on Samba server! Foiled attempts? References: <20011220161603.D8E03525A@lists.samba.org> Message-ID: <3C220F75.7ED2E8EE@innocent.com> http://forums.hardwarezone.com/showthread.php?s=&threadid=128103 NIMDA Alert on Samba server! Foiled attempts? Read the below file, I have a question to pose for NIMDA on Linux. 1)Discovered thru smbstatus that system accessed by unknown machines, with from network and domain 'regularly'. 2)Being curious, I use a NT system with Norton AntiVir and nbtstat -a it. Interestingly, all of them are NT-based. 3)Mapped their default C$, managed to get in with "administrator" no password, using NT4+Norton. Once mapped, Antivir reported NIMDA detected in that mapped drive, unable to clean, quarantined. Files kept from all unknown machines = .eml, admin.dll. 4)Suspect infection on Linux, checked system for .eml files/admin.dll, not found. Checked /var/log/samba/log.UNKNOWN_MACHINES, interesting messages abt failed attempts to authenticate/locate ntldr/winnt. Assuming that the unknown machines are searching for a WIN NT file(s). 5)smbclient -L LOCAL_SYSTEM_NBTNAME, saw ADMIN$ in the list together with IPC$. 6)Removed guest login in global, ADMIN$ no longer seen. Ques: 1)Can I assume that because of the ADMIN$, those infected systems are trying to infect me, but failed becoz I had been running a Sambad Fileserver instead of NT4/2K/XP. 2)Does it help if I follow the below file for prevention or does disabling guest login sufficient?...ok lah, 2x questions but damn crucial. All my shares can only be accessed by domain users, so guest account not needed. I do not wish to attract anymore unwelcomed hosts lest my Samba(trial) server is being "untrusted" by boss/collegues. So far I have been bragging abt how "stable and fast" it is compared to my other NT4 and W2K fileservers. ftp://ftp.samba.org/pub/samba/docs/README.Win32-Viruses --------------------------------------------------------- While this article is specific to the recent Nimda worm, the information can be applied to preventing the spread of many Win32 viruses. Thanks to the Samba Users Group of Japan (SUGJ) for this article. =============================================================================== Steps againt Nimba Worm for Samba Author: HASEGAWA Yosuke Translator: TAKAHASHI Motonobu The information in this article applies to Samba 2.0.x Samba 2.2.x Windows 95/98/Me/NT/2000 SYMPTOMS This article has described the measure against Nimba Worm for Samba server. DESCRIPTION Nimba Worm is infected through the shared disk on a network besides Microsoft IIS, Internet Explorer and mailer of Outlook series. At this time, the worm copies itself by the name *.nws and *.eml on the shared disk, moreover, by the name of Riched20.dll in the folder where *.doc file is included. To prevent infection through the shared disk offered by Samba, set up as follows: ----- [global] ... veto files = /*.eml/*.nws/riched20.dll/ ----- Setting up "veto files" parameter, the matched files on the Samba server are completely hidden from the clients and become impossible to access them at all. In addition to it, the following setting are also pointed out by the samba-jp:09448 thread: when the " (Jreadme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" (B file exists on a Samba server, it is visible only with "readme.txt" and a dangerous code may be performed when this file is double-clicked. Setting the following, ----- veto files = /*.{*}/ ----- no files having CLSID in its file extension can be accessed from any clients. This technical article is created based on the discussion of samba-jp:09448 and samba-jp:10900 threads. ----------------------------------------------------------- A fulll description of Nimda from f-secure on a BBS http://archives.neohapsis.com/archi...01-q3/0094.html __________________ 1st Cor 13 http://jez4christ.com Last edited by jameztcc on 20-12-2001 at 10:44 PM -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2035 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011220/50edcb6b/smime.bin From filipi at em.pucrs.br Thu Dec 20 13:35:08 2001 From: filipi at em.pucrs.br (Filipi D. Vianna) Date: Tue Dec 2 02:37:15 2003 Subject: Windows 2000 on Samba PDC Message-ID: <3C22584E.FBB9CF72@em.pucrs.br> Hey Guys, I was looking this thread because I would like to upgrade my NT4 workstations to Windows 2000, I also have one Samba PDC working pertly fine... I have installed one copy of the Windows 2000 Professional sp2 on one of my workstations, but I can't add this workstation on my domain. I've created the machine account on linux. I've created the samba machine account. But when I'm trying to change from workgroup to domain, the system asks me for one username and password. I don't know what username should I put there. I read something about some script to automatic create the machine accounts on samba... but I don't use this scripts, I do create machine accounts manualy... Should this be my mistake? Is there something I need to change in my PDC to create the machine accounts for de W2K machines? Do I need to change my existing smb.conf? Thanks in advance, Filipi Vianna From dhighley at highley-recommended.com Thu Dec 20 13:49:05 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:15 2003 Subject: Windows 2000 on Samba PDC In-Reply-To: <3C22584E.FBB9CF72@em.pucrs.br> from "Filipi D. Vianna" at Dec 20, 2001 07:29:50 PM Message-ID: <200112202146.fBKLkNkm008535@hemlock.highley-recommended.com> "Filipi D. Vianna wrote:" > > Hey Guys, > > I was looking this thread because I would like > to upgrade my NT4 workstations to Windows 2000, > I also have one Samba PDC working pertly fine... > > I have installed one copy of the Windows 2000 > Professional sp2 on one of my workstations, but > I can't add this workstation on my domain. > > I've created the machine account on linux. > I've created the samba machine account. > > But when I'm trying to change from workgroup > to domain, the system asks me for one username > and password. You need to have root in the smbpasswd file and when it asks for the user name give it root and the password. > > I don't know what username should I put there. > > I read something about some script to automatic > create the machine accounts on samba... but > I don't use this scripts, I do create machine > accounts manualy... Should this be my mistake? Just manually edit the /etc files or yp map files. Then when you do the join an entry will be created in the smbpasswd file. > > Is there something I need to change in my PDC to > create the machine accounts for de W2K machines? There is a pdf file that comes with Samba 2.2.2, Samba-HOWTO-Collection.pdf, it is pretty close. There are a few syntax problems. Also make sure you look at the DHCP-Server-Configuration.txt file. > > Do I need to change my existing smb.conf? > > Thanks in advance, > Filipi Vianna -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From bpeters at crestlinecoach.com Thu Dec 20 13:59:06 2001 From: bpeters at crestlinecoach.com (Brian Peters) Date: Tue Dec 2 02:37:15 2003 Subject: cannot connect to samba server Message-ID: Attn: Nick van der Walt Attached is my smb.conf file as well as the output from the command you suggested running. Thank you for the help. ------------------------------------------------------- Brian Peters Phone : (306) 934-8844 ext 727 E-mail : bpeters@crestlinecoach.com - - this message has been scanned by Mail Essentials - - -------------- next part -------------- added interface ip=192.168.0.3 bcast=192.168.0.255 nmask=255.255.255.0 Domain=[CRESTLINECOACH] OS=[Unix] Server=[Samba 2.0.10] Sharename Type Comment --------- ---- ------- pub Printer IPC$ IPC IPC Service (Linux File Server) Server Comment --------- ------- CMPT065 Linux File Server Workgroup Master --------- ------- CRESTLINECOACH CMPT065 -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 7211 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011220/e14ebb00/smb.obj From rtanner at cls.usask.ca Thu Dec 20 14:24:53 2001 From: rtanner at cls.usask.ca (Robby Tanner) Date: Tue Dec 2 02:37:15 2003 Subject: cannot connect to samba server Message-ID: <001401c189a4$8237c760$1401140a@cls> > > Attn: Nick van der Walt > > Attached is my smb.conf file as well as the output from the > command you > suggested running. Thank you for the help. > > smb1.conf is formatted with the Windows EOLN chars for readability. > > > ------------------------------------------------------- > Brian Peters > Phone : (306) 934-8844 ext 727 > E-mail : bpeters@crestlinecoach.com > > > - - this message has been scanned by Mail Essentials - - -------------- next part -------------- added interface ip=192.168.0.3 bcast=192.168.0.255 nmask=255.255.255.0 Domain=[CRESTLINECOACH] OS=[Unix] Server=[Samba 2.0.10] Sharename Type Comment --------- ---- ------- pub Printer IPC$ IPC IPC Service (Linux File Server) Server Comment --------- ------- CMPT065 Linux File Server Workgroup Master --------- ------- CRESTLINECOACH CMPT065 -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 7211 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011220/89d0e170/smb.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: smb1.conf Type: application/octet-stream Size: 7210 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011220/89d0e170/smb1.obj From sax at kodu.net Thu Dec 20 14:31:07 2001 From: sax at kodu.net (Erki Simson) Date: Tue Dec 2 02:37:15 2003 Subject: Weird winxp pro problem. Message-ID: <000301c189a5$5a24b9d0$0d1fb4d5@sax> Hi This morning i discovered weird thing with XP pro & Samba. I can connect to all pc's on the lan, but no other computer can connect to my WinXP shares, it just says to winxp & win2k user that \\\aaaa\bb is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The trust relationship between this workstation and the primary domain failed. and win98 user are just prompted IPC$ password box. My Winxp & all other win98, win2k and winxp users can log to samba domain with no problems and can access each other but not me. Probably winxp reinstall would help but i'd sure would like to find out what the hell is going on. Btw, my samba server is 2.2.1a, it has been running for months with no problems and i'm not going to upgrade it without a good reason Anyone encountered same problem ? --- Erki Simson network admin From filipi at em.pucrs.br Fri Dec 21 04:24:02 2001 From: filipi at em.pucrs.br (Filipi D. Vianna) Date: Tue Dec 2 02:37:15 2003 Subject: Windows 2000 on Samba PDC References: <17718A8E4E12A2143B327EAB6399AEB7@Curtis.scdservices.zzn.com> Message-ID: <3C23289D.8D208FEA@em.pucrs.br> Curtis wrote: > > >But when I'm trying to change from workgroup > >to domain, the system asks me for one username > >and password. > > Use root username and password for samba > > which means root will have had to have been added > to the SAMBA users. I did that... But I still not joining the domain. Is there anything else I should change? Thanks again, Filipi Vianna From lutz.westhaeusser at base-system.com Fri Dec 21 04:51:06 2001 From: lutz.westhaeusser at base-system.com (Lutz Westhaeusser) Date: Tue Dec 2 02:37:15 2003 Subject: Windows 2000 on Samba PDC In-Reply-To: <3C23289D.8D208FEA@em.pucrs.br> References: <17718A8E4E12A2143B327EAB6399AEB7@Curtis.scdservices.zzn.com> <3C23289D.8D208FEA@em.pucrs.br> Message-ID: <01122113482101.20879@manchester> Hi there sometimes i have the same problem with a few 2k machines, not with all. To solve the problem i add the machine with my own account (which is in the root group). Greetings Lutz Am Freitag, 21. Dezember 2001 13:18 schrieb Filipi D. Vianna: > Curtis wrote: > > >But when I'm trying to change from workgroup > > >to domain, the system asks me for one username > > >and password. > > > > Use root username and password for samba > > > > which means root will have had to have been added > > to the SAMBA users. > > I did that... > But I still not joining the domain. > > Is there anything else I should change? > > Thanks again, > Filipi Vianna From BSriniva2 at chn.cognizant.com Fri Dec 21 05:22:35 2001 From: BSriniva2 at chn.cognizant.com (Bhaskar, Srinivasan (Cognizant)) Date: Tue Dec 2 02:37:15 2003 Subject: Please remove Message-ID: Please remove me from this list Rgds GBS -------------- next part -------------- This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Visit us at http://www.cognizant.com From jbeauchamp at gesinc.com Fri Dec 21 05:33:04 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:37:15 2003 Subject: Please remove References: Message-ID: <002001c18a3c$a02a92a0$1d01a8c0@gesinc.com> go to samba.org and follow the instructions there. Merry Christmas James ----- Original Message ----- From: "Bhaskar, Srinivasan (Cognizant)" To: Sent: Friday, December 21, 2001 5:21 AM Subject: Please remove > Please remove me from this list > > Rgds > GBS > From donna.g.smith at lmco.com Fri Dec 21 07:44:02 2001 From: donna.g.smith at lmco.com (Smith, Donna G) Date: Tue Dec 2 02:37:15 2003 Subject: ?? Windows 2000 Message-ID: Is Samba compatible with Windows 2000? Donna Smith Lockheed Martin 703-453-3208 From dhighley at highley-recommended.com Fri Dec 21 08:01:11 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:15 2003 Subject: ?? Windows 2000 In-Reply-To: from "Smith, Donna G" at Dec 21, 2001 10:40:02 AM Message-ID: <200112211559.fBLFx0AV011461@hemlock.highley-recommended.com> "Smith, Donna G wrote:" > > > Is Samba compatible with Windows 2000? Works for us and our customers. We do see lots of postings about problems joining the domain. If you follow the Samba-HOWTO-Collection.pdf and the DHCP-Server-Configuration.txt it should work. Start with a minimal smb.conf configuration file and build up to what you finally need is also a good plan. Here for example is one of our smb.conf files: # Samba config file created using SWAT # from spruce.highley-recommended.com (10.2.2.2) # Date: 2001/10/20 10:59:39 # Global parameters [global] workgroup = RECOMMENDED netbios name = SPRUCE server string = Samba %v on (%L) encrypt passwords = Yes password server = * username map = /usr/local/samba/lib/users.map log file = /usr/local/samba/var/log.%m max log size = 50 time server = Yes max open files = 1000 domain admin group = @Administrators logon drive = H: preferred master = False local master = No dns proxy = No wins server = 10.2.2.3 NIS homedir = Yes invalid users = daemon bin sys adm lp uucp nuucp listen noaccess lnman lmxadmin lmxguest lmworld ppp create mask = 0644 [homes] comment = Home Directories read only = No browseable = No oplocks = No level2 oplocks = No [ccase_rls] comment = ClearCase Releases path = /usr/local/ccase_rls write list = @vob read only = No guest ok = Yes [vobs] comment = ClearCase VOB and View Storage path = /vobs read list = @vob, @staff write list = @vob, @staff read only = No guest ok = Yes oplocks = No level2 oplocks = No [ClearCase] comment = ClearCase VOB and View Storage path = /ClearCase read list = @vob, @staff write list = @vob, @staff read only = No guest ok = Yes oplocks = No level2 oplocks = No [www] comment = ClearCase Releases path = /outside/www write list = dhighley read only = No guest ok = Yes oplocks = No level2 oplocks = No [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon browseable = No [profiles] comment = User profiles path = /usr/local/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No > > Donna Smith > Lockheed Martin > 703-453-3208 > > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From dhighley at highley-recommended.com Fri Dec 21 08:12:15 2001 From: dhighley at highley-recommended.com (David Highley) Date: Tue Dec 2 02:37:15 2003 Subject: Windows 2000 on Samba PDC In-Reply-To: <3C23289D.8D208FEA@em.pucrs.br> from "Filipi D. Vianna" at Dec 21, 2001 10:18:37 AM Message-ID: <200112211607.fBLG7sKq011552@hemlock.highley-recommended.com> "Filipi D. Vianna wrote:" > > Curtis wrote: > > > > >But when I'm trying to change from workgroup > > >to domain, the system asks me for one username > > >and password. > > > > Use root username and password for samba > > > > which means root will have had to have been added > > to the SAMBA users. > > I did that... > But I still not joining the domain. > > Is there anything else I should change? If I remember right you are using Samba as the PDC. On the system that is the Samba PDC do you have the following line in the smb.conf file: password server = * If you do, you ran into the same problem I did in setting up the PDC. The documentation led me to believe that you can put this line in all smb.conf files. If you do the system that is the PDC will not find its self for logon authentication. Remove the line from smb.conf file on the PDC system. > > Thanks again, > Filipi Vianna > > -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com From aoclarit at kiwi.dhs.org Fri Dec 21 11:12:12 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:37:15 2003 Subject: Windows XP Pro References: <001001c18957$5d93c550$142aa8c0@trehm0258> Message-ID: <010101c18a52$fd16b640$8c4331a2@Alex2000> had the same prob and it told me that It couldn't find the domain in wins (which it shouldn't have needed to cause PDC and client are in the same subnet). So I enabled my samba-PDC's wins-server and pointed the XP-box to it - problem solved although weird cause this shouldn't have been necessary at all, but you know whatever works - don't question windows... Alex ----- Original Message ----- From: "Tym Rehm" To: Sent: Thursday, December 20, 2001 5:08 AM Subject: Windows XP Pro > I'm trying to get a XP Pro computer to join my Samba 2.2.2 controlled > domain. I get an error something can't find the network? With this exact > configuration I can add Win2K computers no problem. I have the add user > script in my smb.conf file and I have also tried manually adding the > computer to /etc/passwd using useradd. Is there something I'm missing > for XP? Thanks. > > > From jerry at samba.org Fri Dec 21 11:31:10 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:37:15 2003 Subject: [ANNOUNCE] End-Of-Life for Samba-ntdom List on Jan. 7, 2002 Message-ID: Folks, We (Samba Team) are planning on declaring an end-of-life for this mailing list. Here's a little background of our thinking. There are currently 2089 non-digest subscribers and 997 digest ones. This compares to the main samba list which has 1913 non-digested and 3506 digested subscribers. The total messages on samba-ntdom for both October & November combined is approximately 900. This is ~3,100 messages less than samba@samba.org during the same time frame. The samba-ntdom mailing list was first announced on January 30, 1998, with a purpose of supporting the new begun "NT Domains for UNIX" project. From the 1.9.18alpha releases until the official 2.2.0 release on April 17 of this year, the samba-ntdom year has provided a valuable forum for beta testing and development of the NT 4.0 domain control functionality in Samba. With the official (if not yet completed) domain control support in the 2.2 series, the majority of domain control questions have been posted to samba@samba.org. There has also been an increase in cross posting between these two lists. The decision to EOL this list was arrived at by carefully considering whether or not the list has completed its purpose. It is our belief that it has. The domain control support has become mainstream (it is not longer necessary to download cvs code to obtain nt4 style PDC support). The continued existence of the list has provided two problems. 1) Developers struggle to stay current with the samba-technical and mainstream samba mailing lists. As a result, bug reports and/or patches sent to samba-ntdom are often lost. 2) There are many questions which are duplicated between the two lists. Thus resulting in a duplication of effort to respond to them. In an attempt to better pool resources and provide better inter-activity with the Samba community, we will decommission this list on January 7, 2002. This gives you three weeks to re-subscribe yourself to the mainstream samba list should you so choose. At this list, any messages sent to samba-ntdom@samba.org will received an auto-responded message indicating the new closed status of the list. We would like to thank again all of those of you which helped to make the domain control support stable and accessible to the Samba community at large. You should all feel proud. :-) chau, jerry --------------------------------------------------------------------- SAMBA Team http://www.samba.org -- http://www.plainjoe.org --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- From greg at leiinc.com Fri Dec 21 11:52:08 2001 From: greg at leiinc.com (Greg Zartman) Date: Tue Dec 2 02:37:15 2003 Subject: [ANNOUNCE] End-Of-Life for Samba-ntdom List on Jan. 7, 2002 In-Reply-To: References: Message-ID: <20011221115352.ept9cx@server.leiinc.com> "Gerald (Jerry) Carter" said: > Folks, > > We (Samba Team) are planning on declaring an end-of-life for > this mailing list. Here's a little background of our thinking. I for one am disappointed to see this list go. The mainstream samba list see ALOT of traffic (almost too much to keep up with) and most of it seems to be people asking the same questions OVER and OVER. Regards, -- Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. 1243 West 7th Avenue Eugene, Oregon 97402 541-683-8383 fax 541-683-8144 From jerry at samba.org Fri Dec 21 12:22:03 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:37:15 2003 Subject: [ANNOUNCE] End-Of-Life for Samba-ntdom List on Jan. 7, 2002 In-Reply-To: <20011221115352.ept9cx@server.leiinc.com> Message-ID: On Fri, 21 Dec 2001, Greg Zartman wrote: > I for one am disappointed to see this list go. The mainstream samba > list see ALOT of traffic (almost too much to keep up with) and most of > it seems to be people asking the same questions OVER and OVER. Understood, and we have considered the noise-to-ratio volume. The problem is that currently people on samba & samba-ntdom are talking about much the same topics. It's just not feasible for the Team to support both lists. This list has somewhat become a duplicate of the main samba list. In fact, even some of the 3.0alpha testing feedback is coming through on samba@samba.org. chau, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- From awilliam at whitemice.org Fri Dec 21 12:42:05 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:37:15 2003 Subject: [ANNOUNCE] End-Of-Life for Samba-ntdom List on Jan. 7, 2002 In-Reply-To: Message-ID: >>I for one am disappointed to see this list go. The mainstream samba >>list see ALOT of traffic (almost too much to keep up with) and most of >>it seems to be people asking the same questions OVER and OVER. >Understood, and we have considered the noise-to-ratio volume. >The problem is that currently people on samba & samba-ntdom are >talking about much the same topics. It's just not feasible for >the Team to support both lists. >This list has somewhat become a duplicate of the main samba list. >In fact, even some of the 3.0alpha testing feedback is coming through >on samba@samba.org. I expected this list to be shut down along time ago (around 2.x). I'm on the Samba list digested and this one as a non-digest. This list used to have a better signal-to-noise ratio, but recently it's all become old hat questions (Does it support WinY2k, How to a set it up, etc...) From what I see there is no point in to seperate lists anymore, we are no longer using stuff everyone else doesn't dare touch. I support this decision. To the whole Samba team: Excellent work, you guys have made being a net-admin a tolerable profession. :) All you guys are awesome. -- ----------------------------------------------------------- Ximian GNOME, Evolution, LTSP, and RedHat Linux + LVM & XFS ----------------------------------------------------------- From yossa at pld.org.pl Sun Dec 23 04:27:03 2001 From: yossa at pld.org.pl (Jarek Woloszyn) Date: Tue Dec 2 02:37:15 2003 Subject: Samba looses session passwords Message-ID: <20011223132608.B14090@linux.lo14.wroc.pl> Hi. I've got a small network with Samba working as PDC, and 15 Windows NT 4.0 Clients. I've configured everything correctly, Samba serves files, and makes all authentication. The problem is, when I log in on a few Windowses as the same user, then restart theese machines. Sometimes samba looses Session passwords. When I try to log in again, Windows says, that there is no machine account or the password is wrong. Then I need to run smbpasswd -a -m name on samba, switch Windows to work in workgroup, and again to work in the domain. It starts working again. I have no idea whats wrong. Actually I don't need this session passwords, because it's very small, and closed network - is there any way to turn it off? I have samba 2.2.1a - should I upgrade to 2.2.2? I don't have direct access to the server, i don't want to make something wrong over ssh. -- ( Jarek Woloszyn ) ( yossa@pld.org.pl ) ( member of the GNU generation ) From lmo2000 at terra.es Sun Dec 23 10:04:10 2001 From: lmo2000 at terra.es (Luis) Date: Tue Dec 2 02:37:15 2003 Subject: logon from a w2k on a samba 2.2.2 PDC Message-ID: <20011223184603.378C.LMO2000@terra.es> Hi, I've configured my samba as a PDC.... All works fine when I logon from a W9X/ME, but when I logon from my W2K i have some problems. I've added a new user to my linux with: useradd -g 100 -d /dev/null -c dylan -m -s /bin/false dylan$ and to smbpasswd file with: smbpasswd -a -m dylan I've added the W2K workstation to the domain (its name is DYLAN) at the MY PC --> properties, it do it fine, but when I restart the system and try to logon I get the message: "There is no account for the machine on the domain" or something similar in spanish.... I've tryed to do it changing dylan by DYLAN, but nothing... DYLAN can be added to de domain but when I restart and try to logon, i get the same message again.... I've looked for information, but all appears to be well... Why, can't I logon??? Thank you.... > -- Luis From icoupeau at unav.es Mon Dec 24 01:24:01 2001 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:37:15 2003 Subject: logon from a w2k on a samba 2.2.2 PDC References: <20011223184603.378C.LMO2000@terra.es> Message-ID: <3C26F33B.74A7177F@unav.es> Luis wrote: > > Hi, I've configured my samba as a PDC.... > > All works fine when I logon from a W9X/ME, but when I logon from my W2K i have some problems. > Please, see the documentation about SignOrSeal, Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From lmo2000 at terra.es Mon Dec 24 02:30:03 2001 From: lmo2000 at terra.es (Luis) Date: Tue Dec 2 02:37:15 2003 Subject: logon from a w2k on a samba 2.2.2 PDC In-Reply-To: <3C26F33B.74A7177F@unav.es> References: <20011223184603.378C.LMO2000@terra.es> <3C26F33B.74A7177F@unav.es> Message-ID: <20011224113328.CCA4.LMO2000@terra.es> > Please, see the documentation about SignOrSeal, > Ignacio I've been searching... but where is that documentation???? Thanx. Luis Mor?n Ochoa C/ Mar?a Josefa, 12 3?Izda. 33209 - Gij?n. Asturias. Espa?a lmo2000@terra.es From jbeauchamp at gesinc.com Mon Dec 24 05:09:03 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:37:15 2003 Subject: logon from a w2k on a samba 2.2.2 PDC References: <20011223184603.378C.LMO2000@terra.es> <3C26F33B.74A7177F@unav.es> <20011224113328.CCA4.LMO2000@terra.es> Message-ID: <001201c18c94$a634a140$1d01a8c0@gesinc.com> Luis: I believe it is called XPSignOrSEAl.reg - it is a registry hack for windows XP that reportedly works for Win2k, however, I haven't been able to have it work for me. It is in the documentation portion of the install set. Let me know if it works for you. James ----- Original Message ----- From: "Luis" To: "Ignacio Coupeau" ; "Lista SAMBA NTDOM" Sent: Monday, December 24, 2001 2:34 AM Subject: Re: logon from a w2k on a samba 2.2.2 PDC > Please, see the documentation about SignOrSeal, > Ignacio I've been searching... but where is that documentation???? Thanx. Luis Mor?n Ochoa C/ Mar?a Josefa, 12 3?Izda. 33209 - Gij?n. Asturias. Espa?a lmo2000@terra.es From NachiappanR at karna.com Mon Dec 24 05:29:02 2001 From: NachiappanR at karna.com (Ramanathan Nachiappan) Date: Tue Dec 2 02:37:15 2003 Subject: Not able to browse my Linux box on NT network Message-ID: <001101c18c7e$89e26c90$5f0110ac@Karna> Hi All Just now I installed Samba 2.2.0 on my RedHat 7.1 box. I can able to see my linux box on the Windows NT network but i can't able to access the linux system. What could be the problem. Please give me the solution. Regards Nachiappan Rm -------------- next part -------------- HTML attachment scrubbed and removed From ffoss at hotpop.com Mon Dec 24 20:48:02 2001 From: ffoss at hotpop.com (ffoss) Date: Tue Dec 2 02:37:15 2003 Subject: something to try In-Reply-To: <20011224142719.D365E4783@lists.samba.org> Message-ID: <000001c18cfe$dd052bd0$6900a8c0@fwf> I have been beating my head out for several weeks and just got my xp machine to log into my domain! Look at your passwd file and smbpasswd. The user ids of course must match. I also found that they need to be in the 100 range. Redhat has modified their adduser command to work like this. The -r creates a machine account, with the user id the first available id > 100 instead of the usual user Id > 500 adduser -r -s /dev/null -d /dev/null machine-name$ I haven't taken the time to re try with a user ID > 500 etc but this was the last change I made before it started working. I hope this helps someone. I ASSuME that none-redhat users can create the password entry normally and manually change the 5xx to a free 1xx number Btw I created a script addsmbmachine containing one line: adduser -r -s /dev/null -d /dev/null $1\$ the \ of course escapes the $ so it will be taken literally Hope this helps one or two out there fred From kunathma at pilot.msu.edu Tue Dec 25 00:42:02 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:37:16 2003 Subject: XP and Samba share drive error Message-ID: <200112250839.fBP8dV832946@pilot19.cl.msu.edu> Hello, I got winXP working with Samba 2.2.2 PDC. Logon to domain works and netlogon script executes. After drive shares are mounted I try to access them and it errors: (driveletter):\ refers to a location that is unavailable. It could be on a harddrive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to another location. I can also handmount the shares and it will error as well. I haven't found anything on google regarding this. I tried finding something in local security settings but there is nothing regarding network shares mounting permissions. I didn't make any changes to the Samba server and it worked under win98 and win2k. Thanks, mk From kunathma at pilot.msu.edu Tue Dec 25 03:44:04 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:37:16 2003 Subject: XP and Samba share drive error In-Reply-To: <200112250839.fBP8dV832946@pilot19.cl.msu.edu> from "Marcel Kunath" at Dec 25, 2001 03:39:28 am Message-ID: <200112251141.fBPBfp132132@pilot19.cl.msu.edu> I can update and say this affects only \\server\homes and \\server\username. I can share \\server\other-sjhare just fine. Hmmm weird. > > Hello, > > I got winXP working with Samba 2.2.2 PDC. Logon to domain works and netlogon > script executes. > > After drive shares are mounted I try to access them and it errors: > > > (driveletter):\ refers to a location that is unavailable. It could be on a > harddrive on this computer, or on a network. Check to make sure that the disk > is properly inserted, or that you are connected to the Internet or your > network, and then try again. If it still cannot be located, the information > might have been moved to another location. > > I can also handmount the shares and it will error as well. I haven't found > anything on google regarding this. I tried finding something in local security > settings but there is nothing regarding network shares mounting permissions. I > didn't make any changes to the Samba server and it worked under win98 and > win2k. > > Thanks, > > mk > > From lmo2000 at terra.es Tue Dec 25 04:29:02 2001 From: lmo2000 at terra.es (Luis) Date: Tue Dec 2 02:37:16 2003 Subject: logon from a w2k on a samba 2.2.2 PDC In-Reply-To: <20011223184603.378C.LMO2000@terra.es> References: <20011223184603.378C.LMO2000@terra.es> Message-ID: <20011225133224.ABC3.LMO2000@terra.es> Hi again.... I've been looking and the registry key RequireSignOrSeal appears to be OK, the value is 0. But the problem is still there. I've been using the log level 10.... in my log.nmbd I can read that when the W2K tries to logon samba answers to it that the PDC does not find any valid account for DYLAN.... I have tried to re-register the workstation in many ways and it still don't work.... I don't know where more look.... The global part of my smb.conf is exactly the same of the Samba-PDC-HowTo, now and it don't allow W2k to logon.... AAAAAAHHGGGGGG!!!!!! I'm going crazy..... Where can I look now???? -- Luis From kunathma at pilot.msu.edu Tue Dec 25 14:01:03 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:37:16 2003 Subject: XP and Samba share drive error In-Reply-To: <200112251141.fBPBfp132132@pilot19.cl.msu.edu> from "Marcel Kunath" at Dec 25, 2001 06:41:48 am Message-ID: <200112252158.fBPLwSo11458@pilot19.cl.msu.edu> another update. Ok an update. I can access the samba machine fine. \\netbios_name works. User logon and script excecution works fine too. I do not have large file support. I don't ever have big files really. I CAN oddly enough also mount any shares which are not home directories and read/write in regards to them. I can mount \\server\homes or \\server\username or \\server\username-home but not functionally access them: > > (driveletter):\ refers to a location that is unavailable. It > > could be on a harddrive on this computer, or on a network. Check > > to make sure that the disk is properly inserted, or that you are > > connected to the Internet or your network, and then try again. If > > it still cannot be located, the information might have been moved > > to another location. Here are the important parts of my smb.conf #\\server\homes or \\server\username doesn't work [homes] comment = %U Home Directory invalid users = guest valid users = username read only = No veto files = /.*/ #works [netlogon] comment = The Domain Logon Service path = /etc/samba/logon #works [profiles] comment = NT Profile Storage path = /home/ntprofiles read only = No #\\server\programs works [programs] comment = Windows and Unix Programs path = /home/programs valid users = username force user = root force group = ntadmin read only = No #\\server\username-home doesn't work [username-home] comment = %U Home Directory path = /home/username valid users = username read only = No veto files = /.*/ #\\server\share-drive works [share-drive] comment = Network Share Drive path = /home/share-drive read only = No create mask = 0644 guest ok = Yes mk > > I can update and say this affects only \\server\homes and \\server\username. I > can share \\server\other-sjhare just fine. Hmmm weird. > > > > Hello, > > > > I got winXP working with Samba 2.2.2 PDC. Logon to domain works and netlogon > > script executes. > > > > After drive shares are mounted I try to access them and it errors: > > > > > > (driveletter):\ refers to a location that is unavailable. It could be on a > > harddrive on this computer, or on a network. Check to make sure that the dis k > > is properly inserted, or that you are connected to the Internet or your > > network, and then try again. If it still cannot be located, the information > > might have been moved to another location. > > > > I can also handmount the shares and it will error as well. I haven't found > > anything on google regarding this. I tried finding something in local securi ty > > > settings but there is nothing regarding network shares mounting permissions. I > > > didn't make any changes to the Samba server and it worked under win98 and > > win2k. > > > > Thanks, > > > > mk > > > > > > From Patrick.Emsweller at vigilinx.com Wed Dec 26 09:03:04 2001 From: Patrick.Emsweller at vigilinx.com (Emsweller, Patrick J) Date: Tue Dec 2 02:37:16 2003 Subject: Win2ksp2-XPpro-SambaPDC Message-ID: <370E74FDB823D511B46F00508BDCA402603E76@00DU05001> Skipped content of type multipart/alternative From mlueck at lueckdatasystems.com Wed Dec 26 12:08:02 2001 From: mlueck at lueckdatasystems.com (Michael Lueck) Date: Tue Dec 2 02:37:16 2003 Subject: [ANNOUNCE] End-Of-Life for Samba-ntdom List on Jan. 7, 2002 In-Reply-To: Message-ID: <200112262003.OAA23459@turqua.propagation.net> Let's try this again... On Fri, 21 Dec 2001 15:39:53 -0500 (EST), Adam Williams wrote: >This list used to >have a better signal-to-noise ratio, but recently it's all become old hat >questions (Does it support WinY2k, How to a set it up, etc...) From what >I see there is no point in to seperate lists anymore, we are no longer >using stuff everyone else doesn't dare touch. Well, I wrote to the publisher and author of the "Samba Unleashed" book, which I have found to be one of the best Linux books I have purchased, to encourage them to revise the book to cover some of the latest changes to Samba (2.2.2 for example) but I have seen a response. With an updated book, covering such "noise" topics I'm sure we could refer a lot of sales of the book with the email list. I would probably have less questions to ask - being new to Linux in general / looking to replace my OS/2 multi-purpose servers with Linux ones. Any other votes to update the book? Any Samba folks have good contact with the author to see if there is anything that could be done to help things along to an update? Happy Holidays! Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ From pereti at ump.edu.br Wed Dec 26 12:17:02 2001 From: pereti at ump.edu.br (Bruno Gimenes Pereti) Date: Tue Dec 2 02:37:16 2003 Subject: [ANNOUNCE] End-Of-Life for Samba-ntdom List on Jan. 7, 2002 References: <200112262003.OAA23459@turqua.propagation.net> Message-ID: <003b01c18e4a$759a11c0$6300a8c0@Metropolitana.administracao> I'd love to buy this book if it cover samba 2.2. If the author write a new edition I'll be the first one to buy it. Happy Holidays! Bruno Gimenes Pereti. ----- Original Message ----- From: "Michael Lueck" To: "SAMBA NTDom" Sent: Wednesday, December 26, 2001 6:05 PM Subject: Re: [ANNOUNCE] End-Of-Life for Samba-ntdom List on Jan. 7, 2002 > Let's try this again... > > On Fri, 21 Dec 2001 15:39:53 -0500 (EST), Adam Williams wrote: > > >This list used to > >have a better signal-to-noise ratio, but recently it's all become old hat > >questions (Does it support WinY2k, How to a set it up, etc...) From what > >I see there is no point in to seperate lists anymore, we are no longer > >using stuff everyone else doesn't dare touch. > > Well, I wrote to the publisher and author of the "Samba Unleashed" book, which > I have found to be one of the best Linux books I have purchased, to encourage > them to revise the book to cover some of the latest changes to Samba (2.2.2 for > example) but I have seen a response. With an updated book, covering such > "noise" topics I'm sure we could refer a lot of sales of the book with the > email list. I would probably have less questions to ask - being new to Linux in > general / looking to replace my OS/2 multi-purpose servers with Linux ones. > > Any other votes to update the book? Any Samba folks have good contact with the > author to see if there is anything that could be done to help things along to > an update? > > Happy Holidays! > > Michael Lueck > Lueck Data Systems > http://www.lueckdatasystems.com/ > > > From kunathma at pilot.msu.edu Wed Dec 26 12:56:04 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:37:16 2003 Subject: [ANNOUNCE] End-Of-Life for Samba-ntdom List on Jan. 7, 2002 In-Reply-To: <200112262003.OAA23459@turqua.propagation.net> from "Michael Lueck" at Dec 26, 2001 03:05:02 pm Message-ID: <200112262050.fBQKovS33572@pilot14.cl.msu.edu> I am staying away from buying any samba book right now since none offer updated material for 2/.2 series. I figure by the time one updates it 3.0 will be out. =) mk > > Let's try this again... > > On Fri, 21 Dec 2001 15:39:53 -0500 (EST), Adam Williams wrote: > > >This list used to > >have a better signal-to-noise ratio, but recently it's all become old hat > >questions (Does it support WinY2k, How to a set it up, etc...) From what > >I see there is no point in to seperate lists anymore, we are no longer > >using stuff everyone else doesn't dare touch. > > Well, I wrote to the publisher and author of the "Samba Unleashed" book, which > I have found to be one of the best Linux books I have purchased, to encourage > them to revise the book to cover some of the latest changes to Samba (2.2.2 fo r > example) but I have seen a response. With an updated book, covering such > "noise" topics I'm sure we could refer a lot of sales of the book with the > email list. I would probably have less questions to ask - being new to Linux i n > general / looking to replace my OS/2 multi-purpose servers with Linux ones. > > Any other votes to update the book? Any Samba folks have good contact with the > author to see if there is anything that could be done to help things along to > an update? > > Happy Holidays! > > Michael Lueck > Lueck Data Systems > http://www.lueckdatasystems.com/ > > > > From samba at nebula-sa.com.ar Wed Dec 26 15:40:06 2001 From: samba at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:37:16 2003 Subject: NT as a PDC samba as network storage Message-ID: <031301c18e66$05f78340$1a3ca8ac@jusbaires.gov.ar> i have a NT PDC where the users are currently loggin in. i want my samba box to act as a "public" and "personal" share for every user. in smb.conf using ####################################### [personal] comment = Home directory path = /home/%U writeable = Yes ####################################### and using in the netlogon.bat "net use j: \\server\personal" the problem is... how i see the permisions (users and groups) in the unix where the samba resides?? i need to use winbind? actually this samba could be an "apliance" because i only wants to share a public and a personal for each one user. any ideas?? From igardais at yahoo.fr Wed Dec 26 16:13:02 2001 From: igardais at yahoo.fr (=?iso-8859-1?q?Ionel=20GARDAIS?=) Date: Tue Dec 2 02:37:16 2003 Subject: NT as a PDC samba as network storage In-Reply-To: <031301c18e66$05f78340$1a3ca8ac@jusbaires.gov.ar> Message-ID: <20011227001041.92050.qmail@web12303.mail.yahoo.com> try : [homes] comment = my_home_directory valid users = %S browseable = no read only = no create mode = 0750 [global_share] comment = share_directory path = /home/share browseable = yes public = yes read only = no create mask = 0777 hope this helps c u happy new year ioio ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en fran?ais ! Yahoo! Courrier : http://courrier.yahoo.fr From jerry at samba.org Wed Dec 26 20:17:01 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:37:16 2003 Subject: [ANNOUNCE] End-Of-Life for Samba-ntdom List on Jan. 7, 2002 In-Reply-To: <003b01c18e4a$759a11c0$6300a8c0@Metropolitana.administracao> Message-ID: On Wed, 26 Dec 2001, Bruno Gimenes Pereti wrote: > I'd love to buy this book if it cover samba 2.2. If the author write a new > edition I'll be the first one to buy it. "Sam's Teach Youself Samba in 24 Hours" has been updated to include through the 2.2.2 release. It was shipped in Dec 11 and it available on Amazon.com. A Samba trouble shooting chapter is available in PDF from the docs page on samba.org. ( the link has been wrapped ) http://www.amazon.com/exec/obidos/ASIN/0672322692/qid=1009426356/ sr=8-1/ref=sr_8_67_1/102-0947702-8475365 chau, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- From schapiro at clerk.pi.huji.ac.il Wed Dec 26 22:37:04 2001 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:37:16 2003 Subject: winbindd problems In-Reply-To: <1526CCBFD5832F42A8EDC351EBC0420A08AA3D@phoenix.nimblegen.com> Message-ID: Hi, there seem to be 2 approaches: 1) Change the + into a \ (There is a parameter for this in smb.conf). This will probably solve your problem since all clients which are PART of a domain will ALWAYS send the domain name along with the username. Only client computers which are NOT part of a domain don't send the domain\ prefix. I didn't notice this in the beginning because my own workstation (As opposed to the users' workstation) is NOT part of the domain ... 2) Look into nsswitch/winbindd_utils.c at the end there is the function that splits the supplied username into doman and user. Change it as you like to suit your case. I don't know wether my patch every made it into any official version of Samba. I used 2.2.1 which didn't include the winbindd at all so I had to take the winbindd from Samba 2.0.x (which went without problem). Maybe current Samba 2.2.2+ has it included again. In any case, probably solution 1) will solve your problem. Regards, Schlomo PS: I did this work at least half a year ago and sent at least 10 messages to samba-ntdom about this and relating issues. You are the *FIRST* to ever answer any of those mails ... PPS: Since then I moved the list to digest and only skimp over it ... On Wed, 26 Dec 2001, Paul Schilling wrote: > > Hello, > > >> > 1. Since I don't have local users on the Linux box I need usernames > WITHOUT a domain also be looked up in the domain (the default behaviour > is > to lookup only users WITH a domain, e.g. CC+schapiro). For this I > patched > the nsswitch/winbindd_utils.c file, my version is attached at the > end. Maybe it should be included in the HEAD branch, but also maybe with > a > parameter. > << > > I have the exact same problem - I have gotten winbind to work fine but > need to be able to drop the 'DOMAIN+'prefix in 'DOMAIN+username'. > I am not that experienced with HEAD or CVS...what would be the best way > for me to get the latest version of winbind so I can get the same > results you got? > > Thanks, > Paul > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 Fax: 65-27349 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From vanhorn at whidbey.com Thu Dec 27 02:21:03 2001 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Tue Dec 2 02:37:16 2003 Subject: Multiple-location project Message-ID: <3C2AF593.997423C@whidbey.com> I'm about to launch into my largest Samba project ever, having previously used Samba 2.0.x to share directories from my local webservers for easy maintenance. Now I want to replace six NT servers in six separate locations with Samba. I'm open to using the 3.0 Alpha stuff, trading the need to go through more revisions to eliminate the later need for a major overhaul. The six locations are connected by Smoothwall firewalls with working IpSec tunnels. Not all offices will be connected to all other offices, but most offices will have at least two connections. All will be connected to one server here, which will serve as the PDC (and will run automatic backups of the other servers). Currently, each office is its own domain with an NT4 PDC, a structure which has been outgrown. (By that I mean I'm tired of driving to an office to add a user.) I want to be able to handle all user administration centrally. I've read the long HowTo, which seems to suggest that 3.0 (or TNG) has all the stuff I need when combined with PAM and Winbind. Is there a better place to start reading? Has anyone else done something close to this? Is there another of the Samba mailing lists that would be a better resource, or one that I should also be following? Suggestions are welcome. Wish me luck. Van Van Horn -- From mpatoska at genuity.com Thu Dec 27 14:43:10 2001 From: mpatoska at genuity.com (Mike Patoska) Date: Tue Dec 2 02:37:16 2003 Subject: Write access on NT4 Shares Message-ID: <1009492842.1684.8.camel@explosion.genuity.com> For the life of me I cannot figure out how to obtain write access on an NT share as a normal user. I am running Redhat 7.2 and am connecting to an NT4 share, when I do an smbmount //server/share /mountpoint U username the share mounts fine and I am able to write to the share only as root, as soon as I exit out of the root shell and into my own shell I am denied write access to the share, but I still have read access, is it even possible to gain write access as a normal user? I would appreciate any help that anyone may be, I am sure this is so simple but I'm overlooking the smallest detail. Thanks for any help. Mike From aldo_damian at yahoo.com Thu Dec 27 17:05:03 2001 From: aldo_damian at yahoo.com (=?iso-8859-1?q?Aldo=20Damian=20Ambriz=20Martinez?=) Date: Tue Dec 2 02:37:16 2003 Subject: SAMBA sharing a disk Message-ID: <20011228010219.42627.qmail@web9601.mail.yahoo.com> Hi, I'm new in the mailist and I have a problem: We have diferents NT domians, lets call DOMAIN1 and DOMAIN2, there is a Solaris 2.6 box with SAMBA to share a FS. PC's in DOMAIN1 don't have problems but PC's in DOMAIN2 can't connect to SAMBA box. PC's in DOMAIN2 are loging into main domain (DOMAIN1), they can see teh SAMBA box on the network but they can't access to the drive. Do you have an idea?? The smb.con file i'm using is: [global] workgroup = DOMAIN1 netbios name = Venus netbios aliases = Serap_coldnet security = user log file = /usr/local/samba/var/log.%m log level = 2 max log size = 3076 encrypt passwords = no hosts allow = 132.147.140. 132.147.161. 132.147.141. 132.147.159. 132.147.158. \ 132.147.147. 132.147.163. 132.147.164. 132.147.165. 132.147.166. \ 132.147.167. 132.147.148. 132.147.156. 132.147.168. 132.147.162. \ 132.147.147. interfaces = 132.147.161.12 unix password sync = no [coldnet] comment = coldnet path = /export/ecnet/coldnet valid users = coldnet ambrizalo mendozaaro cuevasila verderoa brisenoalo \ crediper03 crediper04 credicoy01 credicoy03 credisat07 credisat09 \ credidur05 credidur07 credipol03 credipol09 credicen06 credicen09 \ credisfe02 credisfe01 colddur torresguo rojasala aguilarvia lopezlea \ soloriovea marcialsua fuentesana cauara public = no writable = yes printable = no browseable = yes case sensitive = no follow symlinks = yes create mode = 0640 directory mode = 0750 ===== _____________________________________ Aldo Dami?n Ambriz Mart?nez Administraci?n de Servidores UNIX El Palacio de Hierro Tel.- 52295401 ext. 1118 ____________________________________ _________________________________________________________ Do You Yahoo!? Encuentra el coche de tus sue?os en Yahoo! Autos http://autos.yahoo.com.mx From richard.muir at TelesensKSCL.com Fri Dec 28 02:43:02 2001 From: richard.muir at TelesensKSCL.com (Muir, Richard) Date: Tue Dec 2 02:37:16 2003 Subject: (no subject) Message-ID: We are getting the following on an HP Unix Server (11) running Samba 2.2.1 The server reports this for a time then dies. Any ideas ?? Dec 28 09:47:38 yellow nmbd[1390]: [2001/12/28 09:47:38, 0] nmbd/nmbd_namequery.c:(104) Dec 28 09:52:22 yellow inetd[7881]: netbios-ns/udp: bind: Address already in use Dec 28 09:52:22 yellow inetd[7881]: netbios-ns/udp: Service enabled Dec 28 09:52:37 yellow nmbd[1390]: [2001/12/28 09:52:37, 0] nmbd/nmbd_namequery.c:(104) Dec 28 09:52:37 yellow nmbd[1390]: query_name_response: Multiple (2) responses received for a query on subnet 128.159.100.171 for. Dec 28 09:52:37 yellow nmbd[1390]: This response was from IP 128.159.100.11, reportingan IP address of 0.0.0.0. Dec 28 09:52:37 yellow nmbd[1390]: query_name_response: Multiple (3) responses received for a query on subnet 128.159.100.171 for. Dec 28 09:52:37 yellow nmbd[1390]: This response was from IP 128.159.100.17, reportingan IP address of 0.0.0.0. Dec 28 09:52:54 yellow telnetd[15689]: getpid: peer died: Error 0 Richard Muir Team Leader - Networks TelesensKSCL Limited phone: +44 (0) 131 200 5000 (reception) 5 Lochside Avenue, phone: +44 (0) 131 200 5703 (direct) Edinburgh Park, fax: +44 (0) 131 200 5001 Edinburgh, EH12 9DJ email: richard.muir@telesenskscl.com Scotland www: http://www.TelesensKSCL.com ********************************************************************** Legal Disclaimer : This e-mail is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the sender by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. The opinions expressed in this message are those of the sender and not those of TelesensKSCL. This footnote also confirms that this e-mail has been swept by MIMEsweeper for the presence of computer viruses. Please note that TelesensKSCL monitors both incoming and outgoing emails in accordance with our email policy. ********************************************************************** From bolke at xs4all.nl Fri Dec 28 04:36:03 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:37:16 2003 Subject: Win2ksp2-XPpro-SambaPDC In-Reply-To: <370E74FDB823D511B46F00508BDCA402603E76@00DU05001> Message-ID: Win2ksp2-XPpro-SambaPDCfrom samba-technical: add "use spnego = no" in your smb.conf Bolke -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Emsweller, Patrick J Verzonden: woensdag 26 december 2001 18:00 Aan: 'samba-ntdom@lists.samba.org' Onderwerp: Win2ksp2-XPpro-SambaPDC Help. I'm running RH7.1, Samba 2.2.2 and am trying to get a Win2k machine and XP machine to joining the domain. The accounts have been created, SID has been created. When I try to create the account, on both machines I get "There is no user session key for the specified logon session." Anybody else get this? Couldn't find it in the archives. Patrick J. Emsweller A+, MCP+I, MCSE Senior Systems Security Analyst (SSA) / Unix-Linux Engineer Intelligence Center Vigilinx, Inc. 555 Metro Place North Suite 250 Dublin, Ohio 43017 Main (614) 336-4340 ext. 4361 Mobile (614) 893-8264 Fax (614) 336-4389 patrick.emsweller@vigilinx.com ________________________________________________________________ The information contained in this message may be privileged, confidential and legally protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivery of this message to the intended recipient, you are hereby notified that any reproduction, dissemination, distribution or any action taken or not taken in reliance on it, is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Vigilinx, Inc. ________________________________________________________________ -------------- next part -------------- HTML attachment scrubbed and removed From jamestcc at innocent.com Fri Dec 28 09:01:05 2001 From: jamestcc at innocent.com (james tan) Date: Tue Dec 2 02:37:16 2003 Subject: Subject: SAMBA sharing a disk Message-ID: <3C2CA4A6.ED6516C0@innocent.com> For Systems in DOMAIN2 1)9X systems: logging during startup using UserName:User_Domain1, Domain:Domain1 2)NT4/2K/XP: net use \\Venus\coldnet /user:DOMAIN1\User_Domain1 3)Linux: smbmount \\Venus\coldnet /mnt/smb username=User_Domain1 workgroup=DOMAIN1 or smbclient -W DOMAIN1 -U User_Domain1 \\\\Venus\\coldnet --------------------------------------------------------------------------------------------------------------- Message: 2 Date: Thu, 27 Dec 2001 19:02:19 -0600 (CST) From: =?iso-8859-1?q?Aldo=20Damian=20Ambriz=20Martinez?= Subject: SAMBA sharing a disk To: samba-ntdom@lists.samba.org Hi, I'm new in the mailist and I have a problem: We have diferents NT domians, lets call DOMAIN1 and DOMAIN2, there is a Solaris 2.6 box with SAMBA to share a FS. PC's in DOMAIN1 don't have problems but PC's in DOMAIN2 can't connect to SAMBA box. PC's in DOMAIN2 are loging into main domain (DOMAIN1), they can see teh SAMBA box on the network but they can't access to the drive. Do you have an idea?? The smb.con file i'm using is: [global] workgroup = DOMAIN1 netbios name = Venus netbios aliases = Serap_coldnet security = user log file = /usr/local/samba/var/log.%m log level = 2 max log size = 3076 encrypt passwords = no hosts allow = 132.147.140. 132.147.161. 132.147.141. 132.147.159. 132.147.158. \ 132.147.147. 132.147.163. 132.147.164. 132.147.165. 132.147.166. \ 132.147.167. 132.147.148. 132.147.156. 132.147.168. 132.147.162. \ 132.147.147. interfaces = 132.147.161.12 unix password sync = no [coldnet] comment = coldnet path = /export/ecnet/coldnet valid users = coldnet ambrizalo mendozaaro cuevasila verderoa brisenoalo \ crediper03 crediper04 credicoy01 credicoy03 credisat07 credisat09 \ credidur05 credidur07 credipol03 credipol09 credicen06 credicen09 \ credisfe02 credisfe01 colddur torresguo rojasala aguilarvia lopezlea \ soloriovea marcialsua fuentesana cauara public = no writable = yes printable = no browseable = yes case sensitive = no follow symlinks = yes create mode = 0640 directory mode = 0750 ===== _____________________________________ Aldo Dami?n Ambriz Mart?nez Administraci?n de Servidores UNIX El Palacio de Hierro Tel.- 52295401 ext. 1118 ____________________________________ _________________________________________________________ Do You Yahoo!? Encuentra el coche de tus sue?os en Yahoo! Autos http://autos.yahoo.com.mx --__--__-- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2035 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011228/8850baf5/smime.bin From aldo_damian at yahoo.com Fri Dec 28 10:05:03 2001 From: aldo_damian at yahoo.com (=?iso-8859-1?q?Aldo=20Damian=20Ambriz=20Martinez?=) Date: Tue Dec 2 02:37:16 2003 Subject: Subject: SAMBA sharing a disk In-Reply-To: <3C2CA4A6.ED6516C0@innocent.com> Message-ID: <20011228180139.57098.qmail@web9601.mail.yahoo.com> Thank's james..., but it's exactly we are doing.., PC's (Win9x all of them) in DOMAIN2 are logging with UserName:User_Domain1 Domain: DOMAIN1 Win98 boxes can see the SUN-SAMBA box but they can't see the FS shared by the server. We have 6 domains DOMAIN1 (main domain) with PDC and BDC (NT serves) |-- DOMAIN1 with PDC and BDC (NT serves) |-- DOMAIN3 with PDC and BDC (NT serves) |-- DOMAIN4 with PDC and BDC (NT serves) |-- DOMAIN5 with PDC and BDC (NT serves) |-- DOMAIN6 with PDC and BDC (NT serves) all Win98 boxes in DOMAIN2-6 can see the FS shared. Thank's in advance... > > The smb.con file i'm using is: > > [global] > workgroup = DOMAIN1 > netbios name = Venus > netbios aliases = Serap_coldnet > security = user > log file = /usr/local/samba/var/log.%m > log level = 2 > max log size = 3076 > encrypt passwords = no > hosts allow = 132.147.140. 132.147.161. > 132.147.141. > 132.147.159. 132.147.158. \ > 132.147.147. 132.147.163. > 132.147.164. > 132.147.165. 132.147.166. \ > 132.147.167. 132.147.148. > 132.147.156. > 132.147.168. 132.147.162. \ > 132.147.147. > interfaces = 132.147.161.12 > unix password sync = no > > [coldnet] > comment = coldnet > path = /export/ecnet/coldnet > valid users = coldnet ambrizalo mendozaaro > cuevasila verderoa brisenoalo \ > crediper03 crediper04 credicoy01 > credicoy03 credisat07 credisat09 \ > credidur05 credidur07 credipol03 > credipol09 credicen06 credicen09 \ > credisfe02 credisfe01 colddur > torresguo rojasala aguilarvia lopezlea \ > soloriovea marcialsua fuentesana > cauara > public = no > writable = yes > printable = no > browseable = yes > case sensitive = no > follow symlinks = yes > create mode = 0640 > directory mode = 0750 > ===== _____________________________________ Aldo Dami?n Ambriz Mart?nez Administraci?n de Servidores UNIX El Palacio de Hierro Tel.- 52295401 ext. 1118 ____________________________________ _________________________________________________________ Do You Yahoo!? Encuentra el coche de tus sue?os en Yahoo! Autos http://autos.yahoo.com.mx From tino.glatzel at tino-glatzel.de Sat Dec 29 09:42:01 2001 From: tino.glatzel at tino-glatzel.de (Tino Glatzel) Date: Tue Dec 2 02:37:16 2003 Subject: (no subject) Message-ID: <3C2DFF96.9070203@tino-glatzel.de> confirm 427039 From gmader at GeoAnalytics.com Sat Dec 29 12:01:06 2001 From: gmader at GeoAnalytics.com (Greg Mader) Date: Tue Dec 2 02:37:16 2003 Subject: GURUS please read! NT 4.0 clients not able to modify profiles AT ALL! Message-ID: Hi all, I have a Linux RH 7.2 box, with samba 2.2.2, acting as a PDC. It behaves perfectly with Win 2K clients, but with NT 4.0 boxes, they cannot modify their desktops, save files to the desktop, etc. I get the "welcome to windows NT" splash screen when it comes up, and there is no checkbox to tell it not to do that in the future. I can log in, browse, and otherwise do normal stuff. Also, there is not a .pds extention to the directory. I have seen some docs that the user profiles directory needs a .pds extention. All client machines are NT 4.0 SP 6 Here is the smb.conf. [global] netbios name = stego workgroup = NIPC_domain os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes add user script = /usr/sbin/useradd -g 99 -d /dev/null -m -s /bin/false %m$ logon script = \\stego\netlogon\logon.bat domain admin group = @root wins support = yes time server = true guest account = lab1 debug level = 5 logon path = \\stego\profiles [netlogon] path = /etc/samba/netlogon writeable = no browseable = yes public = no locking = no [profiles] comment = windows user profiles path = /profiles/%u/profile create mode = 0600 directory mode = 0700 writeable = yes browseable = yes guest ok = yes From gaubrig at yahoo.com Sat Dec 29 21:32:03 2001 From: gaubrig at yahoo.com (Gaurang Pandya) Date: Tue Dec 2 02:37:16 2003 Subject: Winbind Question. Message-ID: <20011230052916.83868.qmail@web10201.mail.yahoo.com> Hi Group, I have my samba 2.2.2 on RH Linux 7.1 as member of Windows 2000 ADS. When a samba share is used from Windows box it’s asking for Authentication and when user is authenticated he/she is able to connect to share. But what I want to do is it should not ask for Authentication it should directly get users credentials from windows box and allow/disallow the users. Without asking for username/password. How can this be done? Should I use WinBind for this?? If not can any one tell me what is use of WinBind?? Thanks in Advance. Gaurang. --------------------------------- Do You Yahoo!? Send your FREE holiday greetings online at Yahoo! Greetings. -------------- next part -------------- HTML attachment scrubbed and removed From d.parise at mhz.it Sun Dec 30 08:34:04 2001 From: d.parise at mhz.it (Davide Parise) Date: Tue Dec 2 02:37:16 2003 Subject: Samba Domain & XP Message-ID: I am not able to join an XP Machine to a Samba domain. I am able to complete all the procedure until the reboot, bur after the Windows reboot, at the login, the windows says that it is not possible to contact the Primary domain controller. No debug arrive to samba at the login. The machine trust on the domain is done correctly with "on the fly" tecnique. Do someone have the same problem? What about solution? Davide Parise E-Mail: d.parise@mhz.it From gmader at GeoAnalytics.com Sun Dec 30 11:08:03 2001 From: gmader at GeoAnalytics.com (Greg Mader) Date: Tue Dec 2 02:37:16 2003 Subject: GURUS please read! NT 4.0 clients not able to modify profiles AT ALL!, part II Message-ID: Hi All, I found a workaround for this that is interesting. If I create the inital user profile in Windows 2K, and then log in from NT, everything works fine. There is some file or difference in the Windows 2K profile that is "more correct" than in NT. Any ideas? I am still hoping to hear some theories or solutions. Greg Mader -----Original Message----- From: Greg Mader To: 'samba-ntdom@lists.samba.org' Sent: 12/29/01 1:53 PM Subject: GURUS please read! NT 4.0 clients not able to modify profiles AT ALL! Hi all, I have a Linux RH 7.2 box, with samba 2.2.2, acting as a PDC. It behaves perfectly with Win 2K clients, but with NT 4.0 boxes, they cannot modify their desktops, save files to the desktop, etc. I get the "welcome to windows NT" splash screen when it comes up, and there is no checkbox to tell it not to do that in the future. I can log in, browse, and otherwise do normal stuff. Also, there is not a .pds extention to the directory. I have seen some docs that the user profiles directory needs a .pds extention. All client machines are NT 4.0 SP 6 Here is the smb.conf. [global] netbios name = stego workgroup = NIPC_domain os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes add user script = /usr/sbin/useradd -g 99 -d /dev/null -m -s /bin/false %m$ logon script = \\stego\netlogon\logon.bat domain admin group = @root wins support = yes time server = true guest account = lab1 debug level = 5 logon path = \\stego\profiles [netlogon] path = /etc/samba/netlogon writeable = no browseable = yes public = no locking = no [profiles] comment = windows user profiles path = /profiles/%u/profile create mode = 0600 directory mode = 0700 writeable = yes browseable = yes guest ok = yes From b.vanliempd at chello.nl Sun Dec 30 11:17:01 2001 From: b.vanliempd at chello.nl (b.vanliempd@chello.nl) Date: Tue Dec 2 02:37:16 2003 Subject: Samba Domain & XP In-Reply-To: Message-ID: <000001c19166$78fad240$0c00000a@boudewijn> Hi, I'am having similar windows XP problems I can join the domain though but after reboot the PDC can't be found. I did set the registry right. It looks like this [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameter s] "DisablePasswordChange"=dword:00000000 "maximumpasswordage"=dword:0000001e "requiresignorseal"=dword:00000000 "requirestrongkey"=dword:00000000 "sealsecurechannel"=dword:00000001 "signsecurechannel"=dword:00000001 "Update"="no" I can't find any weird stuff in my logs and I haven't been able to find a Solution to my problem. Boudewijn van Liempd b.vanliempd@chello.nl -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of Davide Parise Sent: zondag 30 december 2001 17:31 To: samba-ntdom@lists.samba.org; samba@lists.samba.org Subject: Samba Domain & XP I am not able to join an XP Machine to a Samba domain. I am able to complete all the procedure until the reboot, bur after the Windows reboot, at the login, the windows says that it is not possible to contact the Primary domain controller. No debug arrive to samba at the login. The machine trust on the domain is done correctly with "on the fly" tecnique. Do someone have the same problem? What about solution? Davide Parise E-Mail: d.parise@mhz.it From langberg at senet.com.au Sun Dec 30 14:25:03 2001 From: langberg at senet.com.au (Blangberg) Date: Tue Dec 2 02:37:16 2003 Subject: Nt Domain Message-ID: <001101c19180$4143fa60$0100a8c0@sg1> Hey I'm a bit of a newie to Samba and Linux I would love to eventually phase out my PDC and have Linux and samba running the show. The clients computers all run windows 2000 so when I read the "Linux rules the NT domain I read that it wont work on 2000 yet. I know that this document is a few years old and was wondering where I could find information on how to set samba up to run the NT domain. Thanks In advance /Ben -------------- next part -------------- HTML attachment scrubbed and removed From kunathma at pilot.msu.edu Mon Dec 31 14:45:02 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:37:16 2003 Subject: XP and Samba [homes] Problem Message-ID: <200112312241.fBVMfvk31554@pilot25.cl.msu.edu> Hello, within this email I describe my problem situation I been chewing over the last 10 days. I searched google, newsgroups, Samba archives, Microsoft's support pages and I couldn't come up with anything really helpful. I use this email to summarize what I came upon. It seems nobody else is experiencing what I am but this is a good way to document it for later use if it should reoccur for somebody else. I use SuSE 7.3 with my own compiled Samba 2.2.2 with acl support. Win9x/2000 have no trouble connecting and using network shares or the domain in any way. I installed WinXP and I can - join the domain, - log on as user of the domain, - have my logon script execute properly, - connect to group shares and - access them properly but I CANNOT - connect and access homes shares or shares involving home directories from WinXP Pro. I receive the following error: (driveletter):\ refers to a location that is unavailable. It could be on a harddrive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to another location. I get this error on a fresh WinXP machine and on a WinXP with the latest Microsoft patches and updates. I found no references to such a problem in Samba archives whatsoever. Microsoft support archive mentions nothing in regards to this except a small similar note: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q266807 I have Microsoft's Euro patch installed. A similar problem also exists for removable storage users: http://groups.google.com/groups?hl=en&selm=258801c18df6%24b32ac380%249ee62ecf%40 tkmsftngxa05 The problem exists for home shares mounted by the use of: \\server\homes and \\server\username and specifically shared home folders: \\server\username-home (e.g. [username-home] comment = %U Home Directory path = /home/username valid users = username read only = No veto files = /.*/ ) All my shares are located under /home including group shares and the permissions are: mail:/var/log # ls -l /home total 56 drwxr-xr-x 14 root root 4096 Dec 26 18:07 . drwxr-xr-x 19 root root 4096 Dec 31 15:33 .. drwxr-xr-x 11 anna users 4096 Dec 24 17:48 anna drwxrwxr-x 4 root ntadmin 4096 Dec 20 14:21 cygwin drwxr-xr-x 14 elizabet users 4096 Dec 30 17:45 elizabeth drwxr-xr-x 13 katie users 4096 Dec 30 09:53 katie drwxr-xr-x 12 lachlan users 4096 Dec 19 18:43 lachlan drwx--x--x 33 marcel users 4096 Dec 31 19:04 marcel drwxrwxrwx 4 root users 4096 Dec 28 16:09 ntprofiles drwxr-xr-x 7 phillip users 4096 Dec 1 16:25 phillip drwxr-xr-x 2 root users 4096 Dec 28 15:40 pine drwxrwxr-x 6 root ntadmin 4096 Dec 28 08:50 programs drwxr-xr-x 3 root root 4096 Dec 4 16:06 rsync drwxr-xr-x 6 root sharedri 4096 Dec 28 15:42 share-drive If somebody can help I'd appreciate it. Even acknowledging that such bug even exists would at least allow me to catch some sleep. My smb.conf is attached. Thank you, Marcel # Samba config file created using SWAT # from 192.168.1.29 (192.168.1.29) # Date: 2001/12/28 16:27:22 # Global parameters [global] workgroup = OZLAND netbios name = MAIL server string = Samba %v on %L interfaces = 192.168.1.1/24 127.0.0.0/24 encrypt passwords = Yes update encrypted = Yes null passwords = Yes passwd program = /usr/bin/passwd %u passwd chat debug = Yes unix password sync = Yes log file = /var/log/samba-log.%m time server = Yes keepalive = 30 domain admin group = @ntadmin logon script = %U.bat logon path = \\%L\profiles\%U logon drive = z: domain logons = Yes os level = 33 preferred master = True domain master = True kernel oplocks = No guest account = guest hosts allow = 192.168.1., 127. printing = lprng print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j lppause command = /usr/sbin/lpc hold %p %j lpresume command = /usr/sbin/lpc release %p %j queuepause command = /usr/sbin/lpc -P%p stop queueresume command = /usr/sbin/lpc -P%p start browseable = No [homes] comment = %U Home Directory read only = No veto files = /.*/ [netlogon] comment = The Domain Logon Service path = /etc/samba/logon [profiles] comment = NT Profile Storage path = /home/ntprofiles read only = No [programs] comment = Windows and Unix Programs path = /home/programs valid users = marcel force user = root force group = ntadmin read only = No [pine] comment = PINERC Directory path = /home/pine [share-drive] comment = Network Share Drive path = /home/share-drive read only = No create mask = 0644 guest ok = Yes [ZEUS] comment = Network Printer ZEUS (HP LJ 6P) path = /var/spool/samba guest ok = Yes printable = Yes